Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/aox9I7mNvf7bykUi4MMjI36ktgQ.roa
File:                     aox9I7mNvf7bykUi4MMjI36ktgQ.roa (raw, json)
Hash identifier:          y27pbWa5UUg5SAuyN1T9GJgr2tcSgseSiVNeC71l2L4=
Subject key identifier:   6A:8C:7D:23:B9:8D:BD:FE:DB:CA:45:22:E0:C3:23:23:7E:A4:B6:04
Certificate issuer:       /CN=08818cbb0f9d1e573773d791138a0122f28bec56
Certificate serial:       05C7F452
Authority key identifier: 08:81:8C:BB:0F:9D:1E:57:37:73:D7:91:13:8A:01:22:F2:8B:EC:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIGMuw-dHlc3c9eRE4oBIvKL7FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/aox9I7mNvf7bykUi4MMjI36ktgQ.roa
Signing time:             Sat 01 Jan 2022 01:53:12 +0000
ROA not before:           Sat 01 Jan 2022 01:53:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206772
IP address blocks:        185.158.124.0/23 maxlen: 23
                          185.158.124.0/24 maxlen: 24
                          185.158.124.0/22 maxlen: 22
                          185.158.125.0/24 maxlen: 24
                          185.158.126.0/24 maxlen: 24
                          185.158.126.0/23 maxlen: 23
                          185.158.127.0/24 maxlen: 24
                          2a07:ad40::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96990290 (0x5c7f452)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08818cbb0f9d1e573773d791138a0122f28bec56
        Validity
            Not Before: Jan  1 01:53:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6a8c7d23b98dbdfedbca4522e0c323237ea4b604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:51:a4:51:4d:b1:6d:5a:ea:1c:3b:11:25:91:
                    d7:5d:93:c2:b7:b7:68:28:c9:dd:27:2b:69:c1:80:
                    a9:55:f2:f1:04:3b:9d:d7:aa:ba:90:68:d0:23:ec:
                    27:0c:c0:d8:f3:54:ca:36:0b:03:0b:08:d9:72:c7:
                    ed:30:55:95:b7:b8:1f:88:b9:ad:33:64:a0:a5:48:
                    9b:28:f4:83:10:7f:fa:91:80:56:fa:5a:99:e4:09:
                    d6:cb:fc:48:68:e7:94:84:91:e0:c2:8c:ae:2c:db:
                    f0:c9:47:18:31:3f:64:a4:52:3c:4a:af:26:d5:16:
                    f0:97:e9:70:ce:e4:d0:46:bd:c2:2e:81:fd:60:a9:
                    79:18:e9:da:c5:58:71:fe:31:e8:98:f3:c4:d0:c0:
                    82:fc:f0:f2:10:dc:e9:b2:74:ce:4c:c0:1f:f6:59:
                    2f:31:57:92:ee:1c:34:86:10:2e:95:cf:b8:4e:69:
                    1d:29:2d:87:65:af:c9:0b:d9:05:1e:5d:2a:eb:e2:
                    43:fe:03:27:71:85:a3:2c:09:37:1b:24:44:5c:21:
                    23:33:95:78:c3:95:c6:f3:5e:8d:ad:a6:5c:7e:a1:
                    72:d4:06:a4:33:6d:c3:f8:80:fa:0d:1b:d0:a3:d8:
                    a6:00:8c:d9:ed:ab:ce:50:a6:ef:f0:24:38:51:0e:
                    f9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:8C:7D:23:B9:8D:BD:FE:DB:CA:45:22:E0:C3:23:23:7E:A4:B6:04
            X509v3 Authority Key Identifier:
                keyid:08:81:8C:BB:0F:9D:1E:57:37:73:D7:91:13:8A:01:22:F2:8B:EC:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIGMuw-dHlc3c9eRE4oBIvKL7FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/aox9I7mNvf7bykUi4MMjI36ktgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2e0536-4ca2-4afe-83d6-336e874f3d87/1/CIGMuw-dHlc3c9eRE4oBIvKL7FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.124.0/22
                IPv6:
                  2a07:ad40::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:0b:9b:bb:74:55:ba:e2:fe:22:ff:ba:f6:dc:ef:e0:fe:28:
         cb:73:b4:a3:f6:57:4f:66:28:5d:77:53:53:9d:a0:c4:ba:ca:
         92:c1:8d:49:aa:4c:7b:fe:50:7d:b5:00:b7:0c:1f:b4:60:f4:
         c6:0f:9f:d3:a2:ce:63:30:72:9f:e0:34:07:38:64:38:de:0b:
         95:4c:4c:0f:30:4c:d7:cc:74:5f:9c:62:88:81:1d:80:76:82:
         35:1f:36:00:2a:56:dc:a9:e7:b9:4b:c3:f7:0e:ed:1c:08:97:
         95:4a:a9:ad:0a:7e:4c:c8:82:b9:ed:49:15:b7:38:60:71:68:
         9c:fb:5e:90:25:af:73:fb:5d:e0:60:ac:08:38:3d:de:b6:35:
         5e:65:2b:ee:60:de:cb:ee:dc:c7:08:a4:09:73:13:d1:7e:ab:
         9b:15:bd:b5:01:48:b8:f9:7c:fb:a4:8c:e3:97:76:d7:bc:e4:
         90:4d:95:4e:41:81:15:0f:bc:9f:3c:3e:ad:0c:d8:54:a2:5e:
         6a:8f:38:e6:d7:b3:1b:35:46:32:61:24:60:d4:13:1b:29:68:
         d0:6f:0e:8d:88:16:e0:08:e6:aa:83:f0:fd:4f:a0:2a:93:05:
         f6:e0:a5:86:59:91:c1:9e:8e:b4:6f:c0:82:24:d1:08:ba:f5:
         fd:48:8d:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBcf0UjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ODgxOGNiYjBmOWQxZTU3Mzc3M2Q3OTExMzhhMDEyMmYyOGJlYzU2MB4XDTIyMDEw
MTAxNTMxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmE4YzdkMjNiOThk
YmRmZWRiY2E0NTIyZTBjMzIzMjM3ZWE0YjYwNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALNRpFFNsW1a6hw7ESWR112Twre3aCjJ3ScracGAqVXy8QQ7
ndequpBo0CPsJwzA2PNUyjYLAwsI2XLH7TBVlbe4H4i5rTNkoKVImyj0gxB/+pGA
VvpameQJ1sv8SGjnlISR4MKMrizb8MlHGDE/ZKRSPEqvJtUW8JfpcM7k0Ea9wi6B
/WCpeRjp2sVYcf4x6JjzxNDAgvzw8hDc6bJ0zkzAH/ZZLzFXku4cNIYQLpXPuE5p
HSkth2WvyQvZBR5dKuviQ/4DJ3GFoywJNxskRFwhIzOVeMOVxvNeja2mXH6hctQG
pDNtw/iA+g0b0KPYpgCM2e2rzlCm7/AkOFEO+ZsCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRqjH0juY29/tvKRSLgwyMjfqS2BDAfBgNVHSMEGDAWgBQIgYy7D50eVzdz
15ETigEi8ovsVjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NJR011dy1kSGxjM2M5ZVJFNG9CSXZLTDdGWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGYvMmUwNTM2LTRjYTItNGFmZS04M2Q2LTMzNmU4NzRmM2Q4Ny8x
L2FveDlJN21OdmY3YnlrVWk0TU1qSTM2a3RnUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYv
MmUwNTM2LTRjYTItNGFmZS04M2Q2LTMzNmU4NzRmM2Q4Ny8xL0NJR011dy1kSGxj
M2M5ZVJFNG9CSXZLTDdGWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArmefDANBAIAAjAHAwUDKgetQDAN
BgkqhkiG9w0BAQsFAAOCAQEAgQubu3RVuuL+Iv+69tzv4P4oy3O0o/ZXT2YoXXdT
U52gxLrKksGNSapMe/5QfbUAtwwftGD0xg+f06LOYzByn+A0BzhkON4LlUxMDzBM
18x0X5xiiIEdgHaCNR82ACpW3KnnuUvD9w7tHAiXlUqprQp+TMiCue1JFbc4YHFo
nPtekCWvc/td4GCsCDg93rY1XmUr7mDey+7cxwikCXMT0X6rmxW9tQFIuPl8+6SM
45d217zkkE2VTkGBFQ+8nzw+rQzYVKJeao845tezGzVGMmEkYNQTGylo0G8OjYgW
4AjmqoPw/U+gKpMF9uClhlmRwZ6OtG/AgiTRCLr1/UiNKg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:01 2024 by rpki-client on console-fra.rpki-client.org