Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/ugLXfP7cqqT9VhtQS1OdBW2LHws.roa
File:                     ugLXfP7cqqT9VhtQS1OdBW2LHws.roa (raw, json)
Hash identifier:          XeZ7hukodKjPKyqnlcKW9HJ8k9sMq1Qz5FwjVq+RV0U=
Subject key identifier:   BA:02:D7:7C:FE:DC:AA:A4:FD:56:1B:50:4B:53:9D:05:6D:8B:1F:0B
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       17641823
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/ugLXfP7cqqT9VhtQS1OdBW2LHws.roa
Signing time:             Sat 01 Jan 2022 09:54:03 +0000
ROA not before:           Sat 01 Jan 2022 09:54:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     134963
IP address blocks:        212.31.96.0/24 maxlen: 24
                          195.14.157.0/24 maxlen: 24
                          195.14.154.0/24 maxlen: 24
                          212.31.123.0/24 maxlen: 24
                          212.31.124.0/24 maxlen: 24
                          212.31.125.0/24 maxlen: 24
                          212.31.127.0/24 maxlen: 24
                          128.0.107.0/24 maxlen: 24
                          46.199.88.0/24 maxlen: 24
                          195.14.130.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 392435747 (0x17641823)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 09:54:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ba02d77cfedcaaa4fd561b504b539d056d8b1f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5a:4f:33:58:dd:79:f8:f4:fd:3f:52:28:65:
                    4c:e8:de:35:da:5e:d3:ff:d1:70:c6:7d:a7:fe:49:
                    11:73:67:ce:11:f8:53:c1:3a:8a:83:c6:c9:03:dc:
                    10:9e:f5:72:13:95:0d:da:90:ad:40:55:db:93:77:
                    34:1c:88:35:bf:a5:05:48:ff:2b:29:12:95:39:b9:
                    d8:3c:96:8f:25:a5:83:04:0e:be:6c:c8:50:d6:b2:
                    b6:e8:0e:7c:6b:72:5e:eb:00:94:42:1d:bb:a3:c8:
                    d4:28:0d:68:f0:ca:46:0c:82:8a:30:b5:5f:45:62:
                    eb:ce:b4:1b:bd:0a:f3:d3:8b:a8:c3:dc:69:ed:5a:
                    ee:1a:d1:dd:f3:f9:d4:08:ca:0b:1a:81:7b:e2:e2:
                    d6:54:fc:55:90:d8:76:bc:5f:40:27:9a:10:5b:06:
                    d2:d3:eb:19:7d:1c:8b:8d:c0:f7:d0:02:7f:eb:aa:
                    d8:87:25:c0:ce:16:cf:ab:09:8e:c1:6c:d0:ef:09:
                    a0:35:e4:45:b0:05:39:b5:d4:4a:18:e4:61:7a:98:
                    5b:6e:cb:96:10:d4:90:99:18:29:c6:a8:52:3d:6e:
                    7e:29:a6:ed:11:ba:06:93:d6:16:eb:f8:3b:6e:24:
                    95:52:60:6f:11:54:ec:e3:63:cf:28:ca:2c:ba:91:
                    01:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:02:D7:7C:FE:DC:AA:A4:FD:56:1B:50:4B:53:9D:05:6D:8B:1F:0B
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/ugLXfP7cqqT9VhtQS1OdBW2LHws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.199.88.0/24
                  128.0.107.0/24
                  195.14.130.0/24
                  195.14.154.0/24
