Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/ugKqxP37hFUihFv__40wrFEALxM.roa
File:                     ugKqxP37hFUihFv__40wrFEALxM.roa (raw, json)
Hash identifier:          G51Baq+7QR3JfXaef8WtYswH1pEGhsoib7mdGm29r6I=
Subject key identifier:   BA:02:AA:C4:FD:FB:84:55:22:84:5B:FF:FF:8D:30:AC:51:00:2F:13
Certificate issuer:       /CN=a5472b1473bc781b70440315c83d119c8abc86fc
Certificate serial:       04015717
Authority key identifier: A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/ugKqxP37hFUihFv__40wrFEALxM.roa
Signing time:             Sat 01 Jan 2022 06:02:09 +0000
ROA not before:           Sat 01 Jan 2022 06:02:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2860
IP address blocks:        89.109.64.0/18 maxlen: 18
                          188.125.192.0/19 maxlen: 19
                          185.80.76.0/22 maxlen: 22
                          213.138.224.0/19 maxlen: 19
                          95.172.160.0/19 maxlen: 19
                          213.190.192.0/19 maxlen: 19
                          159.255.48.0/20 maxlen: 20
                          83.223.160.0/19 maxlen: 19
                          84.23.192.0/19 maxlen: 19
                          2a00:d180::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 67196695 (0x4015717)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5472b1473bc781b70440315c83d119c8abc86fc
        Validity
            Not Before: Jan  1 06:02:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ba02aac4fdfb845522845bffff8d30ac51002f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ed:d3:e2:4d:01:32:b8:22:f4:24:f4:56:1d:
                    fa:dc:ae:f1:bd:fb:5f:fd:e2:93:34:59:0e:34:92:
                    2c:f9:65:57:92:35:6a:ca:10:c2:d2:d1:99:80:8e:
                    5b:46:76:1b:60:57:e0:82:7f:ff:3a:57:81:9b:3d:
                    67:66:06:09:e1:ff:f0:5d:30:31:57:d8:6c:0f:97:
                    ec:a2:ca:02:ea:14:52:f5:ec:59:40:b5:a0:8b:6a:
                    41:1f:ac:e9:c6:1b:1d:81:e3:15:2e:46:d3:a7:33:
                    35:bb:23:cb:59:d7:22:80:63:b4:fb:25:53:e9:c5:
                    46:1f:21:24:10:2b:88:f3:fe:7e:91:fe:0b:55:23:
                    8f:8d:87:a8:b0:49:82:11:2a:eb:8b:19:aa:d3:00:
                    02:9a:50:4c:16:0f:28:f3:f8:8d:12:05:2d:43:d7:
                    5f:0c:26:f2:49:c5:e7:1f:37:b4:aa:b4:4e:f0:11:
                    c2:00:1e:76:db:e6:6d:b7:57:38:89:6a:00:38:60:
                    30:0f:ec:2f:55:ae:9c:29:00:25:23:75:3f:3d:65:
                    24:12:8c:bb:9d:b0:88:be:b7:cf:48:d3:22:54:a3:
                    89:66:b6:25:55:ba:a6:68:74:fd:bf:3f:8c:79:c5:
                    a1:68:fe:bf:db:14:2a:ed:1a:92:8d:43:56:33:ab:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:02:AA:C4:FD:FB:84:55:22:84:5B:FF:FF:8D:30:AC:51:00:2F:13
            X509v3 Authority Key Identifier:
                keyid:A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/ugKqxP37hFUihFv__40wrFEALxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.223.160.0/19
                  84.23.192.0/19
                  89.109.64.0/18
