Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/AaW3oQYBuS4_NcPrDsL2WECL_mc.roa
File:                     AaW3oQYBuS4_NcPrDsL2WECL_mc.roa (raw, json)
Hash identifier:          LwF8J+jYrXebvJTbE8MEvQB+0xBKFZ8HwR/q+sUkNR8=
Subject key identifier:   01:A5:B7:A1:06:01:B9:2E:3F:35:C3:EB:0E:C2:F6:58:40:8B:FE:67
Certificate issuer:       /CN=fbfcd4515b493039216758de738e4f1ae8e3224c
Certificate serial:       01696F18
Authority key identifier: FB:FC:D4:51:5B:49:30:39:21:67:58:DE:73:8E:4F:1A:E8:E3:22:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_zUUVtJMDkhZ1jec45PGujjIkw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/AaW3oQYBuS4_NcPrDsL2WECL_mc.roa
Signing time:             Sat 01 Jan 2022 08:05:55 +0000
ROA not before:           Sat 01 Jan 2022 08:05:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211873
IP address blocks:        185.149.28.0/22 maxlen: 22
                          2a06:34c0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 23686936 (0x1696f18)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbfcd4515b493039216758de738e4f1ae8e3224c
        Validity
            Not Before: Jan  1 08:05:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=01a5b7a10601b92e3f35c3eb0ec2f658408bfe67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b9:67:f0:73:c6:64:76:ec:2a:ac:23:cc:43:
                    52:3d:51:b3:94:07:bb:06:b4:74:45:b9:7b:5e:89:
                    ab:68:e1:f3:56:0b:dd:57:7f:05:33:20:b4:6a:f6:
                    9d:67:57:d3:3d:d8:bf:5c:2e:3e:85:f3:0a:86:f1:
                    2e:91:00:96:16:bd:23:b8:fa:8f:8f:5e:69:19:82:
                    13:57:bc:f2:66:b4:b7:6d:32:94:f8:81:89:17:58:
                    fd:97:d6:8d:d4:0a:62:df:dd:a4:d9:44:73:0f:c5:
                    21:db:f8:ca:f3:ef:49:43:db:85:ab:c3:57:03:e6:
                    66:e3:8f:77:60:0c:b9:91:4a:4d:b1:06:80:b5:0f:
                    70:6a:d6:10:4c:8c:e0:e0:1e:e7:d4:82:f3:1f:90:
                    95:22:fc:46:ab:79:b1:d8:e8:aa:b2:60:b7:6e:05:
                    09:1e:b4:14:cf:96:21:c1:4d:78:94:5c:58:1c:9b:
                    f4:e1:20:61:b1:e2:9e:0a:ee:29:34:db:57:01:97:
                    4a:7e:53:e6:29:76:22:d4:1d:18:fe:25:dd:14:3c:
                    0e:87:26:8c:0a:48:6a:d7:08:26:09:52:b6:cf:69:
                    ec:06:61:31:bc:64:46:3b:8d:11:5b:a9:4f:e4:ac:
                    d0:c6:bd:10:19:4b:d9:47:2c:e7:58:21:49:dd:5c:
                    df:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A5:B7:A1:06:01:B9:2E:3F:35:C3:EB:0E:C2:F6:58:40:8B:FE:67
            X509v3 Authority Key Identifier:
                keyid:FB:FC:D4:51:5B:49:30:39:21:67:58:DE:73:8E:4F:1A:E8:E3:22:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_zUUVtJMDkhZ1jec45PGujjIkw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/AaW3oQYBuS4_NcPrDsL2WECL_mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/1-_zUUVtJMDkhZ1jec45PGujjIkw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.28.0/22
