Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/mC7Ol45YlEEon9TecoF_Hj9hqI4.roa
File:                     mC7Ol45YlEEon9TecoF_Hj9hqI4.roa (raw, json)
Hash identifier:          ehvcYKlRoDolXLluZI9VWeIc6mLtQ4dJkKWsEW/JZA0=
Subject key identifier:   98:2E:CE:97:8E:58:94:41:28:9F:D4:DE:72:81:7F:1E:3F:61:A8:8E
Certificate issuer:       /CN=1ada225cb7f29416e7534695fbfb21762fee93c8
Certificate serial:       04FB47E0
Authority key identifier: 1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/mC7Ol45YlEEon9TecoF_Hj9hqI4.roa
Signing time:             Sat 01 Jan 2022 06:59:46 +0000
ROA not before:           Sat 01 Jan 2022 06:59:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1273
IP address blocks:        194.70.240.0/20 maxlen: 20
                          194.70.32.0/22 maxlen: 22
                          194.70.37.0/24 maxlen: 24
                          194.70.38.0/23 maxlen: 23
                          194.70.40.0/21 maxlen: 21
                          194.70.48.0/20 maxlen: 20
                          194.70.64.0/20 maxlen: 20
                          194.70.192.0/19 maxlen: 19
                          194.70.2.0/24 maxlen: 24
                          194.70.4.0/22 maxlen: 22
                          194.70.0.0/23 maxlen: 23
                          194.70.224.0/21 maxlen: 21
                          194.70.8.0/21 maxlen: 21
                          194.70.16.0/20 maxlen: 20
                          194.70.232.0/23 maxlen: 23
                          194.70.235.0/24 maxlen: 24
                          194.70.236.0/22 maxlen: 22
                          194.159.0.0/16 maxlen: 16
                          194.70.80.0/21 maxlen: 21
                          194.70.88.0/22 maxlen: 22
                          194.70.92.0/23 maxlen: 23
                          194.70.95.0/24 maxlen: 24
                          194.70.96.0/19 maxlen: 19
                          194.217.0.0/16 maxlen: 16

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83576800 (0x4fb47e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ada225cb7f29416e7534695fbfb21762fee93c8
        Validity
            Not Before: Jan  1 06:59:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=982ece978e589441289fd4de72817f1e3f61a88e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e1:73:a2:23:93:c7:52:52:b8:51:cd:81:05:
                    de:23:64:d3:43:09:a9:a0:84:3b:4a:a2:36:62:64:
                    66:1c:64:fc:c8:c3:08:e9:7a:9f:6a:a5:66:e9:db:
                    a5:c3:c5:55:b4:01:a9:8f:4d:37:53:91:9a:17:fe:
                    e6:dc:91:99:58:1c:35:3e:b5:28:1a:37:84:b8:f8:
                    f3:0d:6d:45:36:34:35:78:bc:50:72:f9:c0:dd:22:
                    bd:21:23:60:a5:f9:17:04:4e:65:ac:69:47:fe:d9:
                    b2:70:2f:84:6a:cf:34:e5:60:2f:f2:24:de:f7:5b:
                    ae:a4:c5:01:1d:ab:e4:19:31:82:62:e2:19:ec:8f:
                    bb:e3:b1:6a:75:01:3c:d3:38:b0:07:98:62:e4:54:
                    92:22:b3:98:d9:52:e7:41:c1:3b:da:2a:cc:79:b2:
                    28:8f:a0:fd:a8:f5:aa:44:d7:0a:0b:6a:07:4c:5a:
                    4f:72:28:67:18:73:2e:d4:f3:7a:a9:c4:fe:fa:bd:
                    d9:0e:64:8f:38:36:24:b8:7e:c8:52:69:0e:29:8a:
                    cf:03:9a:8a:66:27:9f:4a:e4:69:8a:82:e1:53:7b:
                    94:d4:d4:18:e7:dc:c7:fa:ad:2f:41:3d:98:7d:df:
                    b3:06:ce:e7:8d:12:c9:44:f5:27:38:c6:19:05:84:
                    f3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:2E:CE:97:8E:58:94:41:28:9F:D4:DE:72:81:7F:1E:3F:61:A8:8E
            X509v3 Authority Key Identifier:
                keyid:1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/mC7Ol45YlEEon9TecoF_Hj9hqI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.70.0.0-194.70.2.255
                  194.70.4.0-194.70.35.255
                  194.70.37.0-194.70.93.255
                  194.70.95.0-194.70.127.255
                  194.70.192.0-194.70.233.255
                  194.70.235.0-194.70.255.255
                  194.159.0.0/16
                  194.217.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8f:88:06:a6:d0:28:38:94:b7:4d:71:c5:85:d2:c4:91:0f:b1:
         dc:b8:66:fe:8b:48:15:f6:bc:0d:67:cb:49:fa:6e:ef:7d:13:
         f4:a4:8f:d8:28:33:17:33:ab:89:47:22:6f:d7:64:60:57:ea:
         8c:a8:b4:82:af:3c:0f:ed:2c:d0:4d:28:65:56:99:b5:d7:30:
         47:ca:59:14:39:69:46:fb:e7:c0:2c:c3:50:95:e8:d7:48:1b:
         49:d0:7f:a8:e3:3a:71:e6:86:b7:f7:6a:d7:3d:4a:76:dc:9c:
         7d:43:eb:e2:d9:0c:20:35:d4:77:6a:2b:ec:73:b5:ac:35:ad:
         19:ce:6b:43:7d:95:81:7a:f9:7c:9c:9a:7e:38:bf:f5:9f:3c:
         7c:82:17:3d:71:a6:74:4c:68:e1:8e:b0:32:f2:f2:d0:8b:b6:
         d1:4c:d9:a2:08:74:38:70:24:ed:ef:85:f1:d5:ed:ae:5d:63:
         78:4f:e9:03:f0:f1:16:1d:1a:db:ff:1d:bc:f4:bc:0a:ed:1f:
         67:b5:27:16:e8:58:dd:f8:dc:9d:9d:3f:8b:f8:9c:56:87:79:
         64:e1:1f:55:94:6d:45:4d:26:df:8e:0c:93:4a:aa:1a:85:71:
         27:37:7b:c5:40:23:04:15:1e:63:ce:38:57:e7:69:c4:90:03:
         dd:5d:10:79
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIEBPtH4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWRhMjI1Y2I3ZjI5NDE2ZTc1MzQ2OTVmYmZiMjE3NjJmZWU5M2M4MB4XDTIyMDEw
MTA2NTk0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTgyZWNlOTc4ZTU4
OTQ0MTI4OWZkNGRlNzI4MTdmMWUzZjYxYTg4ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALHhc6Ijk8dSUrhRzYEF3iNk00MJqaCEO0qiNmJkZhxk/MjD
COl6n2qlZunbpcPFVbQBqY9NN1ORmhf+5tyRmVgcNT61KBo3hLj48w1tRTY0NXi8
UHL5wN0ivSEjYKX5FwROZaxpR/7ZsnAvhGrPNOVgL/Ik3vdbrqTFAR2r5BkxgmLi
GeyPu+OxanUBPNM4sAeYYuRUkiKzmNlS50HBO9oqzHmyKI+g/aj1qkTXCgtqB0xa
T3IoZxhzLtTzeqnE/vq92Q5kjzg2JLh+yFJpDimKzwOaimYnn0rkaYqC4VN7lNTU
GOfcx/qtL0E9mH3fswbO540SyUT1JzjGGQWE8y0CAwEAAaOCAl8wggJbMB0GA1Ud
DgQWBBSYLs6XjliUQSif1N5ygX8eP2GojjAfBgNVHSMEGDAWgBQa2iJct/KUFudT
RpX7+yF2L+6TyDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0d0b2lYTGZ5bEJiblUwYVYtX3NoZGlfdWs4Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzQvZTlkOWNjLTI2NjgtNDJmYy04MzE1LTc1MjVkNGQ0MDhiNS8x
L21DN09sNDVZbEVFb245VGVjb0ZfSGo5aHFJNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzQv
ZTlkOWNjLTI2NjgtNDJmYy04MzE1LTc1MjVkNGQ0MDhiNS8xL0d0b2lYTGZ5bEJi
blUwYVYtX3NoZGlfdWs4Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB1
BggrBgEFBQcBBwEB/wRmMGQwYgQCAAEwXDALAwMBwkYDBADCRgIwDAMEAsJGBAME
AsJGIDAMAwQAwkYlAwQBwkZcMAwDBADCRl8DBAfCRgAwDAMEBsJGwAMEAcJG6DAL
AwQAwkbrAwMAwkYDAwDCnwMDAMLZMA0GCSqGSIb3DQEBCwUAA4IBAQCPiAam0Cg4
lLdNccWF0sSRD7HcuGb+i0gV9rwNZ8tJ+m7vfRP0pI/YKDMXM6uJRyJv12RgV+qM
qLSCrzwP7SzQTShlVpm11zBHylkUOWlG++fALMNQlejXSBtJ0H+o4zpx5oa392rX
PUp23Jx9Q+vi2QwgNdR3aivsc7WsNa0ZzmtDfZWBevl8nJp+OL/1nzx8ghc9caZ0
TGjhjrAy8vLQi7bRTNmiCHQ4cCTt74Xx1e2uXWN4T+kD8PEWHRrb/x289LwK7R9n
tScW6Fjd+NydnT+L+JxWh3lk4R9VlG1FTSbfjgyTSqoahXEnN3vFQCMEFR5jzjhX
52nEkAPdXRB5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:10 2024 by rpki-client on console-fra.rpki-client.org