Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/hBtZ-7MRJvhfGreByCFQ57F9yLM.roa
File:                     hBtZ-7MRJvhfGreByCFQ57F9yLM.roa (raw, json)
Hash identifier:          O740870adMO/nkSM9Lj4lG9rSIXfJdmnCHfMHrZ9Rl0=
Subject key identifier:   84:1B:59:FB:B3:11:26:F8:5F:1A:B7:81:C8:21:50:E7:B1:7D:C8:B3
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018451C1DCB4A85062153662F3094944E5C1
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/hBtZ-7MRJvhfGreByCFQ57F9yLM.roa
Signing time:             Mon 07 Nov 2022 11:02:49 +0000
ROA not before:           Mon 07 Nov 2022 11:02:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212238
IP address blocks:        104.143.254.0/23 maxlen: 23
                          64.137.80.0/22 maxlen: 22
                          64.137.96.0/22 maxlen: 22
                          64.137.94.0/23 maxlen: 23
                          64.137.92.0/23 maxlen: 23
                          64.137.100.0/23 maxlen: 23
                          216.173.78.0/23 maxlen: 23
                          104.249.30.0/23 maxlen: 23
                          104.249.29.0/24 maxlen: 24
                          104.249.36.0/24 maxlen: 24
                          216.173.88.0/23 maxlen: 23
                          45.43.176.0/20 maxlen: 20
                          104.239.13.0/24 maxlen: 24
                          216.173.111.0/24 maxlen: 24
                          104.249.55.0/24 maxlen: 24
                          104.249.60.0/23 maxlen: 23
                          104.239.96.0/23 maxlen: 23
                          104.239.92.0/23 maxlen: 23
                          104.239.84.0/23 maxlen: 23
                          64.137.14.0/23 maxlen: 23
                          64.137.18.0/23 maxlen: 23
                          104.233.20.0/24 maxlen: 24
                          104.143.232.0/21 maxlen: 21
                          64.137.42.0/23 maxlen: 23
                          104.143.240.0/22 maxlen: 22
                          64.137.48.0/23 maxlen: 23
                          104.143.235.0/24 maxlen: 24
                          64.137.58.0/23 maxlen: 23
                          104.143.248.0/21 maxlen: 21
                          64.137.60.0/22 maxlen: 22
                          104.238.4.0/23 maxlen: 23
                          104.238.0.0/22 maxlen: 22
                          104.233.0.0/21 maxlen: 21
                          104.238.14.0/24 maxlen: 24
                          138.128.151.0/24 maxlen: 24
                          104.238.20.0/24 maxlen: 24
                          104.238.19.0/24 maxlen: 24
                          64.137.10.0/23 maxlen: 23
                          138.128.153.0/24 maxlen: 24
                          138.128.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:51:c1:dc:b4:a8:50:62:15:36:62:f3:09:49:44:e5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov  7 11:02:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=841b59fbb31126f85f1ab781c82150e7b17dc8b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1d:6a:41:1f:51:b9:29:a5:eb:7e:6c:93:9c:
                    ee:8d:80:5e:ee:3e:fa:0f:72:d9:5f:51:7b:c0:89:
                    5e:9c:6e:41:35:95:05:39:36:1e:67:7e:de:a2:89:
                    7b:14:19:aa:74:46:02:72:2b:9f:5c:49:15:6d:c4:
                    f7:15:3c:59:8d:94:9d:5d:02:09:6f:54:98:b1:be:
                    da:0f:53:20:0d:10:59:d5:e7:2a:57:25:33:38:2d:
                    40:38:ca:4b:eb:59:0f:ec:7c:67:52:a4:ac:73:6c:
                    bf:6e:52:42:30:f0:de:b0:7a:4e:c7:e2:5f:a0:4a:
                    f2:0c:ac:a6:03:12:9c:75:ea:7d:95:12:b2:59:50:
                    db:87:71:fb:5f:06:62:95:92:c1:d1:1c:3a:9a:2c:
                    ce:92:97:ba:d1:56:86:58:79:0c:95:2f:4d:da:a0:
                    3c:23:62:1f:6e:d3:7e:b9:ba:29:6b:ca:4e:df:46:
                    f7:7a:1b:93:d1:71:1b:b8:7e:1f:de:a1:5f:a2:6f:
                    23:5a:4a:88:09:39:1a:44:33:c8:6e:eb:92:a0:51:
                    8e:e6:9b:09:09:c1:e0:d7:59:ef:15:1e:f4:8d:9f:
