Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/mur5hGoN5id0SLTJ7hXIheyZYuw.roa
File:                     mur5hGoN5id0SLTJ7hXIheyZYuw.roa (raw, json)
Hash identifier:          aXHCBuFlgW0yOvml+Qx01etBnNSWT+QNmle9Ac2iabE=
Subject key identifier:   9A:EA:F9:84:6A:0D:E6:27:74:48:B4:C9:EE:15:C8:85:EC:99:62:EC
Certificate issuer:       /CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Certificate serial:       01821085A4436C32A9E1B0FB5F5CF4D65518
Authority key identifier: C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/mur5hGoN5id0SLTJ7hXIheyZYuw.roa
Signing time:             Mon 18 Jul 2022 08:56:09 +0000
ROA not before:           Mon 18 Jul 2022 08:56:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60032
IP address blocks:        193.56.168.0/22 maxlen: 22
                          45.152.184.0/22 maxlen: 22
                          194.36.137.0/24 maxlen: 24
                          45.129.48.0/22 maxlen: 22
                          185.107.84.0/22 maxlen: 24
                          185.61.144.0/22 maxlen: 22
                          109.70.16.0/21 maxlen: 22
                          45.85.176.0/22 maxlen: 22
                          45.11.148.0/22 maxlen: 22
                          194.36.221.0/24 maxlen: 24
                          80.240.176.0/21 maxlen: 21
                          185.163.60.0/22 maxlen: 22
                          80.240.188.0/22 maxlen: 22
                          45.90.224.0/22 maxlen: 22
                          185.203.180.0/22 maxlen: 22
                          194.36.169.0/24 maxlen: 24
                          5.252.60.0/22 maxlen: 22
                          194.36.167.0/24 maxlen: 24
                          188.92.64.0/21 maxlen: 22
                          5.252.88.0/22 maxlen: 22
                          185.13.180.0/22 maxlen: 22
                          95.214.44.0/22 maxlen: 22
                          2.59.68.0/22 maxlen: 22
                          2.59.72.0/22 maxlen: 22
                          193.8.116.0/22 maxlen: 22
                          185.229.176.0/22 maxlen: 22
                          128.127.16.0/21 maxlen: 22
                          185.253.36.0/22 maxlen: 22
                          212.104.240.0/20 maxlen: 20
                          185.128.140.0/22 maxlen: 23
                          194.182.112.0/20 maxlen: 22
                          2a06:4280::/29 maxlen: 32
                          2a02:cfc0::/29 maxlen: 32
                          2a02:79e0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:10:85:a4:43:6c:32:a9:e1:b0:fb:5f:5c:f4:d6:55:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
        Validity
            Not Before: Jul 18 08:56:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9aeaf9846a0de6277448b4c9ee15c885ec9962ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:10:f2:2b:18:ca:5c:b3:b9:11:ce:e8:2b:57:
                    ad:04:3b:30:d5:67:d0:b9:dd:2f:67:be:6b:3e:e6:
                    65:6b:6c:4e:75:3c:60:a2:79:15:4c:fd:da:5f:7e:
                    2a:5f:09:75:df:e2:b5:e2:00:b1:87:df:e8:f6:5b:
                    0a:37:4e:22:d9:1b:eb:00:a6:34:c2:38:8b:43:a8:
                    e4:ca:f9:43:56:28:39:cf:de:08:dc:e3:0b:78:2e:
                    af:d2:d9:33:27:5e:78:7c:d7:55:4b:6b:ee:89:98:
                    d9:bc:19:8b:11:4b:d9:69:4e:da:7b:cd:4e:eb:7a:
                    55:3d:85:cf:d4:7b:46:85:37:ff:82:34:94:f3:d2:
                    48:6e:7f:5e:35:89:c1:d6:cd:30:09:e9:65:63:f9:
                    af:c2:1b:35:5f:e5:3c:90:a7:39:20:4a:8d:2c:81:
                    e9:57:bb:32:07:f0:2d:0a:a6:f8:75:ef:ba:85:97:
                    37:47:5f:50:91:51:77:98:a8:c7:7e:c0:ba:cf:c9:
                    7e:8d:54:96:61:ac:e7:6e:0d:e2:3c:7b:c0:10:e2:
                    2b:07:a2:e4:b9:fa:d0:43:79:1c:74:aa:3a:28:16:
                    b0:d3:bf:ba:dd:b4:89:34:bf:f2:46:cf:b0:7d:73:
                    a6:d3:c6:8c:66:0d:e4:13:f4:fd:24:d3:4d:61:68:
                    b3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EA:F9:84:6A:0D:E6:27:74:48:B4:C9:EE:15:C8:85:EC:99:62:EC
