Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/klZqTCQSLtZ1v7qTKKMZDbbG-4Y.roa
File:                     klZqTCQSLtZ1v7qTKKMZDbbG-4Y.roa (raw, json)
Hash identifier:          vZSHCI9nhvbFSe4ruieM3hNeDYfKOImmuSkfCmMQjh4=
Subject key identifier:   92:56:6A:4C:24:12:2E:D6:75:BF:BA:93:28:A3:19:0D:B6:C6:FB:86
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0184429C99946964A5A4DAFCF026C2DDBD1D
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/klZqTCQSLtZ1v7qTKKMZDbbG-4Y.roa
Signing time:             Fri 04 Nov 2022 12:27:49 +0000
ROA not before:           Fri 04 Nov 2022 12:27:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        104.239.10.0/23 maxlen: 23
                          104.239.13.0/24 maxlen: 24
                          104.249.55.0/24 maxlen: 24
                          104.239.28.0/24 maxlen: 24
                          104.239.30.0/23 maxlen: 23
                          104.249.60.0/23 maxlen: 23
                          104.167.0.0/24 maxlen: 24
                          104.167.10.0/24 maxlen: 24
                          216.173.120.0/24 maxlen: 24
                          64.137.52.0/23 maxlen: 23
                          104.238.4.0/24 maxlen: 24
                          104.238.5.0/24 maxlen: 24
                          104.238.8.0/24 maxlen: 24
                          104.238.7.0/24 maxlen: 24
                          104.238.10.0/24 maxlen: 24
                          104.238.9.0/24 maxlen: 24
                          216.173.76.0/24 maxlen: 24
                          216.173.82.0/24 maxlen: 24
                          216.173.102.0/24 maxlen: 24
                          216.173.104.0/24 maxlen: 24
                          216.173.103.0/24 maxlen: 24
                          216.173.105.0/24 maxlen: 24
                          216.173.109.0/24 maxlen: 24
                          216.173.108.0/24 maxlen: 24
                          216.173.110.0/24 maxlen: 24
                          216.173.106.0/24 maxlen: 24
                          216.173.107.0/24 maxlen: 24
                          104.239.98.0/24 maxlen: 24
                          104.239.94.0/24 maxlen: 24
                          104.239.101.0/24 maxlen: 24
                          104.239.105.0/24 maxlen: 24
                          104.239.104.0/24 maxlen: 24
                          104.239.111.0/24 maxlen: 24
                          104.239.106.0/24 maxlen: 24
                          104.239.108.0/24 maxlen: 24
                          104.239.107.0/24 maxlen: 24
                          104.239.124.0/23 maxlen: 23
                          104.239.126.0/24 maxlen: 24
                          104.239.44.0/24 maxlen: 24
                          104.239.76.0/23 maxlen: 23
                          104.239.73.0/24 maxlen: 24
                          104.239.75.0/24 maxlen: 24
                          104.239.78.0/24 maxlen: 24
                          104.239.80.0/23 maxlen: 23
                          104.239.82.0/24 maxlen: 24
                          104.239.90.0/23 maxlen: 23
                          104.239.86.0/24 maxlen: 24
                          104.239.88.0/24 maxlen: 24
                          104.233.20.0/24 maxlen: 24
                          104.233.24.0/23 maxlen: 23
                          104.233.26.0/24 maxlen: 24
                          138.128.148.0/24 maxlen: 24
                          138.128.157.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:42:9c:99:94:69:64:a5:a4:da:fc:f0:26:c2:dd:bd:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov  4 12:27:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=92566a4c24122ed675bfba9328a3190db6c6fb86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ea:25:aa:28:ab:39:df:29:92:37:f9:ea:20:
                    71:0d:64:92:7e:86:fd:de:dc:cd:f6:a5:c9:da:89:
                    22:24:69:ee:8a:f0:a6:59:44:bc:b0:5a:7e:b0:c2:
                    34:e9:bc:61:88:2c:ec:3d:84:4d:eb:1f:f6:a3:b5:
                    6f:a8:62:7a:e4:70:6a:2b:f6:e2:e7:c9:6d:59:78:
                    e9:75:f7:d1:4c:28:4d:c6:85:42:a9:c5:d5:d0:88:
                    7f:b7:cb:ce:ec:85:91:b9:8b:d2:e7:83:e5:7c:23:
                    6a:7d:9f:57:80:8b:f9:0f:8f:1e:89:59:2b:14:64:
                    62:e8:64:7c:87:15:bb:3d:a8:47:3a:35:4b:1a:1c:
                    02:81:f2:e5:90:c7:97:11:f6:c5:c9:89:b1:11:02:
                    c0:79:f1:0a:a3:ae:9e:2b:b7:ea:3f:25:57:49:83:
