Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/7iZC4UIj6JihepALUesXcB1a9EE.roa
File:                     7iZC4UIj6JihepALUesXcB1a9EE.roa (raw, json)
Hash identifier:          JiyfgMdV680g7uhJpfi+WiIE52gNzZjiHLWptQ0A7iw=
Subject key identifier:   EE:26:42:E1:42:23:E8:98:A1:7A:90:0B:51:EB:17:70:1D:5A:F4:41
Certificate issuer:       /CN=84e1429a53e6463b3c74f5a3f17c5d4a51ebd0b8
Certificate serial:       09C97E40
Authority key identifier: 84:E1:42:9A:53:E6:46:3B:3C:74:F5:A3:F1:7C:5D:4A:51:EB:D0:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/7iZC4UIj6JihepALUesXcB1a9EE.roa
Signing time:             Sat 01 Jan 2022 06:54:43 +0000
ROA not before:           Sat 01 Jan 2022 06:54:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62000
IP address blocks:        45.155.168.0/22 maxlen: 32
                          45.147.96.0/22 maxlen: 32
                          45.147.99.0/24 maxlen: 32
                          185.157.244.0/23 maxlen: 32
                          185.216.24.0/22 maxlen: 32
                          193.168.144.0/22 maxlen: 32
                          2a07:abc0::/29 maxlen: 29
                          2a0b:b140::/29 maxlen: 29
                          2a09:6380::/29 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 164200000 (0x9c97e40)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84e1429a53e6463b3c74f5a3f17c5d4a51ebd0b8
        Validity
            Not Before: Jan  1 06:54:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ee2642e14223e898a17a900b51eb17701d5af441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:56:e0:ca:f3:45:83:b0:e6:46:e9:84:de:ad:
                    56:24:e8:17:bc:82:8e:82:a6:b3:7a:fc:f6:d8:69:
                    f3:56:1b:ce:38:b0:45:e9:c4:d0:1d:a0:82:d7:13:
                    f5:d5:bb:a3:17:56:9c:4e:b7:b9:51:d7:fa:30:25:
                    41:47:cb:ae:65:d2:f9:fa:24:99:3e:86:02:eb:30:
                    1f:f8:ed:44:45:f5:1f:92:7c:65:3b:52:3f:bb:38:
                    eb:65:60:50:69:97:20:d5:e0:49:45:7e:48:42:5f:
                    7d:01:67:b5:99:a4:c3:d7:a3:5b:46:79:55:63:ae:
                    df:d5:aa:76:15:d2:98:8e:96:4e:46:9c:30:0b:e1:
                    c1:b4:bf:79:9b:2a:52:da:26:e9:c3:d8:33:03:d0:
                    62:08:38:33:bf:d3:ef:c9:95:09:07:a9:b0:56:e5:
                    17:59:c8:4a:2f:3a:92:ee:69:b0:2f:a3:b1:cc:2f:
                    ad:b7:7c:35:b2:5a:80:d9:f6:a5:db:80:40:b3:8c:
                    e0:62:12:78:0d:7c:d9:43:e8:4a:3a:cd:88:df:0c:
                    4a:83:d1:ba:2a:bd:27:d6:e7:7c:05:c6:a5:cc:0e:
                    f1:f4:47:2f:65:7f:17:00:25:82:cd:26:3d:f8:b5:
                    85:d1:c3:1b:df:ff:bc:28:13:4b:3e:7c:07:82:d5:
                    8d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:26:42:E1:42:23:E8:98:A1:7A:90:0B:51:EB:17:70:1D:5A:F4:41
            X509v3 Authority Key Identifier:
                keyid:84:E1:42:9A:53:E6:46:3B:3C:74:F5:A3:F1:7C:5D:4A:51:EB:D0:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/7iZC4UIj6JihepALUesXcB1a9EE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.96.0/22
