Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/daK1zSHaAyn-glITlpIsx27L53M.roa
File:                     daK1zSHaAyn-glITlpIsx27L53M.roa (raw, json)
Hash identifier:          GadG1PWGW5oJnop9WKYpvbuXP574C+GsiGnfMSTWzXk=
Subject key identifier:   75:A2:B5:CD:21:DA:03:29:FE:82:52:13:96:92:2C:C7:6E:CB:E7:73
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01842D99E2CB7B60907A9042CA0540D1B83A
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/daK1zSHaAyn-glITlpIsx27L53M.roa
Signing time:             Mon 31 Oct 2022 10:32:50 +0000
ROA not before:           Mon 31 Oct 2022 10:32:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212238
IP address blocks:        104.143.254.0/23 maxlen: 23
                          64.137.80.0/22 maxlen: 22
                          64.137.96.0/22 maxlen: 22
                          64.137.94.0/23 maxlen: 23
                          64.137.92.0/23 maxlen: 23
                          64.137.100.0/23 maxlen: 23
                          216.173.78.0/23 maxlen: 23
                          104.249.29.0/24 maxlen: 24
                          104.249.36.0/24 maxlen: 24
                          216.173.88.0/23 maxlen: 23
                          216.173.111.0/24 maxlen: 24
                          104.249.55.0/24 maxlen: 24
                          104.239.96.0/23 maxlen: 23
                          104.239.92.0/23 maxlen: 23
                          104.239.84.0/23 maxlen: 23
                          64.137.14.0/23 maxlen: 23
                          64.137.18.0/23 maxlen: 23
                          104.143.232.0/21 maxlen: 21
                          64.137.42.0/23 maxlen: 23
                          104.143.240.0/22 maxlen: 22
                          64.137.48.0/23 maxlen: 23
                          104.143.235.0/24 maxlen: 24
                          64.137.58.0/23 maxlen: 23
                          104.143.248.0/21 maxlen: 21
                          64.137.60.0/22 maxlen: 22
                          104.238.4.0/23 maxlen: 23
                          104.238.0.0/22 maxlen: 22
                          104.233.0.0/21 maxlen: 21
                          104.238.14.0/24 maxlen: 24
                          138.128.151.0/24 maxlen: 24
                          104.238.19.0/24 maxlen: 24
                          64.137.10.0/23 maxlen: 23
                          138.128.153.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:2d:99:e2:cb:7b:60:90:7a:90:42:ca:05:40:d1:b8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct 31 10:32:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=75a2b5cd21da0329fe82521396922cc76ecbe773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:48:12:7a:8e:b8:a5:61:8a:0f:08:f7:64:69:
                    4e:27:59:22:23:25:db:8c:39:0d:38:91:31:50:54:
                    49:cc:dd:fe:19:f2:ff:99:8f:20:78:60:7f:fb:dc:
                    11:c5:6b:43:58:dc:1c:ec:17:95:23:4c:29:56:c4:
                    3d:af:89:2c:79:35:2f:9a:9d:1d:f5:08:6a:ed:15:
                    c9:15:67:6c:92:9c:75:d9:ca:55:44:1f:cb:5b:0d:
                    e8:bd:dc:a6:3c:28:a4:f6:79:b5:c8:52:99:f7:b2:
                    97:9b:00:4b:8e:70:5b:9c:84:87:a2:4e:07:a1:1a:
                    cf:a0:bb:bf:17:d7:18:a4:f5:cd:3b:d9:fa:1b:6a:
                    a0:5f:e7:55:3c:98:8a:b1:e8:57:63:14:7c:d9:a8:
                    77:3d:19:de:ff:5b:4c:66:8d:a0:09:85:68:af:71:
                    66:2d:08:ce:54:49:d2:54:df:eb:bc:51:0a:d5:3c:
                    6f:ff:10:0d:02:db:e6:8d:37:94:9d:f9:88:9e:35:
                    be:56:c8:14:c9:2c:06:ba:35:1d:1a:0a:65:03:cd:
                    31:7b:aa:f3:25:80:34:50:29:66:e4:5b:d4:c7:8d:
                    e2:12:09:91:2a:53:16:69:82:2d:63:86:47:e2:6d:
                    a2:cf:c7:9c:92:70:ec:23:76:f7:17:68:d6:8f:63:
                    6e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:A2:B5:CD:21:DA:03:29:FE:82:52:13:96:92:2C:C7:6E:CB:E7:73
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/daK1zSHaAyn-glITlpIsx27L53M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.10.0/23
                  64.137.14.0/23
                  64.137.18.0/23
                  64.137.42.0/23
                  64.137.48.0/23
                  64.137.58.0-64.137.63.255
                  64.137.80.0/22
                  64.137.92.0-64.137.101.255
                  104.143.232.0-104.143.243.255
                  104.143.248.0/21
                  104.233.0.0/21
                  104.238.0.0-104.238.5.255
                  104.238.14.0/24
                  104.238.19.0/24
                  104.239.84.0/23
                  104.239.92.0/23
                  104.239.96.0/23
                  104.249.29.0/24
                  104.249.36.0/24
                  104.249.55.0/24
                  138.128.151.0/24
                  138.128.153.0/24
                  216.173.78.0/23
                  216.173.88.0/23
                  216.173.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:3f:9f:e2:e2:0d:1b:5a:c9:db:6e:3b:dc:93:12:7c:4e:25:
         d5:c7:33:86:8a:6b:e5:74:5b:54:da:99:31:94:71:15:cd:9e:
         98:44:18:0e:5f:15:48:c3:4f:dd:22:bb:84:1d:e8:fb:2d:ac:
         68:cb:f5:8e:e8:0c:af:38:48:0e:f2:85:72:f6:44:f2:f1:c9:
         c1:72:be:c3:56:9d:da:95:0e:ad:1b:27:03:e1:e5:08:b4:ca:
         3d:25:58:52:e4:fe:64:15:08:62:90:b0:0e:91:9e:67:e9:55:
         f6:6b:5a:67:ea:db:b2:61:5e:c1:b3:85:9d:ef:b6:4e:f0:50:
         1a:52:c5:2f:91:42:3f:9b:3f:e5:99:df:67:cd:cd:1e:46:99:
         b8:7b:36:c8:28:b4:a3:c2:ec:78:16:0b:eb:0c:1e:6f:8f:7b:
         d6:5a:35:1d:ef:11:7f:61:d9:6a:d1:ee:a4:3d:67:62:c7:aa:
         fb:37:bc:ee:e6:7e:43:b4:34:07:7f:87:91:83:ee:50:20:9f:
         d8:97:7a:fd:4e:d7:43:8b:14:2a:2b:26:98:d0:4c:a5:85:75:
         31:da:31:c8:2f:ee:37:33:b9:57:e8:05:f6:a1:de:52:ab:61:
         2c:6e:df:92:aa:c6:b8:de:92:2b:f7:18:49:e4:22:79:50:33:
         86:25:af:32
-----BEGIN CERTIFICATE-----
MIIFsTCCBJmgAwIBAgISAYQtmeLLe2CQepBCygVA0bg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMDMxMTAzMjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWEyYjVjZDIxZGEwMzI5ZmU4MjUyMTM5NjkyMmNjNzZlY2JlNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUgSeo64pWGKDwj3ZGlOJ1kiIyXb
jDkNOJExUFRJzN3+GfL/mY8geGB/+9wRxWtDWNwc7BeVI0wpVsQ9r4kseTUvmp0d
9Qhq7RXJFWdskpx12cpVRB/LWw3ovdymPCik9nm1yFKZ97KXmwBLjnBbnISHok4H
oRrPoLu/F9cYpPXNO9n6G2qgX+dVPJiKsehXYxR82ah3PRne/1tMZo2gCYVor3Fm
LQjOVEnSVN/rvFEK1Txv/xANAtvmjTeUnfmInjW+VsgUySwGujUdGgplA80xe6rz
JYA0UClm5FvUx43iEgmRKlMWaYItY4ZH4m2iz8ecknDsI3b3F2jWj2NusQIDAQAB
o4ICvTCCArkwHQYDVR0OBBYEFHWitc0h2gMp/oJSE5aSLMduy+dzMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZGFLMXpTSGFBeW4tZ2xJVGxwSXN4MjdMNTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHSBggrBgEFBQcBBwEB/wSBwjCBvzCBvAQCAAEwgbUDBAFA
iQoDBAFAiQ4DBAFAiRIDBAFAiSoDBAFAiTAwDAMEAUCJOgMEBkCJAAMEAkCJUDAM
AwQCQIlcAwQBQIlkMAwDBANoj+gDBAJoj/ADBANoj/gDBANo6QAwCwMDAWjuAwQB
aO4EAwQAaO4OAwQAaO4TAwQBaO9UAwQBaO9cAwQBaO9gAwQAaPkdAwQAaPkkAwQA
aPk3AwQAioCXAwQAioCZAwQB2K1OAwQB2K1YAwQA2K1vMA0GCSqGSIb3DQEBCwUA
A4IBAQBcP5/i4g0bWsnbbjvckxJ8TiXVxzOGimvldFtU2pkxlHEVzZ6YRBgOXxVI
w0/dIruEHej7Laxoy/WO6AyvOEgO8oVy9kTy8cnBcr7DVp3alQ6tGycD4eUItMo9
JVhS5P5kFQhikLAOkZ5n6VX2a1pn6tuyYV7Bs4Wd77ZO8FAaUsUvkUI/mz/lmd9n
zc0eRpm4ezbIKLSjwux4FgvrDB5vj3vWWjUd7xF/Ydlq0e6kPWdix6r7N7zu5n5D
tDQHf4eRg+5QIJ/Yl3r9TtdDixQqKyaY0EylhXUx2jHIL+43M7lX6AX2od5Sq2Es
bt+Sqsa43pIr9xhJ5CJ5UDOGJa8y
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org