Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/iQ_2WqBVyMr1rmlJqtNV9YkaJNw.roa
File:                     iQ_2WqBVyMr1rmlJqtNV9YkaJNw.roa (raw, json)
Hash identifier:          uelzcQubp+XTqzZBALuDam2LHh0OxrV+DwZEvE6IFxQ=
Subject key identifier:   89:0F:F6:5A:A0:55:C8:CA:F5:AE:69:49:AA:D3:55:F5:89:1A:24:DC
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0184BDE744073672D19AA76901A219ABBC81
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/iQ_2WqBVyMr1rmlJqtNV9YkaJNw.roa
Signing time:             Mon 28 Nov 2022 11:02:40 +0000
ROA not before:           Mon 28 Nov 2022 11:02:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212238
IP address blocks:        104.143.254.0/23 maxlen: 23
                          64.137.74.0/24 maxlen: 24
                          64.137.73.0/24 maxlen: 24
                          64.137.78.0/24 maxlen: 24
                          64.137.77.0/24 maxlen: 24
                          64.137.80.0/22 maxlen: 22
                          64.137.89.0/24 maxlen: 24
                          64.137.96.0/22 maxlen: 22
                          64.137.94.0/23 maxlen: 23
                          64.137.92.0/23 maxlen: 23
                          64.137.100.0/23 maxlen: 23
                          104.249.30.0/23 maxlen: 23
                          104.249.29.0/24 maxlen: 24
                          104.249.36.0/24 maxlen: 24
                          45.43.176.0/20 maxlen: 20
                          104.239.13.0/24 maxlen: 24
                          104.249.55.0/24 maxlen: 24
                          104.249.60.0/23 maxlen: 23
                          64.137.14.0/23 maxlen: 23
                          64.137.17.0/24 maxlen: 24
                          64.137.18.0/23 maxlen: 23
                          104.143.232.0/21 maxlen: 21
                          64.137.42.0/23 maxlen: 23
                          104.143.240.0/22 maxlen: 22
                          64.137.48.0/23 maxlen: 23
                          104.143.235.0/24 maxlen: 24
                          64.137.58.0/23 maxlen: 23
                          104.143.248.0/21 maxlen: 24
                          64.137.60.0/22 maxlen: 22
                          104.238.4.0/23 maxlen: 23
                          104.238.0.0/22 maxlen: 22
                          104.238.14.0/24 maxlen: 24
                          104.238.20.0/24 maxlen: 24
                          104.238.19.0/24 maxlen: 24
                          64.137.10.0/23 maxlen: 23
                          64.137.8.0/24 maxlen: 24
                          216.173.78.0/23 maxlen: 23
                          216.173.80.0/23 maxlen: 23
                          216.173.87.0/24 maxlen: 24
                          216.173.88.0/23 maxlen: 23
                          216.173.111.0/24 maxlen: 24
                          104.239.96.0/23 maxlen: 23
                          104.239.92.0/23 maxlen: 23
                          104.239.84.0/23 maxlen: 23
                          104.233.20.0/24 maxlen: 24
                          104.233.0.0/21 maxlen: 21
                          138.128.151.0/24 maxlen: 24
                          138.128.153.0/24 maxlen: 24
                          138.128.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:bd:e7:44:07:36:72:d1:9a:a7:69:01:a2:19:ab:bc:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov 28 11:02:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=890ff65aa055c8caf5ae6949aad355f5891a24dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0b:f6:c3:b7:e3:ed:a3:79:0c:ff:eb:87:25:
                    f1:7f:b2:0b:02:a8:dd:9f:38:1d:c9:0a:f8:d1:95:
                    0e:b2:c4:74:f2:64:5f:6d:d5:bd:9b:13:da:ba:94:
                    e1:86:7a:33:8c:e4:fe:47:2e:b9:e3:15:a2:41:e7:
                    9a:82:10:2f:d7:9c:74:51:a6:fd:4c:3b:98:ec:7e:
                    e9:50:b8:29:50:6c:b3:d5:cc:f5:dc:fc:0e:31:61:
                    ba:6a:4e:34:5a:2a:58:58:71:1e:df:63:ca:74:72:
                    b7:26:1b:ad:84:71:70:0d:dd:a0:1b:04:fb:50:53:
                    be:f0:6b:0b:f2:23:60:92:2d:b8:b1:1b:2c:b5:c7:
                    da:29:86:ce:92:81:c6:99:22:2b:23:6c:bf:21:bb:
                    3b:a1:4f:61:94:21:08:4f:61:ce:b4:c0:47:b6:03:
                    9d:11:34:81:df:13:89:92:71:2d:2e:f0:87:32:60:
                    8e:e6:2e:b2:f3:d7:65:fb:37:87:6a:93:ef:f5:be:
                    08:04:05:54:51:7c:56:84:01:ab:36:4f:6d:c1:d5:
