Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/gciU5PVTjSuY7l2sJbl_fXmlveg.roa
File:                     gciU5PVTjSuY7l2sJbl_fXmlveg.roa (raw, json)
Hash identifier:          vOXeaup7X/nBDbBluFdThdGnQoPxKljIh//2hksGaNM=
Subject key identifier:   81:C8:94:E4:F5:53:8D:2B:98:EE:5D:AC:25:B9:7F:7D:79:A5:BD:E8
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       01827CF3EB31DD0EF4F5E237B63A5B5A1D21
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/gciU5PVTjSuY7l2sJbl_fXmlveg.roa
Signing time:             Mon 08 Aug 2022 10:15:36 +0000
ROA not before:           Mon 08 Aug 2022 10:15:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     174
IP address blocks:        185.95.102.0/23 maxlen: 24
                          185.95.101.0/24 maxlen: 24
                          185.76.240.0/23 maxlen: 24
                          185.96.80.0/24 maxlen: 24
                          185.76.242.0/24 maxlen: 24
                          185.81.174.0/24 maxlen: 24
                          185.81.184.0/24 maxlen: 24
                          185.81.187.0/24 maxlen: 24
                          185.96.38.0/24 maxlen: 24
                          185.89.104.0/23 maxlen: 24
                          185.89.108.0/22 maxlen: 24
                          185.97.3.0/24 maxlen: 24
                          185.97.1.0/24 maxlen: 24
                          185.81.172.0/23 maxlen: 24
                          185.73.182.0/23 maxlen: 24
                          185.88.38.0/24 maxlen: 24
                          185.75.132.0/23 maxlen: 24
                          185.75.134.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:7c:f3:eb:31:dd:0e:f4:f5:e2:37:b6:3a:5b:5a:1d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Aug  8 10:15:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=81c894e4f5538d2b98ee5dac25b97f7d79a5bde8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4b:5c:24:af:e6:12:24:ad:d4:07:ef:40:d3:
                    6d:db:68:b4:45:ed:70:a1:fc:21:33:81:ab:a2:fd:
                    d4:93:6f:8c:50:d9:8f:15:5e:a1:16:29:40:08:19:
                    7f:72:a0:cf:f0:ad:0a:8e:8e:9f:44:e2:55:6d:e8:
                    f8:aa:a6:09:ee:3f:a0:3a:50:c8:38:e7:fd:9b:cd:
                    27:4f:e1:17:ca:e2:ee:e3:44:c3:a8:58:c3:d3:22:
                    bd:7c:2d:a0:10:5e:6c:12:96:13:87:c3:22:5b:4b:
                    d3:ce:6c:72:b4:85:0c:24:da:84:98:b3:90:6e:a0:
                    00:c1:ed:04:55:01:16:e5:c2:64:4e:2e:43:fe:b6:
                    f3:c9:ed:46:7f:f0:58:ec:93:f4:f2:19:43:d2:c6:
                    74:88:e8:42:3f:41:3c:9e:4f:48:ee:bc:1f:1b:d5:
                    26:d2:2e:45:d6:0d:41:53:be:b5:87:d6:05:05:71:
                    e9:c6:c8:5d:bb:48:b5:6e:d6:d4:1a:e7:15:0c:03:
                    5c:18:5c:f6:47:5b:1f:6a:67:78:51:58:df:5f:56:
                    ae:07:eb:de:fa:d7:49:f2:ee:bc:60:09:c9:21:96:
                    7e:95:3a:b5:d2:d6:e4:6e:83:e7:7e:45:36:2f:bb:
                    04:13:0b:3d:74:b3:52:b8:13:11:71:2f:17:d4:a8:
                    62:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C8:94:E4:F5:53:8D:2B:98:EE:5D:AC:25:B9:7F:7D:79:A5:BD:E8
