Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/qMsNCv3G9nQRBKzVin6gtLKhOfM.roa
File:                     qMsNCv3G9nQRBKzVin6gtLKhOfM.roa (raw, json)
Hash identifier:          ggxoHXy0VHJS2L+YvA8pAl9AjmJ7cFXRvfmpyuqYWWM=
Subject key identifier:   A8:CB:0D:0A:FD:C6:F6:74:11:04:AC:D5:8A:7E:A0:B4:B2:A1:39:F3
Certificate issuer:       /CN=7ed500164f0738135b9aec04e38fc24cb90e0f5f
Certificate serial:       018520294A872802D4F96ADCBA04488C1361
Authority key identifier: 7E:D5:00:16:4F:07:38:13:5B:9A:EC:04:E3:8F:C2:4C:B9:0E:0F:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ftUAFk8HOBNbmuwE44_CTLkOD18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/qMsNCv3G9nQRBKzVin6gtLKhOfM.roa
Signing time:             Sat 17 Dec 2022 12:57:35 +0000
ROA not before:           Sat 17 Dec 2022 12:57:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204279
IP address blocks:        185.108.250.0/24 maxlen: 24
                          185.108.249.0/24 maxlen: 24
                          185.108.248.0/22 maxlen: 24
                          178.249.192.0/23 maxlen: 24
                          178.249.192.0/21 maxlen: 24
                          178.249.194.0/23 maxlen: 24
                          153.94.16.0/20 maxlen: 24
                          2a06:4942:200::/40 maxlen: 40
                          2a06:4942::/41 maxlen: 41
                          2a01:a4a0::/32 maxlen: 32
                          2a06:4940::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:20:29:4a:87:28:02:d4:f9:6a:dc:ba:04:48:8c:13:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ed500164f0738135b9aec04e38fc24cb90e0f5f
        Validity
            Not Before: Dec 17 12:57:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a8cb0d0afdc6f6741104acd58a7ea0b4b2a139f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:de:c3:99:df:e3:50:38:ca:86:28:5a:73:69:
                    2a:1e:5f:31:a9:68:e7:72:60:f5:78:de:18:0d:8b:
                    cf:69:51:75:dd:de:cf:cd:f9:9c:59:c0:fd:06:f4:
                    5e:27:84:2f:6d:29:c6:bc:31:f8:bf:8b:f8:68:31:
                    73:2d:88:f3:7a:7b:42:80:91:16:61:be:ee:e3:27:
                    e4:8f:48:ea:52:6f:db:1e:74:2e:ea:66:70:d5:7f:
                    7f:a2:f5:11:6c:fd:e1:08:be:8d:6f:70:f6:75:71:
                    e0:ce:fd:09:da:dc:62:5c:b4:00:8c:7f:ed:53:6f:
                    dc:d7:67:19:90:33:40:60:23:1c:3c:14:6a:a3:dd:
                    fb:87:ad:84:3e:b2:61:e3:96:e5:99:f2:3d:6d:fb:
                    36:f1:88:bb:ad:19:fd:44:b6:6e:3b:c2:f3:6f:8c:
                    07:6b:3a:52:d2:f6:07:9f:fc:52:29:61:13:a1:43:
                    07:b2:91:b0:03:d0:93:81:e9:1b:d0:9a:57:34:91:
                    e1:4f:ad:58:ca:2b:d5:1c:06:c9:8b:3a:7d:dc:83:
                    72:9b:2b:72:73:3a:e0:26:2a:4f:16:9f:bc:e1:f9:
                    74:ce:45:14:fa:2c:ce:96:b0:85:a4:29:91:51:67:
                    7b:ce:66:9e:69:2b:39:82:da:7a:36:cd:5b:7b:dd:
                    be:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:CB:0D:0A:FD:C6:F6:74:11:04:AC:D5:8A:7E:A0:B4:B2:A1:39:F3
            X509v3 Authority Key Identifier:
                keyid:7E:D5:00:16:4F:07:38:13:5B:9A:EC:04:E3:8F:C2:4C:B9:0E:0F:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ftUAFk8HOBNbmuwE44_CTLkOD18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/qMsNCv3G9nQRBKzVin6gtLKhOfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/ftUAFk8HOBNbmuwE44_CTLkOD18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.94.16.0/20
                  178.249.192.0/21
                  185.108.248.0/22
                IPv6:
                  2a01:a4a0::/32
                  2a06:4940::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:2e:d8:43:26:7f:1a:82:7f:d9:2d:7c:fb:6c:3b:cb:89:3b:
         73:f6:0b:10:59:c3:06:43:e0:bc:6e:6f:cb:d7:78:77:4f:a7:
         b6:d4:84:a1:55:0b:66:75:96:76:07:14:54:8b:9f:27:76:85:
         b2:03:9f:b6:fd:ed:30:10:df:db:f7:5b:f9:7a:5a:19:97:d6:
         39:60:28:73:6e:22:ec:f5:98:c3:b2:97:8a:83:8a:e6:d4:94:
         8a:b7:f7:73:33:43:2f:9d:ae:50:19:6d:d9:23:6c:f1:46:e2:
         50:21:15:16:72:a8:18:f8:41:83:8f:5e:cd:19:97:42:89:68:
         7a:0a:46:70:3a:e4:02:a1:13:41:c4:2a:78:1c:7d:55:83:cd:
         d5:84:8b:a8:2d:7c:39:0a:38:f6:5d:64:91:33:21:5c:dd:00:
         9e:78:e4:d1:9c:c3:8b:d8:0c:24:1f:4e:04:57:a9:46:d0:47:
         6b:1c:c7:b5:6b:a3:83:c4:db:98:52:4b:ad:d4:b3:78:c8:6e:
         42:61:6a:7f:38:6c:c6:f7:76:63:3a:97:c3:b5:b0:ca:f4:38:
         3a:79:cc:2b:99:fc:f6:7c:a1:f4:d9:45:91:aa:2d:b5:53:cb:
         72:c6:b4:62:89:1f:4c:9c:46:9f:3e:68:6f:18:d7:54:31:51:
         a9:ec:ad:f0
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYUgKUqHKALU+WrcugRIjBNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZDUwMDE2NGYwNzM4MTM1YjlhZWMwNGUzOGZjMjRjYjkw
ZTBmNWYwHhcNMjIxMjE3MTI1NzM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGNiMGQwYWZkYzZmNjc0MTEwNGFjZDU4YTdlYTBiNGIyYTEzOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd7Dmd/jUDjKhihac2kqHl8xqWjn
cmD1eN4YDYvPaVF13d7PzfmcWcD9BvReJ4QvbSnGvDH4v4v4aDFzLYjzentCgJEW
Yb7u4yfkj0jqUm/bHnQu6mZw1X9/ovURbP3hCL6Nb3D2dXHgzv0J2txiXLQAjH/t
U2/c12cZkDNAYCMcPBRqo937h62EPrJh45blmfI9bfs28Yi7rRn9RLZuO8Lzb4wH
azpS0vYHn/xSKWEToUMHspGwA9CTgekb0JpXNJHhT61YyivVHAbJizp93INymyty
czrgJipPFp+84fl0zkUU+izOlrCFpCmRUWd7zmaeaSs5gtp6Ns1be92+VwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKjLDQr9xvZ0EQSs1Yp+oLSyoTnzMB8GA1UdIwQY
MBaAFH7VABZPBzgTW5rsBOOPwky5Dg9fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnRVQUZrOEhPQk5ibXV3RTQ0X0NUTGtPRDE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC85YzUzNTktMzQ1Mi00MmYzLTg4MGIt
ODJkOWE5ZWI0MzBjLzEvcU1zTkN2M0c5blFSQkt6VmluNmd0TEtoT2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC85YzUzNTktMzQ1Mi00MmYzLTg4MGItODJkOWE5ZWI0MzBj
LzEvZnRVQUZrOEhPQk5ibXV3RTQ0X0NUTGtPRDE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQEmV4QAwQD
svnAAwQCuWz4MBQEAgACMA4DBQAqAaSgAwUDKgZJQDANBgkqhkiG9w0BAQsFAAOC
AQEATC7YQyZ/GoJ/2S18+2w7y4k7c/YLEFnDBkPgvG5vy9d4d0+nttSEoVULZnWW
dgcUVIufJ3aFsgOftv3tMBDf2/db+XpaGZfWOWAoc24i7PWYw7KXioOK5tSUirf3
czNDL52uUBlt2SNs8UbiUCEVFnKoGPhBg49ezRmXQoloegpGcDrkAqETQcQqeBx9
VYPN1YSLqC18OQo49l1kkTMhXN0Annjk0ZzDi9gMJB9OBFepRtBHaxzHtWujg8Tb
mFJLrdSzeMhuQmFqfzhsxvd2YzqXw7WwyvQ4OnnMK5n89nyh9NlFkaottVPLcsa0
YokfTJxGnz5obxjXVDFRqeyt8A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:35:48 2024 by rpki-client on console-ams.rpki-client.org