Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/XqsAqz2lXU3l_-JXqhfSU3EqM-I.roa
File:                     XqsAqz2lXU3l_-JXqhfSU3EqM-I.roa (raw, json)
Hash identifier:          e6qoj8GK3uWmPZun17r3zwWUu/bfUuTuJuDocQSD6nM=
Subject key identifier:   5E:AB:00:AB:3D:A5:5D:4D:E5:FF:E2:57:AA:17:D2:53:71:2A:33:E2
Certificate issuer:       /CN=ac8a69ecb787cce9892dc65480463fb088b613df
Certificate serial:       33E6313E
Authority key identifier: AC:8A:69:EC:B7:87:CC:E9:89:2D:C6:54:80:46:3F:B0:88:B6:13:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIpp7LeHzOmJLcZUgEY_sIi2E98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/XqsAqz2lXU3l_-JXqhfSU3EqM-I.roa
Signing time:             Sat 01 Jan 2022 01:50:56 +0000
ROA not before:           Sat 01 Jan 2022 01:50:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44946
IP address blocks:        93.94.135.0/24 maxlen: 24
                          194.187.64.0/22 maxlen: 24
                          195.49.152.0/22 maxlen: 24
                          185.59.200.0/22 maxlen: 24
                          93.94.128.0/21 maxlen: 24
                          2a02:158::/32 maxlen: 64
                          2a02:158:aa00::/39 maxlen: 39
                          2a02:158:fffe::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 870723902 (0x33e6313e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a69ecb787cce9892dc65480463fb088b613df
        Validity
            Not Before: Jan  1 01:50:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5eab00ab3da55d4de5ffe257aa17d253712a33e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e0:e7:19:79:05:0f:0f:a4:8b:5b:c0:82:b4:
                    05:1a:26:20:c2:eb:43:2b:81:98:f8:06:aa:64:f3:
                    de:ad:ce:3b:b1:5b:37:ad:29:b3:fa:60:ad:68:e8:
                    1e:26:69:ad:f4:fb:f1:bf:07:26:c8:08:5e:21:18:
                    05:6f:06:cf:60:a6:7c:f8:21:cd:ef:dd:7b:73:a0:
                    23:cc:18:b1:1e:23:b2:69:e1:54:ed:a2:16:8b:17:
                    c2:ab:1e:66:15:78:54:21:d1:7b:eb:8f:f0:73:81:
                    36:ab:ab:bb:53:e9:f7:30:9e:88:bc:e2:fc:bd:3f:
                    4d:c6:2a:13:e4:0d:50:48:7d:5c:b3:1d:b5:c0:94:
                    ff:8a:30:29:81:0c:8b:38:71:36:1a:65:88:5e:e6:
                    66:cb:e5:2a:4e:df:ae:07:ea:c3:b8:2f:3c:59:a8:
                    b6:d8:9c:c9:20:c2:c2:95:cd:86:1a:ee:6c:36:5b:
                    33:c1:fa:4d:ef:17:ad:87:3b:4d:2e:eb:5e:96:4d:
                    8d:c6:a3:74:67:6c:38:41:10:a0:96:6a:a4:d8:5f:
                    2a:3b:17:4e:95:07:43:8b:88:11:99:0b:dd:d7:c2:
                    a9:a5:cc:98:a0:ee:30:19:6c:3d:e7:c5:f8:1c:e8:
                    f5:02:94:5e:8d:92:39:32:e8:65:50:78:c9:de:7c:
                    d0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:AB:00:AB:3D:A5:5D:4D:E5:FF:E2:57:AA:17:D2:53:71:2A:33:E2
            X509v3 Authority Key Identifier:
                keyid:AC:8A:69:EC:B7:87:CC:E9:89:2D:C6:54:80:46:3F:B0:88:B6:13:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIpp7LeHzOmJLcZUgEY_sIi2E98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/XqsAqz2lXU3l_-JXqhfSU3EqM-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/rIpp7LeHzOmJLcZUgEY_sIi2E98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.128.0/21
                  185.59.200.0/22
                  194.187.64.0/22
                  195.49.152.0/22
                IPv6:
                  2a02:158::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:e7:f6:dd:e2:e7:27:80:5c:b8:c7:34:15:47:54:f8:f7:8c:
         3b:e4:10:01:8e:a9:9b:01:5d:e8:da:53:fd:24:cb:a1:ee:2f:
         dc:57:53:2f:83:bb:47:67:e1:1a:3d:93:96:fc:f7:e5:fa:b5:
         9f:2f:dc:cf:ec:0c:41:88:22:e5:4a:e7:2f:fa:22:16:da:d9:
         77:92:02:2d:d9:d0:4d:4d:fe:e9:31:fa:da:f4:53:9f:b9:0e:
         99:2c:b1:57:1e:f9:5a:b7:bd:49:46:34:bf:41:3f:fc:fa:55:
         35:41:2a:41:a4:ef:b5:62:e3:7e:ed:07:d1:cd:cf:46:51:d8:
         52:26:bd:f8:69:23:42:4e:f8:8c:eb:bd:25:bb:81:eb:0c:93:
         37:5b:39:51:bd:25:9e:f9:40:b7:7e:bd:5d:e7:17:6e:2e:98:
         7a:40:49:29:24:24:cc:6d:7d:63:bd:8a:3d:05:ab:20:38:5b:
         67:e9:1d:8c:85:ce:37:de:c7:2f:5b:79:be:f5:7c:68:69:96:
         91:7d:91:f1:1a:b2:97:99:5e:01:59:db:7e:83:a6:18:85:0e:
         cc:38:f5:16:a5:9b:40:9d:73:81:68:8c:00:48:91:99:7a:cd:
         be:89:3c:91:9e:3b:6c:0d:d3:75:61:fe:38:be:b7:9f:80:02:
         d1:c2:22:63
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEM+YxPjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YzhhNjllY2I3ODdjY2U5ODkyZGM2NTQ4MDQ2M2ZiMDg4YjYxM2RmMB4XDTIyMDEw
MTAxNTA1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWVhYjAwYWIzZGE1
NWQ0ZGU1ZmZlMjU3YWExN2QyNTM3MTJhMzNlMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMvg5xl5BQ8PpItbwIK0BRomIMLrQyuBmPgGqmTz3q3OO7Fb
N60ps/pgrWjoHiZprfT78b8HJsgIXiEYBW8Gz2CmfPghze/de3OgI8wYsR4jsmnh
VO2iFosXwqseZhV4VCHRe+uP8HOBNquru1Pp9zCeiLzi/L0/TcYqE+QNUEh9XLMd
tcCU/4owKYEMizhxNhpliF7mZsvlKk7frgfqw7gvPFmotticySDCwpXNhhrubDZb
M8H6Te8XrYc7TS7rXpZNjcajdGdsOEEQoJZqpNhfKjsXTpUHQ4uIEZkL3dfCqaXM
mKDuMBlsPefF+Bzo9QKUXo2SOTLoZVB4yd580K0CAwEAAaOCAiowggImMB0GA1Ud
DgQWBBReqwCrPaVdTeX/4leqF9JTcSoz4jAfBgNVHSMEGDAWgBSsimnst4fM6Ykt
xlSARj+wiLYT3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JJcHA3TGVIek9tSkxjWlVnRVlfc0lpMkU5OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTIvODdkYWRmLTI5ZDktNDlkMy04YWM2LTRjYzQwZmZkNzk2ZC8x
L1hxc0FxejJsWFUzbF8tSlhxaGZTVTNFcU0tSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIv
ODdkYWRmLTI5ZDktNDlkMy04YWM2LTRjYzQwZmZkNzk2ZC8xL3JJcHA3TGVIek9t
SkxjWlVnRVlfc0lpMkU5OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEA11egAMEArk7yAMEAsK7QAMEAsMx
mDANBAIAAjAHAwUAKgIBWDANBgkqhkiG9w0BAQsFAAOCAQEADef23eLnJ4BcuMc0
FUdU+PeMO+QQAY6pmwFd6NpT/STLoe4v3FdTL4O7R2fhGj2Tlvz35fq1ny/cz+wM
QYgi5UrnL/oiFtrZd5ICLdnQTU3+6TH62vRTn7kOmSyxVx75Wre9SUY0v0E//PpV
NUEqQaTvtWLjfu0H0c3PRlHYUia9+GkjQk74jOu9JbuB6wyTN1s5Ub0lnvlAt369
XecXbi6YekBJKSQkzG19Y72KPQWrIDhbZ+kdjIXON97HL1t5vvV8aGmWkX2R8Rqy
l5leAVnbfoOmGIUOzDj1FqWbQJ1zgWiMAEiRmXrNvok8kZ47bA3TdWH+OL63n4AC
0cIiYw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:04 2024 by rpki-client on console-fra.rpki-client.org