Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/ogWF3GOMz5OFrmWWqsYN_qZ3ZSA.roa
File:                     ogWF3GOMz5OFrmWWqsYN_qZ3ZSA.roa (raw, json)
Hash identifier:          cXGMMeYMndjo5NdTESvkzzFrgcyyneNea6hL6IS8ouc=
Subject key identifier:   A2:05:85:DC:63:8C:CF:93:85:AE:65:96:AA:C6:0D:FE:A6:77:65:20
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       44CF8104
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/ogWF3GOMz5OFrmWWqsYN_qZ3ZSA.roa
Signing time:             Sat 01 Jan 2022 14:06:47 +0000
ROA not before:           Sat 01 Jan 2022 14:06:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20857
IP address blocks:        188.240.52.0/22 maxlen: 22
                          93.119.0.0/20 maxlen: 20
                          84.247.8.0/21 maxlen: 21
                          195.8.195.0/24 maxlen: 24
                          85.10.128.0/19 maxlen: 19
                          89.41.168.0/22 maxlen: 22
                          87.253.128.0/19 maxlen: 19
                          31.14.96.0/22 maxlen: 22
                          185.10.48.0/22 maxlen: 22
                          77.72.144.0/21 maxlen: 21
                          95.170.64.0/19 maxlen: 19
                          80.69.64.0/19 maxlen: 19
                          195.135.195.0/24 maxlen: 24
                          185.108.112.0/22 maxlen: 22
                          37.97.128.0/17 maxlen: 17
                          86.105.244.0/22 maxlen: 22
                          188.241.148.0/22 maxlen: 22
                          149.210.128.0/17 maxlen: 17
                          141.138.136.0/21 maxlen: 21
                          37.34.56.0/21 maxlen: 21
                          2a01:7c8::/32 maxlen: 32
                          2a01:7c8:7000::/36 maxlen: 36
                          2a01:7c8:d000::/36 maxlen: 36
                          2a01:7c8:e000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1154449668 (0x44cf8104)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Jan  1 14:06:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a20585dc638ccf9385ae6596aac60dfea6776520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:33:af:9a:46:aa:d5:46:51:ea:f3:55:c5:de:
                    fe:9d:3a:27:25:ab:ea:29:43:2f:6c:0b:d3:cf:52:
                    c7:0e:ac:59:86:aa:6a:15:5a:2a:72:93:3e:62:67:
                    6d:ff:01:24:90:33:cb:ce:f6:2c:e9:43:a1:73:aa:
                    0e:c7:1b:e9:89:e8:ed:34:15:c2:a2:4c:35:40:df:
                    f4:8f:ca:96:cb:c3:7d:f6:ba:b2:a4:e1:19:e4:a9:
                    9d:98:48:04:6a:88:be:27:57:62:b1:2a:8b:92:47:
                    26:67:73:ad:65:89:85:41:fc:3f:2d:ef:d5:ec:6c:
                    ba:8e:4c:8f:3a:b8:1d:fd:39:70:59:fd:95:07:6b:
                    f3:59:2e:a4:12:c2:22:bb:74:2b:d0:e2:35:e8:db:
                    59:de:37:13:00:c0:28:d5:92:b7:8f:77:18:35:fe:
                    05:d0:f6:b5:6b:64:8e:84:80:53:53:c4:92:19:7b:
                    00:34:0b:60:86:67:9a:81:90:bd:ce:af:5b:9f:9a:
                    03:dc:cc:2a:a0:4d:09:46:18:40:62:eb:85:ba:69:
                    f6:d5:88:fc:87:ec:40:b1:0e:d5:dc:67:22:71:a3:
                    64:ee:7b:e0:47:68:64:83:a3:c7:3c:7b:c4:3b:6a:
                    33:7e:f9:87:0e:3a:01:09:0c:af:b5:bd:59:c2:ad:
                    0f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:05:85:DC:63:8C:CF:93:85:AE:65:96:AA:C6:0D:FE:A6:77:65:20
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/ogWF3GOMz5OFrmWWqsYN_qZ3ZSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.96.0/22
