Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/QyMbHc7YYS1kHq0h1U86qjqO3mI.roa
File:                     QyMbHc7YYS1kHq0h1U86qjqO3mI.roa (raw, json)
Hash identifier:          2ylFDQytW4R+S3Z2o0P+xF8msUyZZIqKndZIH7RQLEo=
Subject key identifier:   43:23:1B:1D:CE:D8:61:2D:64:1E:AD:21:D5:4F:3A:AA:3A:8E:DE:62
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       20356D7F
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/QyMbHc7YYS1kHq0h1U86qjqO3mI.roa
Signing time:             Sat 01 Jan 2022 05:03:04 +0000
ROA not before:           Sat 01 Jan 2022 05:03:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2110
IP address blocks:        193.95.128.0/18 maxlen: 18
                          194.125.0.0/17 maxlen: 17
                          213.202.128.0/18 maxlen: 18
                          192.111.39.0/24 maxlen: 24
                          78.16.0.0/14 maxlen: 14
                          212.2.160.0/19 maxlen: 19
                          185.146.180.0/22 maxlen: 22
                          185.146.180.0/24 maxlen: 24
                          193.120.52.0/24 maxlen: 24
                          194.145.128.0/21 maxlen: 21
                          193.120.216.0/24 maxlen: 24
                          194.46.192.0/18 maxlen: 18
                          193.120.0.0/16 maxlen: 16
                          193.203.128.0/19 maxlen: 19
                          194.165.160.0/19 maxlen: 19
                          2001:7c8::/29 maxlen: 29
                          2001:7c8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 540372351 (0x20356d7f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Jan  1 05:03:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=43231b1dced8612d641ead21d54f3aaa3a8ede62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:69:dd:ac:88:78:c0:ff:b6:60:0c:58:c3:1a:
                    82:f7:07:36:27:45:a7:65:11:79:0f:94:85:ee:99:
                    ac:c5:38:e0:a8:07:e1:20:e4:6e:3c:83:73:47:fd:
                    13:30:14:10:e8:2f:fc:07:9c:48:3b:4a:98:d5:f6:
                    81:bf:a7:ba:1a:e8:5a:57:5a:61:06:9e:8c:04:5c:
                    41:10:46:f2:99:e7:1e:40:c8:4a:09:de:07:26:8e:
                    41:9c:3f:0d:80:e9:aa:43:cc:ba:8c:d4:fd:98:60:
                    aa:27:81:46:f6:bf:9a:f5:ff:c4:2f:5c:6d:81:fc:
                    48:95:ac:32:b7:89:52:0b:24:0f:4e:c5:5d:e1:7b:
                    c4:15:05:2c:cd:b5:fc:73:db:82:96:8d:f3:f7:bd:
                    71:eb:e1:39:fd:7a:20:ad:c3:9e:a2:dc:fd:af:4f:
                    0e:bd:ba:36:a3:9b:65:0d:a6:0d:64:22:a5:8c:1c:
                    dc:2f:fb:ec:43:44:3a:0f:b1:60:ec:e1:8c:5a:00:
                    cc:a5:92:68:d7:38:39:38:a1:9e:d3:69:54:ec:e8:
                    32:06:4b:db:43:c3:e1:dc:b9:4a:fb:08:58:15:fb:
                    d3:32:3f:ae:eb:ac:25:c4:4a:bc:5d:24:af:49:51:
                    7e:13:4d:b4:ad:9b:88:82:46:39:e3:eb:97:f9:f4:
                    6a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:23:1B:1D:CE:D8:61:2D:64:1E:AD:21:D5:4F:3A:AA:3A:8E:DE:62
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/QyMbHc7YYS1kHq0h1U86qjqO3mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.16.0.0/14
                  185.146.180.0/22