                  95.172.160.0/19
                  159.255.48.0/20
                  185.80.76.0/22
                  188.125.192.0/19
                  213.138.224.0/19
                  213.190.192.0/19
                IPv6:
                  2a00:d180::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:86:21:7f:d8:5c:8d:2a:b9:2d:c9:4e:7b:6d:ab:81:a2:c2:
         70:99:45:7e:35:46:f9:bc:b5:93:8e:d9:10:6f:84:3a:5f:fd:
         71:fd:99:2a:20:2f:a6:f7:13:14:db:53:95:b7:38:48:c4:9d:
         ac:78:30:be:94:4a:b5:bc:f8:64:92:70:6a:85:1d:c0:fd:c9:
         36:19:40:7e:37:f0:5e:6c:42:78:9d:b2:26:99:27:76:b0:7b:
         22:49:96:1e:73:86:7a:b3:0f:f4:e6:ec:98:f7:94:4d:6f:0a:
         d5:6e:dc:fd:9b:e6:bb:70:38:1b:45:e8:ba:54:f6:b6:e7:50:
         c6:3f:df:9c:e9:31:00:8a:e8:5d:dd:bb:67:9b:13:a3:e3:e9:
         39:c2:b1:e8:61:ec:ac:f3:ae:7c:d6:15:6d:87:cd:ea:93:5a:
         83:bb:61:31:44:7b:e1:2b:56:f2:18:1a:a8:ce:00:a8:3b:c7:
         b6:34:51:95:52:16:44:4a:93:55:80:72:a7:f7:a9:d8:8d:3d:
         29:a9:9a:1f:ad:0b:7b:95:76:57:25:e1:82:22:11:47:d0:6e:
         6a:65:50:02:f1:fe:89:69:ad:0e:ef:fa:05:2d:ab:4b:32:46:
         21:ac:dc:9c:40:ce:65:8a:e1:c4:8c:49:39:b0:71:ec:9c:af:
         64:e1:f8:6c
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIEBAFXFzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NTQ3MmIxNDczYmM3ODFiNzA0NDAzMTVjODNkMTE5YzhhYmM4NmZjMB4XDTIyMDEw
MTA2MDIwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmEwMmFhYzRmZGZi
ODQ1NTIyODQ1YmZmZmY4ZDMwYWM1MTAwMmYxMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAObt0+JNATK4IvQk9FYd+tyu8b37X/3ikzRZDjSSLPllV5I1
asoQwtLRmYCOW0Z2G2BX4IJ//zpXgZs9Z2YGCeH/8F0wMVfYbA+X7KLKAuoUUvXs
WUC1oItqQR+s6cYbHYHjFS5G06czNbsjy1nXIoBjtPslU+nFRh8hJBAriPP+fpH+
C1Ujj42HqLBJghEq64sZqtMAAppQTBYPKPP4jRIFLUPXXwwm8knF5x83tKq0TvAR
wgAedtvmbbdXOIlqADhgMA/sL1WunCkAJSN1Pz1lJBKMu52wiL63z0jTIlSjiWa2
JVW6pmh0/b8/jHnFoWj+v9sUKu0ako1DVjOrNRECAwEAAaOCAkgwggJEMB0GA1Ud
DgQWBBS6AqrE/fuEVSKEW///jTCsUQAvEzAfBgNVHSMEGDAWgBSlRysUc7x4G3BE
AxXIPRGciryG/DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BVY3JGSE84ZUJ0d1JBTVZ5RDBSbklxOGh2dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvMzAxMTJmLTBlOWQtNGZjOC1iODU0LWIxNTY1YjI1NTg1NC8x
L3VnS3F4UDM3aEZVaWhGdl9fNDB3ckZFQUx4TS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
MzAxMTJmLTBlOWQtNGZjOC1iODU0LWIxNTY1YjI1NTg1NC8xL3BVY3JGSE84ZUJ0
d1JBTVZ5RDBSbklxOGh2dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBe
BggrBgEFBQcBBwEB/wRPME0wPAQCAAEwNgMEBVPfoAMEBVQXwAMEBlltQAMEBV+s
oAMEBJ//MAMEArlQTAMEBbx9wAMEBdWK4AMEBdW+wDANBAIAAjAHAwUAKgDRgDAN
BgkqhkiG9w0BAQsFAAOCAQEAFYYhf9hcjSq5LclOe22rgaLCcJlFfjVG+by1k47Z
EG+EOl/9cf2ZKiAvpvcTFNtTlbc4SMSdrHgwvpRKtbz4ZJJwaoUdwP3JNhlAfjfw
XmxCeJ2yJpkndrB7IkmWHnOGerMP9ObsmPeUTW8K1W7c/Zvmu3A4G0XoulT2tudQ
xj/fnOkxAIroXd27Z5sTo+PpOcKx6GHsrPOufNYVbYfN6pNag7thMUR74StW8hga
qM4AqDvHtjRRlVIWREqTVYByp/ep2I09KamaH60Le5V2VyXhgiIRR9BuamVQAvH+
iWmtDu/6BS2rSzJGIazcnEDOZYrhxIxJObBx7JyvZOH4bA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:20 2024 by rpki-client on console-fra.rpki-client.org