Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/CYWKWS-1Yh1zw1tqmD95oNKEj2Q.roa
File:                     CYWKWS-1Yh1zw1tqmD95oNKEj2Q.roa (raw, json)
Hash identifier:          veG3+D+Cd+nB9SpuwTTprC+T2kRI2Beb00n+/cD21Xs=
Subject key identifier:   09:85:8A:59:2F:B5:62:1D:73:C3:5B:6A:98:3F:79:A0:D2:84:8F:64
Certificate issuer:       /CN=4e5caf5e5495f54b039f1d0f2471112467c9791c
Certificate serial:       07176721
Authority key identifier: 4E:5C:AF:5E:54:95:F5:4B:03:9F:1D:0F:24:71:11:24:67:C9:79:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/CYWKWS-1Yh1zw1tqmD95oNKEj2Q.roa
Signing time:             Sat 01 Jan 2022 00:57:03 +0000
ROA not before:           Sat 01 Jan 2022 00:57:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58231
IP address blocks:        194.33.92.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 118974241 (0x7176721)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5caf5e5495f54b039f1d0f2471112467c9791c
        Validity
            Not Before: Jan  1 00:57:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=09858a592fb5621d73c35b6a983f79a0d2848f64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:64:e5:26:03:66:b7:be:93:8b:0d:12:f9:02:
                    25:6b:e3:3e:b9:58:d4:6a:3b:ae:7a:ce:24:97:fd:
                    2b:6b:4c:a2:c9:76:4f:06:9c:fe:64:41:29:e2:4b:
                    87:43:9e:c8:3a:bf:e9:1d:ce:30:33:76:9b:cc:57:
                    a2:39:a5:da:07:af:b4:bf:ec:93:41:4c:1e:67:2a:
                    2c:35:e7:47:b0:8b:be:ee:03:42:85:6d:e7:0e:ca:
                    4d:8b:96:6e:ed:67:22:64:88:96:5b:ba:26:5f:ba:
                    ee:0c:bb:e5:64:71:dc:e6:83:e7:8b:1f:41:c2:dd:
                    a1:ff:bf:1e:f9:6c:cb:95:c5:1a:3b:2f:2b:78:bb:
                    ed:60:e1:62:25:e5:f0:e0:61:22:74:cc:16:05:27:
                    03:0f:4d:30:11:1c:38:52:2b:d7:61:4a:a4:63:df:
                    56:42:7a:bf:ca:f8:e2:78:27:1c:13:fd:a9:6e:e8:
                    d7:c7:b8:5e:f1:5a:92:93:cd:d2:41:cd:b5:1e:8c:
                    fb:4d:72:22:0a:e5:3c:d5:69:27:7e:f7:eb:97:30:
                    ac:d3:d4:74:9e:ba:d1:69:32:4b:c1:d9:43:fe:60:
                    58:fc:a4:ed:10:2d:f4:ce:dc:83:20:99:59:fe:96:
                    46:96:03:0b:ae:c5:82:21:75:31:ce:87:61:96:3b:
                    bb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:85:8A:59:2F:B5:62:1D:73:C3:5B:6A:98:3F:79:A0:D2:84:8F:64
            X509v3 Authority Key Identifier:
                keyid:4E:5C:AF:5E:54:95:F5:4B:03:9F:1D:0F:24:71:11:24:67:C9:79:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/CYWKWS-1Yh1zw1tqmD95oNKEj2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/TlyvXlSV9UsDnx0PJHERJGfJeRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:66:96:e9:42:8b:2e:ec:1d:46:3d:1f:62:d1:d1:16:d6:e5:
