Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/2kddKkKFJaE2369WCv_kXnAS8jM.roa
File:                     2kddKkKFJaE2369WCv_kXnAS8jM.roa (raw, json)
Hash identifier:          2eZKa1OvRAzOtT4AUjfJ3rFGtJRA47VnrQYiO6HhJYc=
Subject key identifier:   DA:47:5D:2A:42:85:25:A1:36:DF:AF:56:0A:FF:E4:5E:70:12:F2:33
Certificate issuer:       /CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
Certificate serial:       01841B2C2EAA4E4554205B79E7981420B272
Authority key identifier: 6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/2kddKkKFJaE2369WCv_kXnAS8jM.roa
Signing time:             Thu 27 Oct 2022 20:39:51 +0000
ROA not before:           Thu 27 Oct 2022 20:39:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57704
IP address blocks:        193.7.223.0/24 maxlen: 24
                          193.7.222.0/24 maxlen: 24
                          193.7.220.0/24 maxlen: 32
                          193.7.221.0/24 maxlen: 24
                          45.146.15.0/24 maxlen: 24
                          45.146.12.0/24 maxlen: 24
                          45.146.14.0/24 maxlen: 24
                          45.146.13.0/24 maxlen: 24
                          5.133.24.0/21 maxlen: 24
                          5.253.71.0/24 maxlen: 24
                          5.253.68.0/22 maxlen: 22
                          5.253.68.0/24 maxlen: 24
                          5.253.70.0/24 maxlen: 24
                          5.253.69.0/24 maxlen: 24
                          185.132.248.0/22 maxlen: 24
                          2a09:9900::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:1b:2c:2e:aa:4e:45:54:20:5b:79:e7:98:14:20:b2:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
        Validity
            Not Before: Oct 27 20:39:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=da475d2a428525a136dfaf560affe45e7012f233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:40:7f:a2:3a:fc:10:bb:bc:c0:d6:70:43:69:
                    7f:6c:46:0f:33:bf:6b:9c:12:0a:f2:b7:8a:fa:f8:
                    3e:3d:41:4d:a3:b9:f2:b7:8f:37:07:2f:e5:b0:9a:
                    c0:d5:b0:9e:aa:cc:df:dd:02:13:f4:db:f4:df:12:
                    32:82:4d:04:83:07:7d:97:ad:e9:c1:c4:9f:72:b5:
                    a3:31:87:48:28:11:9f:ea:5b:5a:3e:9f:35:bb:b8:
                    d8:29:ec:ac:c9:14:c3:0f:4e:2e:66:b8:ec:ca:58:
                    d9:ea:eb:08:10:96:30:a3:73:49:ae:f0:dd:09:a8:
                    cb:44:54:2d:6c:3f:a3:4c:77:af:4e:e1:d3:3b:65:
                    5e:07:c4:b9:45:49:6d:ef:e8:ab:a3:54:18:f8:fa:
                    05:ca:21:44:0d:83:a4:e3:1c:96:59:96:54:60:b7:
                    d6:bb:7f:bb:76:2d:26:d3:96:34:77:8a:d8:09:ab:
                    df:27:76:d6:99:2b:e2:1b:16:5c:31:61:5a:8b:47:
                    9c:02:dd:71:94:37:6b:a2:4c:99:34:12:bf:a4:fe:
                    b6:5a:0f:91:42:0a:a3:6b:71:12:d8:df:7d:0c:2a:
                    ef:b5:8c:af:69:f1:57:61:22:dc:fe:9a:b7:5a:74:
                    58:82:5a:0d:e7:6d:62:51:60:86:73:ae:a5:0c:20:
                    d7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:47:5D:2A:42:85:25:A1:36:DF:AF:56:0A:FF:E4:5E:70:12:F2:33
            X509v3 Authority Key Identifier:
                keyid:6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/2kddKkKFJaE2369WCv_kXnAS8jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/barMRIxKI6_JSkWnm3bfvoMLJZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.24.0/21
                  5.253.68.0/22
                  45.146.12.0/22
                  185.132.248.0/22
                  193.7.220.0/22
                IPv6:
                  2a09:9900::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:df:9f:64:93:6d:98:37:86:6c:e9:d1:3a:4d:c1:cf:15:c1:
         a6:98:ed:a7:00:9f:2b:d7:a5:54:90:07:26:43:6b:91:59:ec:
         2d:ec:4f:83:04:ff:73:ff:80:e1:53:f5:6b:29:65:6d:6a:aa:
         2f:52:85:d8:5c:da:2c:d5:7b:8d:cb:9b:0a:63:f1:1e:63:51:
         58:c6:56:e4:54:65:f6:58:94:fe:45:d3:dc:2b:5c:01:e9:ad:
         41:87:da:b2:0c:88:06:46:b2:6e:0a:8f:6f:5d:8a:00:24:e1:
         8c:4d:5d:e1:ef:a1:23:88:32:78:7c:c3:92:90:84:0c:2f:65:
         0b:58:e7:5c:d0:70:b8:93:ec:b7:b1:c0:e0:f4:74:5e:8a:72:
         3d:98:cd:57:83:00:45:37:41:39:48:a9:da:7e:5a:52:0d:7d:
         97:5a:2e:f9:bd:50:3e:bc:c4:1d:3c:de:53:f9:44:eb:b2:7b:
         3b:f9:d3:70:a3:a1:9f:d3:ea:d8:22:3e:f7:d8:e0:c0:6b:48:
         07:4d:1c:2a:60:74:42:88:c6:c1:2a:ac:e5:61:17:85:14:ba:
         f8:6c:43:fa:5d:e9:0e:1c:0a:52:c6:71:e4:d1:71:9f:ea:56:
         7e:f2:7f:31:2b:9e:1d:5b:61:21:a2:53:57:f3:02:59:1b:ec:
         d4:b4:9b:61
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYQbLC6qTkVUIFt555gUILJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYWFjYzQ0OGM0YTIzYWZjOTRhNDVhNzliNzZkZmJlODMw
YjI1OTgwHhcNMjIxMDI3MjAzOTUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTQ3NWQyYTQyODUyNWExMzZkZmFmNTYwYWZmZTQ1ZTcwMTJmMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0B/ojr8ELu8wNZwQ2l/bEYPM79r
nBIK8reK+vg+PUFNo7nyt483By/lsJrA1bCeqszf3QIT9Nv03xIygk0Egwd9l63p
wcSfcrWjMYdIKBGf6ltaPp81u7jYKeysyRTDD04uZrjsyljZ6usIEJYwo3NJrvDd
CajLRFQtbD+jTHevTuHTO2VeB8S5RUlt7+iro1QY+PoFyiFEDYOk4xyWWZZUYLfW
u3+7di0m05Y0d4rYCavfJ3bWmSviGxZcMWFai0ecAt1xlDdrokyZNBK/pP62Wg+R
Qgqja3ES2N99DCrvtYyvafFXYSLc/pq3WnRYgloN521iUWCGc66lDCDXZwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFNpHXSpChSWhNt+vVgr/5F5wEvIzMB8GA1UdIwQY
MBaAFG2qzESMSiOvyUpFp5t2376DCyWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmFyTVJJeEtJNl9KU2tXbm0zYmZ2b01MSlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zNDY0OWUtOWJjNC00MDE4LWIzYTAt
NzU2ZjNjYzNlYzMzLzEvMmtkZEtrS0ZKYUUyMzY5V0N2X2tYbkFTOGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zNDY0OWUtOWJjNC00MDE4LWIzYTAtNzU2ZjNjYzNlYzMz
LzEvYmFyTVJJeEtJNl9KU2tXbm0zYmZ2b01MSlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBYUYAwQC
Bf1EAwQCLZIMAwQCuYT4AwQCwQfcMA0EAgACMAcDBQAqCZkAMA0GCSqGSIb3DQEB
CwUAA4IBAQBz359kk22YN4Zs6dE6TcHPFcGmmO2nAJ8r16VUkAcmQ2uRWewt7E+D
BP9z/4DhU/VrKWVtaqovUoXYXNos1XuNy5sKY/EeY1FYxlbkVGX2WJT+RdPcK1wB
6a1Bh9qyDIgGRrJuCo9vXYoAJOGMTV3h76EjiDJ4fMOSkIQML2ULWOdc0HC4k+y3
scDg9HReinI9mM1XgwBFN0E5SKnaflpSDX2XWi75vVA+vMQdPN5T+UTrsns7+dNw
o6Gf0+rYIj732ODAa0gHTRwqYHRCiMbBKqzlYReFFLr4bEP6XekOHApSxnHk0XGf
6lZ+8n8xK54dW2EholNX8wJZG+zUtJth
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:34 2024 by rpki-client on console-ams.rpki-client.org