                    5a:a4:13:42:98:47:e5:dc:da:2c:77:7d:0f:ef:db:
                    d1:9a:2c:f8:ee:49:c5:6e:a0:fa:b6:80:c2:cd:d5:
                    18:90:fc:77:15:d6:3a:4b:d6:84:e4:53:8b:0f:a1:
                    70:e4:96:9e:30:07:fa:29:e7:d2:c9:02:92:f3:34:
                    3e:2d:e7:28:bc:23:e8:63:ff:ef:1e:90:68:dc:3a:
                    b1:f3:70:f3:e0:f3:a9:81:2a:77:b2:b5:ea:83:03:
                    1a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:56:6A:4C:24:12:2E:D6:75:BF:BA:93:28:A3:19:0D:B6:C6:FB:86
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/klZqTCQSLtZ1v7qTKKMZDbbG-4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.52.0/23
                  104.167.0.0/24
                  104.167.10.0/24
                  104.233.20.0/24
                  104.233.24.0-104.233.26.255
                  104.238.4.0/23
                  104.238.7.0-104.238.10.255
                  104.239.10.0/23
                  104.239.13.0/24
                  104.239.28.0/24
                  104.239.30.0/23
                  104.239.44.0/24
                  104.239.73.0/24
                  104.239.75.0-104.239.78.255
                  104.239.80.0-104.239.82.255
                  104.239.86.0/24
                  104.239.88.0/24
                  104.239.90.0/23
                  104.239.94.0/24
                  104.239.98.0/24
                  104.239.101.0/24
                  104.239.104.0-104.239.108.255
                  104.239.111.0/24
                  104.239.124.0-104.239.126.255
                  104.249.55.0/24
                  104.249.60.0/23
                  138.128.148.0/24
                  138.128.157.0/24
                  216.173.76.0/24
                  216.173.82.0/24
                  216.173.102.0-216.173.110.255
                  216.173.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:14:51:20:54:0c:f8:f3:69:0f:4c:0e:7d:60:3d:97:90:48:
         9a:8d:34:24:34:16:c6:f8:f5:3a:e4:ab:a2:dd:47:95:ad:9c:
         52:4b:74:5f:27:9d:4c:50:f0:a2:54:8c:5a:ab:18:96:53:9f:
         dc:7b:3a:92:2e:c0:ff:0c:73:29:ff:95:e9:22:95:3b:cb:c0:
         5a:aa:8e:1d:35:52:4b:c9:50:22:08:2a:de:bd:52:da:73:cd:
         eb:d2:cf:cf:52:13:af:e7:37:28:bd:76:e0:27:ca:7e:97:ca:
         95:35:00:e4:0f:d3:f4:63:24:6d:11:24:2d:2c:d6:c6:f9:c3:
         73:22:cf:b0:ac:4b:63:b9:31:0c:ca:df:b1:fb:1e:20:a4:2a:
         12:45:ff:dc:60:4b:64:b9:6b:3b:f7:03:93:d5:79:fa:1c:0c:
         f5:00:41:50:2a:22:1d:2c:b1:fd:a0:47:ac:cf:d7:cc:0c:6f:
         5a:47:dd:f5:cd:5b:c3:55:e2:08:44:59:eb:e2:72:36:78:11:
         37:a1:a4:82:0a:2a:15:d0:49:3b:51:b3:67:05:c7:fd:04:28:
         42:d5:d9:4d:46:60:ec:c5:6f:8e:e9:d2:83:44:bb:a6:25:c1:
         30:58:ff:94:ab:08:4c:7d:5e:d8:64:2d:5e:37:c9:e4:60:24:
         33:e3:dd:58
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgISAYRCnJmUaWSlpNr88CbC3b0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMTA0MTIyNzQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjU2NmE0YzI0MTIyZWQ2NzViZmJhOTMyOGEzMTkwZGI2YzZmYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uolqiirOd8pkjf56iBxDWSSfob9
3tzN9qXJ2okiJGnuivCmWUS8sFp+sMI06bxhiCzsPYRN6x/2o7VvqGJ65HBqK/bi
58ltWXjpdffRTChNxoVCqcXV0Ih/t8vO7IWRuYvS54PlfCNqfZ9XgIv5D48eiVkr
FGRi6GR8hxW7PahHOjVLGhwCgfLlkMeXEfbFyYmxEQLAefEKo66eK7fqPyVXSYNa
pBNCmEfl3Nosd30P79vRmiz47knFbqD6toDCzdUYkPx3FdY6S9aE5FOLD6Fw5Jae
MAf6KefSyQKS8zQ+LecovCPoY//vHpBo3Dqx83Dz4POpgSp3srXqgwMabwIDAQAB
o4IDAzCCAv8wHQYDVR0OBBYEFJJWakwkEi7Wdb+6kyijGQ22xvuGMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEva2xacVRDUVNMdFoxdjdxVEtLTVpEYmJHLTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFwYIKwYBBQUHAQcBAf8EggEGMIIBAjCB/wQCAAEwgfgD
BAFAiTQDBABopwADBABopwoDBABo6RQwDAMEA2jpGAMEAGjpGgMEAWjuBDAMAwQA
aO4HAwQAaO4KAwQBaO8KAwQAaO8NAwQAaO8cAwQBaO8eAwQAaO8sAwQAaO9JMAwD
BABo70sDBABo704wDAMEBGjvUAMEAGjvUgMEAGjvVgMEAGjvWAMEAWjvWgMEAGjv
XgMEAGjvYgMEAGjvZTAMAwQDaO9oAwQAaO9sAwQAaO9vMAwDBAJo73wDBABo734D
BABo+TcDBAFo+TwDBACKgJQDBACKgJ0DBADYrUwDBADYrVIwDAMEAditZgMEANit
bgMEANiteDANBgkqhkiG9w0BAQsFAAOCAQEAXBRRIFQM+PNpD0wOfWA9l5BImo00
JDQWxvj1OuSrot1Hla2cUkt0XyedTFDwolSMWqsYllOf3Hs6ki7A/wxzKf+V6SKV
O8vAWqqOHTVSS8lQIggq3r1S2nPN69LPz1ITr+c3KL124CfKfpfKlTUA5A/T9GMk
bREkLSzWxvnDcyLPsKxLY7kxDMrfsfseIKQqEkX/3GBLZLlrO/cDk9V5+hwM9QBB
UCoiHSyx/aBHrM/XzAxvWkfd9c1bw1XiCERZ6+JyNngRN6GkggoqFdBJO1GzZwXH
/QQoQtXZTUZg7MVvjunSg0S7piXBMFj/lKsITH1e2GQtXjfJ5GAkM+PdWA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org