         5f:09:7e:4f:95:d2:aa:db:a0:6a:63:6b:23:cc:d3:ed:ec:51:
         00:ff:cb:c9:d8:93:f4:a6:cd:36:14:79:64:3d:70:5a:95:51:
         30:a7:60:c8:3a:ee:3a:31:76:fe:79:31:d1:6f:ed:3b:81:cd:
         54:9e:16:58:7f:b7:51:3b:81:bd:37:30:3b:f5:1e:6a:b2:b1:
         ec:2d:f5:ca:46:85:eb:47:c1:11:18:44:cd:a8:89:09:72:67:
         4f:16:e8:8a:5f:53:c7:ff:ec:3e:65:56:8f:58:ed:b9:98:73:
         5c:dd:6d:42:11:79:7c:63:b3:0a:84:61:5a:5d:d0:d7:c1:c6:
         8d:e5:56:20:34:04:34:bc:ec:a0:bc:d0:95:39:eb:52:fc:b0:
         bf:97:b4:05:84:8f:98:5d:a0:7d:c9:d9:0c:13:4f:36:d1:36:
         80:d0:23:27:60:dd:6d:13:86:04:ad:64:c1:cd:ae:f5:8f:bf:
         57:5e:dd:f2:a3:c1:9a:24:e5:0e:55:86:3f:9a:de:9c:24:1a:
         7d:f6:52:5a:56:d1:2d:a9:0a:b0:2f:da:a0:d2:ac:8b:61:9f:
         e5:fc:1f:a3:16:fa:c6:aa:bb:7a:25:1b:03:f8:e8:3f:91:5c:
         fb:48:e5:c5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBxdnITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZTVjYWY1ZTU0OTVmNTRiMDM5ZjFkMGYyNDcxMTEyNDY3Yzk3OTFjMB4XDTIyMDEw
MTAwNTcwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDk4NThhNTkyZmI1
NjIxZDczYzM1YjZhOTgzZjc5YTBkMjg0OGY2NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKZk5SYDZre+k4sNEvkCJWvjPrlY1Go7rnrOJJf9K2tMosl2
Twac/mRBKeJLh0OeyDq/6R3OMDN2m8xXojml2gevtL/sk0FMHmcqLDXnR7CLvu4D
QoVt5w7KTYuWbu1nImSIllu6Jl+67gy75WRx3OaD54sfQcLdof+/Hvlsy5XFGjsv
K3i77WDhYiXl8OBhInTMFgUnAw9NMBEcOFIr12FKpGPfVkJ6v8r44ngnHBP9qW7o
18e4XvFakpPN0kHNtR6M+01yIgrlPNVpJ37365cwrNPUdJ660WkyS8HZQ/5gWPyk
7RAt9M7cgyCZWf6WRpYDC67FgiF1Mc6HYZY7uwcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQJhYpZL7ViHXPDW2qYP3mg0oSPZDAfBgNVHSMEGDAWgBROXK9eVJX1SwOf
HQ8kcREkZ8l5HDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RseXZYbFNWOVVzRG54MFBKSEVSSkdmSmVSdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTAvZjg5Njg1LTExNzQtNDVkNS1hNWRjLTA5ZGI1NzQ2OWJiOC8x
L0NZV0tXUy0xWWgxencxdHFtRDk1b05LRWoyUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAv
Zjg5Njg1LTExNzQtNDVkNS1hNWRjLTA5ZGI1NzQ2OWJiOC8xL1RseXZYbFNWOVVz
RG54MFBKSEVSSkdmSmVSdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsIhXDANBgkqhkiG9w0BAQsFAAOC
AQEAWmaW6UKLLuwdRj0fYtHRFtblXwl+T5XSqtugamNrI8zT7exRAP/LydiT9KbN
NhR5ZD1wWpVRMKdgyDruOjF2/nkx0W/tO4HNVJ4WWH+3UTuBvTcwO/UearKx7C31
ykaF60fBERhEzaiJCXJnTxboil9Tx//sPmVWj1jtuZhzXN1tQhF5fGOzCoRhWl3Q
18HGjeVWIDQENLzsoLzQlTnrUvywv5e0BYSPmF2gfcnZDBNPNtE2gNAjJ2DdbROG
BK1kwc2u9Y+/V17d8qPBmiTlDlWGP5renCQaffZSWlbRLakKsC/aoNKsi2Gf5fwf
oxb6xqq7eiUbA/joP5Fc+0jlxQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:19 2024 by rpki-client on console-fra.rpki-client.org