Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/KcVHYcyqdUY6WH-Dz-qKdsKeFrY.roa
File:                     KcVHYcyqdUY6WH-Dz-qKdsKeFrY.roa (raw, json)
Hash identifier:          tZGOUKe2wczS54MHtoF0d/ecT80JuUdMeSa+rndQVTE=
Subject key identifier:   29:C5:47:61:CC:AA:75:46:3A:58:7F:83:CF:EA:8A:76:C2:9E:16:B6
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0182A17943F3099021BAE20362EFCE20261D
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/KcVHYcyqdUY6WH-Dz-qKdsKeFrY.roa
Signing time:             Mon 15 Aug 2022 12:27:35 +0000
ROA not before:           Mon 15 Aug 2022 12:27:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207710
IP address blocks:        185.95.102.0/23 maxlen: 24
                          185.95.101.0/24 maxlen: 24
                          185.96.80.0/24 maxlen: 24
                          185.76.242.0/24 maxlen: 24
                          185.81.174.0/24 maxlen: 24
                          185.81.184.0/24 maxlen: 24
                          185.81.187.0/24 maxlen: 24
                          185.96.38.0/24 maxlen: 24
                          185.89.104.0/23 maxlen: 24
                          185.89.108.0/22 maxlen: 24
                          185.97.1.0/24 maxlen: 24
                          185.97.3.0/24 maxlen: 24
                          185.81.172.0/23 maxlen: 24
                          185.75.132.0/23 maxlen: 24
                          185.88.38.0/24 maxlen: 24
                          185.75.134.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:a1:79:43:f3:09:90:21:ba:e2:03:62:ef:ce:20:26:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Aug 15 12:27:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=29c54761ccaa75463a587f83cfea8a76c29e16b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:67:f5:79:34:ed:63:d7:b8:be:43:6e:ce:5b:
                    cb:07:03:78:41:c0:a1:10:5f:53:57:ce:c7:b5:91:
                    11:9b:32:05:1f:c5:0a:e7:cb:52:8a:6c:66:70:39:
                    64:94:18:01:5a:f8:73:03:8c:d4:a3:b9:bd:55:a2:
                    e4:d4:2e:da:e2:1e:f2:a3:fd:26:0d:91:40:3a:a4:
                    15:23:65:7a:de:47:57:3d:a4:36:ac:7c:02:da:4f:
                    82:6b:a3:5f:f0:94:82:c8:49:1c:c3:2b:c7:dc:2c:
                    bc:1c:2a:43:32:0f:99:ae:f5:6e:82:4c:c2:76:7a:
                    35:4d:b1:ae:f9:c7:9b:09:2c:50:ac:13:6d:40:49:
                    bf:cb:2f:42:8b:05:08:17:37:9c:2f:b8:c4:71:a9:
                    30:e6:a6:c9:03:63:1a:1f:e6:f2:a3:53:f8:97:34:
                    2f:b0:55:de:e0:12:2a:ae:f4:5d:1e:cc:a7:f2:95:
                    2f:88:61:f9:93:5d:a0:9b:a9:3a:51:1a:32:cc:fd:
                    86:90:7f:0d:e8:fc:7f:d3:95:cd:53:fb:e2:83:f6:
                    7e:cd:c4:97:92:19:2f:4c:a4:05:c9:92:92:e7:da:
                    74:bf:35:88:0e:80:e6:bc:9d:4d:f5:bd:fc:91:25:
                    b6:90:cf:f6:4e:3e:aa:4d:07:03:08:37:90:14:c1:
                    42:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C5:47:61:CC:AA:75:46:3A:58:7F:83:CF:EA:8A:76:C2:9E:16:B6
