Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/o6KAW2-LDuUJc3zPmXYKe6K3wA0.roa
File:                     o6KAW2-LDuUJc3zPmXYKe6K3wA0.roa (raw, json)
Hash identifier:          VhGsGKKf1WPvPiK+6tAiwkExCGsIUvNVxrWI+rGAAl4=
Subject key identifier:   A3:A2:80:5B:6F:8B:0E:E5:09:73:7C:CF:99:76:0A:7B:A2:B7:C0:0D
Certificate issuer:       /CN=5bf81435ed13789895f375dc34d04ce91aca4744
Certificate serial:       018506D2C0BAD92909C2D2B06CCF96083FFD
Authority key identifier: 5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/o6KAW2-LDuUJc3zPmXYKe6K3wA0.roa
Signing time:             Mon 12 Dec 2022 14:52:33 +0000
ROA not before:           Mon 12 Dec 2022 14:52:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3301
IP address blocks:        158.233.228.0/24 maxlen: 24
                          158.233.229.0/24 maxlen: 24
                          158.233.242.0/24 maxlen: 24
                          158.233.246.0/24 maxlen: 24
                          158.233.243.0/24 maxlen: 24
                          158.233.245.0/24 maxlen: 24
                          158.233.244.0/24 maxlen: 24
                          158.233.250.0/24 maxlen: 24
                          158.233.251.0/24 maxlen: 24
                          158.233.247.0/24 maxlen: 24
                          158.233.249.0/24 maxlen: 24
                          158.233.248.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:06:d2:c0:ba:d9:29:09:c2:d2:b0:6c:cf:96:08:3f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bf81435ed13789895f375dc34d04ce91aca4744
        Validity
            Not Before: Dec 12 14:52:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a3a2805b6f8b0ee509737ccf99760a7ba2b7c00d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7e:36:9e:95:c4:e9:b5:69:8d:42:37:bc:e6:
                    72:c1:07:63:af:c2:a6:f3:99:bf:f4:2a:a5:db:5f:
                    b7:6c:2e:b8:8a:22:5c:e3:6f:e6:50:70:c7:a0:8b:
                    fe:1b:2c:a0:c2:f0:cf:12:12:f3:8d:56:b8:a0:a3:
                    d6:4a:af:50:51:89:d3:6c:79:33:a2:fb:e4:72:56:
                    a0:14:43:dc:6c:5b:4c:0d:2d:3b:bd:0b:87:4f:8c:
                    2a:2f:f1:f7:7d:23:84:df:eb:cb:4f:ae:74:cc:96:
                    1f:59:21:14:31:14:b7:f8:51:2f:79:4b:d5:d8:f9:
                    56:3d:8c:ec:a7:ba:ef:cd:38:43:21:ac:49:ed:d2:
                    0c:29:00:6f:51:51:d6:7a:46:44:a6:9c:64:78:4f:
                    1e:93:82:c3:05:a6:76:04:0c:a0:50:56:69:a0:be:
                    ea:24:41:ff:2e:72:21:8b:eb:d0:2e:c2:43:12:04:
                    87:10:59:29:ee:50:2d:a3:a9:9a:d3:13:13:1d:5c:
                    89:35:fb:08:f0:ee:52:9d:7a:57:6f:8f:9d:a3:da:
                    39:0f:8c:25:32:cb:2d:d3:c0:e4:a6:1e:1e:7d:0e:
                    ca:a8:2a:2b:b8:d2:83:c2:1c:ad:9a:44:06:5c:25:
                    37:7e:40:4b:e2:9b:7d:96:0f:a1:1f:8d:a4:1d:16:
                    7b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A2:80:5B:6F:8B:0E:E5:09:73:7C:CF:99:76:0A:7B:A2:B7:C0:0D
