Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Y0NMEki8jK6PZ253JrSFrzPCo0M.roa
File:                     Y0NMEki8jK6PZ253JrSFrzPCo0M.roa (raw, json)
Hash identifier:          678C78jcxBjb9PjxsOUmC0FsAU4yY4rDrQ1RVVNOp7A=
Subject key identifier:   63:43:4C:12:48:BC:8C:AE:8F:67:6E:77:26:B4:85:AF:33:C2:A3:43
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0182EB4A3B90B9AEC5EB1551AB69F492D1C7
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Y0NMEki8jK6PZ253JrSFrzPCo0M.roa
Signing time:             Mon 29 Aug 2022 20:28:06 +0000
ROA not before:           Mon 29 Aug 2022 20:28:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     174
IP address blocks:        185.95.102.0/23 maxlen: 24
                          185.95.101.0/24 maxlen: 24
                          185.76.240.0/23 maxlen: 24
                          185.96.80.0/24 maxlen: 24
                          185.81.174.0/24 maxlen: 24
                          185.81.184.0/24 maxlen: 24
                          185.81.187.0/24 maxlen: 24
                          185.96.38.0/24 maxlen: 24
                          185.89.104.0/23 maxlen: 24
                          185.89.108.0/22 maxlen: 24
                          185.97.3.0/24 maxlen: 24
                          185.97.1.0/24 maxlen: 24
                          185.81.172.0/23 maxlen: 24
                          185.73.182.0/23 maxlen: 24
                          185.88.38.0/24 maxlen: 24
                          185.75.132.0/23 maxlen: 24
                          185.75.134.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:eb:4a:3b:90:b9:ae:c5:eb:15:51:ab:69:f4:92:d1:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Aug 29 20:28:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=63434c1248bc8cae8f676e7726b485af33c2a343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:dd:6d:56:fe:1b:26:6b:fb:15:50:89:ff:8f:
                    4b:4c:7f:a5:f4:77:ac:84:c2:ed:a4:20:05:0c:16:
                    a0:5c:3d:85:00:50:a0:ec:19:a6:2d:fb:e1:6f:94:
                    c4:e1:58:57:d8:d0:d8:7e:63:3a:fb:23:a8:0d:f7:
                    6a:22:df:0c:ab:b2:c7:86:08:ad:d8:0a:bd:8c:fc:
                    83:8a:07:c6:dc:7a:7c:81:bc:d5:a1:5e:13:e1:5b:
                    c6:b2:05:b1:38:62:47:c1:88:03:6d:5d:43:f5:1d:
                    89:63:24:e1:5b:8b:d7:2f:46:48:fa:da:98:41:03:
                    d3:89:43:59:e2:30:8a:ef:15:a3:43:d9:98:c2:b4:
                    75:0f:95:e6:2a:30:4a:c6:6f:73:93:21:49:0f:c5:
                    03:41:57:c1:a0:16:d9:d8:46:24:32:be:9b:c0:97:
                    c5:81:11:37:f7:71:27:95:e6:eb:05:87:27:79:f7:
                    70:4e:67:8f:73:95:39:bd:8d:d6:5c:1f:c6:b8:5a:
                    79:9c:a2:9b:c5:48:0e:ed:42:38:ee:4b:a6:44:4b:
                    9a:b9:cb:c2:2b:90:de:ab:b4:e9:03:33:fe:fa:06:
                    af:5d:9f:09:26:0b:6b:6d:fd:ce:44:2e:e2:3c:af:
                    82:1d:c5:d7:d7:11:ac:a7:ba:c3:48:c2:e8:8c:fc:
                    07:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:43:4C:12:48:BC:8C:AE:8F:67:6E:77:26:B4:85:AF:33:C2:A3:43
