Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/tkNsSd2i9wdhaYU2iz1X1WAUnkk.roa
File:                     tkNsSd2i9wdhaYU2iz1X1WAUnkk.roa (raw, json)
Hash identifier:          o88z/M/6Pcr8h5BYEfcn/8Dq43zj+tzKzszIqrNXU4M=
Subject key identifier:   B6:43:6C:49:DD:A2:F7:07:61:69:85:36:8B:3D:57:D5:60:14:9E:49
Certificate issuer:       /CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
Certificate serial:       3403FA98
Authority key identifier: 6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/tkNsSd2i9wdhaYU2iz1X1WAUnkk.roa
Signing time:             Thu 30 Jun 2022 09:06:02 +0000
ROA not before:           Thu 30 Jun 2022 09:06:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199046
IP address blocks:        185.132.249.0/24 maxlen: 24
                          185.132.251.0/24 maxlen: 24
                          185.132.250.0/24 maxlen: 24
                          185.132.248.0/24 maxlen: 24
                          185.132.248.0/22 maxlen: 22
                          45.146.13.0/24 maxlen: 24
                          45.146.12.0/24 maxlen: 24
                          45.146.12.0/22 maxlen: 22
                          5.133.24.0/21 maxlen: 24
                          2a09:9900::/32 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 872675992 (0x3403fa98)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6daacc448c4a23afc94a45a79b76dfbe830b2598
        Validity
            Not Before: Jun 30 09:06:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b6436c49dda2f707616985368b3d57d560149e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a3:af:33:30:6d:67:03:58:68:cd:b9:5c:7a:
                    09:2e:8d:a0:1d:68:b2:ee:7c:48:c7:48:9b:9c:0d:
                    0b:fe:c0:e3:fc:d2:92:78:00:47:6d:d6:83:26:5d:
                    2c:00:d4:e3:c6:6e:dd:2b:fb:75:ea:12:e1:40:26:
                    02:bb:9c:81:7b:3d:63:64:2c:98:0b:67:86:4d:df:
                    a7:3e:e1:79:dd:0c:23:a8:11:dd:ea:5d:38:8c:95:
                    95:b9:f8:4f:51:ef:e6:31:15:d7:dd:13:19:6b:b7:
                    7b:36:4c:57:e4:e9:55:2e:0c:ae:16:d8:f7:77:05:
                    17:5f:d5:86:69:03:a5:91:6b:5c:7c:e0:df:37:45:
                    e0:18:47:e3:1f:59:45:0a:9d:e5:6d:53:14:02:d2:
                    7e:5e:63:b4:98:53:68:ee:eb:9c:2c:f1:16:fa:ce:
                    19:61:b8:7b:02:8a:53:f5:8a:ca:2f:cb:43:fd:a2:
                    5b:e2:0b:2b:8c:c6:57:4e:8b:cf:d1:9f:52:d3:a5:
                    7b:93:35:ce:af:a5:64:1f:28:ee:4a:ca:80:96:4a:
                    26:9e:76:91:48:43:c4:70:49:12:0e:ac:a1:b0:58:
                    11:ac:43:b8:b5:11:7c:6d:b3:c2:e6:25:a1:8c:0a:
                    70:33:af:b5:a5:a2:7e:40:ee:fe:a1:3b:47:16:a5:
                    b3:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:43:6C:49:DD:A2:F7:07:61:69:85:36:8B:3D:57:D5:60:14:9E:49
            X509v3 Authority Key Identifier:
