Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/2tDMI83EutjQx8c6-7GMWh9FWL4.roa
File:                     2tDMI83EutjQx8c6-7GMWh9FWL4.roa (raw, json)
Hash identifier:          GDg3akeLYNmw/a0befPmWAu8IJ9IepjDuNOAPImGrTU=
Subject key identifier:   DA:D0:CC:23:CD:C4:BA:D8:D0:C7:C7:3A:FB:B1:8C:5A:1F:45:58:BE
Certificate issuer:       /CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Certificate serial:       15016B4D
Authority key identifier: C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/2tDMI83EutjQx8c6-7GMWh9FWL4.roa
Signing time:             Sat 01 Jan 2022 14:05:35 +0000
ROA not before:           Sat 01 Jan 2022 14:05:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1299
IP address blocks:        193.56.168.0/22 maxlen: 24
                          91.92.18.0/23 maxlen: 24
                          45.152.184.0/22 maxlen: 24
                          45.129.48.0/22 maxlen: 24
                          185.107.84.0/22 maxlen: 24
                          185.61.144.0/22 maxlen: 24
                          109.70.16.0/21 maxlen: 24
                          45.11.148.0/22 maxlen: 24
                          45.85.176.0/22 maxlen: 24
                          80.240.176.0/20 maxlen: 24
                          185.163.60.0/22 maxlen: 24
                          185.203.180.0/22 maxlen: 24
                          45.90.224.0/22 maxlen: 24
                          5.252.60.0/22 maxlen: 24
                          188.92.64.0/21 maxlen: 24
                          5.252.88.0/22 maxlen: 24
                          45.65.104.0/21 maxlen: 24
                          185.13.180.0/22 maxlen: 24
                          95.214.44.0/22 maxlen: 24
                          2.59.68.0/22 maxlen: 24
                          2.59.72.0/22 maxlen: 24
                          193.8.116.0/22 maxlen: 24
                          185.229.176.0/22 maxlen: 24
                          128.127.16.0/21 maxlen: 24
                          185.189.20.0/22 maxlen: 24
                          185.253.36.0/22 maxlen: 24
                          212.104.240.0/20 maxlen: 24
                          185.128.140.0/22 maxlen: 24
                          194.182.112.0/20 maxlen: 24
                          2a06:4280::/29 maxlen: 48
                          2a02:cfc0::/29 maxlen: 48
                          2a02:79e0::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 352414541 (0x15016b4d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
        Validity
            Not Before: Jan  1 14:05:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dad0cc23cdc4bad8d0c7c73afbb18c5a1f4558be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:16:7a:1d:35:78:b2:c1:cd:da:7e:51:20:8b:
                    ed:fb:83:60:ef:12:b3:19:70:98:71:83:07:6b:7d:
                    a4:de:9e:14:70:c0:ba:44:82:1e:e0:2b:38:59:d4:
                    79:91:b1:4c:6c:ab:e2:d3:3e:19:85:c5:89:be:04:
                    a4:7b:6f:65:63:98:39:38:95:5a:d4:f8:4a:d1:fb:
                    26:4a:e4:75:b4:85:0c:66:a9:08:14:6f:50:f9:63:
                    02:97:c9:d3:ef:86:0b:9e:d0:80:d0:69:56:0a:56:
                    81:cc:8e:b6:c1:ab:0a:c9:c0:df:74:d2:66:76:ca:
                    fb:37:f2:82:ee:46:c0:4a:45:f7:47:e7:69:43:70:
                    e3:41:47:c2:35:15:7d:ee:7b:7e:3e:21:b3:4e:a4:
                    05:20:31:7c:35:b4:a0:58:32:70:f7:da:41:1a:43:
                    a1:f8:e6:6c:59:cf:61:9d:ab:3d:76:ca:e2:04:67:
                    8a:5c:4d:6b:4c:d8:02:da:4c:7d:51:26:93:6f:0c:
                    2a:1f:4b:6d:48:34:67:2a:d4:08:52:9e:4f:25:ea:
                    66:07:9b:a1:32:aa:1e:1e:c8:ed:55:5b:69:cb:ff:
                    ed:df:82:5b:0e:07:69:47:b8:a2:e0:32:5c:44:f4:
                    1a:ff:bb:6d:ff:0f:d9:62:bb:06:26:d2:de:35:9c:
                    62:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D0:CC:23:CD:C4:BA:D8:D0:C7:C7:3A:FB:B1:8C:5A:1F:45:58:BE
            X509v3 Authority Key Identifier:
                keyid:C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/2tDMI83EutjQx8c6-7GMWh9FWL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.68.0-2.59.75.255
