Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/ag4ayM3A4mYAtw_nA2_-9SyHVkI.roa
File:                     ag4ayM3A4mYAtw_nA2_-9SyHVkI.roa (raw, json)
Hash identifier:          3ygSPorGXNxgR2+YsbQNqVyB3LVoQevp2re/5yKmtN8=
Subject key identifier:   6A:0E:1A:C8:CD:C0:E2:66:00:B7:0F:E7:03:6F:FE:F5:2C:87:56:42
Certificate issuer:       /CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
Certificate serial:       0FCB5CD5
Authority key identifier: 97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/ag4ayM3A4mYAtw_nA2_-9SyHVkI.roa
Signing time:             Sat 01 Jan 2022 02:56:42 +0000
ROA not before:           Sat 01 Jan 2022 02:56:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20546
IP address blocks:        185.85.0.0/24 maxlen: 24
                          185.85.1.0/24 maxlen: 24
                          185.85.2.0/24 maxlen: 24
                          185.85.3.192/27 maxlen: 27
                          185.85.3.0/24 maxlen: 24
                          2a05:a942::/32 maxlen: 32
                          2a05:a946::/32 maxlen: 32
                          2a05:a947::/32 maxlen: 32
                          2a05:a941::/32 maxlen: 32
                          2a05:a944::/32 maxlen: 32
                          2a05:a944::/48 maxlen: 48
                          2a05:a940::/32 maxlen: 32
                          2a05:a943::/32 maxlen: 32
                          2a05:a945::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 264985813 (0xfcb5cd5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
        Validity
            Not Before: Jan  1 02:56:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6a0e1ac8cdc0e26600b70fe7036ffef52c875642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:46:90:62:83:4d:62:07:f2:66:f2:7d:66:6f:
                    07:77:86:af:ca:18:3b:dd:ba:b4:1c:8d:b0:ac:91:
                    b0:cd:81:88:6b:4e:26:bd:8c:3e:41:82:07:b0:4d:
                    6e:e1:92:49:5f:97:de:7b:25:f9:cb:04:60:64:ad:
                    4d:bd:c5:35:b2:1d:6d:d3:0c:86:40:f2:41:22:d0:
                    f0:ad:35:1a:aa:9f:18:66:e9:7b:45:ee:66:30:c1:
                    0c:6e:39:38:3c:4a:48:e4:53:14:b7:95:2a:37:ec:
                    27:17:87:a2:cf:e4:e0:23:1c:26:97:de:ee:d5:5c:
                    34:f2:b0:ff:e2:ae:1a:fd:7a:7f:50:6e:0f:95:ca:
                    88:f3:e5:1e:f1:7b:95:1a:3d:e6:79:48:d8:ea:46:
                    a9:59:c0:0b:7e:17:d0:f4:03:d7:6a:5a:32:d1:68:
                    d4:f2:f1:52:dd:0e:8d:e0:36:ac:0c:28:2c:0d:6f:
                    47:31:9f:72:fd:2a:13:80:3b:65:ff:10:d8:67:7e:
                    35:86:4e:ff:45:d9:63:71:58:be:43:81:5b:2b:9e:
                    40:38:4e:d0:ea:58:b1:78:b0:3f:24:8b:42:b0:a1:
                    bf:73:cc:44:9d:2b:75:b7:ad:35:f0:3d:73:dc:77:
                    57:5b:81:cf:d8:b6:a3:e6:e5:f5:63:3b:6f:57:fa:
                    ec:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:0E:1A:C8:CD:C0:E2:66:00:B7:0F:E7:03:6F:FE:F5:2C:87:56:42
