Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/i7j5ZWs8rKnpCSrzeimZzrExlTE.roa
File:                     i7j5ZWs8rKnpCSrzeimZzrExlTE.roa (raw, json)
Hash identifier:          GwW6uFyt968411qZA9Ft5OeLMyQBXVEWRYrgXa9RSB4=
Subject key identifier:   8B:B8:F9:65:6B:3C:AC:A9:E9:09:2A:F3:7A:29:99:CE:B1:31:95:31
Certificate issuer:       /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial:       0431A543
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/i7j5ZWs8rKnpCSrzeimZzrExlTE.roa
Signing time:             Sat 01 Jan 2022 06:03:08 +0000
ROA not before:           Sat 01 Jan 2022 06:03:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3301
IP address blocks:        171.25.128.0/21 maxlen: 21
                          193.221.28.0/24 maxlen: 24
                          193.221.36.0/24 maxlen: 24
                          193.221.38.0/24 maxlen: 24
                          193.221.37.0/24 maxlen: 24
                          193.221.32.0/22 maxlen: 22
                          193.221.47.0/24 maxlen: 24
                          193.221.53.0/24 maxlen: 24
                          193.221.52.0/24 maxlen: 24
                          193.221.59.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70362435 (0x431a543)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
        Validity
            Not Before: Jan  1 06:03:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8bb8f9656b3caca9e9092af37a2999ceb1319531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:27:e4:84:19:f6:8e:1d:f8:ca:3b:0f:8e:ca:
                    d8:5d:d5:78:7c:f3:36:72:41:12:50:28:6f:b6:c2:
                    fb:31:25:c8:11:69:75:5f:f5:99:2d:1f:9c:a1:26:
                    5c:88:ac:f9:50:ed:db:f1:b2:a9:36:40:0e:dd:37:
                    2e:50:d2:6c:fb:9a:a8:3d:fc:0d:e6:6f:ef:f1:19:
                    80:50:a9:1e:4d:9b:a7:87:45:cd:91:fe:17:5b:2c:
                    da:fe:d8:d5:95:a9:16:d1:58:45:34:1d:c0:39:df:
                    93:c1:69:8f:a4:59:1a:7e:36:c7:c4:f1:d8:97:1c:
                    81:19:e1:46:a4:9c:e7:8b:a0:8e:cd:ce:81:ac:40:
                    50:64:78:c4:af:1d:91:17:63:bf:4f:3e:1e:ed:2e:
                    6e:7f:2b:7f:d6:3a:a0:a7:c0:bb:aa:25:e7:90:d3:
                    2e:7f:8d:b1:e8:eb:40:91:ba:49:80:4a:a9:6d:d3:
                    e5:cd:0b:1a:f8:fd:4f:70:bf:aa:55:53:b6:9b:0f:
                    42:c0:fc:c8:27:fd:2e:0d:ca:63:f9:cc:31:f6:98:
                    51:5c:14:bc:90:84:9f:97:d3:9d:60:93:ed:bc:75:
                    45:52:dd:11:c0:e1:73:e9:94:aa:98:9e:25:b9:01:
                    ac:80:de:ce:bb:88:bb:73:78:58:73:08:dc:99:40:
                    f6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B8:F9:65:6B:3C:AC:A9:E9:09:2A:F3:7A:29:99:CE:B1:31:95:31
            X509v3 Authority Key Identifier:
                keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/i7j5ZWs8rKnpCSrzeimZzrExlTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.128.0/21
