Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/YL5h1uiPUcXdQNvKpejf00eiz2U.roa
File:                     YL5h1uiPUcXdQNvKpejf00eiz2U.roa (raw, json)
Hash identifier:          84w4Bvko+NQiBS155B5kCP03LvKncgbAigbR/iybz+8=
Subject key identifier:   60:BE:61:D6:E8:8F:51:C5:DD:40:DB:CA:A5:E8:DF:D3:47:A2:CF:65
Certificate issuer:       /CN=0d0874b333e35df14fd970e189581da093bc8093
Certificate serial:       075C794E
Authority key identifier: 0D:08:74:B3:33:E3:5D:F1:4F:D9:70:E1:89:58:1D:A0:93:BC:80:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQh0szPjXfFP2XDhiVgdoJO8gJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/YL5h1uiPUcXdQNvKpejf00eiz2U.roa
Signing time:             Sat 01 Jan 2022 12:05:10 +0000
ROA not before:           Sat 01 Jan 2022 12:05:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199496
IP address blocks:        185.13.76.0/22 maxlen: 32
                          95.129.248.0/21 maxlen: 32
                          185.65.156.0/22 maxlen: 32
                          185.235.220.0/22 maxlen: 32
                          2a00:83e0::/32 maxlen: 64
                          2a02:f4c0::/29 maxlen: 64
                          2a09:d00::/29 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 123500878 (0x75c794e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d0874b333e35df14fd970e189581da093bc8093
        Validity
            Not Before: Jan  1 12:05:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=60be61d6e88f51c5dd40dbcaa5e8dfd347a2cf65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fa:a6:4a:f4:5f:4e:d1:86:fa:4c:e2:82:2c:
                    7c:e9:bb:04:cf:70:e3:5f:9f:e0:63:ff:f7:42:2f:
                    04:8c:dd:11:40:ec:85:24:bb:03:4b:23:fc:d4:67:
                    5b:5a:ae:a4:ac:96:fe:d8:3e:52:2d:c5:c9:73:7e:
                    80:3e:ef:48:69:70:40:c7:be:bd:91:f8:c8:18:98:
                    07:20:f0:8c:80:7a:20:76:a1:df:df:46:47:34:ac:
                    0d:e2:97:7e:17:b0:81:d7:83:24:50:c2:6d:de:22:
                    d4:69:10:56:11:9f:c4:3b:bd:77:0c:dd:cf:e9:76:
                    05:04:51:7a:70:32:ce:02:bf:e6:d6:38:18:dd:2d:
                    a9:aa:f1:5b:7e:66:e3:88:aa:4a:f9:59:e5:ff:97:
                    7c:06:37:55:20:13:ac:a8:67:03:ef:75:0d:d1:47:
                    0a:13:ae:7e:f6:65:7d:f5:91:f1:f3:88:02:7d:7a:
                    83:1d:e7:98:c6:5e:86:76:82:2f:40:18:a3:97:e7:
                    ee:80:de:c3:72:f1:43:0e:06:d3:8c:a3:c1:ab:cb:
                    bb:62:76:02:ab:7a:84:c7:69:08:2c:c8:a3:2d:00:
                    76:81:b3:17:ae:d3:94:08:a1:fa:54:b8:5b:99:fa:
                    53:85:86:a0:7a:aa:ab:cb:53:ce:e3:68:a5:a1:d6:
                    23:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:BE:61:D6:E8:8F:51:C5:DD:40:DB:CA:A5:E8:DF:D3:47:A2:CF:65
            X509v3 Authority Key Identifier:
                keyid:0D:08:74:B3:33:E3:5D:F1:4F:D9:70:E1:89:58:1D:A0:93:BC:80:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQh0szPjXfFP2XDhiVgdoJO8gJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/YL5h1uiPUcXdQNvKpejf00eiz2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b039bc-213b-457c-96ae-3181db911a13/1/DQh0szPjXfFP2XDhiVgdoJO8gJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.129.248.0/21