                  5.252.60.0/22
                  5.252.88.0/22
                  45.11.148.0/22
                  45.65.104.0/21
                  45.85.176.0/22
                  45.90.224.0/22
                  45.129.48.0/22
                  45.152.184.0/22
                  80.240.176.0/20
                  91.92.18.0/23
                  95.214.44.0/22
                  109.70.16.0/21
                  128.127.16.0/21
                  185.13.180.0/22
                  185.61.144.0/22
                  185.107.84.0/22
                  185.128.140.0/22
                  185.163.60.0/22
                  185.189.20.0/22
                  185.203.180.0/22
                  185.229.176.0/22
                  185.253.36.0/22
                  188.92.64.0/21
                  193.8.116.0/22
                  193.56.168.0/22
                  194.182.112.0/20
                  212.104.240.0/20
                IPv6:
                  2a02:79e0::/32
                  2a02:cfc0::/29
                  2a06:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:82:d7:19:18:1b:39:dc:87:d9:f2:e7:0e:c6:c9:95:a3:0c:
         3a:0a:15:d9:6d:0f:d9:44:04:18:fb:fd:59:81:2f:57:c4:da:
         e6:51:fe:56:16:74:42:f3:b8:6b:4a:46:65:60:ad:c8:2b:fe:
         aa:2a:e0:4c:c3:7f:e0:74:a7:86:50:ac:18:bc:22:91:3b:24:
         45:cb:a2:d4:a1:e2:f7:52:db:66:fd:40:15:c7:f3:2d:87:7c:
         25:dd:48:d2:6b:54:3e:69:7a:84:e8:d5:62:f8:13:db:07:54:
         5e:82:4d:33:34:76:22:cb:ab:0e:1a:f0:61:ba:4d:2b:cd:a2:
         db:5f:16:f2:a2:04:fb:34:f3:49:62:fb:f0:4c:8f:f1:22:75:
         13:7e:cf:1c:d6:53:6a:59:ab:74:67:a2:fb:5c:50:ac:d9:33:
         75:35:06:d7:e4:d4:a5:b4:c5:90:07:d0:08:6e:05:26:28:38:
         42:61:d0:40:8d:41:01:fc:92:28:ab:be:ec:7b:91:e6:92:9c:
         8e:4c:61:08:5c:ea:d6:a3:df:44:a7:62:90:f3:eb:4b:ce:a6:
         fa:7c:ee:27:98:41:9f:5f:d8:29:85:60:ba:34:0c:81:bd:a5:
         2b:ea:e3:ed:7d:86:7f:6d:cc:b4:c4:b6:d0:bc:4a:fd:5b:a6:
         21:81:d2:89
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgIEFQFrTTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ODY4Y2E4MjE0N2VkMjI3N2I0YmNjNjlhNTI4NWJhZTczNWYyZTQ0MB4XDTIyMDEw
MTE0MDUzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGFkMGNjMjNjZGM0
YmFkOGQwYzdjNzNhZmJiMThjNWExZjQ1NThiZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALYWeh01eLLBzdp+USCL7fuDYO8SsxlwmHGDB2t9pN6eFHDA
ukSCHuArOFnUeZGxTGyr4tM+GYXFib4EpHtvZWOYOTiVWtT4StH7JkrkdbSFDGap
CBRvUPljApfJ0++GC57QgNBpVgpWgcyOtsGrCsnA33TSZnbK+zfygu5GwEpF90fn
aUNw40FHwjUVfe57fj4hs06kBSAxfDW0oFgycPfaQRpDofjmbFnPYZ2rPXbK4gRn
ilxNa0zYAtpMfVEmk28MKh9LbUg0ZyrUCFKeTyXqZgeboTKqHh7I7VVbacv/7d+C
Ww4HaUe4ouAyXET0Gv+7bf8P2WK7BibS3jWcYp0CAwEAAaOCAtUwggLRMB0GA1Ud
DgQWBBTa0MwjzcS62NDHxzr7sYxaH0VYvjAfBgNVHSMEGDAWgBTIaMqCFH7SJ3tL
zGmlKFuuc18uRDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lHaktnaFItMGlkN1M4eHBwU2hicm5OZkxrUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2EvMDQyYzMzLWFiNmItNDhiZS1hNDkyLTY2ODQ5MDE5NjI3ZS8x
LzJ0RE1JODNFdXRqUXg4YzYtN0dNV2g5RldMNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Ev
MDQyYzMzLWFiNmItNDhiZS1hNDkyLTY2ODQ5MDE5NjI3ZS8xL3lHaktnaFItMGlk
N1M4eHBwU2hicm5OZkxrUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
6gYIKwYBBQUHAQcBAf8EgdowgdcwgbcEAgABMIGwMAwDBAICO0QDBAICO0gDBAIF
/DwDBAIF/FgDBAItC5QDBAMtQWgDBAItVbADBAItWuADBAItgTADBAItmLgDBARQ
8LADBAFbXBIDBAJf1iwDBANtRhADBAOAfxADBAK5DbQDBAK5PZADBAK5a1QDBAK5
gIwDBAK5ozwDBAK5vRQDBAK5y7QDBAK55bADBAK5/SQDBAO8XEADBALBCHQDBALB
OKgDBATCtnADBATUaPAwGwQCAAIwFQMFACoCeeADBQMqAs/AAwUDKgZCgDANBgkq
hkiG9w0BAQsFAAOCAQEAkYLXGRgbOdyH2fLnDsbJlaMMOgoV2W0P2UQEGPv9WYEv
V8Ta5lH+VhZ0QvO4a0pGZWCtyCv+qirgTMN/4HSnhlCsGLwikTskRcui1KHi91Lb
Zv1AFcfzLYd8Jd1I0mtUPml6hOjVYvgT2wdUXoJNMzR2IsurDhrwYbpNK82i218W
8qIE+zTzSWL78EyP8SJ1E37PHNZTalmrdGei+1xQrNkzdTUG1+TUpbTFkAfQCG4F
Jig4QmHQQI1BAfySKKu+7HuR5pKcjkxhCFzq1qPfRKdikPPrS86m+nzuJ5hBn1/Y
KYVgujQMgb2lK+rj7X2Gf23MtMS20LxK/VumIYHSiQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:13 2024 by rpki-client on console-ams.rpki-client.org