Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/ex8Xk-SGTi_dzheQXykIVBx69wg.roa
File:                     ex8Xk-SGTi_dzheQXykIVBx69wg.roa (raw, json)
Hash identifier:          0kvQOOzJqHfw/MOv1JY+CTMjrz3r2Wu2kY0Q6f/PT2w=
Subject key identifier:   7B:1F:17:93:E4:86:4E:2F:DD:CE:17:90:5F:29:08:54:1C:7A:F7:08
Certificate issuer:       /CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
Certificate serial:       04F2D2
Authority key identifier: 2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/ex8Xk-SGTi_dzheQXykIVBx69wg.roa
Signing time:             Thu 17 Mar 2022 09:49:03 +0000
ROA not before:           Thu 17 Mar 2022 09:49:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201540
IP address blocks:        185.120.192.0/22 maxlen: 22
                          185.120.196.0/22 maxlen: 22
                          185.120.200.0/24 maxlen: 24
                          185.120.201.0/24 maxlen: 24
                          185.120.202.0/24 maxlen: 24
                          185.120.203.0/24 maxlen: 24
                          185.120.208.0/22 maxlen: 22
                          185.71.192.0/23 maxlen: 23
                          185.71.194.0/23 maxlen: 23
                          185.109.75.0/24 maxlen: 24
                          185.109.72.0/24 maxlen: 24
                          185.109.73.0/24 maxlen: 24
                          185.112.168.0/22 maxlen: 22
                          185.109.74.0/24 maxlen: 24
                          185.109.80.0/23 maxlen: 23
                          185.109.82.0/23 maxlen: 23
                          185.111.8.0/22 maxlen: 22
                          185.111.12.0/22 maxlen: 22
                          185.120.216.0/22 maxlen: 22
                          185.120.224.0/22 maxlen: 22
                          185.120.232.0/22 maxlen: 22
                          185.120.240.0/22 maxlen: 22
                          185.109.61.0/24 maxlen: 24
                          185.109.62.0/23 maxlen: 23
                          185.109.60.0/24 maxlen: 24
                          185.111.136.0/22 maxlen: 22
                          185.111.64.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 324306 (0x4f2d2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b7ab6569de78d3c4a082fde6dd1d6a3f0d509c2
        Validity
            Not Before: Mar 17 09:49:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7b1f1793e4864e2fddce17905f2908541c7af708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:db:c4:f2:e0:83:b2:d5:b4:67:c4:c5:33:ea:
                    d8:01:d8:a3:ce:08:b3:ce:b1:96:e4:b6:9a:fc:36:
                    ce:2e:ff:62:c1:4b:fb:dd:be:3d:ca:26:4a:95:30:
                    bb:82:6f:18:b9:7a:af:0b:15:6b:b5:d6:18:2f:31:
                    c6:53:c5:aa:e8:38:58:8e:0a:33:84:bf:47:e5:8b:
                    f7:ef:77:e5:1e:63:e3:5d:a5:6f:90:11:23:6d:2a:
                    4b:e5:3d:47:9e:36:a3:a4:37:0b:6b:b8:77:05:98:
                    42:1d:45:00:74:d6:a2:eb:2e:42:33:fb:26:19:56:
                    5d:4d:48:13:a2:1f:12:64:e3:05:37:1a:9e:a4:21:
                    e0:b2:8b:c5:76:d6:0f:5c:a1:62:d1:10:57:9c:87:
                    c8:2c:e5:0c:74:55:6a:31:60:d7:48:04:9b:7a:44:
                    dc:a9:d5:4f:48:8a:c2:ac:13:6d:28:70:2f:c4:4a:
                    70:12:ed:de:88:06:41:b7:b0:3a:59:5d:58:15:4b:
                    c5:17:07:97:2a:4c:e6:df:62:a5:8a:cb:e6:fb:6d:
                    d2:ed:18:bc:e3:62:9a:c8:89:9f:ed:26:53:9a:f3:
                    d0:fa:f6:10:71:92:6e:82:a0:60:9c:a1:48:12:d1:
                    67:3d:04:db:9d:36:98:8e:ce:eb:83:75:d0:3e:02:
                    e7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1F:17:93:E4:86:4E:2F:DD:CE:17:90:5F:29:08:54:1C:7A:F7:08
