Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/3e4f6b-2235-432e-a69a-07dac7b92d44/1/cJWmJYa4WNvMbYw5wCOjT6xg9qk.roa
File:                     cJWmJYa4WNvMbYw5wCOjT6xg9qk.roa (raw, json)
Hash identifier:          E6r5Q2D1u1rDM4nBobtbfvQSJiBV8vcki2D8Hh8rdy0=
Subject key identifier:   70:95:A6:25:86:B8:58:DB:CC:6D:8C:39:C0:23:A3:4F:AC:60:F6:A9
Certificate issuer:       /CN=c987d09fd3fc2b704c66110bb0252ee0c6b1ba4a
Certificate serial:       0163C5
Authority key identifier: C9:87:D0:9F:D3:FC:2B:70:4C:66:11:0B:B0:25:2E:E0:C6:B1:BA:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYfQn9P8K3BMZhELsCUu4Maxuko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/3e4f6b-2235-432e-a69a-07dac7b92d44/1/cJWmJYa4WNvMbYw5wCOjT6xg9qk.roa
Signing time:             Thu 28 Apr 2022 23:56:39 +0000
ROA not before:           Thu 28 Apr 2022 23:56:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34915
IP address blocks:        194.5.210.0/23 maxlen: 23
                          194.5.208.0/23 maxlen: 23
                          2a0c:ca82::/32 maxlen: 32
                          2a0c:ca80::/32 maxlen: 32
                          2a0c:ca81::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 91077 (0x163c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c987d09fd3fc2b704c66110bb0252ee0c6b1ba4a
        Validity
            Not Before: Apr 28 23:56:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7095a62586b858dbcc6d8c39c023a34fac60f6a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:0c:cf:01:58:d8:d9:ef:5d:7d:ad:e2:20:23:
                    fa:22:e9:99:6c:b1:16:53:ff:cb:ee:d0:c4:30:92:
                    62:b3:28:d7:54:d9:fa:7b:d8:30:11:a8:87:e8:24:
                    bb:85:27:c2:e1:48:8b:01:6d:f3:04:e4:6a:4d:a0:
                    ff:84:3e:b3:ba:fe:04:07:b0:6b:f0:5d:ae:a2:44:
                    ba:a3:cc:da:07:35:60:12:8c:7c:87:21:f0:20:0f:
                    8d:f1:c2:a8:1e:f8:cf:28:56:b7:d6:19:6d:74:db:
                    09:07:d7:2b:03:8d:c0:9d:c7:e7:1d:9d:5f:af:e4:
                    ca:06:1f:c6:9b:bb:b9:0b:b8:35:4f:db:da:92:1b:
                    05:71:1e:a6:1c:ca:57:ab:27:3e:91:98:10:72:a5:
                    87:16:aa:bc:dd:75:13:f9:64:75:6f:db:6a:d3:af:
                    67:1a:57:72:18:09:ba:d2:c7:85:19:10:a1:bc:52:
                    4f:d8:27:aa:89:7e:9b:8e:15:ab:55:87:8c:3a:0e:
                    69:f4:ff:93:c9:e9:92:b8:c9:84:0b:1a:d9:5c:e0:
                    0e:b9:8e:14:fc:2b:64:8a:40:92:5d:6b:39:15:5c:
                    7d:4a:41:9d:f9:d9:bc:d8:6a:e1:40:32:3a:f8:03:
                    22:c9:4b:71:ce:8d:18:4d:97:bc:84:23:4f:52:b9:
                    a7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:95:A6:25:86:B8:58:DB:CC:6D:8C:39:C0:23:A3:4F:AC:60:F6:A9
            X509v3 Authority Key Identifier:
                keyid:C9:87:D0:9F:D3:FC:2B:70:4C:66:11:0B:B0:25:2E:E0:C6:B1:BA:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYfQn9P8K3BMZhELsCUu4Maxuko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3e4f6b-2235-432e-a69a-07dac7b92d44/1/cJWmJYa4WNvMbYw5wCOjT6xg9qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3e4f6b-2235-432e-a69a-07dac7b92d44/1/yYfQn9P8K3BMZhELsCUu4Maxuko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.208.0/22
