Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/YmqyAIu9kUoAjX83FrDhmVvBjCY.roa
File:                     YmqyAIu9kUoAjX83FrDhmVvBjCY.roa (raw, json)
Hash identifier:          TdVnjJ6uJz2MFZi/1+anjVlZNL8QLHEM3mWr3ogd190=
Subject key identifier:   62:6A:B2:00:8B:BD:91:4A:00:8D:7F:37:16:B0:E1:99:5B:C1:8C:26
Certificate issuer:       /CN=01335442514d5249b5143cfdf821216bb5c52940
Certificate serial:       0474F464
Authority key identifier: 01:33:54:42:51:4D:52:49:B5:14:3C:FD:F8:21:21:6B:B5:C5:29:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ATNUQlFNUkm1FDz9-CEha7XFKUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/YmqyAIu9kUoAjX83FrDhmVvBjCY.roa
Signing time:             Fri 04 Mar 2022 08:48:06 +0000
ROA not before:           Fri 04 Mar 2022 08:48:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39134
IP address blocks:        23.111.125.0/24 maxlen: 24
                          185.206.100.0/24 maxlen: 24
                          185.206.100.0/22 maxlen: 24
                          88.212.220.0/22 maxlen: 24
                          88.212.224.0/22 maxlen: 24
                          88.212.229.0/24 maxlen: 24
                          88.212.228.0/22 maxlen: 24
                          88.212.230.0/23 maxlen: 23
                          88.212.192.0/24 maxlen: 24
                          88.212.192.0/20 maxlen: 24
                          88.212.196.0/24 maxlen: 24
                          88.212.204.0/24 maxlen: 24
                          88.212.208.0/22 maxlen: 24
                          2a02:2100::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 74773604 (0x474f464)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01335442514d5249b5143cfdf821216bb5c52940
        Validity
            Not Before: Mar  4 08:48:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=626ab2008bbd914a008d7f3716b0e1995bc18c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4a:ae:da:e5:aa:af:51:97:b7:c0:69:20:3e:
                    3b:60:33:4d:e5:c2:24:2e:e5:9a:d3:46:20:75:9b:
                    55:c3:ae:88:d5:6a:ff:35:fa:7a:62:c4:ca:1d:a2:
                    31:4b:20:9e:cc:b8:17:25:6f:98:95:c0:97:92:ed:
                    60:ce:92:0d:c3:a8:23:ad:1f:63:ce:72:62:63:80:
                    6c:3d:30:1c:90:2d:dc:f8:19:92:23:78:59:ee:50:
                    39:24:85:e1:1a:28:c4:95:f7:3a:b2:38:04:2e:fe:
                    db:48:54:51:0d:ee:40:49:a7:98:14:bb:48:f6:19:
                    50:0c:a8:55:fd:fb:52:32:ab:28:a5:fb:37:e8:29:
                    e5:64:02:70:e7:8b:8e:84:28:3c:ba:30:f4:b5:02:
                    b1:17:5c:d5:63:53:f9:4c:6a:8f:1a:34:0d:a4:c5:
                    80:39:66:c6:7e:3b:97:e0:16:79:9e:fd:5c:cd:91:
                    18:2f:50:13:59:9f:c4:7b:f3:ca:39:36:cf:a2:36:
                    44:cb:0e:76:bc:63:0f:4f:b0:29:ec:69:6b:b0:0d:
                    5e:93:9e:4a:cf:3d:60:85:0c:a9:27:c9:b2:a5:69:
                    c6:06:c8:f8:07:95:98:1d:01:4a:05:ed:7a:0d:d4:
                    ec:eb:29:95:7c:1c:f7:83:fa:81:1c:98:ec:55:c5:
                    b7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:6A:B2:00:8B:BD:91:4A:00:8D:7F:37:16:B0:E1:99:5B:C1:8C:26
            X509v3 Authority Key Identifier:
                keyid:01:33:54:42:51:4D:52:49:B5:14:3C:FD:F8:21:21:6B:B5:C5:29:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ATNUQlFNUkm1FDz9-CEha7XFKUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/YmqyAIu9kUoAjX83FrDhmVvBjCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/ATNUQlFNUkm1FDz9-CEha7XFKUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.111.125.0/24
                  88.212.192.0-88.212.211.255
                  88.212.220.0-88.212.231.255
                  185.206.100.0/22
                IPv6:
                  2a02:2100::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:c0:bf:e2:2e:de:1b:79:c7:5d:d0:ef:28:50:3e:06:b9:f5:
         fa:8b:05:bc:80:6f:e8:27:46:9f:36:d9:5b:fb:31:ce:4f:f6:
         f1:53:08:68:43:34:dd:d3:77:83:67:38:39:3f:0b:79:12:f0:
         4d:d2:b0:ee:f6:0c:20:24:57:a2:d0:09:ba:53:1e:28:ac:0b:
         ea:75:11:28:9a:97:38:d0:64:e7:7d:5b:69:66:3c:76:5c:bc:
         a4:5d:63:39:f2:d5:5b:a0:f1:68:d7:cb:6c:ad:7a:d7:19:63:
         28:ba:1b:ec:97:df:2d:3a:58:ea:91:bf:35:f6:99:83:66:29:
         39:cb:23:1f:34:2a:8d:3f:16:ed:a4:4b:e3:17:66:b6:76:19:
         28:79:d0:73:e3:d4:83:9e:1e:ce:c5:f6:b5:cf:ff:81:da:0d:
         be:23:6d:8f:b5:98:e2:ff:3a:b4:ed:27:67:80:22:80:0d:20:
         e8:52:99:20:8f:fa:a9:6a:49:5e:a6:aa:07:62:62:61:b7:a0:
         76:18:9b:22:ac:d2:36:f0:fa:c0:d3:47:b2:d0:9c:13:bc:69:
         47:7f:77:40:3d:3e:a7:e2:0c:80:29:3e:62:ea:30:92:d1:49:
         23:d9:99:0b:b1:d2:d3:81:0a:91:9a:b9:40:f5:b5:91:d6:6c:
         98:c4:ab:c1
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIEBHT0ZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MTMzNTQ0MjUxNGQ1MjQ5YjUxNDNjZmRmODIxMjE2YmI1YzUyOTQwMB4XDTIyMDMw
NDA4NDgwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjI2YWIyMDA4YmJk
OTE0YTAwOGQ3ZjM3MTZiMGUxOTk1YmMxOGMyNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIpKrtrlqq9Rl7fAaSA+O2AzTeXCJC7lmtNGIHWbVcOuiNVq
/zX6emLEyh2iMUsgnsy4FyVvmJXAl5LtYM6SDcOoI60fY85yYmOAbD0wHJAt3PgZ
kiN4We5QOSSF4RooxJX3OrI4BC7+20hUUQ3uQEmnmBS7SPYZUAyoVf37UjKrKKX7
N+gp5WQCcOeLjoQoPLow9LUCsRdc1WNT+Uxqjxo0DaTFgDlmxn47l+AWeZ79XM2R
GC9QE1mfxHvzyjk2z6I2RMsOdrxjD0+wKexpa7ANXpOeSs89YIUMqSfJsqVpxgbI
+AeVmB0BSgXteg3U7OsplXwc94P6gRyY7FXFt5cCAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBRiarIAi72RSgCNfzcWsOGZW8GMJjAfBgNVHSMEGDAWgBQBM1RCUU1SSbUU
PP34ISFrtcUpQDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FUTlVRbEZOVWttMUZEejktQ0VoYTdYRktVQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvYzdhNjhmLTdiZjgtNGY4MC1hOWEyLTgxNWQyYzAyNjY0Ni8x
L1ltcXlBSXU5a1VvQWpYODNGckRobVZ2QmpDWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
YzdhNjhmLTdiZjgtNGY4MC1hOWEyLTgxNWQyYzAyNjY0Ni8xL0FUTlVRbEZOVWtt
MUZEejktQ0VoYTdYRktVQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wLgQCAAEwKAMEABdvfTAMAwQGWNTAAwQCWNTQMAwD
BAJY1NwDBANY1OADBAK5zmQwDQQCAAIwBwMFACoCIQAwDQYJKoZIhvcNAQELBQAD
ggEBAHLAv+Iu3ht5x13Q7yhQPga59fqLBbyAb+gnRp822Vv7Mc5P9vFTCGhDNN3T
d4NnODk/C3kS8E3SsO72DCAkV6LQCbpTHiisC+p1ESialzjQZOd9W2lmPHZcvKRd
Yzny1Vug8WjXy2ytetcZYyi6G+yX3y06WOqRvzX2mYNmKTnLIx80Ko0/Fu2kS+MX
ZrZ2GSh50HPj1IOeHs7F9rXP/4HaDb4jbY+1mOL/OrTtJ2eAIoANIOhSmSCP+qlq
SV6mqgdiYmG3oHYYmyKs0jbw+sDTR7LQnBO8aUd/d0A9PqfiDIApPmLqMJLRSSPZ
mQux0tOBCpGauUD1tZHWbJjEq8E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:01 2024 by rpki-client on console-ams.rpki-client.org