Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/abb6ca-1a11-4ba5-9ee3-a798bdc7311f/1/_YnL4y-ckAUG0SKjpDXKrkczXRM.roa
File:                     _YnL4y-ckAUG0SKjpDXKrkczXRM.roa (raw, json)
Hash identifier:          vxDLvADb/5h8U6AcYvsmncdublme/H7iGE7Ys1lFJrQ=
Subject key identifier:   FD:89:CB:E3:2F:9C:90:05:06:D1:22:A3:A4:35:CA:AE:47:33:5D:13
Certificate issuer:       /CN=1caad93908aad8d246eb69f7e66aa70de5bd5a17
Certificate serial:       18E0AF
Authority key identifier: 1C:AA:D9:39:08:AA:D8:D2:46:EB:69:F7:E6:6A:A7:0D:E5:BD:5A:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HKrZOQiq2NJG62n35mqnDeW9Whc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/abb6ca-1a11-4ba5-9ee3-a798bdc7311f/1/_YnL4y-ckAUG0SKjpDXKrkczXRM.roa
Signing time:             Thu 05 May 2022 09:22:52 +0000
ROA not before:           Thu 05 May 2022 09:22:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207681
IP address blocks:        185.199.88.0/24 maxlen: 24
                          185.199.88.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1630383 (0x18e0af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1caad93908aad8d246eb69f7e66aa70de5bd5a17
        Validity
            Not Before: May  5 09:22:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fd89cbe32f9c900506d122a3a435caae47335d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:05:8c:5b:a8:04:b3:84:7e:dd:01:fa:53:47:
                    67:6d:cf:11:de:4a:0e:d4:4d:c2:e8:ed:c4:bc:08:
                    80:3c:03:b5:40:11:d3:8f:ac:46:5d:5b:f3:e1:97:
                    86:13:0b:4d:b3:35:14:7c:10:c3:b5:e4:62:ec:58:
                    8f:5f:09:c0:7a:13:dc:a6:4b:8b:ef:ba:8c:ae:de:
                    3c:8f:7d:01:f6:83:d1:91:2a:45:41:2e:f3:66:84:
                    ad:fd:2a:db:41:b7:1f:60:eb:9e:6c:4b:58:6f:f8:
                    69:56:bc:e7:49:9f:df:93:69:10:55:e1:af:21:86:
                    19:58:47:d2:e2:38:bf:08:a2:60:52:b1:48:05:77:
                    75:0e:ab:e2:c1:d2:f2:34:b2:64:d7:79:3a:f4:da:
                    34:b4:57:fa:8e:68:39:cf:3c:da:e2:90:c3:12:db:
                    13:dd:95:36:41:74:2c:ae:75:46:c6:fa:8c:6a:cf:
                    32:52:07:a2:2e:a0:0f:af:f7:9d:b7:56:ca:6d:c9:
                    30:b6:4f:29:27:50:b2:6e:d8:ac:34:0e:eb:b7:33:
                    84:a4:c6:f2:73:52:da:9f:eb:df:a8:e3:48:b2:8b:
                    35:d7:db:32:e0:eb:f2:7a:b2:7e:54:75:bb:07:72:
                    68:7a:d2:b5:63:38:68:d1:3c:78:e8:7c:0c:c1:e6:
                    55:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:89:CB:E3:2F:9C:90:05:06:D1:22:A3:A4:35:CA:AE:47:33:5D:13
            X509v3 Authority Key Identifier:
                keyid:1C:AA:D9:39:08:AA:D8:D2:46:EB:69:F7:E6:6A:A7:0D:E5:BD:5A:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HKrZOQiq2NJG62n35mqnDeW9Whc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/abb6ca-1a11-4ba5-9ee3-a798bdc7311f/1/_YnL4y-ckAUG0SKjpDXKrkczXRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/abb6ca-1a11-4ba5-9ee3-a798bdc7311f/1/HKrZOQiq2NJG62n35mqnDeW9Whc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:ab:7d:5e:86:6a:34:a2:bd:66:04:99:3c:d2:0f:87:fe:0b:
         98:e4:b3:d5:99:bb:72:78:e7:c9:b9:cf:09:2f:53:a0:51:ec:
         7a:3d:0e:a7:c3:cf:1e:02:64:99:3d:0f:e0:b5:e3:e7:e4:d7:
         6d:85:3d:77:e4:62:fc:89:49:88:a7:d7:bd:91:0d:31:81:db:
         1d:26:97:8c:a0:5b:80:0b:4c:44:0d:e0:d1:84:bb:fe:12:e7:
         73:29:92:5f:66:14:f9:37:b6:f5:6b:8d:92:45:d0:97:e4:d3:
         6f:dd:8e:01:dd:72:48:3f:88:b5:42:7b:1a:9a:ae:df:2c:dd:
         10:a9:01:bb:9d:14:d0:76:81:c5:3b:4a:81:c6:e6:42:97:4d:
         18:d9:98:3a:59:60:72:08:f5:04:ee:a6:6a:14:53:a2:7b:6b:
         44:de:ce:a7:5d:f7:6b:7f:90:b7:f6:5c:ce:6c:e6:c9:98:25:
         b6:66:98:72:f1:ef:12:f5:e2:7f:53:91:da:fe:fa:4f:d3:c6:
         f7:ce:1f:00:65:91:eb:7b:dd:85:72:7e:82:91:82:15:ef:fa:
         ba:52:69:28:12:b1:6e:49:e5:c7:39:62:c0:28:fc:ae:c9:c1:
         e7:d9:85:31:69:bc:d1:87:72:99:34:f1:df:3e:95:b9:5b:38:
         bf:25:34:c1
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDGOCvMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDFj
YWFkOTM5MDhhYWQ4ZDI0NmViNjlmN2U2NmFhNzBkZTViZDVhMTcwHhcNMjIwNTA1
MDkyMjUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhmZDg5Y2JlMzJmOWM5
MDA1MDZkMTIyYTNhNDM1Y2FhZTQ3MzM1ZDEzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtAWMW6gEs4R+3QH6U0dnbc8R3koO1E3C6O3EvAiAPAO1QBHT
j6xGXVvz4ZeGEwtNszUUfBDDteRi7FiPXwnAehPcpkuL77qMrt48j30B9oPRkSpF
QS7zZoSt/SrbQbcfYOuebEtYb/hpVrznSZ/fk2kQVeGvIYYZWEfS4ji/CKJgUrFI
BXd1DqviwdLyNLJk13k69No0tFf6jmg5zzza4pDDEtsT3ZU2QXQsrnVGxvqMas8y
UgeiLqAPr/edt1bKbckwtk8pJ1CybtisNA7rtzOEpMbyc1Lan+vfqONIsos119sy
4OvyerJ+VHW7B3JoetK1Yzho0Tx46HwMweZVaQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFP2Jy+MvnJAFBtEio6Q1yq5HM10TMB8GA1UdIwQYMBaAFByq2TkIqtjSRutp
9+Zqpw3lvVoXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
SEtyWk9RaXEyTkpHNjJuMzVtcW5EZVc5V2hjLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9hNS9hYmI2Y2EtMWExMS00YmE1LTllZTMtYTc5OGJkYzczMTFmLzEv
X1luTDR5LWNrQVVHMFNLanBEWEtya2N6WFJNLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9h
YmI2Y2EtMWExMS00YmE1LTllZTMtYTc5OGJkYzczMTFmLzEvSEtyWk9RaXEyTkpH
NjJuMzVtcW5EZVc5V2hjLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucdYMA0GCSqGSIb3DQEBCwUAA4IB
AQA1q31ehmo0or1mBJk80g+H/guY5LPVmbtyeOfJuc8JL1OgUex6PQ6nw88eAmSZ
PQ/gtePn5NdthT135GL8iUmIp9e9kQ0xgdsdJpeMoFuAC0xEDeDRhLv+EudzKZJf
ZhT5N7b1a42SRdCX5NNv3Y4B3XJIP4i1Qnsamq7fLN0QqQG7nRTQdoHFO0qBxuZC
l00Y2Zg6WWByCPUE7qZqFFOie2tE3s6nXfdrf5C39lzObObJmCW2Zphy8e8S9eJ/
U5Ha/vpP08b3zh8AZZHre92Fcn6CkYIV7/q6UmkoErFuSeXHOWLAKPyuycHn2YUx
abzRh3KZNPHfPpW5Wzi/JTTB
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:40 2024 by rpki-client on console-ams.rpki-client.org