            X509v3 Authority Key Identifier:
                keyid:2B:7A:B6:56:9D:E7:8D:3C:4A:08:2F:DE:6D:D1:D6:A3:F0:D5:09:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K3q2Vp3njTxKCC_ebdHWo_DVCcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/ex8Xk-SGTi_dzheQXykIVBx69wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6e4544-e65f-4bf0-94c8-3fc96594b4c5/1/K3q2Vp3njTxKCC_ebdHWo_DVCcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.192.0/22
                  185.109.60.0/22
                  185.109.72.0/22
                  185.109.80.0/22
                  185.111.8.0/21
                  185.111.64.0/23
                  185.111.136.0/22
                  185.112.168.0/22
                  185.120.192.0-185.120.203.255
                  185.120.208.0/22
                  185.120.216.0/22
                  185.120.224.0/22
                  185.120.232.0/22
                  185.120.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:9b:97:6e:90:a0:f5:21:1c:5c:8e:55:a7:99:27:b9:5d:24:
         0e:15:ec:66:9f:c3:7f:7c:95:49:4d:81:0a:6b:4a:93:96:cd:
         cf:b2:04:2f:e8:70:61:71:aa:82:e4:77:43:c2:7a:2a:9c:f3:
         3a:b1:27:de:78:52:14:66:0e:59:c2:69:fb:29:4e:16:b2:c0:
         17:69:e0:ec:67:3c:76:23:ab:8f:75:4a:62:f8:f3:10:b0:d8:
         db:b0:4f:7d:a7:18:c5:aa:59:83:4f:c4:d2:a2:8e:a3:19:64:
         bb:a8:90:1e:9c:cf:2a:6f:76:fe:ec:44:78:3e:7e:30:1c:48:
         a2:cc:50:2f:05:a9:e6:44:e8:89:9d:78:47:40:64:62:ab:a1:
         9d:70:ec:5c:d6:69:4e:41:a9:6f:a8:26:82:ae:8d:b1:c9:1b:
         58:eb:70:b1:1b:92:9d:4a:49:6c:04:f8:d7:43:96:52:16:4c:
         91:d4:ad:96:45:93:e5:07:07:10:c1:2a:c1:62:e7:e5:9f:6e:
         09:be:c6:f1:33:3d:6d:fe:60:2a:d6:b5:9b:a2:bf:cd:d0:e9:
         a4:db:1f:44:09:1a:bc:f3:8c:36:2c:99:97:71:3a:3c:d1:5c:
         ce:94:65:15:ab:4a:98:97:8f:0b:96:18:b7:73:d1:94:57:d7:
         15:9a:43:55
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgIDBPLSMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDJi
N2FiNjU2OWRlNzhkM2M0YTA4MmZkZTZkZDFkNmEzZjBkNTA5YzIwHhcNMjIwMzE3
MDk0OTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3YjFmMTc5M2U0ODY0
ZTJmZGRjZTE3OTA1ZjI5MDg1NDFjN2FmNzA4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA2tvE8uCDstW0Z8TFM+rYAdijzgizzrGW5Laa/DbOLv9iwUv7
3b49yiZKlTC7gm8YuXqvCxVrtdYYLzHGU8Wq6DhYjgozhL9H5Yv373flHmPjXaVv
kBEjbSpL5T1HnjajpDcLa7h3BZhCHUUAdNai6y5CM/smGVZdTUgToh8SZOMFNxqe
pCHgsovFdtYPXKFi0RBXnIfILOUMdFVqMWDXSASbekTcqdVPSIrCrBNtKHAvxEpw
Eu3eiAZBt7A6WV1YFUvFFweXKkzm32Klisvm+23S7Ri842KayImf7SZTmvPQ+vYQ
cZJugqBgnKFIEtFnPQTbnTaYjs7rg3XQPgLnMwIDAQABo4ICXzCCAlswHQYDVR0O
BBYEFHsfF5Pkhk4v3c4XkF8pCFQcevcIMB8GA1UdIwQYMBaAFCt6tlad5408Sggv
3m3R1qPw1QnCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
SzNxMlZwM25qVHhLQ0NfZWJkSFdvX0RWQ2NJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC83NC82ZTQ1NDQtZTY1Zi00YmYwLTk0YzgtM2ZjOTY1OTRiNGM1LzEv
ZXg4WGstU0dUaV9kemhlUVh5a0lWQng2OXdnLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82
ZTQ1NDQtZTY1Zi00YmYwLTk0YzgtM2ZjOTY1OTRiNGM1LzEvSzNxMlZwM25qVHhL
Q0NfZWJkSFdvX0RWQ2NJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMHUG
CCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQCuUfAAwQCuW08AwQCuW1IAwQCuW1Q
AwQDuW8IAwQBuW9AAwQCuW+IAwQCuXCoMAwDBAa5eMADBAK5eMgDBAK5eNADBAK5
eNgDBAK5eOADBAK5eOgDBAK5ePAwDQYJKoZIhvcNAQELBQADggEBAKGbl26QoPUh
HFyOVaeZJ7ldJA4V7Gafw398lUlNgQprSpOWzc+yBC/ocGFxqoLkd0PCeiqc8zqx
J954UhRmDlnCafspThaywBdp4OxnPHYjq491SmL48xCw2NuwT32nGMWqWYNPxNKi
jqMZZLuokB6czypvdv7sRHg+fjAcSKLMUC8FqeZE6ImdeEdAZGKroZ1w7FzWaU5B
qW+oJoKujbHJG1jrcLEbkp1KSWwE+NdDllIWTJHUrZZFk+UHBxDBKsFi5+Wfbgm+
xvEzPW3+YCrWtZuiv83Q6aTbH0QJGrzzjDYsmZdxOjzRXM6UZRWrSpiXjwuWGLdz
0ZRX1xWaQ1U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:06 2024 by rpki-client on console-fra.rpki-client.org