            X509v3 Authority Key Identifier:
                keyid:97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/ag4ayM3A4mYAtw_nA2_-9SyHVkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.0.0/22
                IPv6:
                  2a05:a940::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:36:54:bc:70:08:d4:b2:b6:fb:0d:c2:b4:3e:be:1a:a8:c2:
         bd:bd:90:65:69:ea:71:52:71:76:eb:1d:a3:84:3a:01:97:fa:
         80:64:4e:fb:c0:d9:9b:ec:5b:e3:cf:40:7f:1f:72:01:34:e0:
         75:03:54:e7:73:72:5f:6a:41:56:7a:43:d9:f3:f4:fb:8c:c4:
         6c:52:53:60:1b:7d:22:72:f1:f4:3b:27:89:b4:da:59:ca:a7:
         79:8e:b2:f3:e2:7c:7e:25:fc:ac:9c:d2:de:ac:a7:bd:c9:13:
         7b:b6:b3:3d:08:24:bb:da:de:0b:85:75:93:f7:6d:87:6f:cf:
         12:4b:8a:40:03:91:83:a1:5c:7d:41:4a:1b:ee:a0:9f:9a:db:
         d0:81:9d:a4:b8:d4:74:9c:da:2f:fa:55:19:bb:37:70:73:a8:
         72:b2:69:81:19:25:cc:e0:57:ad:df:8c:d2:71:64:d3:c2:58:
         33:28:b9:65:70:c0:60:b6:c7:d0:b8:c9:99:4f:8e:f0:b4:17:
         4e:2c:97:62:ea:55:01:ad:62:ef:10:d8:8d:9d:14:95:fd:b7:
         f3:5e:d2:35:37:1b:11:3e:2c:62:32:04:30:26:08:a0:11:85:
         c8:b9:08:28:ad:62:79:a8:05:05:0f:bf:09:d2:61:cf:0d:60:
         f0:42:63:ba
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIED8tc1TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
N2JjYmVlNDRmNGNlZjA5MTk4NWU1NDZhNjg1NGY5Y2NiMmFkYThhMB4XDTIyMDEw
MTAyNTY0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmEwZTFhYzhjZGMw
ZTI2NjAwYjcwZmU3MDM2ZmZlZjUyYzg3NTY0MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVGkGKDTWIH8mbyfWZvB3eGr8oYO926tByNsKyRsM2BiGtO
Jr2MPkGCB7BNbuGSSV+X3nsl+csEYGStTb3FNbIdbdMMhkDyQSLQ8K01GqqfGGbp
e0XuZjDBDG45ODxKSORTFLeVKjfsJxeHos/k4CMcJpfe7tVcNPKw/+KuGv16f1Bu
D5XKiPPlHvF7lRo95nlI2OpGqVnAC34X0PQD12paMtFo1PLxUt0OjeA2rAwoLA1v
RzGfcv0qE4A7Zf8Q2Gd+NYZO/0XZY3FYvkOBWyueQDhO0OpYsXiwPySLQrChv3PM
RJ0rdbetNfA9c9x3V1uBz9i2o+bl9WM7b1f67FMCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRqDhrIzcDiZgC3D+cDb/71LIdWQjAfBgNVHSMEGDAWgBSXvL7kT0zvCRmF
5UamhU+cyyraijAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2w3eS01RTlNN3drWmhlVkdwb1ZQbk1zcTJvby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzIvMGIyZWVmLTc1ZTktNDNiMi05MDg4LTgzMDNhZDEzNzFkZC8x
L2FnNGF5TTNBNG1ZQXR3X25BMl8tOVN5SFZrSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIv
MGIyZWVmLTc1ZTktNDNiMi05MDg4LTgzMDNhZDEzNzFkZC8xL2w3eS01RTlNN3dr
WmhlVkdwb1ZQbk1zcTJvby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlVADANBAIAAjAHAwUDKgWpQDAN
BgkqhkiG9w0BAQsFAAOCAQEALDZUvHAI1LK2+w3CtD6+GqjCvb2QZWnqcVJxdusd
o4Q6AZf6gGRO+8DZm+xb489Afx9yATTgdQNU53NyX2pBVnpD2fP0+4zEbFJTYBt9
InLx9DsnibTaWcqneY6y8+J8fiX8rJzS3qynvckTe7azPQgku9reC4V1k/dth2/P
EkuKQAORg6FcfUFKG+6gn5rb0IGdpLjUdJzaL/pVGbs3cHOocrJpgRklzOBXrd+M
0nFk08JYMyi5ZXDAYLbH0LjJmU+O8LQXTiyXYupVAa1i7xDYjZ0Ulf23817SNTcb
ET4sYjIEMCYIoBGFyLkIKK1ieagFBQ+/CdJhzw1g8EJjug==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:48 2024 by rpki-client on console-fra.rpki-client.org