Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KW68RUS5fIruIwhLYWAkJyMRaNY.roa
File:                     KW68RUS5fIruIwhLYWAkJyMRaNY.roa (raw, json)
Hash identifier:          CT7lK11ODabxHDPBpj25iH4GZKUrJvapUltouPwGd34=
Subject key identifier:   29:6E:BC:45:44:B9:7C:8A:EE:23:08:4B:61:60:24:27:23:11:68:D6
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01852ABAD9601636F274FB6C24C0EAAD1E0E
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KW68RUS5fIruIwhLYWAkJyMRaNY.roa
Signing time:             Mon 19 Dec 2022 14:12:46 +0000
ROA not before:           Mon 19 Dec 2022 14:12:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     149428
IP address blocks:        64.137.17.0/24 maxlen: 24
                          104.239.96.0/23 maxlen: 23
                          64.137.28.0/24 maxlen: 24
                          104.238.14.0/24 maxlen: 24
                          104.239.84.0/23 maxlen: 23
                          138.128.159.0/24 maxlen: 24
                          104.238.19.0/24 maxlen: 24
                          104.238.20.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2a:ba:d9:60:16:36:f2:74:fb:6c:24:c0:ea:ad:1e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Dec 19 14:12:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=296ebc4544b97c8aee23084b61602427231168d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c0:76:3f:7a:91:aa:25:6f:72:b0:9e:f8:b8:
                    e4:b1:d7:21:1d:d0:e8:26:67:8e:4c:d3:1f:34:74:
                    8e:ff:1e:5a:9e:95:4c:70:6d:09:ec:4d:0c:e1:a4:
                    01:2d:10:4b:8e:ff:46:f5:43:e6:ae:69:27:c5:d2:
                    1c:63:f6:e4:f1:0e:be:31:01:7a:48:b2:63:e7:d8:
                    ee:be:99:ca:14:b2:1a:95:0b:20:22:a8:21:cb:96:
                    65:6e:d3:52:ab:68:3a:8f:eb:f0:82:b7:b9:8e:50:
                    18:3e:b2:93:d2:bd:23:32:19:f4:33:26:c5:1d:3b:
                    fb:d8:a5:c4:88:c3:47:17:ca:99:1b:d3:25:e2:d8:
                    fd:12:f3:8a:4e:80:00:3f:a2:a8:bb:14:c5:cc:8d:
                    0e:56:a1:d7:c1:88:f6:28:ae:f6:23:5e:4d:f4:b5:
                    3a:59:c8:21:a6:35:ee:7b:f0:68:32:04:4b:13:f8:
                    47:c2:2c:2b:98:7f:07:1c:4d:bf:23:84:be:92:7e:
                    18:fc:f6:46:88:ed:ad:9a:ed:11:08:60:c9:31:0f:
                    95:89:a0:c3:03:93:dd:c4:fd:40:c3:7d:ae:05:31:
                    92:a9:64:20:8c:6d:4f:f4:a5:b0:07:fc:b9:9f:56:
                    8f:3f:ed:4f:15:cb:9c:f5:86:6d:11:96:d4:4a:08:
                    d8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6E:BC:45:44:B9:7C:8A:EE:23:08:4B:61:60:24:27:23:11:68:D6
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KW68RUS5fIruIwhLYWAkJyMRaNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.17.0/24
                  64.137.28.0/24
                  104.238.14.0/24
                  104.238.19.0-104.238.20.255
                  104.239.84.0/23
                  104.239.96.0/23
                  138.128.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:e5:a7:c6:46:91:3a:33:96:b9:c1:1f:7c:4b:c7:7d:7a:c4:
         9f:b5:05:fa:61:c9:3c:60:50:38:20:e0:ad:10:9a:32:cb:87:
         63:86:e9:16:4e:c0:b0:25:5e:a6:bf:74:23:7c:6d:b4:96:22:
         08:19:b2:f4:19:55:00:63:d9:6f:f5:dd:49:31:87:9c:e2:3f:
         e5:95:b3:2c:70:c8:5c:49:34:83:6c:ea:93:75:d4:68:a7:1d:
         29:0a:ec:22:2a:a6:58:bf:0b:2d:81:48:3a:be:ff:50:26:2c:
         38:41:8d:e2:f8:40:79:2c:96:a5:f2:ac:34:8a:1e:10:4e:ab:
         90:e2:54:a3:31:ef:fc:6c:6a:d8:28:aa:e8:f7:88:b9:e2:51:
         d3:dd:2a:0f:ba:4c:46:ac:a6:fb:2f:a6:57:dc:7a:a5:66:6e:
         3d:52:ca:b3:f4:e5:ff:fe:b9:f5:c3:a2:70:a0:72:af:0e:13:
         e7:12:af:58:be:4f:e3:e9:ed:c4:c6:aa:e4:3d:f1:14:4c:dc:
         cd:62:0b:63:30:8c:fa:8c:a9:c0:ef:88:92:03:2c:de:7a:74:
         dc:7d:3b:70:6c:47:68:23:91:99:92:d3:e5:f0:a2:80:17:19:
         b0:40:aa:4a:45:d8:eb:3b:7e:50:fc:37:ca:ea:56:43:ff:fc:
         59:25:b4:ce
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYUqutlgFjbydPtsJMDqrR4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMjE5MTQxMjQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZlYmM0NTQ0Yjk3YzhhZWUyMzA4NGI2MTYwMjQyNzIzMTE2OGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcB2P3qRqiVvcrCe+LjksdchHdDo
JmeOTNMfNHSO/x5anpVMcG0J7E0M4aQBLRBLjv9G9UPmrmknxdIcY/bk8Q6+MQF6
SLJj59juvpnKFLIalQsgIqghy5ZlbtNSq2g6j+vwgre5jlAYPrKT0r0jMhn0MybF
HTv72KXEiMNHF8qZG9Ml4tj9EvOKToAAP6KouxTFzI0OVqHXwYj2KK72I15N9LU6
WcghpjXue/BoMgRLE/hHwiwrmH8HHE2/I4S+kn4Y/PZGiO2tmu0RCGDJMQ+ViaDD
A5PdxP1Aw32uBTGSqWQgjG1P9KWwB/y5n1aPP+1PFcuc9YZtEZbUSgjYYwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCluvEVEuXyK7iMIS2FgJCcjEWjWMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvS1c2OFJVUzVmSXJ1SXdoTFlXQWtKeU1SYU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAQIkRAwQA
QIkcAwQAaO4OMAwDBABo7hMDBABo7hQDBAFo71QDBAFo72ADBACKgJ8wDQYJKoZI
hvcNAQELBQADggEBAIPlp8ZGkTozlrnBH3xLx316xJ+1BfphyTxgUDgg4K0QmjLL
h2OG6RZOwLAlXqa/dCN8bbSWIggZsvQZVQBj2W/13Ukxh5ziP+WVsyxwyFxJNINs
6pN11GinHSkK7CIqpli/Cy2BSDq+/1AmLDhBjeL4QHkslqXyrDSKHhBOq5DiVKMx
7/xsatgoquj3iLniUdPdKg+6TEaspvsvplfceqVmbj1SyrP05f/+ufXDonCgcq8O
E+cSr1i+T+Pp7cTGquQ98RRM3M1iC2MwjPqMqcDviJIDLN56dNx9O3BsR2gjkZmS
0+XwooAXGbBAqkpF2Os7flD8N8rqVkP//FkltM4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org