Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/bb2b75-bc02-4a6b-98d6-d84e6d3af975/1/oQeZ2p5lk-NUs6TPk6h-UNAyPBo.roa
File:                     oQeZ2p5lk-NUs6TPk6h-UNAyPBo.roa (raw, json)
Hash identifier:          C2N8F3JwzpV6rsR8kOVqzEjwi402pxIg191afTleTp0=
Subject key identifier:   A1:07:99:DA:9E:65:93:E3:54:B3:A4:CF:93:A8:7E:50:D0:32:3C:1A
Certificate issuer:       /CN=c53b4cf0a7471f000f8a56a049b163967cc3bd99
Certificate serial:       05D7EC98
Authority key identifier: C5:3B:4C:F0:A7:47:1F:00:0F:8A:56:A0:49:B1:63:96:7C:C3:BD:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xTtM8KdHHwAPilagSbFjlnzDvZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/bb2b75-bc02-4a6b-98d6-d84e6d3af975/1/oQeZ2p5lk-NUs6TPk6h-UNAyPBo.roa
Signing time:             Fri 04 Mar 2022 17:23:26 +0000
ROA not before:           Fri 04 Mar 2022 17:23:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210150
IP address blocks:        217.145.232.0/22 maxlen: 22
                          79.171.64.0/21 maxlen: 21
                          85.158.80.0/21 maxlen: 21
                          2a0d:9c40::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 98036888 (0x5d7ec98)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53b4cf0a7471f000f8a56a049b163967cc3bd99
        Validity
            Not Before: Mar  4 17:23:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a10799da9e6593e354b3a4cf93a87e50d0323c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cc:62:32:05:92:be:7f:96:ff:1d:4b:fb:29:
                    29:c8:02:cf:f1:63:7a:48:a6:14:58:85:9d:f1:8e:
                    e6:45:51:41:79:57:0c:10:0d:45:48:89:37:07:fa:
                    5b:49:e6:2c:99:43:91:80:3b:6b:bb:06:2d:e6:9f:
                    2a:7d:b4:aa:02:80:7b:50:16:76:d5:0e:d0:4b:0e:
                    03:1c:b5:d4:0e:b7:a0:aa:c9:63:96:f7:2f:43:ca:
                    34:63:ae:a3:40:fa:72:03:91:05:22:11:bd:74:57:
                    c6:fa:0d:76:96:e9:d9:c6:5b:83:63:95:83:de:6a:
                    94:26:c5:a2:cd:53:7c:da:c9:3d:ac:90:c1:7c:df:
                    83:15:47:00:3d:05:7a:d4:34:5e:ad:ec:0f:c5:1e:
                    b9:c5:a6:da:29:4e:09:0f:47:da:1e:59:25:f1:65:
                    eb:37:a6:1a:4b:18:43:ab:25:51:dc:6e:4e:a1:4f:
                    eb:99:89:ce:aa:96:e6:85:47:c4:4d:ab:43:b9:e4:
                    95:ee:c9:49:8d:90:16:d6:79:be:51:73:44:e2:a0:
                    85:4a:29:bc:b6:5d:49:4f:66:5a:bb:f7:ce:a6:4e:
                    c7:f5:47:28:94:42:87:8c:93:df:cb:ee:6f:63:f5:
                    ec:76:fb:25:f9:5d:74:4f:91:41:fa:6d:39:02:1a:
                    d9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:07:99:DA:9E:65:93:E3:54:B3:A4:CF:93:A8:7E:50:D0:32:3C:1A
            X509v3 Authority Key Identifier:
                keyid:C5:3B:4C:F0:A7:47:1F:00:0F:8A:56:A0:49:B1:63:96:7C:C3:BD:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xTtM8KdHHwAPilagSbFjlnzDvZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/bb2b75-bc02-4a6b-98d6-d84e6d3af975/1/oQeZ2p5lk-NUs6TPk6h-UNAyPBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/bb2b75-bc02-4a6b-98d6-d84e6d3af975/1/xTtM8KdHHwAPilagSbFjlnzDvZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.171.64.0/21
