Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/T1OvmNo0vTuJ6sypM3rj-cDbRV4.roa
File:                     T1OvmNo0vTuJ6sypM3rj-cDbRV4.roa (raw, json)
Hash identifier:          CjsasjIXexFSt//Vtn/3lui41WL+iKTQfBI6IOph0BU=
Subject key identifier:   4F:53:AF:98:DA:34:BD:3B:89:EA:CC:A9:33:7A:E3:F9:C0:DB:45:5E
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01842D99E14050EF5A5EBB67EE8350092BDC
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/T1OvmNo0vTuJ6sypM3rj-cDbRV4.roa
Signing time:             Mon 31 Oct 2022 10:32:50 +0000
ROA not before:           Mon 31 Oct 2022 10:32:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        104.239.10.0/23 maxlen: 23
                          104.239.13.0/24 maxlen: 24
                          104.249.55.0/24 maxlen: 24
                          104.239.28.0/24 maxlen: 24
                          104.239.30.0/23 maxlen: 23
                          104.249.60.0/23 maxlen: 23
                          104.167.0.0/24 maxlen: 24
                          104.167.10.0/24 maxlen: 24
                          216.173.120.0/24 maxlen: 24
                          64.137.52.0/23 maxlen: 23
                          104.238.4.0/24 maxlen: 24
                          104.238.5.0/24 maxlen: 24
                          104.238.8.0/24 maxlen: 24
                          104.238.7.0/24 maxlen: 24
                          104.238.10.0/24 maxlen: 24
                          104.238.9.0/24 maxlen: 24
                          104.238.20.0/24 maxlen: 24
                          216.173.76.0/24 maxlen: 24
                          216.173.82.0/24 maxlen: 24
                          216.173.102.0/24 maxlen: 24
                          216.173.104.0/24 maxlen: 24
                          216.173.103.0/24 maxlen: 24
                          216.173.105.0/24 maxlen: 24
                          216.173.109.0/24 maxlen: 24
                          216.173.108.0/24 maxlen: 24
                          216.173.110.0/24 maxlen: 24
                          216.173.106.0/24 maxlen: 24
                          216.173.107.0/24 maxlen: 24
                          104.239.98.0/24 maxlen: 24
                          104.239.94.0/24 maxlen: 24
                          104.239.101.0/24 maxlen: 24
                          104.239.105.0/24 maxlen: 24
                          104.239.104.0/24 maxlen: 24
                          104.239.111.0/24 maxlen: 24
                          104.239.106.0/24 maxlen: 24
                          104.239.108.0/24 maxlen: 24
                          104.239.107.0/24 maxlen: 24
                          104.239.124.0/23 maxlen: 23
                          104.239.126.0/24 maxlen: 24
                          104.239.44.0/24 maxlen: 24
                          104.239.76.0/23 maxlen: 23
                          104.239.73.0/24 maxlen: 24
                          104.239.75.0/24 maxlen: 24
                          104.239.78.0/24 maxlen: 24
                          104.239.80.0/23 maxlen: 23
                          104.239.82.0/24 maxlen: 24
                          104.239.90.0/23 maxlen: 23
                          104.239.86.0/24 maxlen: 24
                          104.239.88.0/24 maxlen: 24
                          104.233.20.0/24 maxlen: 24
                          104.233.24.0/23 maxlen: 23
                          104.233.26.0/24 maxlen: 24
                          138.128.148.0/24 maxlen: 24
                          138.128.157.0/24 maxlen: 24
                          138.128.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:2d:99:e1:40:50:ef:5a:5e:bb:67:ee:83:50:09:2b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct 31 10:32:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4f53af98da34bd3b89eacca9337ae3f9c0db455e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0c:50:b3:a8:4c:03:e3:17:56:c4:65:b3:29:
                    3f:c2:25:b6:41:8b:3b:b0:75:aa:7f:da:b9:79:2b:
                    25:f6:4a:19:7a:02:4b:70:d7:1c:5a:27:9d:fd:c6:
                    39:4e:68:94:d0:a3:7a:32:0d:e2:f0:f0:2f:57:f1:
                    ee:0d:f5:02:01:16:9e:45:ba:0f:34:8c:0e:05:84:
                    b2:3c:f3:dc:a1:91:01:f1:44:7e:bd:b7:f0:2a:53:
                    4b:cb:87:21:32:5f:5b:ce:69:98:84:1c:78:a6:ec:
                    2a:25:6e:c7:4a:35:87:f0:c6:f3:e5:9b:a0:4c:16:
                    6c:3e:28:eb:f1:1c:7d:d0:55:97:1d:35:77:94:56:
                    9c:6f:f3:85:8c:98:2c:2e:16:6b:13:19:b7:9e:f6:
                    2f:bf:92:56:08:28:9e:4b:82:73:db:45:27:a7:02:
                    c4:8a:e7:e6:75:0b:f3:a4:7a:2b:cc:8c:a7:ed:a4:
                    38:dc:a1:50:03:b1:fb:2a:c7:76:22:23:0f:ed:a6:
                    12:8a:5c:a6:5a:97:5b:b1:ba:17:08:2e:6c:1d:df:
                    38:8e:6a:63:21:5b:e1:75:f0:c6:34:8a:12:45:1b:
                    29:46:3a:4d:d0:63:db:0d:ba:26:b5:0b:59:8a:d5:
                    46:d5:d4:4f:ef:d1:2c:3e:cd:5f:85:4b:8b:5f:c9:
                    8a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:53:AF:98:DA:34:BD:3B:89:EA:CC:A9:33:7A:E3:F9:C0:DB:45:5E
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/T1OvmNo0vTuJ6sypM3rj-cDbRV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.52.0/23
                  104.167.0.0/24
                  104.167.10.0/24
                  104.233.20.0/24
                  104.233.24.0-104.233.26.255
                  104.238.4.0/23
                  104.238.7.0-104.238.10.255
                  104.238.20.0/24
                  104.239.10.0/23
                  104.239.13.0/24
                  104.239.28.0/24
                  104.239.30.0/23
                  104.239.44.0/24
                  104.239.73.0/24
                  104.239.75.0-104.239.78.255
                  104.239.80.0-104.239.82.255
                  104.239.86.0/24
                  104.239.88.0/24
                  104.239.90.0/23
                  104.239.94.0/24
                  104.239.98.0/24
                  104.239.101.0/24
                  104.239.104.0-104.239.108.255
                  104.239.111.0/24
                  104.239.124.0-104.239.126.255
                  104.249.55.0/24
                  104.249.60.0/23
                  138.128.148.0/24
                  138.128.157.0/24
                  138.128.159.0/24
                  216.173.76.0/24
                  216.173.82.0/24
                  216.173.102.0-216.173.110.255
                  216.173.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:bc:96:ca:e5:5f:1b:86:57:6f:35:ce:97:8d:5f:3d:e5:1d:
         eb:6b:85:52:0e:c6:0e:da:8a:63:69:69:38:c9:85:85:10:c4:
         09:c2:e6:bc:90:07:33:ad:ea:6e:a7:d4:99:65:d7:dd:9d:4a:
         4c:76:e4:7e:19:a7:8f:79:69:60:7b:ff:30:5e:80:ef:18:0a:
         69:df:14:d7:05:03:4e:44:a5:49:9b:b2:5e:8a:bd:51:54:36:
         a5:3d:1f:2c:0b:90:8c:dd:df:50:b1:e0:6d:52:31:58:99:d5:
         41:02:48:19:97:e0:f4:2c:33:99:cb:cd:d8:aa:a7:6a:f5:68:
         69:ad:02:a2:2f:51:a9:21:76:e1:87:7a:f3:8d:d8:bf:20:cd:
         d7:f9:3e:bf:86:b3:38:78:02:31:14:c3:3c:a7:e8:f5:82:ff:
         6b:9d:03:73:3f:03:09:ca:25:db:79:fb:7e:92:8e:54:b3:b1:
         a7:20:5f:05:2c:58:af:17:e4:12:42:94:22:37:a5:e1:98:f6:
         a7:4a:bd:6f:31:17:bc:9e:bf:13:c5:29:dd:be:16:9e:c2:c1:
         5d:6b:b9:1f:ef:2c:01:4e:05:3b:0c:74:69:11:12:fa:d4:19:
         39:05:8f:bc:0f:3c:11:74:f6:c9:ed:64:85:31:37:1d:19:82:
         5f:3e:90:1a
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAYQtmeFAUO9aXrtn7oNQCSvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMDMxMTAzMjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjUzYWY5OGRhMzRiZDNiODllYWNjYTkzMzdhZTNmOWMwZGI0NTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgxQs6hMA+MXVsRlsyk/wiW2QYs7
sHWqf9q5eSsl9koZegJLcNccWied/cY5TmiU0KN6Mg3i8PAvV/HuDfUCARaeRboP
NIwOBYSyPPPcoZEB8UR+vbfwKlNLy4chMl9bzmmYhBx4puwqJW7HSjWH8Mbz5Zug
TBZsPijr8Rx90FWXHTV3lFacb/OFjJgsLhZrExm3nvYvv5JWCCieS4Jz20UnpwLE
iufmdQvzpHorzIyn7aQ43KFQA7H7Ksd2IiMP7aYSilymWpdbsboXCC5sHd84jmpj
IVvhdfDGNIoSRRspRjpN0GPbDbomtQtZitVG1dRP79EsPs1fhUuLX8mKVQIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFE9Tr5jaNL07ierMqTN64/nA20VeMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvVDFPdm1ObzB2VHVKNnN5cE0zcmotY0RiUlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCCAQwEAgABMIIB
BAMEAUCJNAMEAGinAAMEAGinCgMEAGjpFDAMAwQDaOkYAwQAaOkaAwQBaO4EMAwD
BABo7gcDBABo7goDBABo7hQDBAFo7woDBABo7w0DBABo7xwDBAFo7x4DBABo7ywD
BABo70kwDAMEAGjvSwMEAGjvTjAMAwQEaO9QAwQAaO9SAwQAaO9WAwQAaO9YAwQB
aO9aAwQAaO9eAwQAaO9iAwQAaO9lMAwDBANo72gDBABo72wDBABo728wDAMEAmjv
fAMEAGjvfgMEAGj5NwMEAWj5PAMEAIqAlAMEAIqAnQMEAIqAnwMEANitTAMEANit
UjAMAwQB2K1mAwQA2K1uAwQA2K14MA0GCSqGSIb3DQEBCwUAA4IBAQBHvJbK5V8b
hldvNc6XjV895R3ra4VSDsYO2opjaWk4yYWFEMQJwua8kAczrepup9SZZdfdnUpM
duR+GaePeWlge/8wXoDvGApp3xTXBQNORKVJm7Jeir1RVDalPR8sC5CM3d9QseBt
UjFYmdVBAkgZl+D0LDOZy83Yqqdq9WhprQKiL1GpIXbhh3rzjdi/IM3X+T6/hrM4
eAIxFMM8p+j1gv9rnQNzPwMJyiXbeft+ko5Us7GnIF8FLFivF+QSQpQiN6XhmPan
Sr1vMRe8nr8TxSndvhaewsFda7kf7ywBTgU7DHRpERL61Bk5BY+8DzwRdPbJ7WSF
MTcdGYJfPpAa
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org