                  45.155.168.0/22
                  185.157.244.0/23
                  185.216.24.0/22
                  193.168.144.0/22
                IPv6:
                  2a07:abc0::/29
                  2a09:6380::/29
                  2a0b:b140::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:fa:4e:f2:98:6a:dc:44:14:ce:ca:a5:03:ea:5a:93:1e:e0:
         45:d8:9d:3a:02:95:67:f3:35:c6:2a:0d:07:c3:9c:99:61:76:
         07:3e:51:f4:86:d2:9f:53:41:cc:32:18:3d:da:07:bf:f6:98:
         55:b8:8f:10:9b:79:12:9c:8a:af:3f:bf:5a:58:a2:21:77:e8:
         58:34:a2:3f:f8:4b:3c:8d:0c:74:55:c8:b2:25:bb:01:e1:ed:
         aa:ad:62:fa:2b:05:ec:8c:22:79:54:b3:9f:77:bc:de:b3:a5:
         f6:52:9c:fc:4d:34:50:46:90:e7:9d:93:52:34:a4:e4:49:be:
         cd:dd:87:3e:b7:57:14:06:16:ab:43:86:6e:8f:77:78:47:21:
         00:38:48:f1:ce:80:01:06:ad:a5:98:c5:79:15:35:ac:f9:5e:
         cf:63:aa:31:b5:cc:6c:8e:b7:7d:54:c8:e8:9b:7c:7f:36:bf:
         1d:23:f4:d1:ba:c5:28:cc:e3:65:c4:03:3c:79:d8:e7:bf:88:
         75:08:60:c4:d8:b3:89:50:c8:ff:d3:ae:e7:7a:cb:01:10:5e:
         65:09:8e:54:d5:a0:1c:5d:dd:85:fa:fe:5c:af:9f:3a:f2:79:
         be:dc:45:8d:46:5d:43:41:bb:67:c1:94:2f:5c:73:43:2c:80:
         0c:d0:52:93
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIECcl+QDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NGUxNDI5YTUzZTY0NjNiM2M3NGY1YTNmMTdjNWQ0YTUxZWJkMGI4MB4XDTIyMDEw
MTA2NTQ0M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWUyNjQyZTE0MjIz
ZTg5OGExN2E5MDBiNTFlYjE3NzAxZDVhZjQ0MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOFW4MrzRYOw5kbphN6tViToF7yCjoKms3r89thp81Ybzjiw
RenE0B2ggtcT9dW7oxdWnE63uVHX+jAlQUfLrmXS+fokmT6GAuswH/jtREX1H5J8
ZTtSP7s462VgUGmXINXgSUV+SEJffQFntZmkw9ejW0Z5VWOu39WqdhXSmI6WTkac
MAvhwbS/eZsqUtom6cPYMwPQYgg4M7/T78mVCQepsFblF1nISi86ku5psC+jscwv
rbd8NbJagNn2pduAQLOM4GISeA182UPoSjrNiN8MSoPRuiq9J9bnfAXGpcwO8fRH
L2V/FwAlgs0mPfi1hdHDG9//vCgTSz58B4LVjT0CAwEAAaOCAj4wggI6MB0GA1Ud
DgQWBBTuJkLhQiPomKF6kAtR6xdwHVr0QTAfBgNVHSMEGDAWgBSE4UKaU+ZGOzx0
9aPxfF1KUevQuDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hPRkNtbFBtUmpzOGRQV2o4WHhkU2xIcjBMZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNzJkYmRmLWM3MWQtNGU1OS04MDc2LWM0MWRjY2E4Yjc3NS8x
LzdpWkM0VUlqNkppaGVwQUxVZXNYY0IxYTlFRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NzJkYmRmLWM3MWQtNGU1OS04MDc2LWM0MWRjY2E4Yjc3NS8xL2hPRkNtbFBtUmpz
OGRQV2o4WHhkU2xIcjBMZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBU
BggrBgEFBQcBBwEB/wRFMEMwJAQCAAEwHgMEAi2TYAMEAi2bqAMEAbmd9AMEArnY
GAMEAsGokDAbBAIAAjAVAwUDKgerwAMFAyoJY4ADBQMqC7FAMA0GCSqGSIb3DQEB
CwUAA4IBAQCs+k7ymGrcRBTOyqUD6lqTHuBF2J06ApVn8zXGKg0Hw5yZYXYHPlH0
htKfU0HMMhg92ge/9phVuI8Qm3kSnIqvP79aWKIhd+hYNKI/+Es8jQx0VciyJbsB
4e2qrWL6KwXsjCJ5VLOfd7zes6X2Upz8TTRQRpDnnZNSNKTkSb7N3Yc+t1cUBhar
Q4Zuj3d4RyEAOEjxzoABBq2lmMV5FTWs+V7PY6oxtcxsjrd9VMjom3x/Nr8dI/TR
usUozONlxAM8edjnv4h1CGDE2LOJUMj/067nessBEF5lCY5U1aAcXd2F+v5cr586
8nm+3EWNRl1DQbtnwZQvXHNDLIAM0FKT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:07 2024 by rpki-client on console-ams.rpki-client.org