            X509v3 Authority Key Identifier:
                keyid:C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/mur5hGoN5id0SLTJ7hXIheyZYuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.68.0-2.59.75.255
                  5.252.60.0/22
                  5.252.88.0/22
                  45.11.148.0/22
                  45.85.176.0/22
                  45.90.224.0/22
                  45.129.48.0/22
                  45.152.184.0/22
                  80.240.176.0/21
                  80.240.188.0/22
                  95.214.44.0/22
                  109.70.16.0/21
                  128.127.16.0/21
                  185.13.180.0/22
                  185.61.144.0/22
                  185.107.84.0/22
                  185.128.140.0/22
                  185.163.60.0/22
                  185.203.180.0/22
                  185.229.176.0/22
                  185.253.36.0/22
                  188.92.64.0/21
                  193.8.116.0/22
                  193.56.168.0/22
                  194.36.137.0/24
                  194.36.167.0/24
                  194.36.169.0/24
                  194.36.221.0/24
                  194.182.112.0/20
                  212.104.240.0/20
                IPv6:
                  2a02:79e0::/32
                  2a02:cfc0::/29
                  2a06:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:23:b8:b6:36:c6:a2:58:35:6b:f8:20:21:66:ab:fd:b1:1d:
         30:dd:fd:09:9b:81:37:36:27:3a:f2:0e:96:16:54:56:f5:2e:
         d6:12:62:d1:ad:92:bd:08:35:90:e2:33:06:0b:a0:57:4d:06:
         6c:bd:81:60:a6:ed:ea:5f:93:8b:83:d3:2b:08:39:b5:e5:6c:
         80:00:fc:b5:85:a2:18:c5:c3:d1:02:de:7f:c7:42:3f:af:21:
         12:9d:7c:fb:6b:c5:6d:28:c2:96:21:0c:dc:d5:b4:d1:7b:14:
         ee:9f:a1:c3:43:10:36:e4:24:b5:89:f1:14:e9:6f:ea:e2:dc:
         9d:0f:2f:fd:98:9a:f9:6e:d5:1a:22:ec:c0:1c:f4:df:64:ad:
         3f:3a:46:dd:dc:4d:65:68:7c:6e:09:de:b4:0e:09:27:db:ea:
         f6:2e:89:24:d2:ef:0b:3d:10:6e:0c:8d:8d:a6:56:76:b9:cf:
         65:9e:d4:ba:05:41:ea:07:9d:d5:fa:07:e0:67:51:44:e5:c1:
         c2:ca:fe:76:7d:39:06:5f:af:60:0f:e8:ba:6d:e5:7a:a5:4a:
         cd:36:0f:26:e2:95:99:90:5e:e9:e7:14:a7:98:8f:a8:82:61:
         6b:7a:d9:2c:6a:fe:04:0c:76:1d:25:59:b6:47:b2:21:c5:e6:
         95:9c:e9:e6
-----BEGIN CERTIFICATE-----
MIIF1TCCBL2gAwIBAgISAYIQhaRDbDKp4bD7X1z01lUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjhjYTgyMTQ3ZWQyMjc3YjRiY2M2OWE1Mjg1YmFlNzM1
ZjJlNDQwHhcNMjIwNzE4MDg1NjA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWVhZjk4NDZhMGRlNjI3NzQ0OGI0YzllZTE1Yzg4NWVjOTk2MmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBDyKxjKXLO5Ec7oK1etBDsw1WfQ
ud0vZ75rPuZla2xOdTxgonkVTP3aX34qXwl13+K14gCxh9/o9lsKN04i2RvrAKY0
wjiLQ6jkyvlDVig5z94I3OMLeC6v0tkzJ154fNdVS2vuiZjZvBmLEUvZaU7ae81O
63pVPYXP1HtGhTf/gjSU89JIbn9eNYnB1s0wCellY/mvwhs1X+U8kKc5IEqNLIHp
V7syB/AtCqb4de+6hZc3R19QkVF3mKjHfsC6z8l+jVSWYaznbg3iPHvAEOIrB6Lk
ufrQQ3kcdKo6KBaw07+63bSJNL/yRs+wfXOm08aMZg3kE/T9JNNNYWiz2QIDAQAB
o4IC4TCCAt0wHQYDVR0OBBYEFJrq+YRqDeYndEi0ye4VyIXsmWLsMB8GA1UdIwQY
MBaAFMhoyoIUftIne0vMaaUoW65zXy5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTIt
NjY4NDkwMTk2MjdlLzEvbXVyNWhHb041aWQwU0xUSjdoWEloZXlaWXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTItNjY4NDkwMTk2Mjdl
LzEveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH2BggrBgEFBQcBBwEB/wSB5jCB4zCBwwQCAAEwgbwwDAME
AgI7RAMEAgI7SAMEAgX8PAMEAgX8WAMEAi0LlAMEAi1VsAMEAi1a4AMEAi2BMAME
Ai2YuAMEA1DwsAMEAlDwvAMEAl/WLAMEA21GEAMEA4B/EAMEArkNtAMEArk9kAME
ArlrVAMEArmAjAMEArmjPAMEArnLtAMEArnlsAMEArn9JAMEA7xcQAMEAsEIdAME
AsE4qAMEAMIkiQMEAMIkpwMEAMIkqQMEAMIk3QMEBMK2cAMEBNRo8DAbBAIAAjAV
AwUAKgJ54AMFAyoCz8ADBQMqBkKAMA0GCSqGSIb3DQEBCwUAA4IBAQAFI7i2Nsai
WDVr+CAhZqv9sR0w3f0Jm4E3Nic68g6WFlRW9S7WEmLRrZK9CDWQ4jMGC6BXTQZs
vYFgpu3qX5OLg9MrCDm15WyAAPy1haIYxcPRAt5/x0I/ryESnXz7a8VtKMKWIQzc
1bTRexTun6HDQxA25CS1ifEU6W/q4tydDy/9mJr5btUaIuzAHPTfZK0/Okbd3E1l
aHxuCd60Dgkn2+r2Lokk0u8LPRBuDI2NplZ2uc9lntS6BUHqB53V+gfgZ1FE5cHC
yv52fTkGX69gD+i6beV6pUrNNg8m4pWZkF7p5xSnmI+ogmFretksav4EDHYdJVm2
R7IhxeaVnOnm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:13 2024 by rpki-client on console-ams.rpki-client.org