Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/A95CMbGSeFh2zTdGWAEUJYWhaxY.roa
File:                     A95CMbGSeFh2zTdGWAEUJYWhaxY.roa (raw, json)
Hash identifier:          eL8HGVJgB7SkdbS225+sMCKezv/vUm5m4QfwQi00BGo=
Subject key identifier:   03:DE:42:31:B1:92:78:58:76:CD:37:46:58:01:14:25:85:A1:6B:16
Certificate issuer:       /CN=d7f7f16b05a1123151a677a47ac2d8d9061df390
Certificate serial:       07AEE5A8
Authority key identifier: D7:F7:F1:6B:05:A1:12:31:51:A6:77:A4:7A:C2:D8:D9:06:1D:F3:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/A95CMbGSeFh2zTdGWAEUJYWhaxY.roa
Signing time:             Sat 01 Jan 2022 02:56:24 +0000
ROA not before:           Sat 01 Jan 2022 02:56:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     13044
IP address blocks:        185.118.27.0/24 maxlen: 24
                          185.118.25.0/24 maxlen: 24
                          185.118.26.0/24 maxlen: 24
                          185.118.24.0/24 maxlen: 24
                          2a09:ec42::/48 maxlen: 48
                          2a09:ec42:2::/48 maxlen: 48
                          2a09:ec42:1::/48 maxlen: 48
                          2a09:ec42:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 128902568 (0x7aee5a8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7f7f16b05a1123151a677a47ac2d8d9061df390
        Validity
            Not Before: Jan  1 02:56:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=03de4231b192785876cd37465801142585a16b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ff:7a:86:ea:8e:69:85:04:36:c0:d1:81:af:
                    76:f4:be:b4:34:5b:1a:a5:2f:75:08:1e:c9:20:9c:
                    56:74:7e:8f:65:ac:c5:18:b2:1e:01:8d:a7:19:33:
                    5e:d6:05:b0:f0:97:5e:9d:23:a0:72:85:24:26:16:
                    4b:ed:de:18:ab:aa:0c:ff:7d:b6:eb:5e:36:5a:37:
                    b1:dc:68:0b:47:61:59:e4:d6:71:ae:5b:4c:9f:9f:
                    3e:0a:3a:6d:8b:b9:6e:f7:f9:44:72:fb:d1:c4:a5:
                    6b:1c:88:fa:8c:69:b7:81:77:77:c3:25:38:d1:ba:
                    77:f8:23:4b:f3:86:61:47:73:38:85:af:52:b3:f8:
                    38:5f:dd:a3:03:09:d9:22:01:3b:c4:80:fe:0e:83:
                    10:bd:79:6f:2a:bd:88:86:91:18:71:22:92:f1:2a:
                    52:ac:a1:a5:27:05:94:5c:86:6c:42:96:aa:2b:a7:
                    32:f5:c8:39:f3:e6:5a:48:e9:53:63:b1:ce:30:55:
                    3a:bb:ae:e4:87:1a:e2:d7:e9:66:57:5b:a3:11:8f:
                    fe:f6:58:79:ba:16:b3:5a:66:eb:7d:13:0e:d7:f9:
                    8d:90:01:50:fe:a2:64:cc:0f:b1:c5:92:45:37:1e:
                    0c:2c:87:25:9f:34:ac:a7:ff:ff:09:23:97:e8:ea:
                    52:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:DE:42:31:B1:92:78:58:76:CD:37:46:58:01:14:25:85:A1:6B:16
            X509v3 Authority Key Identifier:
                keyid:D7:F7:F1:6B:05:A1:12:31:51:A6:77:A4:7A:C2:D8:D9:06:1D:F3:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1_fxawWhEjFRpnekesLY2QYd85A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/A95CMbGSeFh2zTdGWAEUJYWhaxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0227b7-54ca-4f56-be26-6cbe949532e4/1/1_fxawWhEjFRpnekesLY2QYd85A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.24.0/22