                IPv6:
                  2a0c:ca80::-2a0c:ca82:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         44:4b:3b:2e:d0:9d:83:48:0e:9b:3b:01:29:4f:7d:6d:df:90:
         8e:7d:34:f9:85:97:87:fd:30:fd:23:22:39:4a:67:73:04:ec:
         51:cc:ca:b9:65:3d:68:e1:32:1a:dd:35:b6:43:9a:a4:ce:16:
         d6:e2:f8:67:78:d6:5a:b9:61:df:8b:df:81:9b:f0:02:49:06:
         f1:35:b0:aa:36:27:69:82:bf:95:1b:4b:07:98:11:78:9e:a8:
         26:63:fb:b6:14:58:23:d5:d9:d4:fb:47:47:45:70:f8:f6:18:
         0e:4e:ce:fd:da:49:0a:35:52:68:c8:56:2e:55:a3:cb:20:9c:
         d6:1e:49:fa:e4:79:60:56:80:34:e5:de:82:01:61:0a:a9:f0:
         00:97:78:40:4c:ee:c3:ab:93:07:3d:ec:f1:f3:06:cc:7d:ae:
         90:ab:5b:0d:b1:40:98:ae:e7:ac:40:1f:ee:7c:66:09:32:95:
         2c:38:6d:2e:72:98:a9:ae:f9:a1:4e:bb:69:b8:22:b7:07:bc:
         7a:dc:93:f9:98:c0:ce:f9:01:11:7a:f1:b1:50:80:8e:3a:e6:
         88:fa:d8:04:97:91:0b:65:50:20:76:94:0f:ff:79:1f:9b:db:
         43:02:36:af:f8:ad:01:85:79:95:95:97:93:94:59:54:02:9a:
         9d:aa:dd:6b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIDAWPFMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGM5
ODdkMDlmZDNmYzJiNzA0YzY2MTEwYmIwMjUyZWUwYzZiMWJhNGEwHhcNMjIwNDI4
MjM1NjM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3MDk1YTYyNTg2Yjg1
OGRiY2M2ZDhjMzljMDIzYTM0ZmFjNjBmNmE5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA6wzPAVjY2e9dfa3iICP6IumZbLEWU//L7tDEMJJisyjXVNn6
e9gwEaiH6CS7hSfC4UiLAW3zBORqTaD/hD6zuv4EB7Br8F2uokS6o8zaBzVgEox8
hyHwIA+N8cKoHvjPKFa31hltdNsJB9crA43AncfnHZ1fr+TKBh/Gm7u5C7g1T9va
khsFcR6mHMpXqyc+kZgQcqWHFqq83XUT+WR1b9tq069nGldyGAm60seFGRChvFJP
2CeqiX6bjhWrVYeMOg5p9P+TyemSuMmECxrZXOAOuY4U/CtkikCSXWs5FVx9SkGd
+dm82GrhQDI6+AMiyUtxzo0YTZe8hCNPUrmnoQIDAQABo4ICITCCAh0wHQYDVR0O
BBYEFHCVpiWGuFjbzG2MOcAjo0+sYPapMB8GA1UdIwQYMBaAFMmH0J/T/CtwTGYR
C7AlLuDGsbpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
eVlmUW45UDhLM0JNWmhFTHNDVXU0TWF4dWtvLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC84NC8zZTRmNmItMjIzNS00MzJlLWE2OWEtMDdkYWM3YjkyZDQ0LzEv
Y0pXbUpZYTRXTnZNYll3NXdDT2pUNnhnOXFrLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8z
ZTRmNmItMjIzNS00MzJlLWE2OWEtMDdkYWM3YjkyZDQ0LzEveVlmUW45UDhLM0JN
WmhFTHNDVXU0TWF4dWtvLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDcG
CCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCwgXQMBYEAgACMBAwDgMFByoMyoAD
BQAqDMqCMA0GCSqGSIb3DQEBCwUAA4IBAQBESzsu0J2DSA6bOwEpT31t35COfTT5
hZeH/TD9IyI5SmdzBOxRzMq5ZT1o4TIa3TW2Q5qkzhbW4vhneNZauWHfi9+Bm/AC
SQbxNbCqNidpgr+VG0sHmBF4nqgmY/u2FFgj1dnU+0dHRXD49hgOTs792kkKNVJo
yFYuVaPLIJzWHkn65HlgVoA05d6CAWEKqfAAl3hATO7Dq5MHPezx8wbMfa6Qq1sN
sUCYruesQB/ufGYJMpUsOG0ucpiprvmhTrtpuCK3B7x63JP5mMDO+QERevGxUICO
OuaI+tgEl5ELZVAgdpQP/3kfm9tDAjav+K0BhXmVlZeTlFlUApqdqt1r
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:10 2024 by rpki-client on console-ams.rpki-client.org