                IPv6:
                  2a06:34c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:59:97:f3:86:74:dc:11:49:39:39:a7:25:5f:37:13:54:0d:
         1e:dc:40:2c:9f:cc:a3:57:42:dd:35:98:02:6b:bf:04:44:b5:
         ba:ca:6a:cc:df:41:31:51:4b:29:ce:90:c9:6b:08:46:6e:e7:
         a8:c8:25:cf:0c:09:8f:53:5e:9c:43:67:33:92:d9:e2:14:d3:
         5f:6d:86:c3:38:04:dd:52:93:4b:b5:f3:98:50:8f:65:d1:a1:
         93:c4:b5:b1:35:2e:ba:e4:94:d5:ad:f5:0f:e8:7c:3a:97:ff:
         de:ca:ec:32:20:44:c6:e3:e3:8e:48:d7:e4:fb:ee:85:10:54:
         4f:4c:72:89:1e:7a:bb:88:47:50:3f:13:7a:66:f3:0f:2c:d3:
         63:d9:fc:7a:64:de:fb:a8:c4:ce:8c:c0:60:f4:ba:20:dc:fa:
         0c:50:43:74:5c:0a:29:ea:14:12:7c:55:9f:8e:03:dc:ea:c4:
         4d:91:c9:30:1a:fd:9c:20:6a:2d:6e:40:95:b2:a6:ca:dc:f7:
         b5:5a:bc:6b:ba:52:b4:55:57:9f:d1:8b:16:60:9f:e9:75:76:
         ba:05:02:16:f8:3b:bd:ca:e1:90:d5:0e:93:c7:c8:67:2f:0f:
         b3:10:76:c4:fd:be:8d:ca:81:ef:17:23:17:12:07:3d:21:6b:
         fb:51:81:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIEAWlvGDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmZjZDQ1MTViNDkzMDM5MjE2NzU4ZGU3MzhlNGYxYWU4ZTMyMjRjMB4XDTIyMDEw
MTA4MDU1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDFhNWI3YTEwNjAx
YjkyZTNmMzVjM2ViMGVjMmY2NTg0MDhiZmU2NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKG5Z/BzxmR27CqsI8xDUj1Rs5QHuwa0dEW5e16Jq2jh81YL
3Vd/BTMgtGr2nWdX0z3Yv1wuPoXzCobxLpEAlha9I7j6j49eaRmCE1e88ma0t20y
lPiBiRdY/ZfWjdQKYt/dpNlEcw/FIdv4yvPvSUPbhavDVwPmZuOPd2AMuZFKTbEG
gLUPcGrWEEyM4OAe59SC8x+QlSL8Rqt5sdjoqrJgt24FCR60FM+WIcFNeJRcWByb
9OEgYbHingruKTTbVwGXSn5T5il2ItQdGP4l3RQ8DocmjApIatcIJglSts9p7AZh
MbxkRjuNEVupT+Ss0Ma9EBlL2Ucs51ghSd1c32ECAwEAAaOCAhowggIWMB0GA1Ud
DgQWBBQBpbehBgG5Lj81w+sOwvZYQIv+ZzAfBgNVHSMEGDAWgBT7/NRRW0kwOSFn
WN5zjk8a6OMiTDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtX3pVVVZ0Sk1Ea2haMWplYzQ1UEd1ampJa3cuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzY4L2Q2NDg2YS04ZmY3LTQyNmYtOGQ4Ni0wOThkMDRjZTUxYjIv
MS9BYVczb1FZQnVTNF9OY1ByRHNMMldFQ0xfbWMucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY4
L2Q2NDg2YS04ZmY3LTQyNmYtOGQ4Ni0wOThkMDRjZTUxYjIvMS8xLV96VVVWdEpN
RGtoWjFqZWM0NVBHdWpqSWt3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZUcMA0EAgACMAcDBQMqBjTA
MA0GCSqGSIb3DQEBCwUAA4IBAQBPWZfzhnTcEUk5OaclXzcTVA0e3EAsn8yjV0Ld
NZgCa78ERLW6ymrM30ExUUspzpDJawhGbueoyCXPDAmPU16cQ2czktniFNNfbYbD
OATdUpNLtfOYUI9l0aGTxLWxNS665JTVrfUP6Hw6l//eyuwyIETG4+OOSNfk++6F
EFRPTHKJHnq7iEdQPxN6ZvMPLNNj2fx6ZN77qMTOjMBg9Log3PoMUEN0XAop6hQS
fFWfjgPc6sRNkckwGv2cIGotbkCVsqbK3Pe1WrxrulK0VVef0YsWYJ/pdXa6BQIW
+Du9yuGQ1Q6Tx8hnLw+zEHbE/b6NyoHvFyMXEgc9IWv7UYE/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:39 2024 by rpki-client on console-ams.rpki-client.org