                IPv6:
                  2a09:ec42::/46

    Signature Algorithm: sha256WithRSAEncryption
         b4:fe:ec:32:3b:bb:db:79:21:21:a8:fb:f0:1a:53:fe:41:71:
         36:d3:73:1d:15:c4:20:f5:ef:7b:da:6a:63:de:db:6a:8b:f8:
         78:ab:a2:6e:20:b5:1e:b9:39:4c:d2:96:c5:fb:2a:90:af:89:
         5b:4e:6a:e0:c7:9d:6c:c2:a6:55:ca:ac:38:bb:77:72:02:26:
         51:3b:56:92:e5:0f:e0:e1:69:f6:d7:48:c8:52:58:e3:f2:b7:
         52:67:2d:59:a8:10:09:78:d9:c0:cb:4d:f2:00:78:0f:52:e3:
         20:14:cf:6c:0d:f8:6a:50:cb:06:08:71:5a:6e:33:a1:f4:bd:
         8d:62:ee:69:b4:d2:3d:c1:75:06:d7:ca:74:52:30:46:2b:64:
         32:2a:90:6e:a0:ce:5a:64:6d:f9:a2:95:57:39:a5:b6:d2:36:
         4c:dd:0f:83:8b:5d:81:bd:b9:a0:07:bd:84:92:f1:84:1a:40:
         d7:77:12:68:dd:4f:37:83:57:73:7b:6d:e7:94:55:b7:8f:a4:
         f6:0c:fe:b5:92:2b:49:3f:14:08:bc:f6:1d:6b:4a:97:c9:bd:
         77:a3:76:2e:05:2c:5b:bc:7c:86:7e:fe:53:df:4b:67:c6:cf:
         b9:70:58:2d:94:fb:33:3f:61:a6:86:d1:2e:fd:f1:2d:c6:28:
         18:f3:12:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIEB67lqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
N2Y3ZjE2YjA1YTExMjMxNTFhNjc3YTQ3YWMyZDhkOTA2MWRmMzkwMB4XDTIyMDEw
MTAyNTYyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDNkZTQyMzFiMTky
Nzg1ODc2Y2QzNzQ2NTgwMTE0MjU4NWExNmIxNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ7/eobqjmmFBDbA0YGvdvS+tDRbGqUvdQgeySCcVnR+j2Ws
xRiyHgGNpxkzXtYFsPCXXp0joHKFJCYWS+3eGKuqDP99tuteNlo3sdxoC0dhWeTW
ca5bTJ+fPgo6bYu5bvf5RHL70cSlaxyI+oxpt4F3d8MlONG6d/gjS/OGYUdzOIWv
UrP4OF/dowMJ2SIBO8SA/g6DEL15byq9iIaRGHEikvEqUqyhpScFlFyGbEKWqiun
MvXIOfPmWkjpU2OxzjBVOruu5Ica4tfpZldboxGP/vZYeboWs1pm630TDtf5jZAB
UP6iZMwPscWSRTceDCyHJZ80rKf//wkjl+jqUqsCAwEAAaOCAhowggIWMB0GA1Ud
DgQWBBQD3kIxsZJ4WHbNN0ZYARQlhaFrFjAfBgNVHSMEGDAWgBTX9/FrBaESMVGm
d6R6wtjZBh3zkDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFfZnhhd1doRWpGUnBuZWtlc0xZMlFZZDg1QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTMvMDIyN2I3LTU0Y2EtNGY1Ni1iZTI2LTZjYmU5NDk1MzJlNC8x
L0E5NUNNYkdTZUZoMnpUZEdXQUVVSllXaGF4WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMv
MDIyN2I3LTU0Y2EtNGY1Ni1iZTI2LTZjYmU5NDk1MzJlNC8xLzFfZnhhd1doRWpG
UnBuZWtlc0xZMlFZZDg1QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAw
BggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEArl2GDAPBAIAAjAJAwcCKgnsQgAA
MA0GCSqGSIb3DQEBCwUAA4IBAQC0/uwyO7vbeSEhqPvwGlP+QXE203MdFcQg9e97
2mpj3ttqi/h4q6JuILUeuTlM0pbF+yqQr4lbTmrgx51swqZVyqw4u3dyAiZRO1aS
5Q/g4Wn210jIUljj8rdSZy1ZqBAJeNnAy03yAHgPUuMgFM9sDfhqUMsGCHFabjOh
9L2NYu5ptNI9wXUG18p0UjBGK2QyKpBuoM5aZG35opVXOaW20jZM3Q+Di12Bvbmg
B72EkvGEGkDXdxJo3U83g1dze23nlFW3j6T2DP61kitJPxQIvPYda0qXyb13o3Yu
BSxbvHyGfv5T30tnxs+5cFgtlPszP2GmhtEu/fEtxigY8xKy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:09 2024 by rpki-client on console-fra.rpki-client.org