Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/cfc0d1-d095-4b1b-9b5d-3985299fad6d/1/PdYcWuXvw-rPPvF9mKJF-NI87Ow.roa
File:                     PdYcWuXvw-rPPvF9mKJF-NI87Ow.roa (raw, json)
Hash identifier:          /vDxy5oisq1G1gHOmUoXcPhdvBEYiUNB/Dv/92W0OL0=
Subject key identifier:   3D:D6:1C:5A:E5:EF:C3:EA:CF:3E:F1:7D:98:A2:45:F8:D2:3C:EC:EC
Certificate issuer:       /CN=20eee05da183dee2b8118141956462c9240d7876
Certificate serial:       01853BD37FB26BFECB8DFBC8B19EEF06B680
Authority key identifier: 20:EE:E0:5D:A1:83:DE:E2:B8:11:81:41:95:64:62:C9:24:0D:78:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IO7gXaGD3uK4EYFBlWRiySQNeHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/cfc0d1-d095-4b1b-9b5d-3985299fad6d/1/PdYcWuXvw-rPPvF9mKJF-NI87Ow.roa
Signing time:             Thu 22 Dec 2022 21:53:14 +0000
ROA not before:           Thu 22 Dec 2022 21:53:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205584
IP address blocks:        2.57.156.0/22 maxlen: 24
                          185.215.29.0/24 maxlen: 24
                          185.215.28.0/24 maxlen: 24
                          185.215.28.0/22 maxlen: 24
                          185.215.31.0/24 maxlen: 24
                          185.215.30.0/24 maxlen: 24
                          193.105.168.0/24 maxlen: 24
                          195.78.98.0/23 maxlen: 24
                          2a0b:a2c0::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3b:d3:7f:b2:6b:fe:cb:8d:fb:c8:b1:9e:ef:06:b6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20eee05da183dee2b8118141956462c9240d7876
        Validity
            Not Before: Dec 22 21:53:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3dd61c5ae5efc3eacf3ef17d98a245f8d23cecec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:34:5d:d3:8e:28:8d:15:8b:a0:e5:f4:37:c0:
                    d6:ad:c3:f3:12:f2:25:13:a8:e1:a8:35:c0:cf:3b:
                    eb:26:51:93:6d:a4:6d:71:09:bd:f5:6b:80:e6:9d:
                    6f:6d:2b:58:99:10:c9:14:e5:43:88:32:1f:1a:a1:
                    a3:c2:e3:43:f6:6d:72:35:ac:86:db:14:06:ff:10:
                    f5:35:fa:c0:ea:98:54:68:68:d1:9f:b1:54:af:d4:
                    a2:73:4f:80:f8:ed:4b:76:c8:40:7a:1e:43:56:55:
                    09:f8:90:42:05:14:4d:ff:1e:54:3a:30:3f:e5:a7:
                    04:c7:c0:42:ef:7a:5f:59:1b:2f:42:82:28:d8:3e:
                    45:46:1a:e9:a6:23:b2:11:c2:64:00:f0:ac:1c:97:
                    9b:21:f7:6b:b4:a8:c9:9c:f6:a4:dd:be:0c:74:df:
                    d3:83:c8:2c:ec:2c:36:57:02:ad:32:c3:a8:2d:c4:
                    df:0b:7c:c4:72:f8:14:4f:01:56:d7:bf:ad:1f:ec:
                    92:fb:e1:b8:38:6d:af:ca:f3:ce:31:26:36:49:bc:
                    d7:4b:df:e1:dd:24:4f:05:54:47:04:a1:f3:dc:b0:
                    b6:dd:3a:03:a1:f9:6f:39:1c:6d:d7:11:7a:7f:8a:
                    d4:12:6b:3a:85:4f:15:36:7e:54:7e:b9:7d:a3:89:
                    cf:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D6:1C:5A:E5:EF:C3:EA:CF:3E:F1:7D:98:A2:45:F8:D2:3C:EC:EC
            X509v3 Authority Key Identifier:
