Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/ukC36LyZbK-i57G_P3I7ArZ2FYY.roa
File:                     ukC36LyZbK-i57G_P3I7ArZ2FYY.roa (raw, json)
Hash identifier:          GAOnMtlDdIJanvxF8tulVK/ho5DOReEkwUvFIyjKX08=
Subject key identifier:   BA:40:B7:E8:BC:99:6C:AF:A2:E7:B1:BF:3F:72:3B:02:B6:76:15:86
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       01852EA6433E4F6090B36C47A344ACA29BA9
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/ukC36LyZbK-i57G_P3I7ArZ2FYY.roa
Signing time:             Tue 20 Dec 2022 08:28:46 +0000
ROA not before:           Tue 20 Dec 2022 08:28:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        185.220.146.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2e:a6:43:3e:4f:60:90:b3:6c:47:a3:44:ac:a2:9b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Dec 20 08:28:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ba40b7e8bc996cafa2e7b1bf3f723b02b6761586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ca:25:1d:50:18:26:5e:96:4e:f2:04:a5:0e:
                    ac:fa:cb:55:ec:47:06:90:a7:aa:09:a3:f7:7f:4e:
                    e8:62:74:f0:5d:65:0c:37:85:fc:02:e6:c1:17:78:
                    5c:36:d3:e9:08:de:4c:bd:f0:f6:f2:e0:d1:9e:bb:
                    d8:32:88:d3:f2:9c:30:2b:e8:44:3e:85:df:10:18:
                    84:53:aa:5e:04:fc:5b:76:94:25:39:e6:61:cb:cf:
                    96:a5:68:7d:6c:6c:9b:4b:00:c0:db:6e:e3:a7:b9:
                    0d:c1:fa:f4:7f:9d:08:07:97:4d:4c:e2:06:55:8d:
                    e8:e4:8b:dc:c4:39:f0:16:82:5f:92:cc:de:64:cd:
                    59:8f:a1:34:f4:c1:64:22:35:53:9e:ac:80:89:29:
                    47:c6:e8:65:5b:4a:9d:47:d0:b1:60:9f:6e:ef:9a:
                    cb:05:0f:7b:d4:fe:47:90:29:4d:5d:72:3f:47:61:
                    fb:4f:fe:47:37:7d:38:3e:dd:41:06:01:e8:00:39:
                    25:a3:62:b1:cf:0b:b4:5e:4f:45:2e:49:c5:d9:de:
                    dc:52:1e:68:c9:cf:4a:21:0a:a3:b5:7f:34:e0:00:
                    a0:fc:26:8b:e8:12:e7:e3:32:97:c7:94:be:a9:83:
                    b8:60:c0:cf:72:d1:c2:26:ea:90:80:1e:df:46:5f:
                    93:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:40:B7:E8:BC:99:6C:AF:A2:E7:B1:BF:3F:72:3B:02:B6:76:15:86
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/ukC36LyZbK-i57G_P3I7ArZ2FYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:cd:f7:9d:27:e7:32:8e:55:74:9b:a1:7b:d5:dc:5f:8f:58:
         fa:eb:6d:9a:37:d4:96:48:8d:bf:82:6c:8a:c6:34:09:50:3f:
         d6:75:f9:03:4b:06:59:05:08:49:3d:b7:6e:cc:34:0d:4f:9c:
         dd:66:60:0d:7b:5a:3a:b7:91:ea:d6:23:f2:00:86:27:65:88:
         dc:d4:ab:86:79:4b:3c:1e:7f:cf:c3:a6:c0:b8:8c:fb:a4:ce:
         e7:3a:ed:fa:c8:f9:cd:ea:76:5e:4a:f8:34:44:a5:91:9d:27:
         bf:68:ca:50:33:7f:44:a3:44:30:34:2a:48:76:8a:a1:59:20:
         e0:18:18:9e:ca:d0:ad:f1:b3:cf:34:1c:8a:4b:dd:a8:04:c0:
         5b:77:a1:34:a1:af:f8:02:47:d0:7c:8e:a9:8b:a8:33:06:86:
         b1:4b:87:50:7c:fc:e8:81:3f:71:ca:24:ab:7f:d3:82:03:f8:
         4c:34:3b:3b:58:d2:3b:0a:45:0f:b3:a1:93:c9:cd:b6:f0:77:
         78:df:08:10:51:7d:d4:33:25:e8:9c:fb:15:e7:89:9f:40:5b:
         51:5b:8b:82:6a:10:c9:1b:49:e3:2c:73:6e:d1:87:52:48:33:
         1a:c6:59:c4:c2:50:17:72:0b:5f:d3:be:e9:c2:d5:9f:6b:36:
         11:25:60:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUupkM+T2CQs2xHo0SsopupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjIxMjIwMDgyODQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTQwYjdlOGJjOTk2Y2FmYTJlN2IxYmYzZjcyM2IwMmI2NzYxNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncolHVAYJl6WTvIEpQ6s+stV7EcG
kKeqCaP3f07oYnTwXWUMN4X8AubBF3hcNtPpCN5MvfD28uDRnrvYMojT8pwwK+hE
PoXfEBiEU6peBPxbdpQlOeZhy8+WpWh9bGybSwDA227jp7kNwfr0f50IB5dNTOIG
VY3o5IvcxDnwFoJfkszeZM1Zj6E09MFkIjVTnqyAiSlHxuhlW0qdR9CxYJ9u75rL
BQ971P5HkClNXXI/R2H7T/5HN304Pt1BBgHoADklo2Kxzwu0Xk9FLknF2d7cUh5o
yc9KIQqjtX804ACg/CaL6BLn4zKXx5S+qYO4YMDPctHCJuqQgB7fRl+TvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpAt+i8mWyvouexvz9yOwK2dhWGMB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvdWtDMzZMeVpiSy1pNTdHX1AzSTdBcloyRllZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudySMA0G
CSqGSIb3DQEBCwUAA4IBAQBbzfedJ+cyjlV0m6F71dxfj1j6622aN9SWSI2/gmyK
xjQJUD/WdfkDSwZZBQhJPbduzDQNT5zdZmANe1o6t5Hq1iPyAIYnZYjc1KuGeUs8
Hn/Pw6bAuIz7pM7nOu36yPnN6nZeSvg0RKWRnSe/aMpQM39Eo0QwNCpIdoqhWSDg
GBieytCt8bPPNByKS92oBMBbd6E0oa/4AkfQfI6pi6gzBoaxS4dQfPzogT9xyiSr
f9OCA/hMNDs7WNI7CkUPs6GTyc228Hd43wgQUX3UMyXonPsV54mfQFtRW4uCahDJ
G0njLHNu0YdSSDMaxlnEwlAXcgtf077pwtWfazYRJWCM
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:58 2024 by rpki-client on console-ams.rpki-client.org