Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/4BokT95uog4dYLEdeW-g0KBeQg0.roa
File:                     4BokT95uog4dYLEdeW-g0KBeQg0.roa (raw, json)
Hash identifier:          qFDMVOIYqSsW36ak0bPaxkrTOMTsGqXd2W/JefoY4X0=
Subject key identifier:   E0:1A:24:4F:DE:6E:A2:0E:1D:60:B1:1D:79:6F:A0:D0:A0:5E:42:0D
Certificate issuer:       /CN=a09cd8c71a6e33282c045d8f88c3b378acf41bd9
Certificate serial:       01804EB5
Authority key identifier: A0:9C:D8:C7:1A:6E:33:28:2C:04:5D:8F:88:C3:B3:78:AC:F4:1B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oJzYxxpuMygsBF2PiMOzeKz0G9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/4BokT95uog4dYLEdeW-g0KBeQg0.roa
Signing time:             Sat 01 Jan 2022 00:52:47 +0000
ROA not before:           Sat 01 Jan 2022 00:52:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21419
IP address blocks:        185.4.3.0/24 maxlen: 24
                          185.4.1.0/24 maxlen: 24
                          185.4.2.0/24 maxlen: 24
                          178.21.164.0/24 maxlen: 24
                          178.21.160.0/21 maxlen: 21
                          178.21.163.0/24 maxlen: 24
                          178.21.167.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 25185973 (0x1804eb5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a09cd8c71a6e33282c045d8f88c3b378acf41bd9
        Validity
            Not Before: Jan  1 00:52:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e01a244fde6ea20e1d60b11d796fa0d0a05e420d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:22:f4:1d:d0:df:c9:5b:f2:5d:73:b8:2d:a7:
                    a0:74:44:d3:61:76:21:d7:b8:e4:4f:68:ab:c4:bf:
                    72:ca:93:c1:a4:af:aa:bc:48:82:d6:43:d5:a0:ee:
                    36:a4:81:3b:47:9f:11:ba:1c:4c:7d:de:9c:45:4e:
                    e2:35:2a:fc:37:d8:8a:d4:d3:34:83:fc:29:b9:7c:
                    fc:23:22:38:8c:91:4b:e3:9e:e6:0e:f5:95:db:83:
                    b6:5e:38:25:6a:cd:63:69:fc:b8:78:86:37:23:a3:
                    40:e9:d7:2a:85:20:8d:70:f2:24:7a:e5:25:2c:d9:
                    33:d9:e6:e8:23:69:ea:c5:cb:c0:55:9d:53:4a:86:
                    76:e3:e7:c1:e2:15:26:83:85:5e:d4:88:68:6a:7c:
                    aa:6a:63:39:a6:a5:e6:97:cc:f4:f2:ec:a6:ea:4b:
                    4e:18:2d:10:9e:cb:82:20:fa:49:9e:18:c2:fe:ec:
                    e8:ec:fa:d2:ee:92:57:5b:8e:72:c6:2b:35:44:7a:
                    bf:bb:c6:31:5d:2d:1d:ba:a8:05:c5:93:79:09:d5:
                    6f:3f:91:7b:ec:a1:de:bb:08:63:7b:30:fa:10:d6:
                    83:78:4a:33:a6:d2:46:17:20:a2:b6:f8:99:45:87:
                    43:b7:e6:48:cb:6d:cb:95:81:2e:7b:cc:0a:ff:ae:
                    f8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1A:24:4F:DE:6E:A2:0E:1D:60:B1:1D:79:6F:A0:D0:A0:5E:42:0D
            X509v3 Authority Key Identifier:
                keyid:A0:9C:D8:C7:1A:6E:33:28:2C:04:5D:8F:88:C3:B3:78:AC:F4:1B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJzYxxpuMygsBF2PiMOzeKz0G9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/4BokT95uog4dYLEdeW-g0KBeQg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/oJzYxxpuMygsBF2PiMOzeKz0G9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.160.0/21
                  185.4.1.0-185.4.3.255

    Signature Algorithm: sha256WithRSAEncryption
         66:02:7c:1a:aa:04:00:7a:a3:49:44:9f:68:1e:8a:2f:43:af:
         cf:d6:94:2e:63:05:ce:8b:a2:1d:48:cc:5e:95:3a:b1:ce:f3:
         fc:72:9f:99:bf:c5:ea:29:20:0b:6b:3d:c7:5c:0a:a5:57:a2:
         6f:9c:78:01:f6:53:38:52:10:11:6a:5a:d2:70:8a:5a:39:2a:
         72:dc:f7:59:37:ee:e0:de:82:73:b9:3e:81:90:7a:f8:8a:a6:
         c4:ee:bf:ba:fc:7d:12:c9:1d:ef:30:87:72:3e:e9:53:6e:75:
         83:b6:06:0a:c9:57:15:19:1b:0a:5a:c6:c2:72:34:10:27:b6:
         c7:87:16:b2:69:fc:cf:fc:a2:7b:89:fe:b6:1d:b9:1c:94:98:
         65:0b:d9:0c:74:15:9f:2e:51:17:d1:8e:2c:99:3e:8c:67:de:
         a7:e8:0c:28:b0:78:e8:ec:16:82:78:e6:aa:1a:05:e6:53:1c:
         5e:0b:c6:64:b5:ef:af:00:1f:44:d8:c0:cd:60:c9:ef:0a:bb:
         fe:58:1c:07:c8:a6:69:a6:b2:7e:5f:be:ec:e8:6d:3b:f4:46:
         1c:83:0d:54:46:dc:65:1a:64:ba:7e:1b:c8:a1:08:74:12:83:
         ea:1b:03:43:a8:3f:6f:78:41:26:b0:38:ee:f0:90:ac:ac:93:
         9a:31:07:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIEAYBOtTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MDljZDhjNzFhNmUzMzI4MmMwNDVkOGY4OGMzYjM3OGFjZjQxYmQ5MB4XDTIyMDEw
MTAwNTI0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTAxYTI0NGZkZTZl
YTIwZTFkNjBiMTFkNzk2ZmEwZDBhMDVlNDIwZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANwi9B3Q38lb8l1zuC2noHRE02F2Ide45E9oq8S/csqTwaSv
qrxIgtZD1aDuNqSBO0efEbocTH3enEVO4jUq/DfYitTTNIP8Kbl8/CMiOIyRS+Oe
5g71lduDtl44JWrNY2n8uHiGNyOjQOnXKoUgjXDyJHrlJSzZM9nm6CNp6sXLwFWd
U0qGduPnweIVJoOFXtSIaGp8qmpjOaal5pfM9PLspupLThgtEJ7LgiD6SZ4Ywv7s
6Oz60u6SV1uOcsYrNUR6v7vGMV0tHbqoBcWTeQnVbz+Re+yh3rsIY3sw+hDWg3hK
M6bSRhcgorb4mUWHQ7fmSMtty5WBLnvMCv+u+KsCAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBTgGiRP3m6iDh1gsR15b6DQoF5CDTAfBgNVHSMEGDAWgBSgnNjHGm4zKCwE
XY+Iw7N4rPQb2TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29Kell4eHB1TXlnc0JGMlBpTU96ZUt6MEc5ay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMGQ2Mzc1LTQ3NjUtNGUwZS05MzYzLTZlOGUwN2Q2NmM5Yi8x
LzRCb2tUOTV1b2c0ZFlMRWRlVy1nMEtCZVFnMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MGQ2Mzc1LTQ3NjUtNGUwZS05MzYzLTZlOGUwN2Q2NmM5Yi8xL29Kell4eHB1TXln
c0JGMlBpTU96ZUt6MEc5ay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEA7IVoDAMAwQAuQQBAwQCuQQAMA0G
CSqGSIb3DQEBCwUAA4IBAQBmAnwaqgQAeqNJRJ9oHoovQ6/P1pQuYwXOi6IdSMxe
lTqxzvP8cp+Zv8XqKSALaz3HXAqlV6JvnHgB9lM4UhARalrScIpaOSpy3PdZN+7g
3oJzuT6BkHr4iqbE7r+6/H0SyR3vMIdyPulTbnWDtgYKyVcVGRsKWsbCcjQQJ7bH
hxayafzP/KJ7if62HbkclJhlC9kMdBWfLlEX0Y4smT6MZ96n6AwosHjo7BaCeOaq
GgXmUxxeC8Zkte+vAB9E2MDNYMnvCrv+WBwHyKZpprJ+X77s6G079EYcgw1URtxl
GmS6fhvIoQh0EoPqGwNDqD9veEEmsDju8JCsrJOaMQek
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:57 2024 by rpki-client on console-ams.rpki-client.org