                keyid:20:EE:E0:5D:A1:83:DE:E2:B8:11:81:41:95:64:62:C9:24:0D:78:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IO7gXaGD3uK4EYFBlWRiySQNeHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/cfc0d1-d095-4b1b-9b5d-3985299fad6d/1/PdYcWuXvw-rPPvF9mKJF-NI87Ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/cfc0d1-d095-4b1b-9b5d-3985299fad6d/1/IO7gXaGD3uK4EYFBlWRiySQNeHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.156.0/22
                  185.215.28.0/22
                  193.105.168.0/24
                  195.78.98.0/23
                IPv6:
                  2a0b:a2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:4f:6a:ee:1d:21:92:50:89:59:ba:90:8e:81:a9:36:d1:11:
         f4:55:c7:d2:ce:03:92:e1:b2:04:c2:b0:cd:e9:0d:20:0c:c1:
         72:70:1d:e3:03:e0:26:b3:84:2f:72:bf:0c:31:3f:43:83:6c:
         88:39:95:f0:ba:93:64:df:2c:6b:df:66:88:70:a7:0b:0d:aa:
         e9:8d:75:2e:b1:35:5f:71:1c:2f:f3:4e:de:56:05:46:fc:29:
         81:ad:57:40:bc:57:d8:c2:45:ae:55:fa:34:cb:3a:55:2d:15:
         02:41:fc:e5:cc:8d:7b:7d:6f:fa:c6:96:e6:e1:00:c3:92:10:
         3c:ed:7b:8f:da:6e:d9:39:12:ae:99:b1:b8:f4:4b:18:f5:3d:
         e4:85:fa:8a:02:f8:88:6e:b4:ec:9b:f9:c0:80:20:ca:f9:7a:
         4d:62:dd:f4:a4:fd:99:0d:3f:22:b2:44:f2:77:cb:ac:c6:bf:
         09:48:89:5a:a2:d0:30:9e:89:2c:8a:7c:aa:4c:92:6d:8f:18:
         dd:fe:30:cd:a4:9b:fa:d9:3a:ff:fb:45:28:ca:cf:f3:9d:8b:
         2f:83:45:58:38:42:23:f1:74:9e:49:07:68:04:2d:fe:4a:b6:
         b4:d1:f1:c9:27:78:02:5e:af:8b:d3:5e:63:81:11:8e:05:a8:
         92:91:1b:63
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYU703+ya/7LjfvIsZ7vBraAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZWVlMDVkYTE4M2RlZTJiODExODE0MTk1NjQ2MmM5MjQw
ZDc4NzYwHhcNMjIxMjIyMjE1MzE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ2MWM1YWU1ZWZjM2VhY2YzZWYxN2Q5OGEyNDVmOGQyM2NlY2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDRd044ojRWLoOX0N8DWrcPzEvIl
E6jhqDXAzzvrJlGTbaRtcQm99WuA5p1vbStYmRDJFOVDiDIfGqGjwuND9m1yNayG
2xQG/xD1NfrA6phUaGjRn7FUr9Sic0+A+O1LdshAeh5DVlUJ+JBCBRRN/x5UOjA/
5acEx8BC73pfWRsvQoIo2D5FRhrppiOyEcJkAPCsHJebIfdrtKjJnPak3b4MdN/T
g8gs7Cw2VwKtMsOoLcTfC3zEcvgUTwFW17+tH+yS++G4OG2vyvPOMSY2SbzXS9/h
3SRPBVRHBKHz3LC23ToDoflvORxt1xF6f4rUEms6hU8VNn5Ufrl9o4nP/QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFD3WHFrl78Pqzz7xfZiiRfjSPOzsMB8GA1UdIwQY
MBaAFCDu4F2hg97iuBGBQZVkYskkDXh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU83Z1hhR0QzdUs0RVlGQmxXUml5U1FOZUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jZmMwZDEtZDA5NS00YjFiLTliNWQt
Mzk4NTI5OWZhZDZkLzEvUGRZY1d1WHZ3LXJQUHZGOW1LSkYtTkk4N093LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jZmMwZDEtZDA5NS00YjFiLTliNWQtMzk4NTI5OWZhZDZk
LzEvSU83Z1hhR0QzdUs0RVlGQmxXUml5U1FOZUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCAjmcAwQC
udccAwQAwWmoAwQBw05iMA0EAgACMAcDBQMqC6LAMA0GCSqGSIb3DQEBCwUAA4IB
AQAxT2ruHSGSUIlZupCOgak20RH0VcfSzgOS4bIEwrDN6Q0gDMFycB3jA+Ams4Qv
cr8MMT9Dg2yIOZXwupNk3yxr32aIcKcLDarpjXUusTVfcRwv807eVgVG/CmBrVdA
vFfYwkWuVfo0yzpVLRUCQfzlzI17fW/6xpbm4QDDkhA87XuP2m7ZORKumbG49EsY
9T3khfqKAviIbrTsm/nAgCDK+XpNYt30pP2ZDT8iskTyd8usxr8JSIlaotAwnoks
inyqTJJtjxjd/jDNpJv62Tr/+0Uoys/znYsvg0VYOEIj8XSeSQdoBC3+Sra00fHJ
J3gCXq+L015jgRGOBaiSkRtj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:44 2024 by rpki-client on console-fra.rpki-client.org