            X509v3 Authority Key Identifier:
                keyid:5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/o6KAW2-LDuUJc3zPmXYKe6K3wA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/W_gUNe0TeJiV83XcNNBM6RrKR0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.233.228.0/23
                  158.233.242.0-158.233.251.255

    Signature Algorithm: sha256WithRSAEncryption
         8b:81:b1:e3:74:00:5e:0f:9e:d8:f7:f6:91:ad:5f:18:99:42:
         3a:a3:51:26:b0:46:73:1f:7e:6f:17:5c:39:c4:ae:20:18:29:
         9a:2c:0a:0b:2a:91:2d:b1:7f:87:2d:ac:b3:a8:7a:9f:06:0e:
         0d:ed:e7:22:b8:ec:b3:52:cc:23:5f:4b:ac:0b:f6:82:bf:d5:
         f1:3a:6c:64:a3:4d:d9:82:f6:7a:d2:e9:dd:68:59:2f:a0:ce:
         70:5b:85:a9:28:2b:09:2c:e4:7b:84:8b:52:de:02:3f:e9:69:
         18:96:71:6b:22:80:6a:4c:54:0d:b5:92:01:74:0a:ce:79:39:
         60:09:be:db:af:16:f7:41:24:48:57:06:b0:b1:73:d2:03:80:
         45:a1:d9:03:04:74:dd:a6:94:c9:99:1c:b8:1c:c0:0d:c5:6a:
         6b:1b:3c:6a:c1:55:a2:c5:0a:ae:c4:8b:cb:61:e5:ee:b2:4a:
         3f:66:3c:e2:56:10:c4:51:86:0d:06:c6:6d:26:07:6f:a5:d7:
         d4:32:aa:7f:90:cf:e2:c2:72:e2:95:55:ec:4f:84:4a:e5:82:
         ee:31:7d:30:ba:ce:a5:7f:da:fb:d1:0e:09:d8:5c:eb:1b:de:
         68:f8:f3:e9:e3:3f:60:af:1f:c5:1b:55:77:95:d8:3f:ef:41:
         46:28:69:23
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYUG0sC62SkJwtKwbM+WCD/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZjgxNDM1ZWQxMzc4OTg5NWYzNzVkYzM0ZDA0Y2U5MWFj
YTQ3NDQwHhcNMjIxMjEyMTQ1MjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2EyODA1YjZmOGIwZWU1MDk3MzdjY2Y5OTc2MGE3YmEyYjdjMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkX42npXE6bVpjUI3vOZywQdjr8Km
85m/9Cql21+3bC64iiJc42/mUHDHoIv+GyygwvDPEhLzjVa4oKPWSq9QUYnTbHkz
ovvkclagFEPcbFtMDS07vQuHT4wqL/H3fSOE3+vLT650zJYfWSEUMRS3+FEveUvV
2PlWPYzsp7rvzThDIaxJ7dIMKQBvUVHWekZEppxkeE8ek4LDBaZ2BAygUFZpoL7q
JEH/LnIhi+vQLsJDEgSHEFkp7lAto6ma0xMTHVyJNfsI8O5SnXpXb4+do9o5D4wl
Msst08Dkph4efQ7KqCoruNKDwhytmkQGXCU3fkBL4pt9lg+hH42kHRZ7YwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKOigFtviw7lCXN8z5l2Cnuit8ANMB8GA1UdIwQY
MBaAFFv4FDXtE3iYlfN13DTQTOkaykdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEt
NDhlNGNjNmIzM2EzLzEvbzZLQVcyLUxEdVVKYzN6UG1YWUtlNkszd0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEtNDhlNGNjNmIzM2Ez
LzEvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBnunkMAwD
BAGe6fIDBAKe6fgwDQYJKoZIhvcNAQELBQADggEBAIuBseN0AF4Pntj39pGtXxiZ
QjqjUSawRnMffm8XXDnEriAYKZosCgsqkS2xf4ctrLOoep8GDg3t5yK47LNSzCNf
S6wL9oK/1fE6bGSjTdmC9nrS6d1oWS+gznBbhakoKwks5HuEi1LeAj/paRiWcWsi
gGpMVA21kgF0Cs55OWAJvtuvFvdBJEhXBrCxc9IDgEWh2QMEdN2mlMmZHLgcwA3F
amsbPGrBVaLFCq7Ei8th5e6ySj9mPOJWEMRRhg0Gxm0mB2+l19Qyqn+Qz+LCcuKV
VexPhErlgu4xfTC6zqV/2vvRDgnYXOsb3mj48+njP2CvH8UbVXeV2D/vQUYoaSM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:15 2024 by rpki-client on console-fra.rpki-client.org