                  37.34.56.0/21
                  37.97.128.0/17
                  77.72.144.0/21
                  80.69.64.0/19
                  84.247.8.0/21
                  85.10.128.0/19
                  86.105.244.0/22
                  87.253.128.0/19
                  89.41.168.0/22
                  93.119.0.0/20
                  95.170.64.0/19
                  141.138.136.0/21
                  149.210.128.0/17
                  185.10.48.0/22
                  185.108.112.0/22
                  188.240.52.0/22
                  188.241.148.0/22
                  195.8.195.0/24
                  195.135.195.0/24
                IPv6:
                  2a01:7c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:8e:51:9d:cf:fe:77:d6:fc:1e:7d:90:60:9e:d5:66:6a:9c:
         d6:be:98:a7:5a:bc:e4:23:f4:97:c8:22:b0:d3:d1:b7:42:a9:
         4e:d1:36:54:e6:d6:6d:f4:5f:06:02:5f:76:a0:0f:4f:a3:2e:
         9e:86:79:f6:67:de:1d:3b:ee:de:b3:d0:25:3f:2f:1f:e6:45:
         4d:3f:56:d6:2b:df:51:28:38:8c:d3:26:0c:be:69:29:3f:19:
         41:a7:4b:dd:cb:38:7b:95:d3:67:a1:d3:f1:d7:09:24:2e:e0:
         2e:4f:5f:42:95:f0:e5:c7:16:d0:78:17:59:57:cc:09:f0:f1:
         c3:fc:7f:06:e3:86:6d:4e:45:30:fe:1b:14:88:08:4d:46:8f:
         88:33:bc:a3:1f:e9:9f:b6:d5:6f:05:c4:43:61:38:3a:fa:59:
         5b:59:2f:63:8b:fc:5c:f0:db:1f:92:6e:3f:4b:9c:50:03:e3:
         0d:44:a3:dc:06:d6:80:b4:6e:db:bd:79:b2:e5:4f:b1:dd:9e:
         95:89:ac:8d:5a:f3:e7:16:b6:0f:d8:ce:71:5c:90:21:7d:ea:
         24:52:c0:5d:af:62:56:63:cb:a6:9d:9d:c9:a1:73:9b:fd:9a:
         ee:4e:c3:eb:6a:3b:36:69:6a:a2:e7:34:81:3c:29:81:7d:03:
         e4:34:e3:b6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIERM+BBDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
NTEzNjljY2JmODZiMWU4NGUxYWViNDZlNmQzMzZkMzlmNzUyYWU3MB4XDTIyMDEw
MTE0MDY0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTIwNTg1ZGM2Mzhj
Y2Y5Mzg1YWU2NTk2YWFjNjBkZmVhNjc3NjUyMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJgzr5pGqtVGUerzVcXe/p06JyWr6ilDL2wL089Sxw6sWYaq
ahVaKnKTPmJnbf8BJJAzy872LOlDoXOqDscb6Yno7TQVwqJMNUDf9I/KlsvDffa6
sqThGeSpnZhIBGqIvidXYrEqi5JHJmdzrWWJhUH8Py3v1exsuo5Mjzq4Hf05cFn9
lQdr81kupBLCIrt0K9DiNejbWd43EwDAKNWSt493GDX+BdD2tWtkjoSAU1PEkhl7
ADQLYIZnmoGQvc6vW5+aA9zMKqBNCUYYQGLrhbpp9tWI/IfsQLEO1dxnInGjZO57
4EdoZIOjxzx7xDtqM375hw46AQkMr7W9WcKtD1ECAwEAAaOCAo0wggKJMB0GA1Ud
DgQWBBSiBYXcY4zPk4WuZZaqxg3+pndlIDAfBgNVHSMEGDAWgBT1E2nMv4ax6E4a
60bm0zbTn3Uq5zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzlSTnB6TC1Hc2VoT0d1dEc1dE0yMDU5MUt1Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTIvMmQ1YmRmLTUyNjUtNDliOC04YWZlLTJiOTIwYmRlMzk5MC8x
L29nV0YzR09NejVPRnJtV1dxc1lOX3FaM1pTQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIv
MmQ1YmRmLTUyNjUtNDliOC04YWZlLTJiOTIwYmRlMzk5MC8xLzlSTnB6TC1Hc2Vo
T0d1dEc1dE0yMDU5MUt1Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
ogYIKwYBBQUHAQcBAf8EgZIwgY8wfgQCAAEweAMEAh8OYAMEAyUiOAMEByVhgAME
A01IkAMEBVBFQAMEA1T3CAMEBVUKgAMEAlZp9AMEBVf9gAMEAlkpqAMEBF13AAME
BV+qQAMEA42KiAMEB5XSgAMEArkKMAMEArlscAMEArzwNAMEArzxlAMEAMMIwwME
AMOHwzANBAIAAjAHAwUAKgEHyDANBgkqhkiG9w0BAQsFAAOCAQEAZI5Rnc/+d9b8
Hn2QYJ7VZmqc1r6Yp1q85CP0l8gisNPRt0KpTtE2VObWbfRfBgJfdqAPT6MunoZ5
9mfeHTvu3rPQJT8vH+ZFTT9W1ivfUSg4jNMmDL5pKT8ZQadL3cs4e5XTZ6HT8dcJ
JC7gLk9fQpXw5ccW0HgXWVfMCfDxw/x/BuOGbU5FMP4bFIgITUaPiDO8ox/pn7bV
bwXEQ2E4OvpZW1kvY4v8XPDbH5JuP0ucUAPjDUSj3AbWgLRu2715suVPsd2elYms
jVrz5xa2D9jOcVyQIX3qJFLAXa9iVmPLpp2dyaFzm/2a7k7D62o7Nmlqouc0gTwp
gX0D5DTjtg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:01 2024 by rpki-client on console-fra.rpki-client.org