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/gciU5PVTjSuY7l2sJbl_fXmlveg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.182.0/23
                  185.75.132.0-185.75.134.255
                  185.76.240.0-185.76.242.255
                  185.81.172.0-185.81.174.255
                  185.81.184.0/24
                  185.81.187.0/24
                  185.88.38.0/24
                  185.89.104.0/23
                  185.89.108.0/22
                  185.95.101.0-185.95.103.255
                  185.96.38.0/24
                  185.96.80.0/24
                  185.97.1.0/24
                  185.97.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3d:34:7f:cf:de:1b:81:09:50:65:26:23:41:57:25:c7:b5:
         c5:f2:e7:31:54:1d:67:ef:89:8b:b1:6b:58:8c:f2:49:f3:6c:
         25:46:c6:74:04:cf:2f:a1:f4:c5:fc:49:d8:f1:0e:13:4a:e8:
         d6:a4:2c:73:af:6e:58:97:f0:5e:a8:73:32:2d:a3:7b:c9:9c:
         2e:b4:a3:d5:9f:c5:99:8f:5b:8f:e7:40:0d:15:3a:c3:0f:ab:
         1e:d8:8a:14:c5:87:4e:00:1c:fe:95:ed:22:b3:04:80:dd:a1:
         7d:2e:39:ba:10:56:02:39:e1:25:1e:7a:0f:b4:8c:39:81:2f:
         fa:54:22:87:8d:33:93:a5:81:b9:6f:8f:b1:93:d6:35:79:be:
         55:31:80:36:7b:79:5b:f7:36:31:88:10:2a:66:bc:63:eb:d6:
         a6:64:f1:6b:0f:c7:29:20:a6:60:0c:88:9e:f9:a5:33:6f:b2:
         5b:6d:1a:af:35:be:36:8c:16:24:91:57:63:ca:be:f0:34:33:
         51:8e:8c:2b:ee:14:ee:84:26:c4:82:c4:73:29:7a:9d:1d:5b:
         36:91:7e:aa:60:74:e3:45:ef:34:4d:8a:ce:3b:24:37:29:d9:
         b9:e1:ea:5f:8b:d1:9e:e6:f4:70:02:71:1b:9f:1d:74:7d:d8:
         c7:90:d1:cd
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYJ88+sx3Q709eI3tjpbWh0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIwODA4MTAxNTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWM4OTRlNGY1NTM4ZDJiOThlZTVkYWMyNWI5N2Y3ZDc5YTViZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0tcJK/mEiSt1AfvQNNt22i0Re1w
ofwhM4Grov3Uk2+MUNmPFV6hFilACBl/cqDP8K0Kjo6fROJVbej4qqYJ7j+gOlDI
OOf9m80nT+EXyuLu40TDqFjD0yK9fC2gEF5sEpYTh8MiW0vTzmxytIUMJNqEmLOQ
bqAAwe0EVQEW5cJkTi5D/rbzye1Gf/BY7JP08hlD0sZ0iOhCP0E8nk9I7rwfG9Um
0i5F1g1BU761h9YFBXHpxshdu0i1btbUGucVDANcGFz2R1sfamd4UVjfX1auB+ve
+tdJ8u68YAnJIZZ+lTq10tbkboPnfkU2L7sEEws9dLNSuBMRcS8X1KhiJQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFIHIlOT1U40rmO5drCW5f315pb3oMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvZ2NpVTVQVlRqU3VZN2wyc0pibF9mWG1sdmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAblJtjAM
AwQCuUuEAwQAuUuGMAwDBAS5TPADBAC5TPIwDAMEArlRrAMEALlRrgMEALlRuAME
ALlRuwMEALlYJgMEAblZaAMEArlZbDAMAwQAuV9lAwQDuV9gAwQAuWAmAwQAuWBQ
AwQAuWEBAwQAuWEDMA0GCSqGSIb3DQEBCwUAA4IBAQAGPTR/z94bgQlQZSYjQVcl
x7XF8ucxVB1n74mLsWtYjPJJ82wlRsZ0BM8vofTF/EnY8Q4TSujWpCxzr25Yl/Be
qHMyLaN7yZwutKPVn8WZj1uP50ANFTrDD6se2IoUxYdOABz+le0iswSA3aF9Ljm6
EFYCOeElHnoPtIw5gS/6VCKHjTOTpYG5b4+xk9Y1eb5VMYA2e3lb9zYxiBAqZrxj
69amZPFrD8cpIKZgDIie+aUzb7JbbRqvNb42jBYkkVdjyr7wNDNRjowr7hTuhCbE
gsRzKXqdHVs2kX6qYHTjRe80TYrOOyQ3Kdm54epfi9Ge5vRwAnEbnx10fdjHkNHN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:59 2024 by rpki-client on console-fra.rpki-client.org