Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/z7QU7jFgyczuaOvEUYUtLEPPe-o.roa
File:                     z7QU7jFgyczuaOvEUYUtLEPPe-o.roa (raw, json)
Hash identifier:          w96wgd3FId6GzGYFSYCAKHvdBd1VkO0go5AkaP7bKPE=
Subject key identifier:   CF:B4:14:EE:31:60:C9:CC:EE:68:EB:C4:51:85:2D:2C:43:CF:7B:EA
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018442343FD8A831FD3A1F87400B61730F08
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/z7QU7jFgyczuaOvEUYUtLEPPe-o.roa
Signing time:             Fri 04 Nov 2022 10:33:51 +0000
ROA not before:           Fri 04 Nov 2022 10:33:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30738
IP address blocks:        109.248.160.0/22 maxlen: 25
                          195.211.53.0/24 maxlen: 24
                          188.130.232.0/24 maxlen: 24
                          188.130.254.0/24 maxlen: 24
                          188.130.182.0/24 maxlen: 24
                          2001:1468:8000::/36 maxlen: 36
                          2001:1468::/32 maxlen: 33

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:42:34:3f:d8:a8:31:fd:3a:1f:87:40:0b:61:73:0f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Nov  4 10:33:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cfb414ee3160c9ccee68ebc451852d2c43cf7bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:70:78:50:1f:9a:81:a6:f9:cd:23:ad:fd:3f:
                    8e:50:ec:87:39:18:ec:6a:40:af:8b:1e:40:83:8d:
                    f2:96:a1:6b:4f:b5:8d:c1:12:d0:20:ec:2e:e5:43:
                    33:b9:71:9b:62:68:5d:fd:dc:74:ec:d1:91:40:61:
                    57:7a:fa:4e:13:11:9c:b7:e4:af:3d:0d:9f:9a:c4:
                    75:47:d3:c6:82:ed:1b:0f:c2:d8:79:69:d1:b0:96:
                    f9:e4:00:ef:e2:81:c6:d5:3c:1c:fb:89:4c:59:84:
                    a9:d0:84:66:8c:47:a1:c2:c8:5e:a8:61:ed:45:23:
                    1e:c0:8f:33:db:20:55:45:be:f4:d1:1e:2d:2f:19:
                    c4:a7:94:7b:a3:81:44:12:2b:ee:c9:13:b5:e2:82:
                    62:66:3e:f7:5d:2d:42:a0:64:e3:99:df:70:df:7b:
                    1c:18:02:04:0e:79:d3:70:62:6f:1b:27:37:d0:ab:
                    08:28:e2:89:13:8c:61:99:8d:03:33:e5:32:c2:c1:
                    53:f8:0c:83:51:3a:c7:49:b0:ac:e2:5e:e5:d3:89:
                    06:c7:17:c8:15:30:09:62:65:5c:d0:9b:6b:93:9c:
                    23:9b:c3:c7:15:d4:54:9a:82:d7:be:8a:ae:be:ac:
                    79:ac:8e:94:7e:27:b7:f1:0f:a4:c5:44:a3:45:8e:
                    7a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B4:14:EE:31:60:C9:CC:EE:68:EB:C4:51:85:2D:2C:43:CF:7B:EA
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/z7QU7jFgyczuaOvEUYUtLEPPe-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.160.0/22
                  188.130.182.0/24
                  188.130.232.0/24
                  188.130.254.0/24
                  195.211.53.0/24
                IPv6:
                  2001:1468::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:52:0a:9f:99:23:1e:a2:1a:6a:63:64:ef:0b:f0:c0:03:fa:
         b6:72:b1:1b:a8:81:f6:2d:3f:85:7d:ac:d2:3a:43:c7:da:e9:
         2b:3d:c9:7d:b1:be:f6:bd:a9:46:fa:e3:af:83:3f:dc:f6:e5:
         78:47:50:aa:42:a1:c2:80:de:c2:17:94:b2:9b:f7:99:f8:d2:
         3f:9d:34:74:b9:ca:90:e3:7f:d4:5e:bb:93:c0:fd:5a:fc:04:
         aa:0d:3d:d7:1d:c4:fb:3d:7b:92:2b:79:57:e3:3e:c3:45:7d:
         a2:50:fe:f4:6f:31:21:1d:d4:cf:e1:83:78:1f:05:7f:97:85:
         44:9a:59:09:82:6e:a2:79:3c:53:97:cf:89:85:e0:60:32:ae:
         8a:11:da:c4:aa:63:72:be:8f:e6:c3:75:6a:90:c0:59:11:e4:
         7d:ab:c4:cd:3d:ff:36:52:17:ce:dc:a2:d9:bb:eb:10:2f:f5:
         d8:1d:23:13:f9:28:32:5d:a1:74:f5:cd:18:95:47:76:a5:30:
         4d:09:60:33:72:bb:9c:4b:01:eb:98:48:55:a3:a0:3a:db:c5:
         5f:1b:e4:c7:af:07:a0:35:99:0b:a9:7d:39:ca:66:fc:d3:0e:
         9f:29:ac:f6:18:3e:ea:a4:83:fe:5f:c0:5c:b5:51:83:4d:82:
         f4:02:39:dd
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYRCND/YqDH9Oh+HQAthcw8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjIxMTA0MTAzMzUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI0MTRlZTMxNjBjOWNjZWU2OGViYzQ1MTg1MmQyYzQzY2Y3YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3B4UB+agab5zSOt/T+OUOyHORjs
akCvix5Ag43ylqFrT7WNwRLQIOwu5UMzuXGbYmhd/dx07NGRQGFXevpOExGct+Sv
PQ2fmsR1R9PGgu0bD8LYeWnRsJb55ADv4oHG1Twc+4lMWYSp0IRmjEehwsheqGHt
RSMewI8z2yBVRb700R4tLxnEp5R7o4FEEivuyRO14oJiZj73XS1CoGTjmd9w33sc
GAIEDnnTcGJvGyc30KsIKOKJE4xhmY0DM+UywsFT+AyDUTrHSbCs4l7l04kGxxfI
FTAJYmVc0Jtrk5wjm8PHFdRUmoLXvoquvqx5rI6Ufie38Q+kxUSjRY56eQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFM+0FO4xYMnM7mjrxFGFLSxDz3vqMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvejdRVTdqRmd5Y3p1YU92RVVZVXRMRVBQZS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCbfigAwQA
vIK2AwQAvILoAwQAvIL+AwQAw9M1MA0EAgACMAcDBQAgARRoMA0GCSqGSIb3DQEB
CwUAA4IBAQAwUgqfmSMeohpqY2TvC/DAA/q2crEbqIH2LT+FfazSOkPH2ukrPcl9
sb72valG+uOvgz/c9uV4R1CqQqHCgN7CF5Sym/eZ+NI/nTR0ucqQ43/UXruTwP1a
/ASqDT3XHcT7PXuSK3lX4z7DRX2iUP70bzEhHdTP4YN4HwV/l4VEmlkJgm6ieTxT
l8+JheBgMq6KEdrEqmNyvo/mw3VqkMBZEeR9q8TNPf82UhfO3KLZu+sQL/XYHSMT
+SgyXaF09c0YlUd2pTBNCWAzcrucSwHrmEhVo6A628VfG+THrwegNZkLqX05ymb8
0w6fKaz2GD7qpIP+X8BctVGDTYL0Ajnd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:57 2024 by rpki-client on console-fra.rpki-client.org