Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/y5wev4wv_kO_fZi5725B2_lOCHs.roa
File:                     y5wev4wv_kO_fZi5725B2_lOCHs.roa (raw, json)
Hash identifier:          7YBzRJDmPNUHirRrZZ6450oesyr8hQRurw38AsxieUI=
Subject key identifier:   CB:9C:1E:BF:8C:2F:FE:43:BF:7D:98:B9:EF:6E:41:DB:F9:4E:08:7B
Certificate issuer:       /CN=23d8448c5cb90398e4c285cec9c0f4766ac931df
Certificate serial:       17F79D4A
Authority key identifier: 23:D8:44:8C:5C:B9:03:98:E4:C2:85:CE:C9:C0:F4:76:6A:C9:31:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I9hEjFy5A5jkwoXOycD0dmrJMd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/y5wev4wv_kO_fZi5725B2_lOCHs.roa
Signing time:             Sat 01 Jan 2022 09:54:33 +0000
ROA not before:           Sat 01 Jan 2022 09:54:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1853
IP address blocks:        193.170.0.0/15 maxlen: 15
                          78.104.0.0/16 maxlen: 16
                          193.171.1.0/24 maxlen: 24
                          185.154.40.0/22 maxlen: 22
                          2001:628::/29 maxlen: 29
                          2001:67c:1864::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 402103626 (0x17f79d4a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23d8448c5cb90398e4c285cec9c0f4766ac931df
        Validity
            Not Before: Jan  1 09:54:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cb9c1ebf8c2ffe43bf7d98b9ef6e41dbf94e087b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:38:3b:c3:e3:fa:b1:0e:9e:e4:b7:77:69:5e:
                    f7:72:82:1a:2f:b9:89:c5:05:76:60:0f:ad:42:60:
                    92:2a:24:55:21:47:43:4a:48:8a:50:3a:a1:fc:6b:
                    94:78:ff:81:ef:19:91:b4:e7:46:6c:44:c1:0c:89:
                    e6:0a:d4:cb:7b:7a:f5:7b:c7:8f:fe:f0:e9:08:ce:
                    57:59:e0:be:3c:b3:51:28:15:54:de:ec:09:f1:6b:
                    fa:61:d2:44:c3:7f:96:e7:34:e3:9c:ba:b7:02:7d:
                    0d:f8:01:2c:30:e9:be:b0:ed:ee:c0:34:18:b3:59:
                    4f:57:5e:19:c3:d3:9c:87:63:bc:ec:0a:04:2c:c0:
                    96:e6:f2:c4:cb:7a:7a:b8:60:9c:77:59:e0:91:c1:
                    fb:7c:01:5e:fe:48:ac:ee:0a:90:89:ed:d8:8e:d8:
                    43:6f:dd:8c:99:37:a1:12:7d:24:3d:90:cd:67:92:
                    4d:93:37:22:66:cd:ed:1b:61:68:d7:a5:92:f3:57:
                    61:04:0b:88:2d:78:bf:04:6a:b8:92:ae:9b:a0:62:
                    39:6e:2f:87:33:e2:cf:a2:fe:68:13:1e:6f:09:7a:
                    80:24:68:05:05:97:9d:7b:b9:cb:e1:4b:4b:df:2a:
                    c5:4b:a9:2c:52:b1:07:d3:eb:45:c0:c3:5a:20:57:
                    98:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:9C:1E:BF:8C:2F:FE:43:BF:7D:98:B9:EF:6E:41:DB:F9:4E:08:7B
            X509v3 Authority Key Identifier:
                keyid:23:D8:44:8C:5C:B9:03:98:E4:C2:85:CE:C9:C0:F4:76:6A:C9:31:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I9hEjFy5A5jkwoXOycD0dmrJMd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/y5wev4wv_kO_fZi5725B2_lOCHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/I9hEjFy5A5jkwoXOycD0dmrJMd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.104.0.0/16
