Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/yLQuIKQOX8jJ46yMXI6RLF1ugzE.roa
File:                     yLQuIKQOX8jJ46yMXI6RLF1ugzE.roa (raw, json)
Hash identifier:          TIlAWpQyH4ejUCEDhHGlypYl4h6TEL/S8y9VqNQGOxw=
Subject key identifier:   C8:B4:2E:20:A4:0E:5F:C8:C9:E3:AC:8C:5C:8E:91:2C:5D:6E:83:31
Certificate issuer:       /CN=34ddcbc8f61b260fd3f3e78b6b86877cb95fd83e
Certificate serial:       02BB02EB
Authority key identifier: 34:DD:CB:C8:F6:1B:26:0F:D3:F3:E7:8B:6B:86:87:7C:B9:5F:D8:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NN3LyPYbJg_T8-eLa4aHfLlf2D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/yLQuIKQOX8jJ46yMXI6RLF1ugzE.roa
Signing time:             Sat 01 Jan 2022 08:53:29 +0000
ROA not before:           Sat 01 Jan 2022 08:53:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206936
IP address blocks:        185.160.240.0/23 maxlen: 23
                          185.160.240.0/22 maxlen: 22
                          185.160.243.0/24 maxlen: 24
                          2a0a:8500::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45810411 (0x2bb02eb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34ddcbc8f61b260fd3f3e78b6b86877cb95fd83e
        Validity
            Not Before: Jan  1 08:53:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c8b42e20a40e5fc8c9e3ac8c5c8e912c5d6e8331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d8:e0:d7:6c:c6:79:f8:c8:a4:53:cc:ec:e6:
                    fd:5f:1a:05:fb:73:e6:41:59:94:ff:69:9d:fb:21:
                    00:34:8e:b0:dd:de:c6:d9:1b:27:1b:30:f1:94:db:
                    86:54:3c:69:3e:6e:93:6e:75:c2:90:24:d7:e8:4a:
                    51:ce:25:64:08:a6:76:08:54:ee:fa:5f:02:06:43:
                    52:4a:61:ad:31:1d:0d:7b:d5:32:5b:64:66:64:ce:
                    a5:13:e3:d9:27:09:b9:c5:32:4d:6e:d1:7f:97:57:
                    f4:36:5f:de:7a:05:4d:d2:cd:34:d5:02:ae:e8:77:
                    5c:d6:00:00:28:1b:2c:3e:df:3f:49:5b:93:fc:97:
                    0c:9d:cb:f4:db:1b:db:d0:18:72:8d:e7:84:14:03:
                    12:f6:78:f2:d8:1d:e4:f9:e1:92:c0:bc:79:15:7a:
                    65:86:38:39:e8:b0:47:0c:84:36:0e:bc:52:d1:ed:
                    8e:50:b3:8b:71:7b:2d:8d:d2:93:31:ab:2a:b5:54:
                    53:5a:49:b9:ea:05:1c:6a:9c:af:19:c2:a8:fc:fd:
                    1e:e4:cf:a4:ed:22:ad:d1:29:83:80:98:e8:4e:43:
                    7b:80:91:b3:70:fb:1b:06:e3:58:ad:89:48:8c:b9:
                    6f:a4:49:b2:79:d6:eb:6f:35:f8:31:79:68:0e:ab:
                    a1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B4:2E:20:A4:0E:5F:C8:C9:E3:AC:8C:5C:8E:91:2C:5D:6E:83:31
            X509v3 Authority Key Identifier:
                keyid:34:DD:CB:C8:F6:1B:26:0F:D3:F3:E7:8B:6B:86:87:7C:B9:5F:D8:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NN3LyPYbJg_T8-eLa4aHfLlf2D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/yLQuIKQOX8jJ46yMXI6RLF1ugzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/NN3LyPYbJg_T8-eLa4aHfLlf2D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.240.0/22