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Y0NMEki8jK6PZ253JrSFrzPCo0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.182.0/23
                  185.75.132.0-185.75.134.255
                  185.76.240.0/23
                  185.81.172.0-185.81.174.255
                  185.81.184.0/24
                  185.81.187.0/24
                  185.88.38.0/24
                  185.89.104.0/23
                  185.89.108.0/22
                  185.95.101.0-185.95.103.255
                  185.96.38.0/24
                  185.96.80.0/24
                  185.97.1.0/24
                  185.97.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:df:af:7f:d4:75:d2:d4:3a:24:6e:9d:ce:a7:7c:5f:fd:f6:
         1b:15:79:5d:b0:7f:80:32:50:25:66:0b:04:55:07:42:af:f6:
         a0:a1:7b:a7:0b:b8:d6:66:83:e0:4b:9a:33:39:b7:68:6f:34:
         6a:ed:fb:ab:0c:36:9a:65:ee:d8:59:d4:3a:bf:de:c5:52:1a:
         e4:fa:3d:9b:d5:9b:f9:2c:d3:e1:9f:fe:1e:1b:31:ef:62:ea:
         9a:3d:c1:57:d7:b2:c9:57:a0:e9:d6:58:12:02:1e:c3:e8:19:
         e9:e1:d0:b3:78:e2:f5:ac:2d:46:13:36:2e:b6:44:3e:5c:93:
         ce:d4:70:c8:f8:a9:47:c5:28:6f:cb:16:45:71:82:78:a1:9b:
         cc:bf:13:0a:fa:f4:63:d7:99:8c:ef:81:bb:cd:9d:2b:27:37:
         e0:8a:a9:72:1c:1b:0a:01:35:e2:ed:df:bc:19:95:66:e5:ad:
         fa:5f:c4:e9:41:12:d9:34:56:31:99:38:5f:83:63:76:bc:fd:
         24:07:29:ec:d4:10:ba:65:7f:21:e9:56:70:d7:d3:d0:35:7d:
         c6:57:22:4f:40:4a:54:96:c9:89:ab:d5:08:d2:a2:6d:5d:2e:
         ed:c5:90:58:77:47:38:0d:ce:cd:98:d4:14:7e:b8:ea:8c:e5:
         56:fb:0c:df
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAYLrSjuQua7F6xVRq2n0ktHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIwODI5MjAyODA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQzNGMxMjQ4YmM4Y2FlOGY2NzZlNzcyNmI0ODVhZjMzYzJhMzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhN1tVv4bJmv7FVCJ/49LTH+l9Hes
hMLtpCAFDBagXD2FAFCg7BmmLfvhb5TE4VhX2NDYfmM6+yOoDfdqIt8Mq7LHhgit
2Aq9jPyDigfG3Hp8gbzVoV4T4VvGsgWxOGJHwYgDbV1D9R2JYyThW4vXL0ZI+tqY
QQPTiUNZ4jCK7xWjQ9mYwrR1D5XmKjBKxm9zkyFJD8UDQVfBoBbZ2EYkMr6bwJfF
gRE393EnlebrBYcnefdwTmePc5U5vY3WXB/GuFp5nKKbxUgO7UI47kumREuaucvC
K5Deq7TpAzP++gavXZ8JJgtrbf3ORC7iPK+CHcXX1xGsp7rDSMLojPwHAQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFGNDTBJIvIyuj2dudya0ha8zwqNDMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvWTBOTUVraThqSzZQWjI1M0pyU0ZyelBDbzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAEwbAMEAblJtjAM
AwQCuUuEAwQAuUuGAwQBuUzwMAwDBAK5UawDBAC5Ua4DBAC5UbgDBAC5UbsDBAC5
WCYDBAG5WWgDBAK5WWwwDAMEALlfZQMEA7lfYAMEALlgJgMEALlgUAMEALlhAQME
ALlhAzANBgkqhkiG9w0BAQsFAAOCAQEAdd+vf9R10tQ6JG6dzqd8X/32GxV5XbB/
gDJQJWYLBFUHQq/2oKF7pwu41maD4EuaMzm3aG80au37qww2mmXu2FnUOr/exVIa
5Po9m9Wb+SzT4Z/+Hhsx72Lqmj3BV9eyyVeg6dZYEgIew+gZ6eHQs3ji9awtRhM2
LrZEPlyTztRwyPipR8Uob8sWRXGCeKGbzL8TCvr0Y9eZjO+Bu82dKyc34Iqpchwb
CgE14u3fvBmVZuWt+l/E6UES2TRWMZk4X4Njdrz9JAcp7NQQumV/IelWcNfT0DV9
xlciT0BKVJbJiavVCNKibV0u7cWQWHdHOA3OzZjUFH646ozlVvsM3w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:17 2024 by rpki-client on console-ams.rpki-client.org