Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/aXa89hfS0-xD8YQa7lyNPm_PMvo.roa
File:                     aXa89hfS0-xD8YQa7lyNPm_PMvo.roa (raw, json)
Hash identifier:          e3GMi3VArysQ8tVjvioHKSc8NN//v0fnsqx5NPbbhe4=
Subject key identifier:   69:76:BC:F6:17:D2:D3:EC:43:F1:84:1A:EE:5C:8D:3E:6F:CF:32:FA
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       0182580B7A084A1BC7931B660837B0BA19CC
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/aXa89hfS0-xD8YQa7lyNPm_PMvo.roa
Signing time:             Mon 01 Aug 2022 06:15:23 +0000
ROA not before:           Mon 01 Aug 2022 06:15:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8447
IP address blocks:        212.183.0.0/17 maxlen: 17
                          80.75.56.0/21 maxlen: 21
                          192.164.128.0/19 maxlen: 19
                          178.188.0.0/14 maxlen: 14
                          93.82.0.0/15 maxlen: 15
                          213.33.63.0/24 maxlen: 24
                          188.45.0.0/16 maxlen: 16
                          192.164.64.0/21 maxlen: 21
                          193.187.216.0/21 maxlen: 21
                          193.187.224.0/20 maxlen: 20
                          192.164.80.0/20 maxlen: 20
                          91.112.0.0/14 maxlen: 14
                          193.187.240.0/22 maxlen: 22
                          192.164.96.0/19 maxlen: 19
                          213.33.0.0/17 maxlen: 17
                          80.75.34.0/24 maxlen: 24
                          192.164.224.0/19 maxlen: 19
                          88.116.0.0/15 maxlen: 15
                          93.111.0.0/16 maxlen: 16
                          195.3.64.0/18 maxlen: 18
                          188.20.0.0/14 maxlen: 14
                          89.144.192.0/18 maxlen: 18
                          46.74.0.0/15 maxlen: 15
                          194.48.136.0/24 maxlen: 24
                          192.164.208.0/20 maxlen: 20
                          176.66.0.0/18 maxlen: 18
                          80.240.224.0/20 maxlen: 20
                          192.164.0.0/19 maxlen: 19
                          88.116.217.0/24 maxlen: 24
                          192.164.32.0/22 maxlen: 22
                          192.164.40.0/21 maxlen: 21
                          192.164.39.0/24 maxlen: 24
                          176.66.128.0/17 maxlen: 17
                          192.164.48.0/20 maxlen: 20
                          92.248.0.0/17 maxlen: 17
                          84.20.160.0/19 maxlen: 19
                          80.120.0.0/14 maxlen: 14
                          46.206.0.0/15 maxlen: 15
                          62.46.0.0/15 maxlen: 15
                          2001:4bb8::/29 maxlen: 29
                          2001:890::/29 maxlen: 29
                          2001:870::/29 maxlen: 29
                          2001:850::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:58:0b:7a:08:4a:1b:c7:93:1b:66:08:37:b0:ba:19:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Aug  1 06:15:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6976bcf617d2d3ec43f1841aee5c8d3e6fcf32fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:87:51:6a:ba:04:35:66:08:fc:e7:39:ff:78:
                    e8:d4:8f:24:e8:a1:2a:de:99:27:d4:ef:a5:2c:e1:
                    26:e6:1b:33:10:b7:2f:02:ed:fb:b0:1f:7f:a0:26:
                    78:92:30:14:7d:34:83:8a:92:bc:68:d3:49:bf:fc:
                    85:7f:ed:96:7f:93:26:98:32:d4:ae:74:b2:10:67:
                    28:fa:ac:ba:98:26:31:c8:86:06:bd:d1:6c:d6:ad:
                    be:bd:50:b6:46:3d:21:d5:2a:51:1c:a6:84:1f:5e:
                    6f:20:26:c0:06:48:ef:76:74:fe:c8:1e:1c:51:ca:
                    d7:a3:5e:1c:43:ed:78:6c:e1:29:7f:a3:e7:ad:d7:
                    44:c8:5b:5b:cb:c5:47:26:23:53:2f:c0:f0:de:e6:
                    bd:8b:4c:0b:64:44:0d:40:5f:13:ff:75:0e:7a:5f:
                    c0:c1:0d:9c:f3:91:a9:d3:44:f1:00:c7:c9:3f:d1:
                    ec:23:49:d8:1d:d5:e3:4b:37:c3:16:5a:54:5f:f6:
                    3c:79:19:e3:e8:75:40:a1:8c:b4:a9:c0:86:dc:71:
                    63:ef:0e:89:e0:1e:94:78:3e:91:e4:cf:b7:33:92:
                    d6:90:e2:3f:99:9c:ab:49:36:b5:0e:8c:62:41:61:
                    22:a1:e9:f7:01:64:61:56:d2:69:b4:08:91:45:42:
                    e4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:76:BC:F6:17:D2:D3:EC:43:F1:84:1A:EE:5C:8D:3E:6F:CF:32:FA
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/aXa89hfS0-xD8YQa7lyNPm_PMvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.74.0.0/15
                  46.206.0.0/15
                  62.46.0.0/15
                  80.75.34.0/24
                  80.75.56.0/21
                  80.120.0.0/14
                  80.240.224.0/20
                  84.20.160.0/19
                  88.116.0.0/15
                  89.144.192.0/18
                  91.112.0.0/14
                  92.248.0.0/17
                  93.82.0.0/15
                  93.111.0.0/16
                  176.66.0.0/18
                  176.66.128.0/17
                  178.188.0.0/14
                  188.20.0.0/14
                  188.45.0.0/16
                  192.164.0.0-192.164.35.255
                  192.164.39.0-192.164.71.255
                  192.164.80.0-192.164.159.255
                  192.164.208.0-192.164.255.255
                  193.187.216.0-193.187.243.255
                  194.48.136.0/24
                  195.3.64.0/18
                  212.183.0.0/17
                  213.33.0.0/17
                IPv6:
                  2001:850::/29
                  2001:870::/29
                  2001:890::/29
                  2001:4bb8::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:a1:e9:49:d7:af:29:16:8a:1a:6f:eb:40:0d:5c:fb:d8:f5:
         b6:b8:74:8c:18:71:3f:02:36:68:6f:91:ef:9f:b6:ab:38:0f:
         d5:c3:e2:d8:99:b0:a6:15:93:78:17:a0:3a:4e:96:90:12:91:
         44:95:66:fd:54:bf:d4:d2:cf:33:7e:b1:ab:26:7a:1d:cf:d1:
         f0:41:d1:5b:27:d3:5b:a4:fb:09:24:13:52:8b:e1:76:3e:d8:
         73:0c:fb:b7:62:b8:8d:17:b6:e6:65:e7:ef:b9:d2:02:05:24:
         ff:a8:51:88:49:88:6b:93:11:82:78:b4:8e:90:a6:91:72:fc:
         f5:65:f4:6f:57:c8:f1:2f:4b:77:8f:43:a9:3f:af:34:a1:d9:
         fa:5d:9f:e0:14:d5:a7:24:65:7a:16:24:43:da:f3:80:e8:d3:
         a2:04:a3:37:b0:0a:a3:b3:0d:0f:8e:cc:3e:6c:dc:ae:3c:64:
         ef:66:80:a1:d0:49:85:e7:76:17:4a:32:8a:18:29:55:1c:eb:
         ed:ed:1d:4b:3f:c3:8e:78:00:28:de:5e:3f:48:8f:00:cf:ed:
         7e:b9:aa:a7:3b:cc:c0:1b:a1:38:7f:05:44:13:ae:29:2e:ee:
         1d:5e:9d:dd:ba:ea:07:65:87:96:52:be:d8:ef:f4:fa:4a:d6:
         79:d8:2e:45
-----BEGIN CERTIFICATE-----
MIIF5DCCBMygAwIBAgISAYJYC3oIShvHkxtmCDewuhnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjIwODAxMDYxNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTc2YmNmNjE3ZDJkM2VjNDNmMTg0MWFlZTVjOGQzZTZmY2YzMmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmodRaroENWYI/Oc5/3jo1I8k6KEq
3pkn1O+lLOEm5hszELcvAu37sB9/oCZ4kjAUfTSDipK8aNNJv/yFf+2Wf5MmmDLU
rnSyEGco+qy6mCYxyIYGvdFs1q2+vVC2Rj0h1SpRHKaEH15vICbABkjvdnT+yB4c
UcrXo14cQ+14bOEpf6PnrddEyFtby8VHJiNTL8Dw3ua9i0wLZEQNQF8T/3UOel/A
wQ2c85Gp00TxAMfJP9HsI0nYHdXjSzfDFlpUX/Y8eRnj6HVAoYy0qcCG3HFj7w6J
4B6UeD6R5M+3M5LWkOI/mZyrSTa1DoxiQWEioen3AWRhVtJptAiRRULk9wIDAQAB
o4IC8DCCAuwwHQYDVR0OBBYEFGl2vPYX0tPsQ/GEGu5cjT5vzzL6MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvYVhhODloZlMwLXhEOFlRYTdseU5QbV9QTXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBAYIKwYBBQUHAQcBAf8EgfQwgfEwgcoEAgABMIHDAwMB
LkoDAwEuzgMDAT4uAwQAUEsiAwQDUEs4AwMCUHgDBARQ8OADBAVUFKADAwFYdAME
BlmQwAMDAltwAwQHXPgAAwMBXVIDAwBdbwMEBrBCAAMEB7BCgAMDArK8AwMCvBQD
AwC8LTALAwMCwKQDBALApCAwDAMEAMCkJwMEA8CkQDAMAwQEwKRQAwQFwKSAMAsD
BATApNADAwDApDAMAwQDwbvYAwQCwbvwAwQAwjCIAwQGwwNAAwQH1LcAAwQH1SEA
MCIEAgACMBwDBQMgAQhQAwUDIAEIcAMFAyABCJADBQMgAUu4MA0GCSqGSIb3DQEB
CwUAA4IBAQC7oelJ168pFooab+tADVz72PW2uHSMGHE/AjZob5Hvn7arOA/Vw+LY
mbCmFZN4F6A6TpaQEpFElWb9VL/U0s8zfrGrJnodz9HwQdFbJ9NbpPsJJBNSi+F2
PthzDPu3YriNF7bmZefvudICBST/qFGISYhrkxGCeLSOkKaRcvz1ZfRvV8jxL0t3
j0OpP680odn6XZ/gFNWnJGV6FiRD2vOA6NOiBKM3sAqjsw0Pjsw+bNyuPGTvZoCh
0EmF53YXSjKKGClVHOvt7R1LP8OOeAAo3l4/SI8Az+1+uaqnO8zAG6E4fwVEE64p
Lu4dXp3duuoHZYeWUr7Y7/T6StZ52C5F
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:16 2024 by rpki-client on console-ams.rpki-client.org