                  185.154.40.0/22
                  193.170.0.0/15
                IPv6:
                  2001:628::/29
                  2001:67c:1864::/48

    Signature Algorithm: sha256WithRSAEncryption
         d2:33:c9:5c:61:07:8e:4e:f0:25:94:fe:fb:41:67:90:0c:8c:
         76:4c:34:88:9d:20:99:8c:64:7e:b1:1b:7c:33:45:34:4f:90:
         4d:88:2d:08:aa:97:49:83:6c:90:76:04:1a:65:78:12:e0:e6:
         41:79:27:5a:9b:f8:15:85:3d:ac:1b:34:26:cb:bd:62:76:fa:
         67:c8:e8:70:62:b5:2a:d2:de:3a:7b:8d:90:7f:1c:ed:64:91:
         6b:62:8c:d4:71:57:9b:e6:09:9a:79:bb:b0:61:38:3e:6e:18:
         af:ec:e3:aa:38:14:8a:06:70:e4:c0:40:b2:9d:1a:fb:30:2c:
         66:f9:49:83:7f:77:80:2b:af:c0:87:db:44:cc:0b:58:9e:53:
         26:34:9d:9a:8f:c2:1a:7c:b1:d0:85:70:7f:0f:60:a5:54:1a:
         e2:73:29:8d:5b:83:48:30:2d:53:dd:1d:e7:43:65:07:24:38:
         ef:12:38:cf:45:26:51:56:d2:9e:0c:e2:23:e3:05:32:88:bf:
         e8:3b:16:5b:e3:f8:47:37:f6:b1:68:7a:fe:f2:24:83:5a:10:
         c3:3a:57:af:6c:75:d7:c0:79:91:c2:5b:78:b9:45:4a:b3:7c:
         c5:cc:8f:6c:f2:5a:cb:6c:ed:c3:d9:a1:4b:1c:7d:e0:b4:f3:
         df:90:4b:38
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIEF/edSjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
M2Q4NDQ4YzVjYjkwMzk4ZTRjMjg1Y2VjOWMwZjQ3NjZhYzkzMWRmMB4XDTIyMDEw
MTA5NTQzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2I5YzFlYmY4YzJm
ZmU0M2JmN2Q5OGI5ZWY2ZTQxZGJmOTRlMDg3YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKU4O8Pj+rEOnuS3d2le93KCGi+5icUFdmAPrUJgkiokVSFH
Q0pIilA6ofxrlHj/ge8ZkbTnRmxEwQyJ5grUy3t69XvHj/7w6QjOV1ngvjyzUSgV
VN7sCfFr+mHSRMN/luc045y6twJ9DfgBLDDpvrDt7sA0GLNZT1deGcPTnIdjvOwK
BCzAlubyxMt6erhgnHdZ4JHB+3wBXv5IrO4KkInt2I7YQ2/djJk3oRJ9JD2QzWeS
TZM3ImbN7RthaNelkvNXYQQLiC14vwRquJKum6BiOW4vhzPiz6L+aBMebwl6gCRo
BQWXnXu5y+FLS98qxUupLFKxB9PrRcDDWiBXmAMCAwEAAaOCAiswggInMB0GA1Ud
DgQWBBTLnB6/jC/+Q799mLnvbkHb+U4IezAfBgNVHSMEGDAWgBQj2ESMXLkDmOTC
hc7JwPR2askx3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0k5aEVqRnk1QTVqa3dvWE95Y0QwZG1ySk1kOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTkvZjRhODBkLWY1ZjctNDUyMi1iOWI1LWY3NzJhMDEzOTAxNi8x
L3k1d2V2NHd2X2tPX2ZaaTU3MjVCMl9sT0NIcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkv
ZjRhODBkLWY1ZjctNDUyMi1iOWI1LWY3NzJhMDEzOTAxNi8xL0k5aEVqRnk1QTVq
a3dvWE95Y0QwZG1ySk1kOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBB
BggrBgEFBQcBBwEB/wQyMDAwFgQCAAEwEAMDAE5oAwQCuZooAwMBwaowFgQCAAIw
EAMFAyABBigDBwAgAQZ8GGQwDQYJKoZIhvcNAQELBQADggEBANIzyVxhB45O8CWU
/vtBZ5AMjHZMNIidIJmMZH6xG3wzRTRPkE2ILQiql0mDbJB2BBpleBLg5kF5J1qb
+BWFPawbNCbLvWJ2+mfI6HBitSrS3jp7jZB/HO1kkWtijNRxV5vmCZp5u7BhOD5u
GK/s46o4FIoGcOTAQLKdGvswLGb5SYN/d4Arr8CH20TMC1ieUyY0nZqPwhp8sdCF
cH8PYKVUGuJzKY1bg0gwLVPdHedDZQckOO8SOM9FJlFW0p4M4iPjBTKIv+g7Flvj
+Ec39rFoev7yJINaEMM6V69sddfAeZHCW3i5RUqzfMXMj2zyWsts7cPZoUscfeC0
89+QSzg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:21 2024 by rpki-client on console-ams.rpki-client.org