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/KcVHYcyqdUY6WH-Dz-qKdsKeFrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.132.0-185.75.134.255
                  185.76.242.0/24
                  185.81.172.0-185.81.174.255
                  185.81.184.0/24
                  185.81.187.0/24
                  185.88.38.0/24
                  185.89.104.0/23
                  185.89.108.0/22
                  185.95.101.0-185.95.103.255
                  185.96.38.0/24
                  185.96.80.0/24
                  185.97.1.0/24
                  185.97.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:5c:0a:7c:cd:97:04:b1:df:7f:c1:03:23:49:e2:3f:b4:2b:
         13:79:07:19:3b:dc:cf:7d:a5:5c:66:c0:1b:a0:42:aa:bd:65:
         72:0a:9f:94:3e:41:54:1a:86:d3:b3:07:13:17:5a:d0:b3:7a:
         99:a6:38:92:59:e9:4d:cc:3a:12:d9:14:d2:0d:10:f8:8c:7e:
         ad:8f:9b:0e:b3:eb:8a:70:3c:c3:12:48:2e:77:93:e4:f6:42:
         5d:80:99:17:b0:bf:7a:47:9a:f2:5e:a4:b2:b7:a4:88:ed:27:
         8f:8c:64:95:df:9b:72:34:46:d3:b4:6d:66:ce:d4:8d:b7:b7:
         96:eb:e7:13:cc:06:15:a1:97:2c:35:d0:74:c0:4e:12:39:41:
         9e:81:a5:50:0f:9d:56:e4:18:6b:fd:6f:03:39:f1:3e:bf:9d:
         d5:07:48:81:9e:4c:1a:c2:c3:61:34:83:a7:44:44:7a:d3:97:
         e0:2c:30:d2:c3:4a:a9:9c:36:54:68:af:af:18:f4:c8:3e:4a:
         44:79:55:20:dc:76:b3:b0:27:99:5b:bb:bf:c9:22:b5:d3:a9:
         c1:c1:ec:4d:71:fb:27:24:16:1f:c2:41:8a:7f:75:3b:67:7a:
         af:d8:93:57:9e:f9:d5:3d:17:ef:c0:64:ac:f1:cc:1a:49:0c:
         c8:48:30:2e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYKheUPzCZAhuuIDYu/OICYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIwODE1MTIyNzM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM1NDc2MWNjYWE3NTQ2M2E1ODdmODNjZmVhOGE3NmMyOWUxNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGf1eTTtY9e4vkNuzlvLBwN4QcCh
EF9TV87HtZERmzIFH8UK58tSimxmcDlklBgBWvhzA4zUo7m9VaLk1C7a4h7yo/0m
DZFAOqQVI2V63kdXPaQ2rHwC2k+Ca6Nf8JSCyEkcwyvH3Cy8HCpDMg+ZrvVugkzC
dno1TbGu+cebCSxQrBNtQEm/yy9CiwUIFzecL7jEcakw5qbJA2MaH+byo1P4lzQv
sFXe4BIqrvRdHsyn8pUviGH5k12gm6k6URoyzP2GkH8N6Px/05XNU/vig/Z+zcSX
khkvTKQFyZKS59p0vzWIDoDmvJ1N9b38kSW2kM/2Tj6qTQcDCDeQFMFCiQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFCnFR2HMqnVGOlh/g8/qinbCnha2MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvS2NWSFljeXFkVVk2V0gtRHotcUtkc0tlRnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmMAwDBAK5S4QD
BAC5S4YDBAC5TPIwDAMEArlRrAMEALlRrgMEALlRuAMEALlRuwMEALlYJgMEAblZ
aAMEArlZbDAMAwQAuV9lAwQDuV9gAwQAuWAmAwQAuWBQAwQAuWEBAwQAuWEDMA0G
CSqGSIb3DQEBCwUAA4IBAQB0XAp8zZcEsd9/wQMjSeI/tCsTeQcZO9zPfaVcZsAb
oEKqvWVyCp+UPkFUGobTswcTF1rQs3qZpjiSWelNzDoS2RTSDRD4jH6tj5sOs+uK
cDzDEkgud5Pk9kJdgJkXsL96R5ryXqSyt6SI7SePjGSV35tyNEbTtG1mztSNt7eW
6+cTzAYVoZcsNdB0wE4SOUGegaVQD51W5Bhr/W8DOfE+v53VB0iBnkwawsNhNIOn
RER605fgLDDSw0qpnDZUaK+vGPTIPkpEeVUg3HazsCeZW7u/ySK106nBwexNcfsn
JBYfwkGKf3U7Z3qv2JNXnvnVPRfvwGSs8cwaSQzISDAu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:17 2024 by rpki-client on console-ams.rpki-client.org