Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/CpTwyQ-Ytize-BZl2wUYmLliU2k.roa
File:                     CpTwyQ-Ytize-BZl2wUYmLliU2k.roa (raw, json)
Hash identifier:          ajDKGh3RslwiiSp2Z/OJuOXdzLQSnIKdY/fvTLZP0W4=
Subject key identifier:   0A:94:F0:C9:0F:98:B6:2C:DE:F8:16:65:DB:05:18:98:B9:62:53:69
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       07FC954B
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/CpTwyQ-Ytize-BZl2wUYmLliU2k.roa
Signing time:             Sat 01 Jan 2022 03:02:08 +0000
ROA not before:           Sat 01 Jan 2022 03:02:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202492
IP address blocks:        178.253.0.0/21 maxlen: 21
                          83.147.196.0/22 maxlen: 22
                          83.147.195.0/24 maxlen: 24
                          94.241.188.0/22 maxlen: 22
                          94.241.144.0/21 maxlen: 21
                          83.147.200.0/22 maxlen: 22
                          178.253.17.0/24 maxlen: 24
                          83.147.204.0/22 maxlen: 22
                          178.253.20.0/23 maxlen: 23
                          83.147.208.0/24 maxlen: 24
                          178.253.24.0/23 maxlen: 23
                          83.147.209.0/24 maxlen: 24
                          178.253.30.0/24 maxlen: 24
                          83.147.218.0/23 maxlen: 23
                          83.147.220.0/23 maxlen: 23
                          83.147.224.0/22 maxlen: 22
                          83.147.228.0/22 maxlen: 22
                          83.147.236.0/22 maxlen: 22
                          178.253.54.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 133993803 (0x7fc954b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  1 03:02:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a94f0c90f98b62cdef81665db051898b9625369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:78:da:9a:14:d9:1a:c9:eb:cd:5e:b0:5e:34:
                    5b:f1:e5:05:d9:8f:8e:e0:58:f9:00:22:eb:cd:f9:
                    f4:cc:fe:3f:6a:65:d1:db:9b:00:56:fa:0a:de:f8:
                    8b:f9:4d:c7:62:96:63:12:1b:b2:3a:57:15:c2:86:
                    38:9b:67:e5:d7:4a:1d:c2:7d:be:de:0f:8d:b5:45:
                    0b:bc:d7:32:ab:14:86:b3:79:f1:89:d4:cb:ea:15:
                    10:a2:18:4c:30:38:63:ef:06:80:5d:5c:7f:34:0e:
                    88:85:e7:f9:e6:6c:5a:17:f4:f9:1b:4e:6e:90:38:
                    8e:ab:99:9e:b3:65:89:24:ae:22:2d:65:57:28:25:
                    f3:ef:06:3b:3e:01:48:85:99:c2:89:1b:c3:1c:ef:
                    bc:21:58:d7:b5:79:d0:7a:cf:d2:ce:ca:75:ad:cc:
                    93:5b:6e:6d:5d:55:51:04:75:c5:9e:45:90:b4:53:
                    96:ff:33:e2:20:8c:ef:73:d5:20:e9:10:bd:4e:f9:
                    90:8e:c5:7b:2b:54:12:6a:a9:ce:11:d2:89:49:e0:
                    53:e0:30:07:8c:e7:04:53:7c:94:c0:ce:1f:5a:61:
                    bc:2a:c1:20:47:af:fa:44:86:28:41:e5:1b:fd:41:
                    18:22:bd:72:25:67:71:18:0d:28:ba:5a:b2:f6:51:
                    6d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:94:F0:C9:0F:98:B6:2C:DE:F8:16:65:DB:05:18:98:B9:62:53:69
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/CpTwyQ-Ytize-BZl2wUYmLliU2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.195.0-83.147.209.255