                    ad:dd:90:91:bb:5f:88:70:b4:70:ad:c1:22:ea:8a:
                    11:08:c5:b8:fd:ab:e9:67:26:1e:52:8f:ea:68:41:
                    70:30:99:fd:08:11:6c:2a:14:fc:b5:94:4f:42:fe:
                    e4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:0F:F6:5A:A0:55:C8:CA:F5:AE:69:49:AA:D3:55:F5:89:1A:24:DC
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/iQ_2WqBVyMr1rmlJqtNV9YkaJNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.176.0/20
                  64.137.8.0/24
                  64.137.10.0/23
                  64.137.14.0/23
                  64.137.17.0-64.137.19.255
                  64.137.42.0/23
                  64.137.48.0/23
                  64.137.58.0-64.137.63.255
                  64.137.73.0-64.137.74.255
                  64.137.77.0-64.137.78.255
                  64.137.80.0/22
                  64.137.89.0/24
                  64.137.92.0-64.137.101.255
                  104.143.232.0-104.143.243.255
                  104.143.248.0/21
                  104.233.0.0/21
                  104.233.20.0/24
                  104.238.0.0-104.238.5.255
                  104.238.14.0/24
                  104.238.19.0-104.238.20.255
                  104.239.13.0/24
                  104.239.84.0/23
                  104.239.92.0/23
                  104.239.96.0/23
                  104.249.29.0-104.249.31.255
                  104.249.36.0/24
                  104.249.55.0/24
                  104.249.60.0/23
                  138.128.151.0/24
                  138.128.153.0/24
                  138.128.159.0/24
                  216.173.78.0-216.173.81.255
                  216.173.87.0-216.173.89.255
                  216.173.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:b0:d6:16:c7:06:b5:c8:08:70:8b:a7:e6:34:e4:8f:ab:bc:
         62:ee:4b:d8:e2:b7:e2:b1:31:d8:88:87:16:92:f6:1a:08:24:
         74:cf:96:de:8f:85:03:3d:15:54:85:a3:a1:44:1f:71:c5:f6:
         1b:1f:2e:4f:fb:f7:c2:7b:f9:f1:49:75:07:94:42:c3:83:13:
         82:5e:16:c7:c0:8e:2d:78:b3:7f:0d:be:83:e6:84:87:94:46:
         3a:2c:73:55:d1:b9:74:b2:f8:9e:fe:d0:6f:b7:a6:28:bf:6f:
         23:09:54:15:b0:5f:14:57:78:c7:10:d2:42:4a:43:cf:51:9c:
         42:d7:35:1a:79:45:70:d0:b8:ac:82:e0:d5:f1:5f:ee:62:88:
         97:f0:36:78:84:05:0a:49:45:b8:76:ac:35:b8:dc:57:3d:33:
         64:5d:9d:4f:7c:c5:2b:cf:f5:07:8a:4d:7c:0d:a7:01:43:9f:
         26:c7:19:ba:ae:0b:4e:cd:1d:ac:cb:f6:c1:95:c1:4c:6f:cd:
         81:b2:9f:d4:f4:84:d4:c7:a0:eb:79:59:c6:41:f7:ab:cf:85:
         8f:1c:ab:66:e5:de:c0:06:d0:d0:9e:61:a2:c0:82:58:6b:ff:
         5d:05:10:e5:29:eb:f5:7d:0b:09:35:bc:bc:40:13:b8:f3:f1:
         ad:a3:72:1c
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgISAYS950QHNnLRmqdpAaIZq7yBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMTI4MTEwMjQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTBmZjY1YWEwNTVjOGNhZjVhZTY5NDlhYWQzNTVmNTg5MWEyNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwv2w7fj7aN5DP/rhyXxf7ILAqjd
nzgdyQr40ZUOssR08mRfbdW9mxPaupThhnozjOT+Ry654xWiQeeaghAv15x0Uab9
TDuY7H7pULgpUGyz1cz13PwOMWG6ak40WipYWHEe32PKdHK3JhuthHFwDd2gGwT7
UFO+8GsL8iNgki24sRsstcfaKYbOkoHGmSIrI2y/Ibs7oU9hlCEIT2HOtMBHtgOd
ETSB3xOJknEtLvCHMmCO5i6y89dl+zeHapPv9b4IBAVUUXxWhAGrNk9twdWt3ZCR
u1+IcLRwrcEi6ooRCMW4/avpZyYeUo/qaEFwMJn9CBFsKhT8tZRPQv7kHwIDAQAB
o4IDMDCCAywwHQYDVR0OBBYEFIkP9lqgVcjK9a5pSarTVfWJGiTcMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvaVFfMldxQlZ5TXIxcm1sSnF0TlY5WWthSk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRAYIKwYBBQUHAQcBAf8EggEzMIIBLzCCASsEAgABMIIB
IwMEBC0rsAMEAECJCAMEAUCJCgMEAUCJDjAMAwQAQIkRAwQCQIkQAwQBQIkqAwQB
QIkwMAwDBAFAiToDBAZAiQAwDAMEAECJSQMEAECJSjAMAwQAQIlNAwQAQIlOAwQC
QIlQAwQAQIlZMAwDBAJAiVwDBAFAiWQwDAMEA2iP6AMEAmiP8AMEA2iP+AMEA2jp
AAMEAGjpFDALAwMBaO4DBAFo7gQDBABo7g4wDAMEAGjuEwMEAGjuFAMEAGjvDQME
AWjvVAMEAWjvXAMEAWjvYDAMAwQAaPkdAwQFaPkAAwQAaPkkAwQAaPk3AwQBaPk8
AwQAioCXAwQAioCZAwQAioCfMAwDBAHYrU4DBAHYrVAwDAMEANitVwMEAditWAME
ANitbzANBgkqhkiG9w0BAQsFAAOCAQEAnbDWFscGtcgIcIun5jTkj6u8Yu5L2OK3
4rEx2IiHFpL2GggkdM+W3o+FAz0VVIWjoUQfccX2Gx8uT/v3wnv58Ul1B5RCw4MT
gl4Wx8COLXizfw2+g+aEh5RGOixzVdG5dLL4nv7Qb7emKL9vIwlUFbBfFFd4xxDS
QkpDz1GcQtc1GnlFcNC4rILg1fFf7mKIl/A2eIQFCklFuHasNbjcVz0zZF2dT3zF
K8/1B4pNfA2nAUOfJscZuq4LTs0drMv2wZXBTG/NgbKf1PSE1Meg63lZxkH3q8+F
jxyrZuXewAbQ0J5hosCCWGv/XQUQ5Snr9X0LCTW8vEATuPPxraNyHA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org