Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/Rix1BO2tIS2Rq5BMV7ggGTejay0.roa
File:                     Rix1BO2tIS2Rq5BMV7ggGTejay0.roa (raw, json)
Hash identifier:          jwQX+/lmm5cherKvXfN6g3O3/Zspc6dUaYB1/U1rCNA=
Subject key identifier:   46:2C:75:04:ED:AD:21:2D:91:AB:90:4C:57:B8:20:19:37:A3:6B:2D
Certificate issuer:       /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial:       0184E27776335FF11E77B7F5E281BA532936
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/Rix1BO2tIS2Rq5BMV7ggGTejay0.roa
Signing time:             Mon 05 Dec 2022 13:26:30 +0000
ROA not before:           Mon 05 Dec 2022 13:26:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39686
IP address blocks:        144.178.192.0/19 maxlen: 24
                          144.178.224.0/20 maxlen: 24
                          185.184.204.0/22 maxlen: 24
                          144.178.96.0/21 maxlen: 24
                          45.11.164.0/22 maxlen: 24
                          144.178.112.0/22 maxlen: 24
                          144.178.120.0/21 maxlen: 24
                          93.95.248.0/21 maxlen: 24
                          144.178.240.0/21 maxlen: 24
                          89.20.160.0/19 maxlen: 24
                          144.178.64.0/19 maxlen: 24
                          2a01:9bc0::/29 maxlen: 48
                          2a02:fe8::/32 maxlen: 48
                          2a02:fe9::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e2:77:76:33:5f:f1:1e:77:b7:f5:e2:81:ba:53:29:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
        Validity
            Not Before: Dec  5 13:26:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=462c7504edad212d91ab904c57b8201937a36b2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:18:df:e3:26:bd:ce:95:16:8a:c9:47:57:aa:
                    14:0b:1a:1b:ab:39:f4:0e:2c:6d:15:b9:9b:7f:7f:
                    33:fc:26:3e:a8:d7:9f:41:17:c4:26:37:a0:79:5c:
                    8f:02:a4:7a:fd:a0:2b:5e:74:da:e4:33:34:27:7e:
                    d5:05:8e:e8:bd:72:87:1d:22:46:73:84:21:fe:70:
                    b5:ba:8b:4d:b9:c6:59:e9:57:0f:bc:68:88:3c:27:
                    46:10:7e:1d:c3:67:55:df:b3:46:7a:bc:99:de:c6:
                    c1:79:42:8a:76:b4:d1:4b:03:9d:f9:db:37:18:34:
                    5e:34:7d:89:5d:43:77:68:a7:57:00:b6:f8:df:3b:
                    da:5d:ff:af:5b:39:9f:c0:c4:5a:37:78:cd:98:ea:
                    d5:15:ed:66:05:d1:81:9b:71:db:42:2b:c7:cc:3b:
                    e0:77:22:a3:e3:b0:47:0a:6c:ff:0a:01:87:0e:92:
                    b6:fe:7c:f3:d1:9d:37:f2:99:1e:fe:64:3f:65:ab:
                    f2:e8:c5:fc:a3:ab:e5:a6:a4:2e:97:99:16:f7:72:
                    f2:d2:43:ba:22:55:e1:69:7d:de:a0:31:e1:78:71:
                    72:78:54:4a:fb:56:2e:ab:5e:5a:19:51:e6:88:80:
                    66:bb:81:c5:26:22:d6:4f:e4:9d:b9:c7:17:d2:c8:
                    86:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:2C:75:04:ED:AD:21:2D:91:AB:90:4C:57:B8:20:19:37:A3:6B:2D
