Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/O_9kOycTixKXJcCyGGgyIlEEOYU.roa
File:                     O_9kOycTixKXJcCyGGgyIlEEOYU.roa (raw, json)
Hash identifier:          bhzWmxf5W0OQMpDJl0MS1hl+wjyGr2JpSdEngQZmiZ8=
Subject key identifier:   3B:FF:64:3B:27:13:8B:12:97:25:C0:B2:18:68:32:22:51:04:39:85
Certificate issuer:       /CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
Certificate serial:       0440746E
Authority key identifier: AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/O_9kOycTixKXJcCyGGgyIlEEOYU.roa
Signing time:             Thu 03 Feb 2022 11:47:24 +0000
ROA not before:           Thu 03 Feb 2022 11:47:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59458
IP address blocks:        5.149.96.0/24 maxlen: 24
                          5.149.104.0/24 maxlen: 24
                          5.149.105.0/24 maxlen: 24
                          5.149.99.0/24 maxlen: 24
                          5.149.100.0/24 maxlen: 24
                          5.149.101.0/24 maxlen: 24
                          5.149.102.0/24 maxlen: 24
                          5.149.103.0/24 maxlen: 24
                          5.149.111.0/24 maxlen: 24
                          5.149.107.0/24 maxlen: 24
                          5.149.109.0/24 maxlen: 24
                          5.149.110.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71332974 (0x440746e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
        Validity
            Not Before: Feb  3 11:47:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3bff643b27138b129725c0b21868322251043985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b1:04:f6:71:b6:00:f7:0c:34:78:7f:b5:6b:
                    f5:08:bf:83:46:b4:67:69:65:bf:0d:1d:d1:63:be:
                    94:f5:7c:df:84:c6:68:ad:6f:db:f9:da:97:94:49:
                    cd:26:16:fe:a1:46:a2:06:2e:95:e8:96:08:e2:68:
                    0f:72:e7:e5:55:9f:c1:ff:00:a3:a9:84:b6:20:c0:
                    35:f8:55:21:30:1f:48:f3:d3:ee:4a:73:55:62:3e:
                    16:e9:2a:c9:bd:97:dc:6e:54:b3:a6:0a:5f:d2:81:
                    9c:6b:77:1b:73:40:9d:e3:77:2c:7c:83:46:df:04:
                    10:51:21:4d:4e:e1:ae:09:a7:a6:84:9a:79:82:23:
                    fb:e3:87:6e:83:14:43:d3:e4:d2:82:9f:d4:49:82:
                    59:e7:79:b9:2f:0a:fd:0d:d4:45:98:dd:6f:07:5f:
                    75:4a:15:f6:bd:45:1b:58:ea:a2:86:62:b6:ca:dd:
                    ad:3d:ca:2b:91:bf:2a:45:7a:b7:dd:54:8e:1c:5d:
                    40:20:29:52:a0:e5:c6:35:33:2a:0d:4f:a4:1a:1b:
                    54:5e:05:dc:e4:6a:06:00:7c:79:a4:00:44:ff:cc:
                    a2:ca:b6:ba:7b:2b:0f:ba:32:b0:cc:3a:10:ee:f7:
                    08:82:9c:79:83:6c:49:bd:16:89:63:ff:14:f8:be:
                    de:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FF:64:3B:27:13:8B:12:97:25:C0:B2:18:68:32:22:51:04:39:85
            X509v3 Authority Key Identifier:
                keyid:AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/O_9kOycTixKXJcCyGGgyIlEEOYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.96.0/24
                  5.149.99.0-5.149.105.255
                  5.149.107.0/24
                  5.149.109.0-5.149.111.255

    Signature Algorithm: sha256WithRSAEncryption
         78:62:58:e4:a0:06:0b:26:00:e4:47:c7:6b:7a:34:67:df:17:
         42:ff:f8:08:59:2d:2a:c3:a4:b7:57:de:2e:04:b0:f5:84:a1:
         2b:a5:46:cb:eb:87:71:d9:32:04:33:4d:04:91:18:18:dc:ec:
         d0:81:52:a9:a3:b6:53:73:69:84:ed:ca:83:65:ab:83:f9:53:
         34:e1:b4:25:7e:d9:5a:45:5b:c8:ee:b2:ca:61:10:02:a9:df:
         68:8a:79:f0:5f:0a:d9:61:80:d8:65:0d:3f:c0:0d:4d:03:18:
         69:89:e7:38:b2:95:74:1f:9f:12:04:1e:9a:1b:2c:bf:e3:d0:
         c2:bd:23:4a:33:e4:09:cc:47:12:2d:37:2d:95:07:50:47:15:
         0b:94:ae:d1:22:d9:1a:e9:59:45:43:e4:fe:e0:07:42:a6:68:
         09:a9:93:e9:8b:31:4f:1d:b3:2c:3c:23:d6:42:51:81:c9:65:
         93:46:ed:ff:93:1d:f7:4f:f6:3a:0e:91:39:32:ba:be:84:63:
         ef:81:c5:93:2c:dc:b7:ec:04:b7:40:ab:d8:bf:5d:71:74:6e:
         5e:ed:81:28:9c:f9:66:cc:04:e7:6c:61:54:42:bc:37:ed:c1:
         4a:eb:83:16:01:f6:ff:9b:2b:17:cd:4c:8a:59:ad:c9:78:69:
         45:e1:40:f9
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIEBEB0bjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZWUwOGQ5MzM2ZjJlNmNkMTY1ZWI3MzAyOTdmZTZkMjBjODNjMzlhMB4XDTIyMDIw
MzExNDcyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2JmZjY0M2IyNzEz
OGIxMjk3MjVjMGIyMTg2ODMyMjI1MTA0Mzk4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKexBPZxtgD3DDR4f7Vr9Qi/g0a0Z2llvw0d0WO+lPV834TG
aK1v2/nal5RJzSYW/qFGogYuleiWCOJoD3Ln5VWfwf8Ao6mEtiDANfhVITAfSPPT
7kpzVWI+Fukqyb2X3G5Us6YKX9KBnGt3G3NAneN3LHyDRt8EEFEhTU7hrgmnpoSa
eYIj++OHboMUQ9Pk0oKf1EmCWed5uS8K/Q3URZjdbwdfdUoV9r1FG1jqooZitsrd
rT3KK5G/KkV6t91UjhxdQCApUqDlxjUzKg1PpBobVF4F3ORqBgB8eaQARP/Mosq2
unsrD7oysMw6EO73CIKceYNsSb0WiWP/FPi+3psCAwEAAaOCAiswggInMB0GA1Ud
DgQWBBQ7/2Q7JxOLEpclwLIYaDIiUQQ5hTAfBgNVHSMEGDAWgBSu4I2TNvLmzRZe
tzApf+bSDIPDmjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3J1Q05remJ5NXMwV1hyY3dLWF9tMGd5RHc1by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjAvZjg1M2Y4LTIwNzEtNDlkZS1iNmEwLTQ5N2JlZGQ3MWViOS8x
L09fOWtPeWNUaXhLWEpjQ3lHR2d5SWxFRU9ZVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAv
Zjg1M2Y4LTIwNzEtNDlkZS1iNmEwLTQ5N2JlZGQ3MWViOS8xL3J1Q05remJ5NXMw
V1hyY3dLWF9tMGd5RHc1by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBB
BggrBgEFBQcBBwEB/wQyMDAwLgQCAAEwKAMEAAWVYDAMAwQABZVjAwQBBZVoAwQA
BZVrMAwDBAAFlW0DBAQFlWAwDQYJKoZIhvcNAQELBQADggEBAHhiWOSgBgsmAORH
x2t6NGffF0L/+AhZLSrDpLdX3i4EsPWEoSulRsvrh3HZMgQzTQSRGBjc7NCBUqmj
tlNzaYTtyoNlq4P5UzThtCV+2VpFW8jussphEAKp32iKefBfCtlhgNhlDT/ADU0D
GGmJ5ziylXQfnxIEHpobLL/j0MK9I0oz5AnMRxItNy2VB1BHFQuUrtEi2RrpWUVD
5P7gB0KmaAmpk+mLMU8dsyw8I9ZCUYHJZZNG7f+THfdP9joOkTkyur6EY++BxZMs
3LfsBLdAq9i/XXF0bl7tgSic+WbMBOdsYVRCvDftwUrrgxYB9v+bKxfNTIpZrcl4
aUXhQPk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:20 2024 by rpki-client on console-fra.rpki-client.org