Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/047ce4-44ae-4273-94fa-dc634e8aa2a3/1/wcCXrd6w5Jvt0zkiuW8ZWdeewus.roa
File:                     wcCXrd6w5Jvt0zkiuW8ZWdeewus.roa (raw, json)
Hash identifier:          ceEUO7YAuB/S+dnXVM+iJXJEjaeN8rHYf/WbGqmYhVU=
Subject key identifier:   C1:C0:97:AD:DE:B0:E4:9B:ED:D3:39:22:B9:6F:19:59:D7:9E:C2:EB
Certificate issuer:       /CN=11efdbd727fb5bd53cec6957a29b47c2c34a834c
Certificate serial:       07E016E6
Authority key identifier: 11:EF:DB:D7:27:FB:5B:D5:3C:EC:69:57:A2:9B:47:C2:C3:4A:83:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ee_b1yf7W9U87GlXoptHwsNKg0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/047ce4-44ae-4273-94fa-dc634e8aa2a3/1/wcCXrd6w5Jvt0zkiuW8ZWdeewus.roa
Signing time:             Sat 01 Jan 2022 15:59:23 +0000
ROA not before:           Sat 01 Jan 2022 15:59:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202859
IP address blocks:        185.152.21.0/24 maxlen: 24
                          185.152.22.0/24 maxlen: 24
                          185.152.20.0/24 maxlen: 24
                          185.152.23.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 132126438 (0x7e016e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11efdbd727fb5bd53cec6957a29b47c2c34a834c
        Validity
            Not Before: Jan  1 15:59:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c1c097addeb0e49bedd33922b96f1959d79ec2eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a7:03:1a:85:6e:1a:89:88:6f:f5:5f:69:14:
                    9e:6c:61:bc:1d:42:43:b1:6d:c6:9d:02:61:6c:f4:
                    f2:0d:f7:7c:f1:c5:7d:bb:b5:fd:d9:9f:09:2d:ff:
                    e6:90:6e:4e:3a:11:77:f6:dc:00:53:ba:e4:ff:70:
                    2e:fb:56:67:07:16:df:a7:09:07:93:c5:f1:c1:24:
                    87:e7:76:0e:ac:23:e9:0b:10:91:4a:9e:ee:f4:43:
                    36:fe:55:97:5b:9c:e6:40:73:ad:39:6a:ed:60:3b:
                    ea:16:13:e3:af:cf:08:27:dc:f7:66:4a:f7:80:d9:
                    b1:71:51:96:54:b8:aa:7d:c1:2c:d5:40:28:b5:e0:
                    88:98:4b:e7:6e:f0:9b:ed:d7:82:1d:b4:01:75:1c:
                    54:5a:7b:70:40:70:bb:93:7a:55:a2:38:6e:3d:45:
                    85:d5:44:28:f8:d1:a6:e9:40:c0:f4:98:d7:8e:2a:
                    4a:bb:e1:f1:3d:b3:21:d0:a0:29:85:49:fb:4f:5e:
                    e4:79:2e:e6:a0:fd:58:a6:68:89:51:2b:0a:62:4e:
                    79:86:58:61:c5:b4:1a:c6:e1:1c:c7:46:0a:b3:7c:
                    17:f4:52:cc:06:d6:15:b5:26:f3:11:25:c8:fa:0b:
                    d7:8f:fe:a3:be:c1:12:49:1c:92:a5:04:14:11:3e:
                    c8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C0:97:AD:DE:B0:E4:9B:ED:D3:39:22:B9:6F:19:59:D7:9E:C2:EB
            X509v3 Authority Key Identifier:
                keyid:11:EF:DB:D7:27:FB:5B:D5:3C:EC:69:57:A2:9B:47:C2:C3:4A:83:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ee_b1yf7W9U87GlXoptHwsNKg0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/047ce4-44ae-4273-94fa-dc634e8aa2a3/1/wcCXrd6w5Jvt0zkiuW8ZWdeewus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/047ce4-44ae-4273-94fa-dc634e8aa2a3/1/Ee_b1yf7W9U87GlXoptHwsNKg0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:72:d7:dd:bc:0a:da:bb:37:b7:b4:fd:09:16:06:04:83:80:
         8f:4b:8a:3e:31:e7:be:b1:cd:24:52:e2:4a:14:59:2b:41:00:
         ec:e2:d6:4a:07:17:5f:5d:8b:f0:02:c3:f4:62:a0:9c:ae:86:
         a2:b7:92:46:be:66:aa:e4:bf:b4:ce:65:0c:49:7e:0b:50:b9:
         3f:d2:98:18:03:49:14:c5:a1:c1:aa:29:bb:6e:77:b7:0f:6d:
         e1:42:ec:d1:06:93:a6:b6:f0:e1:67:b0:d2:22:f2:33:e6:f6:
         6b:20:f4:6f:82:d3:df:72:d6:21:f0:2b:d8:6c:81:c9:1b:35:
         68:d0:ba:ff:46:f8:24:cc:20:8b:24:e0:ce:56:5e:ae:b8:37:
         95:f2:11:1f:e2:5d:71:3d:8c:4b:80:24:63:65:c9:9a:e7:28:
         80:29:98:6b:d1:3d:b6:f9:f8:cd:e7:56:22:98:e2:79:ab:a3:
         22:97:08:c4:9c:31:b3:b4:56:3a:7a:e9:b4:95:11:a1:20:3e:
         18:01:40:c2:13:21:af:13:30:da:43:d2:99:87:63:4b:05:70:
         69:68:fb:7a:55:4d:36:c2:b3:35:69:81:6d:1e:b1:bf:0f:b2:
         c4:c4:49:0e:bc:57:70:83:8c:63:fb:d1:49:d2:fb:76:cc:13:
         ad:be:b7:05
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB+AW5jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MWVmZGJkNzI3ZmI1YmQ1M2NlYzY5NTdhMjliNDdjMmMzNGE4MzRjMB4XDTIyMDEw
MTE1NTkyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzFjMDk3YWRkZWIw
ZTQ5YmVkZDMzOTIyYjk2ZjE5NTlkNzllYzJlYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKinAxqFbhqJiG/1X2kUnmxhvB1CQ7Ftxp0CYWz08g33fPHF
fbu1/dmfCS3/5pBuTjoRd/bcAFO65P9wLvtWZwcW36cJB5PF8cEkh+d2Dqwj6QsQ
kUqe7vRDNv5Vl1uc5kBzrTlq7WA76hYT46/PCCfc92ZK94DZsXFRllS4qn3BLNVA
KLXgiJhL527wm+3Xgh20AXUcVFp7cEBwu5N6VaI4bj1FhdVEKPjRpulAwPSY144q
Srvh8T2zIdCgKYVJ+09e5Hku5qD9WKZoiVErCmJOeYZYYcW0GsbhHMdGCrN8F/RS
zAbWFbUm8xElyPoL14/+o77BEkkckqUEFBE+yGMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTBwJet3rDkm+3TOSK5bxlZ157C6zAfBgNVHSMEGDAWgBQR79vXJ/tb1Tzs
aVeim0fCw0qDTDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VlX2IxeWY3VzlVODdHbFhvcHRId3NOS2cwdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWYvMDQ3Y2U0LTQ0YWUtNDI3My05NGZhLWRjNjM0ZThhYTJhMy8x
L3djQ1hyZDZ3NUp2dDB6a2l1VzhaV2RlZXd1cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWYv
MDQ3Y2U0LTQ0YWUtNDI3My05NGZhLWRjNjM0ZThhYTJhMy8xL0VlX2IxeWY3VzlV
ODdHbFhvcHRId3NOS2cwdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmYFDANBgkqhkiG9w0BAQsFAAOC
AQEAVXLX3bwK2rs3t7T9CRYGBIOAj0uKPjHnvrHNJFLiShRZK0EA7OLWSgcXX12L
8ALD9GKgnK6GoreSRr5mquS/tM5lDEl+C1C5P9KYGANJFMWhwaopu253tw9t4ULs
0QaTprbw4Wew0iLyM+b2ayD0b4LT33LWIfAr2GyByRs1aNC6/0b4JMwgiyTgzlZe
rrg3lfIRH+JdcT2MS4AkY2XJmucogCmYa9E9tvn4zedWIpjieaujIpcIxJwxs7RW
OnrptJURoSA+GAFAwhMhrxMw2kPSmYdjSwVwaWj7elVNNsKzNWmBbR6xvw+yxMRJ
DrxXcIOMY/vRSdL7dswTrb63BQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:30 2024 by rpki-client on console-ams.rpki-client.org