Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/UpIe0c97QAA6sSn_eyJKMgl5P5s.roa
File:                     UpIe0c97QAA6sSn_eyJKMgl5P5s.roa (raw, json)
Hash identifier:          6Wd/rjXUvYWzeuxKvxwgn70/0WgsQcCHyAigCDgSFSU=
Subject key identifier:   52:92:1E:D1:CF:7B:40:00:3A:B1:29:FF:7B:22:4A:32:09:79:3F:9B
Certificate issuer:       /CN=43e0a364131841056d48b2d788ea00ca4b91db56
Certificate serial:       07495771
Authority key identifier: 43:E0:A3:64:13:18:41:05:6D:48:B2:D7:88:EA:00:CA:4B:91:DB:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q-CjZBMYQQVtSLLXiOoAykuR21Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/UpIe0c97QAA6sSn_eyJKMgl5P5s.roa
Signing time:             Wed 11 May 2022 09:10:50 +0000
ROA not before:           Wed 11 May 2022 09:10:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48254
IP address blocks:        194.38.52.0/24 maxlen: 24
                          185.151.30.0/24 maxlen: 24
                          185.151.29.0/24 maxlen: 24
                          185.151.28.0/24 maxlen: 24
                          185.151.31.0/24 maxlen: 24
                          185.146.166.0/24 maxlen: 24
                          185.146.165.0/24 maxlen: 24
                          185.146.164.0/24 maxlen: 24
                          45.8.226.0/24 maxlen: 24
                          45.8.225.0/24 maxlen: 24
                          45.8.224.0/24 maxlen: 24
                          45.8.227.0/24 maxlen: 24
                          2a07:7800:9::/48 maxlen: 48
                          2a07:7800:4::/48 maxlen: 48
                          2a07:7800:8::/48 maxlen: 48
                          2a07:7800:3::/48 maxlen: 48
                          2a07:7800:1::/48 maxlen: 48
                          2a07:7800::/29 maxlen: 48
                          2a07:7800:7::/48 maxlen: 48
                          2a07:7800:2::/48 maxlen: 48
                          2a07:7800:5::/48 maxlen: 48
                          2a07:7800:10::/48 maxlen: 48
                          2a07:7800::/48 maxlen: 48
                          2a07:7800:6::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122247025 (0x7495771)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43e0a364131841056d48b2d788ea00ca4b91db56
        Validity
            Not Before: May 11 09:10:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=52921ed1cf7b40003ab129ff7b224a3209793f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7f:69:e5:26:aa:11:d8:7b:be:4d:b6:62:af:
                    5f:43:a2:d0:98:d7:58:39:27:90:23:be:f9:3a:12:
                    33:19:5a:b6:3c:0a:34:2e:12:fb:b8:e9:3c:dd:08:
                    db:be:08:21:c1:93:fa:d0:c7:fa:f4:9f:5d:e2:56:
                    e7:b6:86:14:ce:c6:c0:53:95:eb:5c:df:45:9e:c7:
                    e0:34:4d:79:bd:71:ab:dc:4a:df:e9:e9:51:24:b9:
                    e4:65:5f:4d:38:4c:d8:a9:ec:11:f1:0a:51:2f:ce:
                    38:9a:91:62:81:47:b2:bf:6f:f0:93:b7:61:76:ac:
                    3f:33:01:1f:7c:da:ee:21:e3:21:0b:ea:64:f1:d5:
                    50:78:f2:42:7f:56:99:b9:fa:fc:09:9d:ba:b1:53:
                    6f:6d:87:13:41:a6:2e:b7:56:57:80:e8:97:0e:51:
                    a0:b4:c1:55:bc:ef:6e:f4:7c:98:05:b1:e1:ca:c9:
                    d6:a9:58:63:95:4a:4b:cb:ab:9d:ac:62:4f:da:a2:
                    b8:f5:95:6c:78:c6:ef:b6:0c:0f:98:9e:74:a7:95:
                    c5:bd:56:1c:44:04:8a:35:d5:18:45:18:1d:1c:c3:
                    38:52:1d:46:c2:cc:6e:38:30:d3:c9:36:00:28:f7:
                    95:aa:e0:84:cb:9c:c3:cc:6f:10:40:09:6c:81:28:
                    39:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:92:1E:D1:CF:7B:40:00:3A:B1:29:FF:7B:22:4A:32:09:79:3F:9B
            X509v3 Authority Key Identifier:
                keyid:43:E0:A3:64:13:18:41:05:6D:48:B2:D7:88:EA:00:CA:4B:91:DB:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q-CjZBMYQQVtSLLXiOoAykuR21Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/UpIe0c97QAA6sSn_eyJKMgl5P5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/Q-CjZBMYQQVtSLLXiOoAykuR21Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.224.0/22
                  185.146.164.0-185.146.166.255
                  185.151.28.0/22
                  194.38.52.0/24
                IPv6:
                  2a07:7800::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:a2:2c:38:2c:8f:d3:11:e2:35:f5:9b:04:d3:19:c0:fd:0b:
         03:d5:ce:6a:26:ee:72:37:07:4f:24:1d:13:a8:82:df:72:57:
         f5:c6:17:fb:96:fa:1e:fe:32:5f:c0:e3:5a:28:14:f6:ef:ea:
         1c:d7:66:76:ef:e6:9e:c1:4f:cb:b6:a1:f5:18:4b:49:c2:44:
         fd:08:94:9d:6e:4b:58:e5:4d:4c:b0:1a:a5:e0:87:e3:bf:1a:
         15:96:e7:fe:41:01:e2:bc:a3:aa:bc:21:bf:3b:87:77:b9:79:
         20:53:88:11:15:f3:74:65:ad:ce:db:b8:d0:9d:af:3c:ef:53:
         5d:73:a7:db:35:2b:24:40:ab:93:00:4d:11:b7:15:a2:2a:fc:
         1e:80:92:ce:be:0d:c5:73:a7:14:84:59:7a:db:b1:13:b1:02:
         17:3b:cb:88:40:90:bd:1c:3b:07:7a:a0:6e:ed:36:f9:ff:fc:
         81:99:5e:15:5d:fc:fc:50:65:02:47:63:3c:f5:c9:3a:74:6e:
         ec:49:d3:9b:c8:38:11:26:06:4e:5f:f6:d8:ee:b7:39:de:ce:
         1e:5b:ee:4b:28:0e:cc:12:1b:1c:86:2c:e6:05:5e:91:61:ad:
         65:12:81:48:56:fc:7e:29:ab:c5:6b:f8:0f:80:82:19:cc:2b:
         ec:34:a9:d8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEB0lXcTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
M2UwYTM2NDEzMTg0MTA1NmQ0OGIyZDc4OGVhMDBjYTRiOTFkYjU2MB4XDTIyMDUx
MTA5MTA1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTI5MjFlZDFjZjdi
NDAwMDNhYjEyOWZmN2IyMjRhMzIwOTc5M2Y5YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALN/aeUmqhHYe75NtmKvX0Oi0JjXWDknkCO++ToSMxlatjwK
NC4S+7jpPN0I274IIcGT+tDH+vSfXeJW57aGFM7GwFOV61zfRZ7H4DRNeb1xq9xK
3+npUSS55GVfTThM2KnsEfEKUS/OOJqRYoFHsr9v8JO3YXasPzMBH3za7iHjIQvq
ZPHVUHjyQn9Wmbn6/AmdurFTb22HE0GmLrdWV4Dolw5RoLTBVbzvbvR8mAWx4crJ
1qlYY5VKS8urnaxiT9qiuPWVbHjG77YMD5iedKeVxb1WHEQEijXVGEUYHRzDOFId
RsLMbjgw08k2ACj3larghMucw8xvEEAJbIEoOfsCAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBRSkh7Rz3tAADqxKf97IkoyCXk/mzAfBgNVHSMEGDAWgBRD4KNkExhBBW1I
steI6gDKS5HbVjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1EtQ2paQk1ZUVFWdFNMTFhpT29BeWt1UjIxWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2YvOWNiYjA2LWI0ZGEtNGM5NC1iNDE4LTRiMDgxY2MyYjM5YS8x
L1VwSWUwYzk3UUFBNnNTbl9leUpLTWdsNVA1cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Yv
OWNiYjA2LWI0ZGEtNGM5NC1iNDE4LTRiMDgxY2MyYjM5YS8xL1EtQ2paQk1ZUVFW
dFNMTFhpT29BeWt1UjIxWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwJgQCAAEwIAMEAi0I4DAMAwQCuZKkAwQAuZKmAwQC
uZccAwQAwiY0MA0EAgACMAcDBQMqB3gAMA0GCSqGSIb3DQEBCwUAA4IBAQCYoiw4
LI/TEeI19ZsE0xnA/QsD1c5qJu5yNwdPJB0TqILfclf1xhf7lvoe/jJfwONaKBT2
7+oc12Z27+aewU/LtqH1GEtJwkT9CJSdbktY5U1MsBql4IfjvxoVluf+QQHivKOq
vCG/O4d3uXkgU4gRFfN0Za3O27jQna8871Ndc6fbNSskQKuTAE0RtxWiKvwegJLO
vg3Fc6cUhFl627ETsQIXO8uIQJC9HDsHeqBu7Tb5//yBmV4VXfz8UGUCR2M89ck6
dG7sSdObyDgRJgZOX/bY7rc53s4eW+5LKA7MEhschizmBV6RYa1lEoFIVvx+KavF
a/gPgIIZzCvsNKnY
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:12 2024 by rpki-client on console-ams.rpki-client.org