                  195.14.157.0/24
                  212.31.96.0/24
                  212.31.123.0-212.31.125.255
                  212.31.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:b2:c4:08:84:c7:1a:17:c0:23:fa:c4:02:fd:80:1a:f8:6b:
         e7:eb:d4:4a:6d:d3:da:93:00:20:df:63:82:9b:93:07:1e:53:
         3f:d5:d8:82:5d:94:e2:61:ab:86:82:5c:a6:40:3c:a8:c3:ec:
         99:21:71:29:e5:67:bf:b7:e7:68:05:f6:3e:74:be:10:6f:72:
         30:16:dd:6d:55:e0:d7:4f:64:e2:f3:ed:96:48:2b:4e:91:5f:
         0f:0a:ed:08:d0:6a:4e:64:fc:53:34:85:08:5b:5a:b0:2f:a5:
         9f:fa:0d:78:08:f2:5c:4a:59:e2:7f:ce:b8:1c:ef:9e:b0:5b:
         74:5f:5a:6e:37:0d:c0:21:23:45:64:7f:fd:3e:5a:d9:34:b0:
         18:97:d4:45:4c:cc:3e:83:4f:7e:63:ed:39:d7:2a:dc:bb:3d:
         3d:36:8d:f8:84:0d:f4:b5:14:8d:fa:e5:d1:df:b8:f3:e2:ff:
         b6:09:9d:c0:0b:55:b8:b4:b5:5e:a0:70:e4:7e:a3:f6:3f:a5:
         3a:35:52:a8:71:68:b9:11:ea:69:48:4a:2f:7e:88:5e:ed:1c:
         5c:70:75:a6:7e:9e:0f:db:19:bd:d0:8d:ea:e8:99:0d:ef:45:
         94:1d:f0:b9:47:3c:f5:bc:88:b9:49:9f:d6:6e:b4:09:fd:37:
         ed:55:b4:44
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEF2QYIzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NDExYWJjNGMwNDY4YWIyODkxZWFhY2FkYmEwZGMwMzc3OTM2ZmQ1MB4XDTIyMDEw
MTA5NTQwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmEwMmQ3N2NmZWRj
YWFhNGZkNTYxYjUwNGI1MzlkMDU2ZDhiMWYwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKFaTzNY3Xn49P0/UihlTOjeNdpe0//RcMZ9p/5JEXNnzhH4
U8E6ioPGyQPcEJ71chOVDdqQrUBV25N3NByINb+lBUj/KykSlTm52DyWjyWlgwQO
vmzIUNaytugOfGtyXusAlEIdu6PI1CgNaPDKRgyCijC1X0Vi6860G70K89OLqMPc
ae1a7hrR3fP51AjKCxqBe+Li1lT8VZDYdrxfQCeaEFsG0tPrGX0ci43A99ACf+uq
2IclwM4Wz6sJjsFs0O8JoDXkRbAFObXUShjkYXqYW27LlhDUkJkYKcaoUj1ufimm
7RG6BpPWFuv4O24klVJgbxFU7ONjzyjKLLqRATUCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBS6Atd8/tyqpP1WG1BLU50FbYsfCzAfBgNVHSMEGDAWgBTUEavEwEaKsoke
qsrboNwDd5Nv1TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFCR3J4TUJHaXJLSkhxcksyNkRjQTNlVGI5VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTMvNjE4ZTUzLWFmYzQtNDBkZi04NjEyLWIwZjRiOWMzN2U0OS8x
L3VnTFhmUDdjcXFUOVZodFFTMU9kQlcyTEh3cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMv
NjE4ZTUzLWFmYzQtNDBkZi04NjEyLWIwZjRiOWMzN2U0OS8xLzFCR3J4TUJHaXJL
SkhxcksyNkRjQTNlVGI5VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAC7HWAMEAIAAawMEAMMOggMEAMMO
mgMEAMMOnQMEANQfYDAMAwQA1B97AwQB1B98AwQA1B9/MA0GCSqGSIb3DQEBCwUA
A4IBAQCCssQIhMcaF8Aj+sQC/YAa+Gvn69RKbdPakwAg32OCm5MHHlM/1diCXZTi
YauGglymQDyow+yZIXEp5We/t+doBfY+dL4Qb3IwFt1tVeDXT2Ti8+2WSCtOkV8P
Cu0I0GpOZPxTNIUIW1qwL6Wf+g14CPJcSlnif864HO+esFt0X1puNw3AISNFZH/9
PlrZNLAYl9RFTMw+g09+Y+051yrcuz09No34hA30tRSN+uXR37jz4v+2CZ3AC1W4
tLVeoHDkfqP2P6U6NVKocWi5EeppSEovfohe7RxccHWmfp4P2xm90I3q6JkN70WU
HfC5Rzz1vIi5SZ/WbrQJ/TftVbRE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:35 2024 by rpki-client on console-fra.rpki-client.org