                    6d:90:6f:b3:a0:23:fb:70:96:95:59:c9:97:4b:26:
                    d2:b6:46:ae:33:68:4e:7e:a7:0e:bc:53:24:bc:08:
                    21:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:1B:59:FB:B3:11:26:F8:5F:1A:B7:81:C8:21:50:E7:B1:7D:C8:B3
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/hBtZ-7MRJvhfGreByCFQ57F9yLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.176.0/20
                  64.137.10.0/23
                  64.137.14.0/23
                  64.137.18.0/23
                  64.137.42.0/23
                  64.137.48.0/23
                  64.137.58.0-64.137.63.255
                  64.137.80.0/22
                  64.137.92.0-64.137.101.255
                  104.143.232.0-104.143.243.255
                  104.143.248.0/21
                  104.233.0.0/21
                  104.233.20.0/24
                  104.238.0.0-104.238.5.255
                  104.238.14.0/24
                  104.238.19.0-104.238.20.255
                  104.239.13.0/24
                  104.239.84.0/23
                  104.239.92.0/23
                  104.239.96.0/23
                  104.249.29.0-104.249.31.255
                  104.249.36.0/24
                  104.249.55.0/24
                  104.249.60.0/23
                  138.128.151.0/24
                  138.128.153.0/24
                  138.128.159.0/24
                  216.173.78.0/23
                  216.173.88.0/23
                  216.173.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:66:e3:ae:18:c2:31:2c:1b:ed:93:c1:7a:bb:e9:49:2e:6a:
         f8:3c:67:3c:a4:41:ce:48:34:09:6a:30:2c:94:8f:f1:1e:a3:
         ea:77:2d:46:d7:5d:c8:28:a7:bb:9a:81:ba:fa:46:65:9a:68:
         83:4f:d2:81:d3:75:90:58:ab:14:7a:8c:4c:91:ab:b8:a2:67:
         ec:2e:08:75:16:e5:3f:0d:73:ed:49:ec:47:5d:a8:db:15:e2:
         bb:40:a2:62:16:f6:c2:56:22:3d:b7:71:87:a5:a5:c3:78:d4:
         15:60:d5:fa:0c:70:7c:f2:30:93:20:b1:7b:65:7d:91:95:94:
         a2:bd:c2:47:09:12:c4:a1:b9:ab:8c:b2:92:e2:b1:bc:3f:3d:
         74:70:5a:9e:5e:ea:ea:2b:f3:c8:ce:77:39:f0:62:fb:e1:d4:
         f9:6f:c3:70:f1:55:43:5f:fa:c2:21:17:5f:63:3c:b7:06:51:
         c2:6f:fa:3c:3a:70:05:a3:ec:c8:fb:60:53:84:92:93:80:e9:
         71:43:75:fa:59:37:58:83:92:39:2a:a0:af:3f:8e:e0:5d:61:
         64:51:65:8d:7a:a8:55:db:ef:85:10:a3:81:52:aa:34:3d:cd:
         e7:57:fc:a1:8c:29:4f:fa:93:8a:08:e2:5a:d2:b7:a9:d6:ef:
         7e:44:b5:f3
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgISAYRRwdy0qFBiFTZi8wlJROXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMTA3MTEwMjQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDFiNTlmYmIzMTEyNmY4NWYxYWI3ODFjODIxNTBlN2IxN2RjOGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB1qQR9RuSml635sk5zujYBe7j76
D3LZX1F7wIlenG5BNZUFOTYeZ37eool7FBmqdEYCciufXEkVbcT3FTxZjZSdXQIJ
b1SYsb7aD1MgDRBZ1ecqVyUzOC1AOMpL61kP7HxnUqSsc2y/blJCMPDesHpOx+Jf
oEryDKymAxKcdep9lRKyWVDbh3H7XwZilZLB0Rw6mizOkpe60VaGWHkMlS9N2qA8
I2IfbtN+ubopa8pO30b3ehuT0XEbuH4f3qFfom8jWkqICTkaRDPIbuuSoFGO5psJ
CcHg11nvFR70jZ9tkG+zoCP7cJaVWcmXSybStkauM2hOfqcOvFMkvAghiwIDAQAB
o4IC7DCCAugwHQYDVR0OBBYEFIQbWfuzESb4Xxq3gcghUOexfcizMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvaEJ0Wi03TVJKdmhmR3JlQnlDRlE1N0Y5eUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAAYIKwYBBQUHAQcBAf8EgfAwge0wgeoEAgABMIHjAwQE
LSuwAwQBQIkKAwQBQIkOAwQBQIkSAwQBQIkqAwQBQIkwMAwDBAFAiToDBAZAiQAD
BAJAiVAwDAMEAkCJXAMEAUCJZDAMAwQDaI/oAwQCaI/wAwQDaI/4AwQDaOkAAwQA
aOkUMAsDAwFo7gMEAWjuBAMEAGjuDjAMAwQAaO4TAwQAaO4UAwQAaO8NAwQBaO9U
AwQBaO9cAwQBaO9gMAwDBABo+R0DBAVo+QADBABo+SQDBABo+TcDBAFo+TwDBACK
gJcDBACKgJkDBACKgJ8DBAHYrU4DBAHYrVgDBADYrW8wDQYJKoZIhvcNAQELBQAD
ggEBAERm464YwjEsG+2TwXq76Ukuavg8ZzykQc5INAlqMCyUj/Eeo+p3LUbXXcgo
p7uagbr6RmWaaINP0oHTdZBYqxR6jEyRq7iiZ+wuCHUW5T8Nc+1J7EddqNsV4rtA
omIW9sJWIj23cYelpcN41BVg1foMcHzyMJMgsXtlfZGVlKK9wkcJEsShuauMspLi
sbw/PXRwWp5e6uor88jOdznwYvvh1Plvw3DxVUNf+sIhF19jPLcGUcJv+jw6cAWj
7Mj7YFOEkpOA6XFDdfpZN1iDkjkqoK8/juBdYWRRZY16qFXb74UQo4FSqjQ9zedX
/KGMKU/6k4oI4lrSt6nW735EtfM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org