Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Gmkp87YLjsGdIeskDixC9hKFGYs.roa
File:                     Gmkp87YLjsGdIeskDixC9hKFGYs.roa (raw, json)
Hash identifier:          /+MBrCWViekSabI3nyz+rCl7FWklkkRdq/YjezLeIQU=
Subject key identifier:   1A:69:29:F3:B6:0B:8E:C1:9D:21:EB:24:0E:2C:42:F6:12:85:19:8B
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       0183C7F92291FD45D49C021314BF9B1EBFD8
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Gmkp87YLjsGdIeskDixC9hKFGYs.roa
Signing time:             Tue 11 Oct 2022 16:55:36 +0000
ROA not before:           Tue 11 Oct 2022 16:55:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209026
IP address blocks:        188.72.121.0/24 maxlen: 24
                          188.72.122.0/24 maxlen: 24
                          188.72.123.0/24 maxlen: 24
                          188.72.120.0/24 maxlen: 24
                          188.72.120.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c7:f9:22:91:fd:45:d4:9c:02:13:14:bf:9b:1e:bf:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Oct 11 16:55:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1a6929f3b60b8ec19d21eb240e2c42f61285198b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ce:ec:b7:33:52:a1:03:f2:86:38:be:d8:4c:
                    e5:9f:c2:34:22:80:61:d4:13:8a:30:af:72:a7:8c:
                    87:ff:67:ee:b5:77:57:eb:4a:f2:64:55:4d:c3:bc:
                    be:a7:06:6b:84:87:ce:af:e6:1f:8b:84:eb:f1:43:
                    b1:c2:1d:10:7d:10:3c:51:90:47:77:d0:92:8e:ac:
                    c1:e6:32:8c:75:b7:3d:72:00:7e:13:d8:0c:e7:b1:
                    dc:86:2f:5f:53:61:cb:27:c6:3e:f9:3f:63:ea:e4:
                    44:5d:77:15:18:33:da:3e:e1:ab:c2:6f:d7:89:b6:
                    77:71:b2:ab:45:e1:33:ec:91:9c:d4:ef:cd:91:99:
                    d7:d9:db:cf:62:c9:f5:9e:35:9b:5d:fa:28:5d:ab:
                    8a:57:05:6b:75:dc:9a:ec:4f:72:69:bf:9a:6c:7c:
                    11:a1:46:0a:e5:75:0c:e8:27:3c:81:ad:51:6a:0e:
                    58:b6:ac:65:de:87:ab:14:1b:74:d9:d1:9e:a6:dd:
                    6a:5d:53:7d:a5:05:2f:d1:a9:61:e9:7c:0e:3e:8a:
                    25:8d:9c:d4:34:3c:39:a0:28:b9:a8:86:94:26:af:
                    35:09:fe:50:ae:ac:47:b8:01:e7:bf:a3:5f:b8:7b:
                    f7:4c:9f:72:69:8a:ac:2d:4e:a7:b1:c9:c3:0b:ae:
                    ce:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:69:29:F3:B6:0B:8E:C1:9D:21:EB:24:0E:2C:42:F6:12:85:19:8B
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Gmkp87YLjsGdIeskDixC9hKFGYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:5a:73:e3:4b:24:4c:fa:61:22:bd:6d:85:9b:f5:78:ba:3c:
         72:1e:a5:bb:c1:5d:76:21:12:39:54:3c:eb:06:ab:f2:64:86:
         f7:59:7a:0c:60:f3:c6:26:0f:32:6e:cb:7f:bc:fa:ea:01:a9:
         df:f8:a1:1f:a5:60:8e:eb:c2:70:33:a8:02:67:ca:49:87:e8:
         4f:64:46:27:70:bf:a7:84:6a:2a:e4:06:66:e8:23:0c:a7:bb:
         b4:43:a5:d0:c4:8c:28:c2:4f:d1:d8:5b:f8:36:9d:f5:2b:87:
         1b:5f:03:46:dc:2b:f9:78:b6:f5:13:4c:c7:92:63:55:7e:da:
         5c:5c:8f:98:eb:60:7e:7c:3a:ed:d8:42:e0:fa:dc:bb:fe:67:
         80:c1:f4:ef:f6:89:8c:67:43:30:e9:6d:39:b9:c5:ef:7f:3e:
         72:4c:5d:6f:4f:42:b6:ef:37:c5:96:32:50:a3:da:bc:39:cf:
         5e:12:d3:d5:1d:0d:e8:24:48:1a:e7:4b:6e:a7:94:9d:a7:db:
         6f:89:a5:4f:ce:2a:ee:49:5d:eb:f0:47:56:42:bf:57:c8:47:
         e4:2f:f9:61:65:05:b2:22:09:70:03:14:e1:9c:50:a7:a8:80:
         50:08:4a:15:a8:a3:25:72:66:26:bb:17:3c:4b:5e:6d:92:26:
         bd:2f:ae:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYPH+SKR/UXUnAITFL+bHr/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjIxMDExMTY1NTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTY5MjlmM2I2MGI4ZWMxOWQyMWViMjQwZTJjNDJmNjEyODUxOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjs7stzNSoQPyhji+2Ezln8I0IoBh
1BOKMK9yp4yH/2futXdX60ryZFVNw7y+pwZrhIfOr+Yfi4Tr8UOxwh0QfRA8UZBH
d9CSjqzB5jKMdbc9cgB+E9gM57Hchi9fU2HLJ8Y++T9j6uREXXcVGDPaPuGrwm/X
ibZ3cbKrReEz7JGc1O/NkZnX2dvPYsn1njWbXfooXauKVwVrddya7E9yab+abHwR
oUYK5XUM6Cc8ga1Rag5Ytqxl3oerFBt02dGept1qXVN9pQUv0alh6XwOPooljZzU
NDw5oCi5qIaUJq81Cf5QrqxHuAHnv6NfuHv3TJ9yaYqsLU6nscnDC67OIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBppKfO2C47BnSHrJA4sQvYShRmLMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvR21rcDg3WUxqc0dkSWVza0RpeEM5aEtGR1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvEh4MA0G
CSqGSIb3DQEBCwUAA4IBAQBoWnPjSyRM+mEivW2Fm/V4ujxyHqW7wV12IRI5VDzr
BqvyZIb3WXoMYPPGJg8ybst/vPrqAanf+KEfpWCO68JwM6gCZ8pJh+hPZEYncL+n
hGoq5AZm6CMMp7u0Q6XQxIwowk/R2Fv4Np31K4cbXwNG3Cv5eLb1E0zHkmNVftpc
XI+Y62B+fDrt2ELg+ty7/meAwfTv9omMZ0Mw6W05ucXvfz5yTF1vT0K27zfFljJQ
o9q8Oc9eEtPVHQ3oJEga50tup5Sdp9tviaVPziruSV3r8EdWQr9XyEfkL/lhZQWy
IglwAxThnFCnqIBQCEoVqKMlcmYmuxc8S15tkia9L66n
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:33 2024 by rpki-client on console-ams.rpki-client.org