                IPv6:
                  2a0a:8500::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:6e:18:db:77:a4:b0:06:41:0c:17:a4:f1:47:bb:22:00:e7:
         48:5a:71:80:1f:17:47:84:9f:74:b0:1d:d9:52:0f:c7:43:b8:
         79:3a:79:01:15:5a:dc:b0:c2:f6:fc:56:1b:5b:36:3b:df:a8:
         f3:39:8c:af:fe:99:53:0b:3d:61:66:87:c6:7e:c6:f4:79:f0:
         12:cf:bc:8d:f5:ea:dd:af:c2:48:15:b7:39:ce:b1:ed:f7:d5:
         99:16:0e:fa:71:f6:44:22:9e:59:3c:84:a3:f1:7c:46:89:00:
         af:92:7c:f0:af:3d:45:c4:0a:c8:3f:c3:49:c3:c4:fb:ae:63:
         2e:e2:93:9f:25:7e:03:df:38:a1:a1:2e:fd:e0:2c:78:a5:1c:
         a0:4e:68:2d:fc:89:12:6d:59:4a:b3:34:c6:4e:a3:e9:3a:af:
         bb:43:b0:02:35:bb:0d:71:e0:e9:31:6c:23:5a:8d:7f:22:8a:
         af:df:92:64:5d:c2:b1:63:74:f9:ae:1e:95:8f:71:b6:70:f9:
         19:f7:45:bc:6d:2d:63:46:2f:69:30:cc:21:1d:77:e8:4e:78:
         0a:a7:32:e9:b3:3e:08:0a:e3:32:0f:cb:6e:a4:45:6a:62:8c:
         ba:2d:78:6e:e2:a4:5d:58:45:60:93:84:c7:09:f1:ae:88:c2:
         5b:e8:77:b7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEArsC6zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NGRkY2JjOGY2MWIyNjBmZDNmM2U3OGI2Yjg2ODc3Y2I5NWZkODNlMB4XDTIyMDEw
MTA4NTMyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzhiNDJlMjBhNDBl
NWZjOGM5ZTNhYzhjNWM4ZTkxMmM1ZDZlODMzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKfY4Ndsxnn4yKRTzOzm/V8aBftz5kFZlP9pnfshADSOsN3e
xtkbJxsw8ZTbhlQ8aT5uk251wpAk1+hKUc4lZAimdghU7vpfAgZDUkphrTEdDXvV
MltkZmTOpRPj2ScJucUyTW7Rf5dX9DZf3noFTdLNNNUCruh3XNYAACgbLD7fP0lb
k/yXDJ3L9Nsb29AYco3nhBQDEvZ48tgd5PnhksC8eRV6ZYY4OeiwRwyENg68UtHt
jlCzi3F7LY3SkzGrKrVUU1pJueoFHGqcrxnCqPz9HuTPpO0irdEpg4CY6E5De4CR
s3D7GwbjWK2JSIy5b6RJsnnW6281+DF5aA6roU0CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTItC4gpA5fyMnjrIxcjpEsXW6DMTAfBgNVHSMEGDAWgBQ03cvI9hsmD9Pz
54trhod8uV/YPjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05OM0x5UFliSmdfVDgtZUxhNGFIZkxsZjJENC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvNjUwOGExLTQ0MTItNDBjNy04YTcyLTUyY2Q2ZTg5YWE4ZC8x
L3lMUXVJS1FPWDhqSjQ2eU1YSTZSTEYxdWd6RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
NjUwOGExLTQ0MTItNDBjNy04YTcyLTUyY2Q2ZTg5YWE4ZC8xL05OM0x5UFliSmdf
VDgtZUxhNGFIZkxsZjJENC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArmg8DANBAIAAjAHAwUDKgqFADAN
BgkqhkiG9w0BAQsFAAOCAQEAbG4Y23eksAZBDBek8Ue7IgDnSFpxgB8XR4SfdLAd
2VIPx0O4eTp5ARVa3LDC9vxWG1s2O9+o8zmMr/6ZUws9YWaHxn7G9HnwEs+8jfXq
3a/CSBW3Oc6x7ffVmRYO+nH2RCKeWTyEo/F8RokAr5J88K89RcQKyD/DScPE+65j
LuKTnyV+A984oaEu/eAseKUcoE5oLfyJEm1ZSrM0xk6j6Tqvu0OwAjW7DXHg6TFs
I1qNfyKKr9+SZF3CsWN0+a4elY9xtnD5GfdFvG0tY0YvaTDMIR136E54Cqcy6bM+
CArjMg/LbqRFamKMui14buKkXVhFYJOExwnxrojCW+h3tw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:56 2024 by rpki-client on console-ams.rpki-client.org