Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/UdUwsos6aanz33fnGas_k4JPK1I.roa
File:                     UdUwsos6aanz33fnGas_k4JPK1I.roa (raw, json)
Hash identifier:          99aHxmZr1unfSJ6VN0H2B3OQslASmwTtTm1DM8Hg+Yg=
Subject key identifier:   51:D5:30:B2:8B:3A:69:A9:F3:DF:77:E7:19:AB:3F:93:82:4F:2B:52
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0184429C9B032AD5E489BD58CDBFE93EAD20
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/UdUwsos6aanz33fnGas_k4JPK1I.roa
Signing time:             Fri 04 Nov 2022 12:27:50 +0000
ROA not before:           Fri 04 Nov 2022 12:27:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7029
IP address blocks:        104.239.10.0/23 maxlen: 23
                          104.239.13.0/24 maxlen: 24
                          104.239.30.0/23 maxlen: 23
                          104.249.55.0/24 maxlen: 24
                          104.239.28.0/24 maxlen: 24
                          104.249.60.0/23 maxlen: 23
                          216.173.120.0/24 maxlen: 24
                          104.238.4.0/24 maxlen: 24
                          104.238.8.0/24 maxlen: 24
                          104.238.10.0/24 maxlen: 24
                          104.238.9.0/24 maxlen: 24
                          104.238.5.0/24 maxlen: 24
                          104.238.7.0/24 maxlen: 24
                          216.173.76.0/24 maxlen: 24
                          216.173.82.0/24 maxlen: 24
                          216.173.103.0/24 maxlen: 24
                          216.173.102.0/24 maxlen: 24
                          216.173.105.0/24 maxlen: 24
                          216.173.104.0/24 maxlen: 24
                          216.173.106.0/24 maxlen: 24
                          216.173.108.0/24 maxlen: 24
                          216.173.107.0/24 maxlen: 24
                          216.173.110.0/24 maxlen: 24
                          216.173.109.0/24 maxlen: 24
                          104.239.94.0/24 maxlen: 24
                          104.239.98.0/24 maxlen: 24
                          104.239.101.0/24 maxlen: 24
                          104.239.104.0/24 maxlen: 24
                          104.239.105.0/24 maxlen: 24
                          104.239.107.0/24 maxlen: 24
                          104.239.106.0/24 maxlen: 24
                          104.239.108.0/24 maxlen: 24
                          104.239.111.0/24 maxlen: 24
                          104.239.124.0/23 maxlen: 23
                          104.239.126.0/24 maxlen: 24
                          104.239.44.0/24 maxlen: 24
                          104.239.73.0/24 maxlen: 24
                          104.239.75.0/24 maxlen: 24
                          104.239.78.0/24 maxlen: 24
                          104.239.76.0/23 maxlen: 23
                          104.239.82.0/24 maxlen: 24
                          104.239.80.0/23 maxlen: 23
                          104.239.86.0/24 maxlen: 24
                          104.239.88.0/24 maxlen: 24
                          104.239.90.0/23 maxlen: 23
                          104.233.20.0/24 maxlen: 24
                          104.233.24.0/23 maxlen: 23
                          104.233.26.0/24 maxlen: 24
                          138.128.157.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:42:9c:9b:03:2a:d5:e4:89:bd:58:cd:bf:e9:3e:ad:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov  4 12:27:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=51d530b28b3a69a9f3df77e719ab3f93824f2b52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:58:10:7b:66:57:2f:0c:1b:99:eb:16:36:3b:
                    f1:42:c4:ef:16:73:cf:f8:ef:d7:5b:26:d4:46:27:
                    56:9f:ec:3c:f3:88:ef:d2:51:93:c6:ea:0a:20:7f:
                    d5:40:fc:75:09:16:f4:90:ee:84:45:73:50:a9:56:
                    74:cf:12:52:69:30:9d:f1:e9:2a:f2:c5:8c:f3:a8:
                    d4:a5:c8:f0:f9:dc:14:4e:f3:1e:7b:7d:d8:73:90:
                    42:c1:5e:ad:6b:e5:4a:3c:fb:e8:b9:90:ac:73:e8:
                    0a:c9:9b:8e:ae:ae:e7:cd:5f:eb:ed:fd:6e:64:4e:
                    22:e5:40:95:12:74:68:8b:b0:72:be:4d:76:32:1a:
                    5f:ed:6c:f6:e6:53:9d:64:d8:58:0c:85:9e:30:bb:
                    1f:96:5f:d1:bb:cc:e5:2b:60:c4:03:08:5f:cb:da:
