Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/COLS6xar0rHq0uzZmnFc_VvCKdg.roa
File:                     COLS6xar0rHq0uzZmnFc_VvCKdg.roa (raw, json)
Hash identifier:          pPaepWRNAbeXrfnCkrHJsf2r46LEBZWU3xCPKW8pEOU=
Subject key identifier:   08:E2:D2:EB:16:AB:D2:B1:EA:D2:EC:D9:9A:71:5C:FD:5B:C2:29:D8
Certificate issuer:       /CN=408025c7de0400e0f3c88d4a122a317e32c5e21c
Certificate serial:       37143CF3
Authority key identifier: 40:80:25:C7:DE:04:00:E0:F3:C8:8D:4A:12:2A:31:7E:32:C5:E2:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIAlx94EAODzyI1KEioxfjLF4hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/COLS6xar0rHq0uzZmnFc_VvCKdg.roa
Signing time:             Fri 11 Mar 2022 15:52:04 +0000
ROA not before:           Fri 11 Mar 2022 15:52:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30818
IP address blocks:        82.221.0.0/20 maxlen: 20
                          82.221.164.0/24 maxlen: 24
                          82.221.166.0/24 maxlen: 24
                          82.221.167.0/24 maxlen: 24
                          82.221.168.0/24 maxlen: 24
                          82.221.170.0/24 maxlen: 24
                          82.221.80.0/20 maxlen: 20
                          82.221.96.0/20 maxlen: 20
                          82.221.112.0/20 maxlen: 20
                          82.221.16.0/20 maxlen: 20
                          82.221.32.0/20 maxlen: 20
                          82.221.48.0/20 maxlen: 20
                          82.221.57.0/24 maxlen: 24
                          82.221.64.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 924073203 (0x37143cf3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408025c7de0400e0f3c88d4a122a317e32c5e21c
        Validity
            Not Before: Mar 11 15:52:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=08e2d2eb16abd2b1ead2ecd99a715cfd5bc229d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:52:a0:59:c9:f1:5e:55:03:f6:67:ab:2c:e2:
                    16:24:a6:c3:f2:31:18:02:63:70:54:70:be:9c:d9:
                    44:9a:f7:f6:7b:31:b8:c4:3b:20:4b:7e:01:3a:a9:
                    02:ad:05:21:a9:6d:bc:10:2c:d8:50:d6:bc:61:90:
                    70:f7:ba:fe:eb:8b:af:67:80:1d:04:30:38:f9:09:
                    f7:07:38:2b:37:69:07:01:1c:f0:09:d3:c3:f8:0b:
                    5e:7f:8b:66:04:0c:66:5d:30:86:37:fe:1c:a5:2f:
                    e0:0b:3d:f6:ad:55:98:e3:14:09:ac:9a:66:65:a8:
                    14:e8:84:8e:77:91:68:2c:9c:4b:d6:4c:2e:90:8c:
                    9d:bb:0b:c9:ac:6d:3e:24:2d:8d:f2:7b:5c:f7:35:
                    17:f7:bc:2a:fd:cb:c0:26:54:41:da:fb:d1:0f:e8:
                    e6:cf:c0:8f:ab:e0:45:d1:4b:44:70:d1:87:7f:14:
                    97:8c:31:12:85:89:2a:94:46:20:ff:7d:1b:0c:21:
                    76:e4:a3:43:e2:bc:47:a0:f2:1a:b3:e0:28:e9:b6:
                    99:26:c4:c4:4f:43:69:70:e6:20:8e:2a:07:a4:96:
                    93:5d:7a:31:31:02:d9:c8:74:38:9d:3a:c0:e7:73:
                    80:ab:b8:73:5e:0a:e1:fd:27:ee:00:f2:35:b1:fa:
                    31:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E2:D2:EB:16:AB:D2:B1:EA:D2:EC:D9:9A:71:5C:FD:5B:C2:29:D8
            X509v3 Authority Key Identifier:
                keyid:40:80:25:C7:DE:04:00:E0:F3:C8:8D:4A:12:2A:31:7E:32:C5:E2:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIAlx94EAODzyI1KEioxfjLF4hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/COLS6xar0rHq0uzZmnFc_VvCKdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/QIAlx94EAODzyI1KEioxfjLF4hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.221.0.0/17
                  82.221.164.0/24
                  82.221.166.0-82.221.168.255
                  82.221.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:15:d1:55:6d:10:69:8b:0b:fa:40:bc:a9:f7:21:57:2e:26:
         cd:90:8f:0f:a9:0a:ed:30:48:53:66:f9:8c:9d:c4:1b:d4:a0:
         e9:44:c4:31:1e:d2:9a:c5:c7:7b:8a:91:88:b2:38:1f:1c:4f:
         b3:d0:bb:f4:6d:ed:42:2b:0a:f3:fe:32:2d:54:93:12:15:14:
         66:24:d7:59:e7:1a:20:23:86:8c:82:87:52:2a:a1:cc:47:22:
         1c:86:ab:68:65:1f:5d:5e:38:4c:58:d7:43:7e:6c:9a:23:02:
         ab:c4:f9:9c:6c:60:0a:ca:73:82:e9:5f:1f:0e:c6:92:26:18:
         9c:1c:3c:f3:fa:b2:c8:29:a5:dd:b3:88:e6:0a:35:3a:65:2f:
         0f:ae:00:71:33:1d:d3:d4:9b:0c:a4:5c:04:34:42:3f:06:85:
         e2:b2:b7:0a:f0:74:72:de:0b:70:79:c0:4e:d5:82:7e:fc:bc:
         f5:f7:ed:07:86:86:48:43:f7:fa:d9:1d:57:1c:4d:45:47:7d:
         7a:87:0b:9b:b1:9b:f6:8d:f2:83:c8:45:47:52:9a:a0:d4:ad:
         e4:7d:16:51:32:dd:cb:8e:03:7e:81:98:13:d6:b7:09:d8:d9:
         33:84:0e:a0:41:aa:3a:95:01:15:ef:0d:ec:c2:83:fe:85:75:
         21:7c:81:25
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIENxQ88zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MDgwMjVjN2RlMDQwMGUwZjNjODhkNGExMjJhMzE3ZTMyYzVlMjFjMB4XDTIyMDMx
MTE1NTIwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDhlMmQyZWIxNmFi
ZDJiMWVhZDJlY2Q5OWE3MTVjZmQ1YmMyMjlkODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKVSoFnJ8V5VA/ZnqyziFiSmw/IxGAJjcFRwvpzZRJr39nsx
uMQ7IEt+ATqpAq0FIaltvBAs2FDWvGGQcPe6/uuLr2eAHQQwOPkJ9wc4KzdpBwEc
8AnTw/gLXn+LZgQMZl0whjf+HKUv4As99q1VmOMUCayaZmWoFOiEjneRaCycS9ZM
LpCMnbsLyaxtPiQtjfJ7XPc1F/e8Kv3LwCZUQdr70Q/o5s/Aj6vgRdFLRHDRh38U
l4wxEoWJKpRGIP99GwwhduSjQ+K8R6DyGrPgKOm2mSbExE9DaXDmII4qB6SWk116
MTEC2ch0OJ06wOdzgKu4c14K4f0n7gDyNbH6MZ8CAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBQI4tLrFqvSserS7NmacVz9W8Ip2DAfBgNVHSMEGDAWgBRAgCXH3gQA4PPI
jUoSKjF+MsXiHDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FJQWx4OTRFQU9EenlJMUtFaW94ZmpMRjRody5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGMvNTkzMDNkLTc0OGEtNDc5Ny04MTFlLWZlZTJlOGQ0MDg0Zi8x
L0NPTFM2eGFyMHJIcTB1elptbkZjX1Z2Q0tkZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGMv
NTkzMDNkLTc0OGEtNDc5Ny04MTFlLWZlZTJlOGQ0MDg0Zi8xL1FJQWx4OTRFQU9E
enlJMUtFaW94ZmpMRjRody5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwJgQCAAEwIAMEB1LdAAMEAFLdpDAMAwQBUt2mAwQA
Ut2oAwQAUt2qMA0GCSqGSIb3DQEBCwUAA4IBAQBCFdFVbRBpiwv6QLyp9yFXLibN
kI8PqQrtMEhTZvmMncQb1KDpRMQxHtKaxcd7ipGIsjgfHE+z0Lv0be1CKwrz/jIt
VJMSFRRmJNdZ5xogI4aMgodSKqHMRyIchqtoZR9dXjhMWNdDfmyaIwKrxPmcbGAK
ynOC6V8fDsaSJhicHDzz+rLIKaXds4jmCjU6ZS8PrgBxMx3T1JsMpFwENEI/BoXi
srcK8HRy3gtwecBO1YJ+/Lz19+0HhoZIQ/f62R1XHE1FR316hwubsZv2jfKDyEVH
Upqg1K3kfRZRMt3LjgN+gZgT1rcJ2NkzhA6gQao6lQEV7w3swoP+hXUhfIEl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:57 2024 by rpki-client on console-ams.rpki-client.org