                  193.221.28.0/24
                  193.221.32.0-193.221.38.255
                  193.221.47.0/24
                  193.221.52.0/23
                  193.221.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:20:16:3b:53:cb:84:fa:bc:a1:e6:21:db:d5:ce:e8:7a:e5:
         0d:97:4d:7d:73:5b:d1:39:1d:51:e2:75:c5:42:c8:63:10:82:
         ff:72:af:46:49:2a:38:de:77:90:1f:d4:1f:08:eb:f3:ab:21:
         97:52:53:45:4f:15:17:12:ad:fd:c3:dc:3a:94:71:0f:5e:9f:
         99:d9:7d:14:09:16:61:f4:5d:aa:68:07:ee:8b:13:d3:bf:b3:
         ea:2c:93:19:93:be:e8:94:ea:db:34:d0:0e:c5:fb:ab:8a:1c:
         e9:6e:24:6e:89:42:8f:ab:7d:99:ad:a9:ea:79:7d:b6:fb:2f:
         27:de:00:7e:d8:df:27:34:f2:1c:f4:1c:d3:7c:8e:c1:20:07:
         e3:24:c7:05:50:da:79:54:4b:3e:51:b5:dd:f3:d2:a6:c1:68:
         14:30:57:96:8a:ac:e2:ad:e8:b1:9c:28:91:3c:c4:c7:3c:fb:
         af:3e:d5:83:81:28:b2:c9:97:f4:34:d3:8e:e9:dd:0d:1a:fb:
         15:1b:06:31:a7:3b:26:ce:b5:58:32:44:be:0b:19:68:53:39:
         23:47:cb:9a:3b:9e:ff:1a:41:26:e9:49:e0:3e:fa:03:d3:7c:
         8c:31:74:87:dc:2a:bc:da:52:47:92:c2:cc:5a:3b:54:57:9f:
         8a:29:b2:b1
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIEBDGlQzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTU0YWIyZDQ4MWNmMTYyMmEyYzUyMTgzYWI0ZjVhOTMwYTRhZTQxMB4XDTIyMDEw
MTA2MDMwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGJiOGY5NjU2YjNj
YWNhOWU5MDkyYWYzN2EyOTk5Y2ViMTMxOTUzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ8n5IQZ9o4d+Mo7D47K2F3VeHzzNnJBElAob7bC+zElyBFp
dV/1mS0fnKEmXIis+VDt2/GyqTZADt03LlDSbPuaqD38DeZv7/EZgFCpHk2bp4dF
zZH+F1ss2v7Y1ZWpFtFYRTQdwDnfk8Fpj6RZGn42x8Tx2JccgRnhRqSc54ugjs3O
gaxAUGR4xK8dkRdjv08+Hu0ubn8rf9Y6oKfAu6ol55DTLn+NsejrQJG6SYBKqW3T
5c0LGvj9T3C/qlVTtpsPQsD8yCf9Lg3KY/nMMfaYUVwUvJCEn5fTnWCT7bx1RVLd
EcDhc+mUqpieJbkBrIDezruIu3N4WHMI3JlA9usCAwEAAaOCAi8wggIrMB0GA1Ud
DgQWBBSLuPllazysqekJKvN6KZnOsTGVMTAfBgNVHSMEGDAWgBT+VKstSBzxYios
Uhg6tPWpMKSuQTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19sU3JMVWdjOFdJcUxGSVlPclQxcVRDa3JrRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTgvNGQ1ZTRhLThhMTYtNDUzNy1iZTFmLTFiMTM2MmI5YjZhMi8x
L2k3ajVaV3M4cktucENTcnplaW1aenJFeGxURS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTgv
NGQ1ZTRhLThhMTYtNDUzNy1iZTFmLTFiMTM2MmI5YjZhMi8xL19sU3JMVWdjOFdJ
cUxGSVlPclQxcVRDa3JrRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBF
BggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLAMEA6sZgAMEAMHdHDAMAwQFwd0gAwQA
wd0mAwQAwd0vAwQBwd00AwQAwd07MA0GCSqGSIb3DQEBCwUAA4IBAQAuIBY7U8uE
+ryh5iHb1c7oeuUNl019c1vROR1R4nXFQshjEIL/cq9GSSo43neQH9QfCOvzqyGX
UlNFTxUXEq39w9w6lHEPXp+Z2X0UCRZh9F2qaAfuixPTv7PqLJMZk77olOrbNNAO
xfurihzpbiRuiUKPq32ZranqeX22+y8n3gB+2N8nNPIc9BzTfI7BIAfjJMcFUNp5
VEs+UbXd89KmwWgUMFeWiqzireixnCiRPMTHPPuvPtWDgSiyyZf0NNOO6d0NGvsV
GwYxpzsmzrVYMkS+CxloUzkjR8uaO57/GkEm6UngPvoD03yMMXSH3Cq82lJHksLM
WjtUV5+KKbKx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:54 2024 by rpki-client on console-ams.rpki-client.org