            X509v3 Authority Key Identifier:
                keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/Rix1BO2tIS2Rq5BMV7ggGTejay0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.164.0/22
                  89.20.160.0/19
                  93.95.248.0/21
                  144.178.64.0-144.178.103.255
                  144.178.112.0/22
                  144.178.120.0/21
                  144.178.192.0-144.178.247.255
                  185.184.204.0/22
                IPv6:
                  2a01:9bc0::/29
                  2a02:fe8::/31

    Signature Algorithm: sha256WithRSAEncryption
         74:e7:c3:c1:fd:99:bf:26:70:50:40:af:6d:1b:20:10:b1:a8:
         b4:64:a1:fa:14:67:c6:50:1e:74:d1:ad:c8:dc:b1:32:a0:fd:
         3e:78:c1:a5:1c:ef:2c:1d:9f:f2:4c:87:07:cb:6a:27:b1:52:
         e4:6b:80:0f:7a:bb:10:ae:a3:4e:a0:4c:f5:44:5a:a2:c4:0f:
         1b:24:36:80:e1:26:88:ff:b4:01:3b:29:58:99:32:51:b4:d3:
         52:26:ef:9f:43:05:ad:b7:68:99:7b:30:79:7d:12:c8:9b:2d:
         13:da:bb:2d:ce:58:25:0e:0a:96:27:84:e2:7c:8b:7a:89:b1:
         98:cc:dd:09:27:0e:31:62:16:cb:6a:a8:fe:8c:82:26:b8:7d:
         ed:ca:f3:33:e0:ae:0f:65:60:ce:90:17:43:4c:f7:78:4a:ad:
         67:27:e6:8d:33:64:f6:6f:81:b0:2f:bd:3e:78:f6:63:d3:60:
         2c:b5:16:56:fe:31:0a:4a:a6:08:c8:34:14:13:a3:7c:8f:92:
         de:a3:61:57:c5:3f:29:ce:7a:c8:b6:86:3a:93:b4:34:1a:27:
         04:9b:ea:65:e9:4a:52:97:f0:4a:51:74:c0:46:48:74:c8:2b:
         53:df:69:e5:3d:18:20:f3:3c:43:5a:2f:9d:c8:c9:34:62:3d:
         22:5c:0d:65
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYTid3YzX/Eed7f14oG6Uyk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjIxMjA1MTMyNjMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjJjNzUwNGVkYWQyMTJkOTFhYjkwNGM1N2I4MjAxOTM3YTM2YjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhjf4ya9zpUWislHV6oUCxobqzn0
DixtFbmbf38z/CY+qNefQRfEJjegeVyPAqR6/aArXnTa5DM0J37VBY7ovXKHHSJG
c4Qh/nC1uotNucZZ6VcPvGiIPCdGEH4dw2dV37NGeryZ3sbBeUKKdrTRSwOd+ds3
GDReNH2JXUN3aKdXALb43zvaXf+vWzmfwMRaN3jNmOrVFe1mBdGBm3HbQivHzDvg
dyKj47BHCmz/CgGHDpK2/nzz0Z038pke/mQ/Zavy6MX8o6vlpqQul5kW93Ly0kO6
IlXhaX3eoDHheHFyeFRK+1Yuq15aGVHmiIBmu4HFJiLWT+SduccX0siG/wIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFEYsdQTtrSEtkauQTFe4IBk3o2stMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEvUml4MUJPMnRJUzJScTVCTVY3Z2dHVGVqYXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBGBAIAATBAAwQCLQukAwQF
WRSgAwQDXV/4MAwDBAaQskADBAOQsmADBAKQsnADBAOQsngwDAMEBpCywAMEA5Cy
8AMEArm4zDAUBAIAAjAOAwUDKgGbwAMFASoCD+gwDQYJKoZIhvcNAQELBQADggEB
AHTnw8H9mb8mcFBAr20bIBCxqLRkofoUZ8ZQHnTRrcjcsTKg/T54waUc7ywdn/JM
hwfLaiexUuRrgA96uxCuo06gTPVEWqLEDxskNoDhJoj/tAE7KViZMlG001Im759D
Ba23aJl7MHl9EsibLRPauy3OWCUOCpYnhOJ8i3qJsZjM3QknDjFiFstqqP6Mgia4
fe3K8zPgrg9lYM6QF0NM93hKrWcn5o0zZPZvgbAvvT549mPTYCy1Flb+MQpKpgjI
NBQTo3yPkt6jYVfFPynOesi2hjqTtDQaJwSb6mXpSlKX8EpRdMBGSHTIK1PfaeU9
GCDzPENaL53IyTRiPSJcDWU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:35 2024 by rpki-client on console-ams.rpki-client.org