                  83.147.218.0-83.147.221.255
                  83.147.224.0/21
                  83.147.236.0/22
                  94.241.144.0/21
                  94.241.188.0/22
                  178.253.0.0/21
                  178.253.17.0/24
                  178.253.20.0/23
                  178.253.24.0/23
                  178.253.30.0/24
                  178.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d1:37:76:f9:6e:cd:26:ac:11:52:86:33:24:4a:da:1d:cb:
         ee:96:7f:9b:c0:72:f1:fe:4d:14:4a:fc:70:3b:e2:d8:0d:61:
         29:46:96:89:54:8a:48:1a:4a:49:da:f6:d2:52:6d:9e:c4:a1:
         b8:34:8d:93:86:22:2c:4e:6c:36:98:2c:e7:8d:73:05:cc:c4:
         16:05:ca:49:46:4a:e2:73:a8:b3:32:99:9b:54:63:4f:42:9c:
         d6:ba:30:97:4d:e8:04:87:be:dd:df:87:22:be:24:6e:74:08:
         2b:35:56:7d:4a:d3:17:f8:c7:5b:63:24:d8:7d:a5:a0:1f:73:
         19:10:07:a9:7d:dd:eb:34:83:97:8d:3b:df:a6:7f:25:49:d9:
         34:9d:10:d1:71:bc:2b:06:17:6c:0c:af:7f:5b:c2:50:5b:e1:
         6f:c3:73:27:33:39:d2:f0:60:4f:08:bb:5e:81:34:f9:5b:17:
         22:52:4b:dd:4e:79:f6:25:95:85:1e:8e:b6:b8:1b:10:de:99:
         8a:48:3b:4b:3f:58:e8:7f:c5:3c:f3:db:0b:3e:f3:f6:96:95:
         e6:f8:af:27:b7:fb:ac:ae:b3:3f:ea:9b:92:c4:68:5f:f9:b3:
         79:22:fa:a2:09:b6:af:7b:bb:24:89:ec:89:37:8f:f4:2a:88:
         15:48:67:b7
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIEB/yVSzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Mjc3OGRlMmE5YmU5ODAyMTIwMzgyZTc1MGQxNTllOTU4NzJjMmFlMB4XDTIyMDEw
MTAzMDIwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGE5NGYwYzkwZjk4
YjYyY2RlZjgxNjY1ZGIwNTE4OThiOTYyNTM2OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMt42poU2RrJ681esF40W/HlBdmPjuBY+QAi68359Mz+P2pl
0dubAFb6Ct74i/lNx2KWYxIbsjpXFcKGOJtn5ddKHcJ9vt4PjbVFC7zXMqsUhrN5
8YnUy+oVEKIYTDA4Y+8GgF1cfzQOiIXn+eZsWhf0+RtObpA4jquZnrNliSSuIi1l
Vygl8+8GOz4BSIWZwokbwxzvvCFY17V50HrP0s7Kda3Mk1tubV1VUQR1xZ5FkLRT
lv8z4iCM73PVIOkQvU75kI7FeytUEmqpzhHSiUngU+AwB4znBFN8lMDOH1phvCrB
IEev+kSGKEHlG/1BGCK9ciVncRgNKLpasvZRbSMCAwEAAaOCAlswggJXMB0GA1Ud
DgQWBBQKlPDJD5i2LN74FmXbBRiYuWJTaTAfBgNVHSMEGDAWgBTCd43iqb6YAhID
gudQ0VnpWHLCrjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3duZU40cW0tbUFJU0E0TG5VTkZaNlZoeXdxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvNDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8x
L0NwVHd5US1ZdGl6ZS1CWmwyd1VZbUxsaVUyay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
NDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8xL3duZU40cW0tbUFJ
U0E0TG5VTkZaNlZoeXdxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBx
BggrBgEFBQcBBwEB/wRiMGAwXgQCAAEwWDAMAwQAU5PDAwQBU5PQMAwDBAFTk9oD
BAFTk9wDBANTk+ADBAJTk+wDBANe8ZADBAJe8bwDBAOy/QADBACy/REDBAGy/RQD
BAGy/RgDBACy/R4DBACy/TYwDQYJKoZIhvcNAQELBQADggEBAEjRN3b5bs0mrBFS
hjMkStody+6Wf5vAcvH+TRRK/HA74tgNYSlGlolUikgaSkna9tJSbZ7Eobg0jZOG
IixObDaYLOeNcwXMxBYFyklGSuJzqLMymZtUY09CnNa6MJdN6ASHvt3fhyK+JG50
CCs1Vn1K0xf4x1tjJNh9paAfcxkQB6l93es0g5eNO9+mfyVJ2TSdENFxvCsGF2wM
r39bwlBb4W/DcyczOdLwYE8Iu16BNPlbFyJSS91OefYllYUejra4GxDemYpIO0s/
WOh/xTzz2ws+8/aWleb4rye3+6yusz/qm5LEaF/5s3ki+qIJtq97uySJ7Ik3j/Qq
iBVIZ7c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:09 2024 by rpki-client on console-fra.rpki-client.org