Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/0X4V4YwX6wPh2UIqGmlJnRGrg-s.roa
File:                     0X4V4YwX6wPh2UIqGmlJnRGrg-s.roa (raw, json)
Hash identifier:          MPyH0R61RmfLMP//sIQdpiUPGPQDXbeSkrwdWqWGqHQ=
Subject key identifier:   D1:7E:15:E1:8C:17:EB:03:E1:D9:42:2A:1A:69:49:9D:11:AB:83:EB
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01831018F8BEC14018CBFCA722408AF53AC3
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/0X4V4YwX6wPh2UIqGmlJnRGrg-s.roa
Signing time:             Tue 06 Sep 2022 00:00:15 +0000
ROA not before:           Tue 06 Sep 2022 00:00:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     23959
IP address blocks:        141.98.196.0/24 maxlen: 24
                          141.98.198.0/24 maxlen: 24
                          141.98.197.0/24 maxlen: 24
                          45.66.216.0/22 maxlen: 24
                          45.159.48.0/22 maxlen: 24
                          45.142.125.0/24 maxlen: 24
                          45.142.127.0/24 maxlen: 24
                          45.142.126.0/24 maxlen: 24
                          147.78.240.0/21 maxlen: 24
                          185.200.64.0/24 maxlen: 24
                          149.62.44.0/24 maxlen: 24
                          94.124.119.0/24 maxlen: 24
                          185.200.66.0/24 maxlen: 24
                          149.62.47.0/24 maxlen: 24
                          149.62.46.0/24 maxlen: 24
                          193.111.30.0/23 maxlen: 24
                          195.245.219.0/24 maxlen: 24
                          45.149.156.0/22 maxlen: 24
                          78.142.228.0/22 maxlen: 24
                          45.130.21.0/24 maxlen: 24
                          213.232.112.0/22 maxlen: 24
                          176.119.148.0/22 maxlen: 24
                          195.245.242.0/24 maxlen: 24
                          195.245.241.0/24 maxlen: 24
                          88.214.20.0/22 maxlen: 24
                          194.104.155.0/24 maxlen: 24
                          194.104.154.0/24 maxlen: 24
                          194.104.153.0/24 maxlen: 24
                          45.147.51.0/24 maxlen: 24
                          45.147.48.0/24 maxlen: 24
                          45.147.49.0/24 maxlen: 24
                          194.36.24.0/24 maxlen: 24
                          95.214.165.0/24 maxlen: 24
                          95.214.164.0/24 maxlen: 24
                          45.143.233.0/24 maxlen: 24
                          194.36.27.0/24 maxlen: 24
                          45.143.234.0/24 maxlen: 24
                          45.143.235.0/24 maxlen: 24
                          194.169.54.0/24 maxlen: 24
                          45.66.128.0/22 maxlen: 24
                          91.200.240.0/24 maxlen: 24
                          185.194.54.0/24 maxlen: 24
                          91.200.242.0/24 maxlen: 24
                          91.200.243.0/24 maxlen: 24
                          193.32.148.0/22 maxlen: 24
                          2a09:7::/36 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:10:18:f8:be:c1:40:18:cb:fc:a7:22:40:8a:f5:3a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Sep  6 00:00:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d17e15e18c17eb03e1d9422a1a69499d11ab83eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e1:ab:b6:8f:ac:88:81:34:82:6e:54:47:c3:
                    57:6e:4f:51:32:8d:bb:d9:18:2a:03:c5:98:fb:bf:
                    8f:f7:ff:da:7e:31:33:4b:8f:70:9c:57:a8:41:0e:
                    62:9f:ed:fe:6f:02:02:7a:93:35:9b:94:fc:6b:d4:
                    48:45:76:8c:1f:06:e5:e3:87:be:03:9e:91:ef:19:
                    8a:3d:df:42:31:cd:46:68:42:0c:42:ae:04:c6:f6:
                    eb:60:75:12:cd:00:10:fa:cd:89:b1:b8:41:f8:4e:
                    6a:5e:27:18:c1:66:fe:70:60:8a:08:9d:eb:b4:be:
                    7b:b8:14:e3:2c:8a:0c:a4:95:db:dc:0f:b9:61:dc:
                    8e:1d:22:3c:fb:31:eb:ef:59:65:52:c4:21:c1:9a:
                    b2:a8:83:82:33:96:15:11:d4:66:10:94:fc:0c:bd:
                    59:03:5a:6a:3b:2e:57:84:62:45:68:45:43:3b:e5:
                    0d:db:29:e5:94:1a:90:28:4f:5e:92:9b:4a:ae:ab:
                    69:19:c1:3b:3c:64:f0:f5:3c:d9:cd:d5:7d:ff:ca:
                    55:0b:a2:2b:c0:97:40:70:62:fd:7b:54:60:0c:70:
                    5c:ee:06:cc:82:73:c5:f5:f7:d0:14:22:f5:ea:c5:
                    bb:0e:90:07:99:07:d0:c3:2e:7b:7a:90:43:ab:06:
                    c0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:7E:15:E1:8C:17:EB:03:E1:D9:42:2A:1A:69:49:9D:11:AB:83:EB
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/0X4V4YwX6wPh2UIqGmlJnRGrg-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.128.0/22
                  45.66.216.0/22
                  45.130.21.0/24
                  45.142.125.0-45.142.127.255
                  45.143.233.0-45.143.235.255
                  45.147.48.0/23
                  45.147.51.0/24
                  45.149.156.0/22
                  45.159.48.0/22
                  78.142.228.0/22
                  88.214.20.0/22
                  91.200.240.0/24
                  91.200.242.0/23
                  94.124.119.0/24
                  95.214.164.0/23
                  141.98.196.0-141.98.198.255
                  147.78.240.0/21
                  149.62.44.0/24
                  149.62.46.0/23
                  176.119.148.0/22
                  185.194.54.0/24
                  185.200.64.0/24
                  185.200.66.0/24
                  193.32.148.0/22
                  193.111.30.0/23
                  194.36.24.0/24
                  194.36.27.0/24
                  194.104.153.0-194.104.155.255
                  194.169.54.0/24
                  195.245.219.0/24
                  195.245.241.0-195.245.242.255
                  213.232.112.0/22
                IPv6:
                  2a09:7::/36

    Signature Algorithm: sha256WithRSAEncryption
         31:dc:7b:c2:f8:81:d6:b1:ae:ff:9f:39:66:6c:b2:17:76:43:
         1e:04:53:0d:c7:f4:3d:71:cd:a2:c7:d1:d3:e7:a4:55:96:b4:
         28:4e:90:3b:86:e6:ae:5d:f0:58:dd:c1:3c:c5:4b:08:02:57:
         fc:be:01:30:bc:fc:48:40:7f:13:75:01:78:b0:3d:a0:04:0b:
         70:2e:58:4e:34:9c:0a:fd:cf:6d:5d:48:d8:d8:5d:79:55:7e:
         a1:c7:37:64:e6:60:2d:64:b3:20:02:bb:8b:59:a2:e8:30:46:
         42:ec:80:9a:f4:b6:05:b2:46:d5:b0:41:18:e8:e4:3e:8b:4b:
         a7:84:55:50:b6:69:f1:58:f2:e6:3f:d5:16:1d:25:84:ef:f8:
         a1:1b:f1:1b:97:ce:c7:64:82:9d:c5:97:fe:22:92:e1:54:76:
         31:62:3c:1f:92:46:60:6e:b6:0c:41:59:84:29:b4:1d:68:9f:
         55:51:1c:93:14:db:84:7e:67:e5:4c:96:7b:93:55:bc:43:78:
         5f:45:9e:79:83:72:65:e9:c4:d3:2d:db:e1:ea:81:83:c0:fc:
         9a:34:65:1a:65:5c:e2:a9:e1:97:15:de:3b:bc:2b:f5:48:05:
         cd:5a:d7:11:45:1e:81:40:c6:52:8a:11:79:3c:61:b9:78:f3:
         68:41:44:84
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgISAYMQGPi+wUAYy/ynIkCK9TrDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjIwOTA2MDAwMDE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTdlMTVlMThjMTdlYjAzZTFkOTQyMmExYTY5NDk5ZDExYWI4M2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneGrto+siIE0gm5UR8NXbk9RMo27
2RgqA8WY+7+P9//afjEzS49wnFeoQQ5in+3+bwICepM1m5T8a9RIRXaMHwbl44e+
A56R7xmKPd9CMc1GaEIMQq4ExvbrYHUSzQAQ+s2JsbhB+E5qXicYwWb+cGCKCJ3r
tL57uBTjLIoMpJXb3A+5YdyOHSI8+zHr71llUsQhwZqyqIOCM5YVEdRmEJT8DL1Z
A1pqOy5XhGJFaEVDO+UN2ynllBqQKE9ekptKrqtpGcE7PGTw9TzZzdV9/8pVC6Ir
wJdAcGL9e1RgDHBc7gbMgnPF9ffQFCL16sW7DpAHmQfQwy57epBDqwbAaQIDAQAB
o4IDAzCCAv8wHQYDVR0OBBYEFNF+FeGMF+sD4dlCKhppSZ0Rq4PrMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvMFg0VjRZd1g2d1BoMlVJcUdtbEpuUkdyZy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFwYIKwYBBQUHAQcBAf8EggEGMIIBAjCB7wQCAAEwgegD
BAItQoADBAItQtgDBAAtghUwDAMEAC2OfQMEBy2OADAMAwQALY/pAwQCLY/oAwQB
LZMwAwQALZMzAwQCLZWcAwQCLZ8wAwQCTo7kAwQCWNYUAwQAW8jwAwQBW8jyAwQA
Xnx3AwQBX9akMAwDBAKNYsQDBACNYsYDBAOTTvADBACVPiwDBAGVPi4DBAKwd5QD
BAC5wjYDBAC5yEADBAC5yEIDBALBIJQDBAHBbx4DBADCJBgDBADCJBswDAMEAMJo
mQMEAsJomAMEAMKpNgMEAMP12zAMAwQAw/XxAwQAw/XyAwQC1ehwMA4EAgACMAgD
BgQqCQAHADANBgkqhkiG9w0BAQsFAAOCAQEAMdx7wviB1rGu/585ZmyyF3ZDHgRT
Dcf0PXHNosfR0+ekVZa0KE6QO4bmrl3wWN3BPMVLCAJX/L4BMLz8SEB/E3UBeLA9
oAQLcC5YTjScCv3PbV1I2NhdeVV+occ3ZOZgLWSzIAK7i1mi6DBGQuyAmvS2BbJG
1bBBGOjkPotLp4RVULZp8Vjy5j/VFh0lhO/4oRvxG5fOx2SCncWX/iKS4VR2MWI8
H5JGYG62DEFZhCm0HWifVVEckxTbhH5n5UyWe5NVvEN4X0WeeYNyZenE0y3b4eqB
g8D8mjRlGmVc4qnhlxXeO7wr9UgFzVrXEUUegUDGUooReTxhuXjzaEFEhA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:46 2024 by rpki-client on console-ams.rpki-client.org