                  192.111.39.0/24
                  193.95.128.0/18
                  193.120.0.0/16
                  193.203.128.0/19
                  194.46.192.0/18
                  194.125.0.0/17
                  194.145.128.0/21
                  194.165.160.0/19
                  212.2.160.0/19
                  213.202.128.0/18
                IPv6:
                  2001:7c8::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:81:fa:0b:a1:7e:b4:09:03:ae:dc:53:ed:20:76:d8:c9:cb:
         1f:e3:66:ad:c1:15:bf:ca:11:eb:91:21:0f:ba:d3:3f:b5:a4:
         5e:41:c0:a7:90:b0:27:cf:04:22:1b:c4:64:bd:9a:00:de:ed:
         44:5e:cc:83:93:64:b5:c1:f8:4e:df:e9:09:47:70:21:58:42:
         ac:94:26:4e:cc:a8:d0:de:70:04:a1:e1:d7:03:71:dc:66:65:
         f3:95:54:6c:d1:43:f1:ad:4e:24:a8:fd:72:75:52:2b:d6:05:
         a6:3a:20:d6:3d:2b:63:ee:70:5d:09:2a:a9:3d:b9:90:d9:44:
         4f:e9:18:88:09:bf:fd:0a:8c:5c:df:87:ac:d2:a7:35:8b:42:
         6e:9f:7f:88:48:a6:7b:c7:79:4f:e2:7a:71:65:de:2c:96:47:
         a6:6b:0f:f9:74:09:bc:7e:fa:35:52:f9:7d:bf:fd:61:e9:62:
         d8:22:d0:1a:68:02:fc:74:fd:00:db:f3:70:0e:cd:32:9f:fe:
         81:a5:88:88:35:4e:ba:8f:15:02:ae:bb:2a:ab:ee:15:0f:9a:
         c1:fe:2d:a6:97:6c:ad:9e:ed:ad:60:d7:31:83:59:77:19:df:
         83:65:96:e9:84:d6:08:2c:d7:4f:ae:a8:81:1e:5b:c4:a1:81:
         1b:c3:5f:e5
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIEIDVtfzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MDU0M2E1MTk3ZWIyNTQ0NDQ3ZTlkMzZiM2ViZjE0NDUyYzc3N2ViMB4XDTIyMDEw
MTA1MDMwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDMyMzFiMWRjZWQ4
NjEyZDY0MWVhZDIxZDU0ZjNhYWEzYThlZGU2MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKVp3ayIeMD/tmAMWMMagvcHNidFp2UReQ+Uhe6ZrMU44KgH
4SDkbjyDc0f9EzAUEOgv/AecSDtKmNX2gb+nuhroWldaYQaejARcQRBG8pnnHkDI
SgneByaOQZw/DYDpqkPMuozU/ZhgqieBRva/mvX/xC9cbYH8SJWsMreJUgskD07F
XeF7xBUFLM21/HPbgpaN8/e9cevhOf16IK3DnqLc/a9PDr26NqObZQ2mDWQipYwc
3C/77ENEOg+xYOzhjFoAzKWSaNc4OTihntNpVOzoMgZL20PD4dy5SvsIWBX70zI/
ruusJcRKvF0kr0lRfhNNtK2biIJGOePrl/n0alkCAwEAAaOCAlgwggJUMB0GA1Ud
DgQWBBRDIxsdzthhLWQerSHVTzqqOo7eYjAfBgNVHSMEGDAWgBQQVDpRl+slRER+
nTaz6/FEUsd36zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VGUTZVWmZySlVSRWZwMDJzLXZ4UkZMSGQtcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2EvMWJlN2JjLWI2NDItNGEwZC04ZTZiLWY3ZTBjNWUyNzAyZS8x
L1F5TWJIYzdZWVMxa0hxMGgxVTg2cWpxTzNtSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Ev
MWJlN2JjLWI2NDItNGEwZC04ZTZiLWY3ZTBjNWUyNzAyZS8xL0VGUTZVWmZySlVS
RWZwMDJzLXZ4UkZMSGQtcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBu
BggrBgEFBQcBBwEB/wRfMF0wTAQCAAEwRgMDAk4QAwQCuZK0AwQAwG8nAwQGwV+A
AwMAwXgDBAXBy4ADBAbCLsADBAfCfQADBAPCkYADBAXCpaADBAXUAqADBAbVyoAw
DQQCAAIwBwMFAyABB8gwDQYJKoZIhvcNAQELBQADggEBADKB+guhfrQJA67cU+0g
dtjJyx/jZq3BFb/KEeuRIQ+60z+1pF5BwKeQsCfPBCIbxGS9mgDe7URezIOTZLXB
+E7f6QlHcCFYQqyUJk7MqNDecASh4dcDcdxmZfOVVGzRQ/GtTiSo/XJ1UivWBaY6
INY9K2PucF0JKqk9uZDZRE/pGIgJv/0KjFzfh6zSpzWLQm6ff4hIpnvHeU/ienFl
3iyWR6ZrD/l0Cbx++jVS+X2//WHpYtgi0BpoAvx0/QDb83AOzTKf/oGliIg1TrqP
FQKuuyqr7hUPmsH+LaaXbK2e7a1g1zGDWXcZ34NllumE1ggs10+uqIEeW8ShgRvD
X+U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:57 2024 by rpki-client on console-fra.rpki-client.org