Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa
File:                     9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa (raw, json)
Hash identifier:          I+52gCcI/Z2DgnSBzV1IUFBoMOSrXt712liFZisveGA=
Subject key identifier:   F6:0D:8F:CB:27:E6:BC:C4:59:C1:D2:EE:2E:30:23:CC:1E:48:C0:C4
Certificate issuer:       /CN=7d2ae80cde5cd769c8f144e6c266113bfaedec3e
Certificate serial:       0E6FB811
Authority key identifier: 7D:2A:E8:0C:DE:5C:D7:69:C8:F1:44:E6:C2:66:11:3B:FA:ED:EC:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fSroDN5c12nI8UTmwmYRO_rt7D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa
Signing time:             Sat 01 Jan 2022 10:59:40 +0000
ROA not before:           Sat 01 Jan 2022 10:59:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205668
IP address blocks:        185.44.128.0/22 maxlen: 24
                          185.200.101.0/24 maxlen: 24
                          185.200.102.0/24 maxlen: 24
                          185.200.103.0/24 maxlen: 24
                          185.200.100.0/24 maxlen: 24
                          185.129.71.0/24 maxlen: 24
                          185.129.68.0/24 maxlen: 24
                          185.129.68.0/22 maxlen: 24
                          185.129.69.0/24 maxlen: 24
                          185.129.70.0/24 maxlen: 24
                          2a0a:aa40::/32 maxlen: 32
                          2a01:74e0::/32 maxlen: 32
                          2a0a:aa42::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 242202641 (0xe6fb811)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d2ae80cde5cd769c8f144e6c266113bfaedec3e
        Validity
            Not Before: Jan  1 10:59:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f60d8fcb27e6bcc459c1d2ee2e3023cc1e48c0c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4f:9d:78:87:bb:78:85:5a:da:49:b4:62:d0:
                    6f:3b:cc:3b:81:52:79:e0:82:b4:73:0f:aa:51:fb:
                    84:9e:54:77:35:15:62:2b:ee:a1:e7:6f:4e:72:79:
                    ad:62:41:aa:3e:d4:a4:cf:5a:6e:2f:da:d3:99:3d:
                    7c:3b:a5:fa:9c:8d:2c:a6:1c:2a:30:95:d5:69:49:
                    95:0d:15:6d:79:08:17:d2:c0:4f:38:7b:b0:22:fd:
                    7b:18:c6:53:6a:da:62:fe:99:80:c8:d5:59:a7:b6:
                    98:ca:d5:e8:a3:4a:43:de:e1:be:8c:29:6f:11:39:
                    10:17:99:89:4d:11:36:57:8f:e8:97:56:24:f6:a6:
                    4f:2b:2f:c1:ad:0d:05:c9:17:69:5c:72:db:4b:4f:
                    17:9c:65:30:85:68:7e:c6:d2:63:09:23:f3:45:3f:
                    e4:1d:b4:e0:eb:37:4a:ca:d4:72:28:9d:0e:da:d7:
                    85:36:45:f9:8d:2c:3a:0b:59:48:c6:ec:d7:01:0e:
                    17:3a:39:8c:74:21:9a:b9:32:5e:b6:67:8a:af:3b:
                    16:a2:5b:80:37:b8:22:eb:69:2c:05:4a:36:ed:b4:
                    ba:28:6e:32:6a:fb:95:6b:61:e0:1c:2d:fb:35:58:
                    3f:cc:a2:0f:09:3a:0f:4f:45:45:bc:26:8b:72:29:
                    56:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:0D:8F:CB:27:E6:BC:C4:59:C1:D2:EE:2E:30:23:CC:1E:48:C0:C4
            X509v3 Authority Key Identifier:
                keyid:7D:2A:E8:0C:DE:5C:D7:69:C8:F1:44:E6:C2:66:11:3B:FA:ED:EC:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fSroDN5c12nI8UTmwmYRO_rt7D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/fSroDN5c12nI8UTmwmYRO_rt7D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.128.0/22
                  185.129.68.0/22
                  185.200.100.0/22
                IPv6:
                  2a01:74e0::/32
                  2a0a:aa40::/32
                  2a0a:aa42::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:0b:b8:d1:cb:e3:2f:c0:08:30:3f:05:ca:61:60:ac:e6:58:
         ef:c9:60:c0:ec:23:3c:fd:ff:2e:69:54:ae:bd:7c:e8:f2:1a:
         e0:a7:e7:eb:43:3c:d7:c2:14:9f:47:e0:3b:57:fa:e0:87:6f:
         76:df:53:a6:3a:bb:72:35:ea:bb:fa:e9:0f:07:11:56:f1:cc:
         ae:bb:04:e2:f3:a1:4e:ed:0d:c9:c1:31:16:8d:0f:2a:77:31:
         2d:61:26:0a:10:df:b0:1c:4c:2e:5f:cb:a2:84:cd:c3:8f:ef:
         23:40:60:2c:90:f5:28:2e:02:ba:da:e6:aa:88:ef:a4:0e:c5:
         d5:d7:3e:e4:4a:b6:71:e4:a7:bd:d5:01:76:6a:33:13:8d:91:
         27:b9:15:31:6c:72:1d:84:57:c8:c1:5d:c7:1b:31:ca:70:d6:
         7b:35:74:ea:1c:59:ee:cb:53:6f:14:cc:2e:7f:30:2b:fc:2f:
         63:16:e7:48:76:b7:1b:c2:8a:4e:aa:70:e0:fe:12:a8:1b:7b:
         ff:d9:85:7a:63:fd:ce:21:33:43:5e:2a:eb:cf:bb:ad:5b:69:
         6e:e7:9d:ec:20:c7:b3:c4:05:94:95:72:9c:e3:9c:14:b9:c3:
         a3:f3:bf:6f:19:8e:bf:a9:62:d3:0a:c5:bb:81:83:9f:41:4b:
         11:12:10:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEDm+4ETANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZDJhZTgwY2RlNWNkNzY5YzhmMTQ0ZTZjMjY2MTEzYmZhZWRlYzNlMB4XDTIyMDEw
MTEwNTk0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjYwZDhmY2IyN2U2
YmNjNDU5YzFkMmVlMmUzMDIzY2MxZTQ4YzBjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKtPnXiHu3iFWtpJtGLQbzvMO4FSeeCCtHMPqlH7hJ5UdzUV
YivuoedvTnJ5rWJBqj7UpM9abi/a05k9fDul+pyNLKYcKjCV1WlJlQ0VbXkIF9LA
Tzh7sCL9exjGU2raYv6ZgMjVWae2mMrV6KNKQ97hvowpbxE5EBeZiU0RNleP6JdW
JPamTysvwa0NBckXaVxy20tPF5xlMIVofsbSYwkj80U/5B204Os3SsrUciidDtrX
hTZF+Y0sOgtZSMbs1wEOFzo5jHQhmrkyXrZniq87FqJbgDe4IutpLAVKNu20uihu
Mmr7lWth4Bwt+zVYP8yiDwk6D09FRbwmi3IpVqkCAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBT2DY/LJ+a8xFnB0u4uMCPMHkjAxDAfBgNVHSMEGDAWgBR9KugM3lzXacjx
RObCZhE7+u3sPjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZTcm9ETjVjMTJuSThVVG13bVlST19ydDdENC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvYTJlYTUxLTg3YTYtNDgxNC05YjgyLTI3OGNiYjBiNGU3My8x
LzlnMlB5eWZtdk1SWndkTHVMakFqekI1SXdNUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUv
YTJlYTUxLTg3YTYtNDgxNC05YjgyLTI3OGNiYjBiNGU3My8xL2ZTcm9ETjVjMTJu
SThVVG13bVlST19ydDdENC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwGAQCAAEwEgMEArksgAMEArmBRAMEArnIZDAbBAIA
AjAVAwUAKgF04AMFACoKqkADBQAqCqpCMA0GCSqGSIb3DQEBCwUAA4IBAQAUC7jR
y+MvwAgwPwXKYWCs5ljvyWDA7CM8/f8uaVSuvXzo8hrgp+frQzzXwhSfR+A7V/rg
h29231OmOrtyNeq7+ukPBxFW8cyuuwTi86FO7Q3JwTEWjQ8qdzEtYSYKEN+wHEwu
X8uihM3Dj+8jQGAskPUoLgK62uaqiO+kDsXV1z7kSrZx5Ke91QF2ajMTjZEnuRUx
bHIdhFfIwV3HGzHKcNZ7NXTqHFnuy1NvFMwufzAr/C9jFudIdrcbwopOqnDg/hKo
G3v/2YV6Y/3OITNDXirrz7utW2lu553sIMezxAWUlXKc45wUucOj879vGY6/qWLT
CsW7gYOfQUsREhD+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:50 2024 by rpki-client on console-ams.rpki-client.org