                    16:1e:fd:93:d2:b9:59:59:88:59:cf:ca:df:00:be:
                    1b:f3:5e:31:f1:fe:03:50:02:65:b9:b2:85:0c:66:
                    00:08:ad:02:88:b2:39:76:4f:30:3d:c6:39:d6:52:
                    16:d6:94:dd:0d:44:29:96:2f:da:e6:1c:9c:21:08:
                    9b:1d:bb:f6:1b:5a:cb:3d:9d:33:dd:15:bc:0f:cd:
                    f8:04:db:79:d8:70:f3:d1:a3:fd:71:84:d1:11:b2:
                    f2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D5:30:B2:8B:3A:69:A9:F3:DF:77:E7:19:AB:3F:93:82:4F:2B:52
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/UdUwsos6aanz33fnGas_k4JPK1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.233.20.0/24
                  104.233.24.0-104.233.26.255
                  104.238.4.0/23
                  104.238.7.0-104.238.10.255
                  104.239.10.0/23
                  104.239.13.0/24
                  104.239.28.0/24
                  104.239.30.0/23
                  104.239.44.0/24
                  104.239.73.0/24
                  104.239.75.0-104.239.78.255
                  104.239.80.0-104.239.82.255
                  104.239.86.0/24
                  104.239.88.0/24
                  104.239.90.0/23
                  104.239.94.0/24
                  104.239.98.0/24
                  104.239.101.0/24
                  104.239.104.0-104.239.108.255
                  104.239.111.0/24
                  104.239.124.0-104.239.126.255
                  104.249.55.0/24
                  104.249.60.0/23
                  138.128.157.0/24
                  216.173.76.0/24
                  216.173.82.0/24
                  216.173.102.0-216.173.110.255
                  216.173.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f9:46:f7:77:dd:2e:e2:68:a1:b6:3f:83:27:ac:c8:9d:81:
         8c:5a:8b:6d:79:dc:27:79:25:cd:fd:e5:da:88:05:e6:c4:03:
         c2:8e:0f:23:80:a1:50:9c:90:c5:49:a9:f7:a1:b4:3a:fc:fb:
         ed:2a:e2:69:d0:01:2c:06:5a:ac:cf:7f:01:18:2e:f2:46:4e:
         fb:9d:ef:4a:4e:9c:a3:39:40:66:b3:78:6e:60:45:24:c5:ef:
         aa:40:4a:c9:57:79:7c:2e:53:20:8a:df:c0:78:e5:4e:2f:6e:
         a0:f9:4d:13:65:8a:6b:e2:38:6d:5b:8d:e6:f0:e0:b6:9d:3b:
         34:35:35:86:3c:d4:2a:43:42:ba:9c:b4:0b:f0:d6:a3:0c:d6:
         94:ca:78:1c:3c:00:aa:76:aa:3c:72:6b:35:4d:30:8e:c9:32:
         4e:9f:40:70:3d:47:57:17:cd:98:5f:a9:62:16:75:ba:5e:2b:
         19:48:90:c2:4c:35:dd:d0:45:06:70:8b:28:22:c9:6b:7e:a9:
         28:67:24:da:6f:d8:39:ab:7d:ef:bd:4c:02:a0:79:83:33:04:
         0f:ad:7b:87:1a:4e:ec:de:27:33:8a:9a:6a:ce:00:ac:2a:6e:
         a9:33:33:4b:b2:04:0f:a8:78:23:4c:37:4e:8f:06:95:d2:2f:
         5d:23:ae:3e
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgISAYRCnJsDKtXkib1Yzb/pPq0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMTA0MTIyNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQ1MzBiMjhiM2E2OWE5ZjNkZjc3ZTcxOWFiM2Y5MzgyNGYyYjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1gQe2ZXLwwbmesWNjvxQsTvFnPP
+O/XWybURidWn+w884jv0lGTxuoKIH/VQPx1CRb0kO6ERXNQqVZ0zxJSaTCd8ekq
8sWM86jUpcjw+dwUTvMee33Yc5BCwV6ta+VKPPvouZCsc+gKyZuOrq7nzV/r7f1u
ZE4i5UCVEnRoi7Byvk12Mhpf7Wz25lOdZNhYDIWeMLsfll/Ru8zlK2DEAwhfy9oW
Hv2T0rlZWYhZz8rfAL4b814x8f4DUAJlubKFDGYACK0CiLI5dk8wPcY51lIW1pTd
DUQpli/a5hycIQibHbv2G1rLPZ0z3RW8D834BNt52HDz0aP9cYTREbLyvwIDAQAB
o4IC6DCCAuQwHQYDVR0OBBYEFFHVMLKLOmmp89935xmrP5OCTytSMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvVWRVd3NvczZhYW56MzNmbkdhc19rNEpQSzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH9BggrBgEFBQcBBwEB/wSB7TCB6jCB5wQCAAEwgeADBABo
6RQwDAMEA2jpGAMEAGjpGgMEAWjuBDAMAwQAaO4HAwQAaO4KAwQBaO8KAwQAaO8N
AwQAaO8cAwQBaO8eAwQAaO8sAwQAaO9JMAwDBABo70sDBABo704wDAMEBGjvUAME
AGjvUgMEAGjvVgMEAGjvWAMEAWjvWgMEAGjvXgMEAGjvYgMEAGjvZTAMAwQDaO9o
AwQAaO9sAwQAaO9vMAwDBAJo73wDBABo734DBABo+TcDBAFo+TwDBACKgJ0DBADY
rUwDBADYrVIwDAMEAditZgMEANitbgMEANiteDANBgkqhkiG9w0BAQsFAAOCAQEA
T/lG93fdLuJoobY/gyesyJ2BjFqLbXncJ3klzf3l2ogF5sQDwo4PI4ChUJyQxUmp
96G0Ovz77SriadABLAZarM9/ARgu8kZO+53vSk6cozlAZrN4bmBFJMXvqkBKyVd5
fC5TIIrfwHjlTi9uoPlNE2WKa+I4bVuN5vDgtp07NDU1hjzUKkNCupy0C/DWowzW
lMp4HDwAqnaqPHJrNU0wjskyTp9AcD1HVxfNmF+pYhZ1ul4rGUiQwkw13dBFBnCL
KCLJa36pKGck2m/YOat9771MAqB5gzMED617hxpO7N4nM4qaas4ArCpuqTMzS7IE
D6h4I0w3To8GldIvXSOuPg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org