                  85.158.80.0/21
                  217.145.232.0/22
                IPv6:
                  2a0d:9c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:0f:7b:95:a3:53:c7:bd:87:78:94:d9:ba:d0:0c:97:32:04:
         3e:f8:c4:d3:58:4f:eb:16:10:54:e4:7e:a2:e3:a6:45:db:1c:
         24:70:3e:0d:2e:96:61:fa:85:32:19:43:4c:b3:ed:48:ae:dc:
         d3:ba:b0:70:4c:df:07:d2:5c:df:2f:91:03:cf:8e:d8:9c:00:
         95:97:53:44:9d:c9:49:70:e5:44:59:de:75:1b:df:1b:f9:74:
         95:95:78:0f:71:99:fb:4c:d1:0e:58:32:fc:e2:f4:53:50:71:
         e2:07:21:7c:35:26:8e:59:f6:15:77:fa:68:55:68:3f:4a:2a:
         51:22:1f:d6:40:52:e9:85:6c:bb:50:46:0f:94:1d:6b:04:02:
         b9:df:29:f2:fd:88:33:0f:db:a8:ba:52:73:d8:15:de:8c:5b:
         10:8b:f3:ad:4e:92:ab:6c:15:56:50:b3:b7:7f:a3:ab:39:0a:
         57:1e:89:72:f4:18:4f:3f:81:ea:96:c5:ca:bc:9a:6b:a8:46:
         17:34:f3:72:67:8a:81:6d:48:d4:8e:20:c5:fa:eb:d0:27:7a:
         9b:89:61:1d:39:93:3a:65:db:5b:c7:be:58:cb:2c:dd:b1:0a:
         00:a9:d9:96:89:24:76:60:23:f2:e2:b0:8b:fa:3c:5c:1d:be:
         95:18:7c:37
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEBdfsmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NTNiNGNmMGE3NDcxZjAwMGY4YTU2YTA0OWIxNjM5NjdjYzNiZDk5MB4XDTIyMDMw
NDE3MjMyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTEwNzk5ZGE5ZTY1
OTNlMzU0YjNhNGNmOTNhODdlNTBkMDMyM2MxYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJDMYjIFkr5/lv8dS/spKcgCz/FjekimFFiFnfGO5kVRQXlX
DBANRUiJNwf6W0nmLJlDkYA7a7sGLeafKn20qgKAe1AWdtUO0EsOAxy11A63oKrJ
Y5b3L0PKNGOuo0D6cgORBSIRvXRXxvoNdpbp2cZbg2OVg95qlCbFos1TfNrJPayQ
wXzfgxVHAD0FetQ0Xq3sD8UeucWm2ilOCQ9H2h5ZJfFl6zemGksYQ6slUdxuTqFP
65mJzqqW5oVHxE2rQ7nkle7JSY2QFtZ5vlFzROKghUopvLZdSU9mWrv3zqZOx/VH
KJRCh4yT38vub2P17Hb7JflddE+RQfptOQIa2UcCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBShB5nanmWT41SzpM+TqH5Q0DI8GjAfBgNVHSMEGDAWgBTFO0zwp0cfAA+K
VqBJsWOWfMO9mTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hUdE04S2RISHdBUGlsYWdTYkZqbG56RHZaay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzEvYmIyYjc1LWJjMDItNGE2Yi05OGQ2LWQ4NGU2ZDNhZjk3NS8x
L29RZVoycDVsay1OVXM2VFBrNmgtVU5BeVBCby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzEv
YmIyYjc1LWJjMDItNGE2Yi05OGQ2LWQ4NGU2ZDNhZjk3NS8xL3hUdE04S2RISHdB
UGlsYWdTYkZqbG56RHZaay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEA0+rQAMEA1WeUAMEAtmR6DANBAIA
AjAHAwUDKg2cQDANBgkqhkiG9w0BAQsFAAOCAQEABQ97laNTx72HeJTZutAMlzIE
PvjE01hP6xYQVOR+ouOmRdscJHA+DS6WYfqFMhlDTLPtSK7c07qwcEzfB9Jc3y+R
A8+O2JwAlZdTRJ3JSXDlRFnedRvfG/l0lZV4D3GZ+0zRDlgy/OL0U1Bx4gchfDUm
jln2FXf6aFVoP0oqUSIf1kBS6YVsu1BGD5QdawQCud8p8v2IMw/bqLpSc9gV3oxb
EIvzrU6Sq2wVVlCzt3+jqzkKVx6JcvQYTz+B6pbFyryaa6hGFzTzcmeKgW1I1I4g
xfrr0Cd6m4lhHTmTOmXbW8e+WMss3bEKAKnZlokkdmAj8uKwi/o8XB2+lRh8Nw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:46 2024 by rpki-client on console-fra.rpki-client.org