                keyid:6D:AA:CC:44:8C:4A:23:AF:C9:4A:45:A7:9B:76:DF:BE:83:0B:25:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/barMRIxKI6_JSkWnm3bfvoMLJZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/tkNsSd2i9wdhaYU2iz1X1WAUnkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34649e-9bc4-4018-b3a0-756f3cc3ec33/1/barMRIxKI6_JSkWnm3bfvoMLJZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.24.0/21
                  45.146.12.0/22
                  185.132.248.0/22
                IPv6:
                  2a09:9900::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:3f:cc:9e:c8:2c:b8:3b:9b:79:4d:79:42:17:af:ed:41:ba:
         dd:53:69:69:07:3c:a0:fd:63:d5:44:ce:55:58:13:56:34:65:
         f8:da:c6:66:cf:11:a6:68:5d:34:7e:ed:a2:70:a2:8e:42:1a:
         4b:df:3b:48:9a:60:c5:bd:34:b3:d4:bd:98:12:c0:40:15:43:
         62:6e:2b:1e:87:5e:28:77:4f:cc:5d:e5:fa:d2:7d:2d:62:bd:
         19:68:e4:6c:d0:ec:2c:4b:b7:ba:dc:a0:fe:5e:ba:77:75:4f:
         43:ab:b9:ec:33:f7:56:9e:6a:23:38:15:a5:9f:54:82:74:8e:
         a4:b7:30:7a:ec:98:8c:31:d6:32:95:60:48:c3:a0:4d:61:91:
         d5:96:99:00:d7:d6:dd:12:2c:9b:20:b0:48:7c:11:35:e1:fb:
         87:b5:6e:43:98:7b:2d:58:db:89:c4:60:09:3e:a7:7c:33:b8:
         c9:03:3b:b6:64:97:31:f6:7b:b7:a2:52:e8:ad:18:77:55:60:
         ae:62:89:c8:a1:6e:ff:b2:73:85:48:eb:36:56:22:4e:d1:ca:
         d1:0a:3d:36:42:f8:a6:23:83:f1:c3:44:8a:c8:ba:0f:52:93:
         f1:62:96:d8:f6:fc:c0:2c:6b:fb:34:d3:b3:c8:58:e5:78:13:
         d1:ab:ee:07
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIENAP6mDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZGFhY2M0NDhjNGEyM2FmYzk0YTQ1YTc5Yjc2ZGZiZTgzMGIyNTk4MB4XDTIyMDYz
MDA5MDYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjY0MzZjNDlkZGEy
ZjcwNzYxNjk4NTM2OGIzZDU3ZDU2MDE0OWU0OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANOjrzMwbWcDWGjNuVx6CS6NoB1osu58SMdIm5wNC/7A4/zS
kngAR23WgyZdLADU48Zu3Sv7deoS4UAmArucgXs9Y2QsmAtnhk3fpz7hed0MI6gR
3epdOIyVlbn4T1Hv5jEV190TGWu3ezZMV+TpVS4MrhbY93cFF1/VhmkDpZFrXHzg
3zdF4BhH4x9ZRQqd5W1TFALSfl5jtJhTaO7rnCzxFvrOGWG4ewKKU/WKyi/LQ/2i
W+ILK4zGV06Lz9GfUtOle5M1zq+lZB8o7krKgJZKJp52kUhDxHBJEg6sobBYEaxD
uLURfG2zwuYloYwKcDOvtaWifkDu/qE7Rxals7MCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBS2Q2xJ3aL3B2FphTaLPVfVYBSeSTAfBgNVHSMEGDAWgBRtqsxEjEojr8lK
Raebdt++gwslmDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2Jhck1SSXhLSTZfSlNrV25tM2Jmdm9NTEpaZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjgvMzQ2NDllLTliYzQtNDAxOC1iM2EwLTc1NmYzY2MzZWMzMy8x
L3RrTnNTZDJpOXdkaGFZVTJpejFYMVdBVW5ray5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjgv
MzQ2NDllLTliYzQtNDAxOC1iM2EwLTc1NmYzY2MzZWMzMy8xL2Jhck1SSXhLSTZf
SlNrV25tM2Jmdm9NTEpaZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAwWFGAMEAi2SDAMEArmE+DANBAIA
AjAHAwUAKgmZADANBgkqhkiG9w0BAQsFAAOCAQEADj/MnsgsuDubeU15Qhev7UG6
3VNpaQc8oP1j1UTOVVgTVjRl+NrGZs8RpmhdNH7tonCijkIaS987SJpgxb00s9S9
mBLAQBVDYm4rHodeKHdPzF3l+tJ9LWK9GWjkbNDsLEu3utyg/l66d3VPQ6u57DP3
Vp5qIzgVpZ9UgnSOpLcweuyYjDHWMpVgSMOgTWGR1ZaZANfW3RIsmyCwSHwRNeH7
h7VuQ5h7LVjbicRgCT6nfDO4yQM7tmSXMfZ7t6JS6K0Yd1VgrmKJyKFu/7JzhUjr
NlYiTtHK0Qo9NkL4piOD8cNEisi6D1KT8WKW2Pb8wCxr+zTTs8hY5XgT0avuBw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:25 2024 by rpki-client on console-fra.rpki-client.org