Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/bc-qGPjhrzSDM-hCcGlloiVBjCg.roa
File:                     bc-qGPjhrzSDM-hCcGlloiVBjCg.roa (raw, json)
Hash identifier:          aLlccK1IUZQ153EX5K5EG2d4jHoJXhCXaTELZNffA4M=
Subject key identifier:   6D:CF:AA:18:F8:E1:AF:34:83:33:E8:42:70:69:65:A2:25:41:8C:28
Certificate issuer:       /CN=31242850cad41cdf75a3c9d60b21fca543f74384
Certificate serial:       08236B31
Authority key identifier: 31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/bc-qGPjhrzSDM-hCcGlloiVBjCg.roa
Signing time:             Sat 01 Jan 2022 14:55:20 +0000
ROA not before:           Sat 01 Jan 2022 14:55:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9136
IP address blocks:        62.176.224.0/19 maxlen: 19
                          91.186.32.0/19 maxlen: 19
                          5.159.24.0/21 maxlen: 21
                          213.162.128.0/19 maxlen: 19
                          185.72.232.0/22 maxlen: 22
                          2a01:581:9::/48 maxlen: 48
                          2a01:581:a::/48 maxlen: 48
                          2a01:581:6::/48 maxlen: 48
                          2a01:581:b::/48 maxlen: 48
                          2a01:581:c::/48 maxlen: 48
                          2a01:581:7::/48 maxlen: 48
                          2a01:581:8::/48 maxlen: 48
                          2a01:580::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 136538929 (0x8236b31)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31242850cad41cdf75a3c9d60b21fca543f74384
        Validity
            Not Before: Jan  1 14:55:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6dcfaa18f8e1af348333e842706965a225418c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:36:83:9a:7c:b6:65:95:27:3a:d8:92:d0:fc:
                    2b:61:4e:ba:7b:e8:6c:78:76:de:c4:41:fa:51:1a:
                    4f:63:33:67:9a:b7:86:ff:9d:83:b3:2b:d7:3d:58:
                    3b:e1:04:a4:05:c6:52:58:d1:58:de:25:fc:a7:28:
                    9c:02:d0:36:57:3d:ef:4c:c4:2c:5b:de:45:ad:33:
                    50:2f:df:16:27:cb:68:f2:6f:b2:01:c7:a3:42:02:
                    0d:c6:b1:55:56:f9:6c:21:54:a1:31:91:5c:5d:e5:
                    a2:36:c5:c4:b6:27:6b:8d:5a:da:d0:ab:d4:3c:a1:
                    75:f0:da:5a:97:55:90:23:b8:73:5b:60:5a:ee:9c:
                    18:e6:2d:e8:ef:98:9f:e4:1a:b6:9b:50:a7:97:6b:
                    dd:51:75:9d:e0:98:aa:ee:d3:57:20:e8:16:8f:74:
                    82:73:e7:b9:09:82:14:e1:34:e1:80:53:13:5b:88:
                    b3:7a:b4:12:b4:07:84:f6:5a:41:be:0e:46:d4:37:
                    e3:d4:9c:bc:7e:d8:40:28:5a:54:a5:68:e4:e2:de:
                    02:72:8d:35:41:34:84:07:e2:e4:e6:3c:eb:00:90:
                    9e:e1:d2:ba:e0:9f:ec:9c:bd:10:46:df:52:9d:ba:
                    02:b9:04:7a:fd:62:cc:e3:d6:80:5d:09:da:6c:32:
                    6e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:CF:AA:18:F8:E1:AF:34:83:33:E8:42:70:69:65:A2:25:41:8C:28
            X509v3 Authority Key Identifier:
                keyid:31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/bc-qGPjhrzSDM-hCcGlloiVBjCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.24.0/21
                  62.176.224.0/19
                  91.186.32.0/19
                  185.72.232.0/22
                  213.162.128.0/19
                IPv6:
                  2a01:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:9a:b6:4d:d8:63:23:88:f8:4e:61:9e:65:58:a3:d0:83:91:
         c4:6a:5f:ef:74:5a:91:69:05:e7:2e:98:76:d1:7e:4f:2e:3f:
         66:c8:f2:e3:dc:8e:bb:0b:b1:da:4e:46:bf:03:f3:fe:75:c7:
         13:bb:de:07:fe:c1:e9:a3:6f:ce:ca:4f:60:5f:c0:47:68:b2:
         02:15:06:6d:4f:02:96:5b:f3:39:37:a1:a1:13:e6:3b:83:6a:
         1f:80:29:a2:e9:47:96:0b:85:96:51:bf:70:f6:f0:aa:6e:11:
         95:ff:d7:b4:52:f3:1b:1a:61:87:c0:ac:cb:89:ce:7a:20:d2:
         84:b5:58:4c:98:45:52:d2:d8:9d:b4:1d:ec:18:e4:db:7e:55:
         e2:d6:91:de:cb:0d:65:77:32:75:95:c3:cc:ec:f0:39:6b:48:
         30:55:56:77:94:6e:19:c9:11:0e:9b:9e:fb:78:ff:f3:5f:97:
         9b:2a:e4:8f:7c:70:af:a6:1e:d5:06:28:3e:52:59:bc:ed:7e:
         35:9a:fd:8f:2e:7c:97:ef:73:ae:69:e1:da:ad:e2:ef:77:0a:
         00:f6:a1:3f:c7:ed:df:f9:c6:14:07:95:4d:c8:0a:e5:0e:c4:
         23:ac:b3:eb:54:ad:46:93:e8:02:1a:75:70:13:65:cc:af:75:
         d2:bd:60:56
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIECCNrMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MTI0Mjg1MGNhZDQxY2RmNzVhM2M5ZDYwYjIxZmNhNTQzZjc0Mzg0MB4XDTIyMDEw
MTE0NTUyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmRjZmFhMThmOGUx
YWYzNDgzMzNlODQyNzA2OTY1YTIyNTQxOGMyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANM2g5p8tmWVJzrYktD8K2FOunvobHh23sRB+lEaT2MzZ5q3
hv+dg7Mr1z1YO+EEpAXGUljRWN4l/KconALQNlc970zELFveRa0zUC/fFifLaPJv
sgHHo0ICDcaxVVb5bCFUoTGRXF3lojbFxLYna41a2tCr1DyhdfDaWpdVkCO4c1tg
Wu6cGOYt6O+Yn+QatptQp5dr3VF1neCYqu7TVyDoFo90gnPnuQmCFOE04YBTE1uI
s3q0ErQHhPZaQb4ORtQ349ScvH7YQChaVKVo5OLeAnKNNUE0hAfi5OY86wCQnuHS
uuCf7Jy9EEbfUp26ArkEev1izOPWgF0J2mwybu0CAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBRtz6oY+OGvNIMz6EJwaWWiJUGMKDAfBgNVHSMEGDAWgBQxJChQytQc33Wj
ydYLIfylQ/dDhDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01TUW9VTXJVSE45MW84bldDeUg4cFVQM1E0US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTQvMWEyN2VjLWViMGEtNDQwNi1hMWQxLTA3ZWQ0NmIxNDljMy8x
L2JjLXFHUGpocnpTRE0taENjR2xsb2lWQmpDZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTQv
MWEyN2VjLWViMGEtNDQwNi1hMWQxLTA3ZWQ0NmIxNDljMy8xL01TUW9VTXJVSE45
MW84bldDeUg4cFVQM1E0US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAwWfGAMEBT6w4AMEBVu6IAMEArlI
6AMEBdWigDANBAIAAjAHAwUDKgEFgDANBgkqhkiG9w0BAQsFAAOCAQEAsJq2Tdhj
I4j4TmGeZVij0IORxGpf73RakWkF5y6YdtF+Ty4/Zsjy49yOuwux2k5GvwPz/nXH
E7veB/7B6aNvzspPYF/AR2iyAhUGbU8CllvzOTehoRPmO4NqH4ApoulHlguFllG/
cPbwqm4Rlf/XtFLzGxphh8Csy4nOeiDShLVYTJhFUtLYnbQd7Bjk235V4taR3ssN
ZXcydZXDzOzwOWtIMFVWd5RuGckRDpue+3j/81+Xmyrkj3xwr6Ye1QYoPlJZvO1+
NZr9jy58l+9zrmnh2q3i73cKAPahP8ft3/nGFAeVTcgK5Q7EI6yz61StRpPoAhp1
cBNlzK910r1gVg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:17 2024 by rpki-client on console-fra.rpki-client.org