                  185.13.76.0/22
                  185.65.156.0/22
                  185.235.220.0/22
                IPv6:
                  2a00:83e0::/32
                  2a02:f4c0::/29
                  2a09:d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:51:d5:64:05:11:1e:99:21:b2:ed:a5:10:92:c3:40:85:d5:
         78:c2:cd:8f:2a:01:13:9c:5d:7e:c9:8a:7e:db:3a:16:d4:5a:
         1b:49:8a:ea:57:9d:a9:72:39:a9:a1:37:14:83:c0:cd:42:e9:
         de:a5:ce:ed:ab:e4:8f:b9:c5:60:44:83:de:fd:f5:d6:d2:23:
         87:2a:e2:40:6d:f6:a8:84:54:7b:0f:5a:d9:e3:45:6b:8b:b5:
         31:2c:f9:37:18:71:d5:a1:33:24:5a:23:33:94:53:64:9d:f5:
         6b:3c:64:28:aa:b6:2b:0a:ad:b6:4b:86:04:2f:2a:4d:dc:fd:
         38:04:d8:93:84:07:4b:9e:d6:3a:e8:0d:07:42:46:96:53:fb:
         be:ef:ab:4e:45:d5:48:8e:69:4a:d7:90:0b:4a:bb:67:c9:8e:
         3f:df:ed:76:a3:2f:50:42:ac:91:31:d8:f8:0c:01:43:89:51:
         bd:da:c8:5d:56:64:6f:40:fc:44:5d:bf:29:8f:6e:79:e4:fc:
         5a:7e:28:91:8c:2f:7c:02:18:50:24:eb:2d:fd:3d:a5:db:73:
         3a:27:53:e0:49:98:57:71:9a:cb:31:bf:df:2b:c7:2d:bf:6a:
         19:c2:e8:f6:73:bd:b2:d6:ac:2d:3d:fa:98:6b:43:80:e7:96:
         38:5b:ba:6a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIEB1x5TjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZDA4NzRiMzMzZTM1ZGYxNGZkOTcwZTE4OTU4MWRhMDkzYmM4MDkzMB4XDTIyMDEw
MTEyMDUxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjBiZTYxZDZlODhm
NTFjNWRkNDBkYmNhYTVlOGRmZDM0N2EyY2Y2NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALX6pkr0X07RhvpM4oIsfOm7BM9w41+f4GP/90IvBIzdEUDs
hSS7A0sj/NRnW1qupKyW/tg+Ui3FyXN+gD7vSGlwQMe+vZH4yBiYByDwjIB6IHah
399GRzSsDeKXfhewgdeDJFDCbd4i1GkQVhGfxDu9dwzdz+l2BQRRenAyzgK/5tY4
GN0tqarxW35m44iqSvlZ5f+XfAY3VSATrKhnA+91DdFHChOufvZlffWR8fOIAn16
gx3nmMZehnaCL0AYo5fn7oDew3LxQw4G04yjwavLu2J2Aqt6hMdpCCzIoy0AdoGz
F67TlAih+lS4W5n6U4WGoHqqq8tTzuNopaHWI9MCAwEAAaOCAjgwggI0MB0GA1Ud
DgQWBBRgvmHW6I9Rxd1A28ql6N/TR6LPZTAfBgNVHSMEGDAWgBQNCHSzM+Nd8U/Z
cOGJWB2gk7yAkzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RRaDBzelBqWGZGUDJYRGhpVmdkb0pPOGdKTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjkvYjAzOWJjLTIxM2ItNDU3Yy05NmFlLTMxODFkYjkxMWExMy8x
L1lMNWgxdWlQVWNYZFFOdktwZWpmMDBlaXoyVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkv
YjAzOWJjLTIxM2ItNDU3Yy05NmFlLTMxODFkYjkxMWExMy8xL0RRaDBzelBqWGZG
UDJYRGhpVmdkb0pPOGdKTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBO
BggrBgEFBQcBBwEB/wQ/MD0wHgQCAAEwGAMEA1+B+AMEArkNTAMEArlBnAMEArnr
3DAbBAIAAjAVAwUAKgCD4AMFAyoC9MADBQMqCQ0AMA0GCSqGSIb3DQEBCwUAA4IB
AQALUdVkBREemSGy7aUQksNAhdV4ws2PKgETnF1+yYp+2zoW1FobSYrqV52pcjmp
oTcUg8DNQunepc7tq+SPucVgRIPe/fXW0iOHKuJAbfaohFR7D1rZ40Vri7UxLPk3
GHHVoTMkWiMzlFNknfVrPGQoqrYrCq22S4YELypN3P04BNiThAdLntY66A0HQkaW
U/u+76tORdVIjmlK15ALSrtnyY4/3+12oy9QQqyRMdj4DAFDiVG92shdVmRvQPxE
Xb8pj2555PxafiiRjC98AhhQJOst/T2l23M6J1PgSZhXcZrLMb/fK8ctv2oZwuj2
c72y1qwtPfqYa0OA55Y4W7pq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:34 2024 by rpki-client on console-fra.rpki-client.org