Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/ocpfIh58pvQm6MPQYJvM0ghAViY.roa
File:                     ocpfIh58pvQm6MPQYJvM0ghAViY.roa (raw, json)
Hash identifier:          sPjC7b1R2RZlRtMw8yaKYld4ibuZN26QfJI6Q0RFQhE=
Subject key identifier:   A1:CA:5F:22:1E:7C:A6:F4:26:E8:C3:D0:60:9B:CC:D2:08:40:56:26
Certificate issuer:       /CN=c66dc60d16dfe1649d86c1693e17858c2306387f
Certificate serial:       01838311D8B2FABEFE2BEEEEFF84C139434D
Authority key identifier: C6:6D:C6:0D:16:DF:E1:64:9D:86:C1:69:3E:17:85:8C:23:06:38:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm3GDRbf4WSdhsFpPheFjCMGOH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/ocpfIh58pvQm6MPQYJvM0ghAViY.roa
Signing time:             Wed 28 Sep 2022 07:48:48 +0000
ROA not before:           Wed 28 Sep 2022 07:48:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39371
IP address blocks:        45.129.60.0/22 maxlen: 24
                          185.99.204.0/22 maxlen: 24
                          2a0e:44c0::/29 maxlen: 29
                          2a06:1480::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:83:11:d8:b2:fa:be:fe:2b:ee:ee:ff:84:c1:39:43:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66dc60d16dfe1649d86c1693e17858c2306387f
        Validity
            Not Before: Sep 28 07:48:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a1ca5f221e7ca6f426e8c3d0609bccd208405626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:dd:c7:22:cb:0c:70:3b:91:2e:8a:49:a6:1c:
                    e8:71:b1:8f:05:42:e5:f1:a7:89:cf:14:21:e0:f0:
                    2f:65:ed:a8:ef:e4:42:63:99:8c:f7:13:41:d5:47:
                    c1:6a:f3:8a:5a:fc:9a:4e:3e:e5:95:a4:bd:09:9c:
                    af:e8:f5:ca:7e:16:84:4e:18:5f:0d:11:f4:dc:dd:
                    cd:b0:3c:03:ee:69:df:d2:9e:cc:b4:5f:4a:ff:d4:
                    23:15:b9:f2:aa:ae:26:31:f4:b6:f0:b1:c6:b2:f5:
                    37:06:b5:69:8c:19:d2:f3:9f:76:6b:0a:ab:86:37:
                    df:1e:cf:0a:72:0e:52:c8:30:f1:ed:44:58:db:60:
                    9f:bf:e6:86:7e:3b:94:0b:a7:04:73:6f:50:4b:1f:
                    5c:63:2c:51:3c:11:a6:db:07:6d:2e:1e:e4:56:ac:
                    cb:ba:df:72:98:20:20:b4:62:7f:32:d8:c3:e1:42:
                    da:6c:92:b2:7c:84:58:e6:27:37:fd:bb:99:06:df:
                    43:32:71:6e:ec:99:9e:bc:fb:0d:ee:fd:ec:51:8c:
                    26:0b:c5:f9:91:bb:7c:3e:ff:e5:7e:93:5d:7c:b5:
                    44:ce:80:13:02:3e:b8:74:dc:03:72:db:cc:69:e5:
                    c5:93:84:8b:ee:80:a3:4b:75:e8:2b:e0:34:cc:e3:
                    04:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:CA:5F:22:1E:7C:A6:F4:26:E8:C3:D0:60:9B:CC:D2:08:40:56:26
            X509v3 Authority Key Identifier:
                keyid:C6:6D:C6:0D:16:DF:E1:64:9D:86:C1:69:3E:17:85:8C:23:06:38:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm3GDRbf4WSdhsFpPheFjCMGOH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/ocpfIh58pvQm6MPQYJvM0ghAViY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f0e161-a43c-4d31-b65d-d4fed5085392/1/xm3GDRbf4WSdhsFpPheFjCMGOH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.60.0/22
                  185.99.204.0/22
                IPv6:
                  2a06:1480::/29
                  2a0e:44c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:8e:32:31:78:2e:fd:b9:6e:cc:7f:76:ad:7d:5a:d0:d6:fc:
         5d:a2:81:da:1b:68:4a:eb:b6:d0:e0:2e:b3:be:a4:4a:ef:cc:
         06:1c:84:a7:1d:25:a4:ce:7c:46:3f:d7:5e:1d:d6:17:a7:da:
         1c:fa:3c:39:29:7e:c1:c6:53:e9:a7:47:43:88:6b:d5:f0:a1:
         2e:5e:c1:f9:ba:1e:25:8b:27:d5:ce:05:69:c4:fb:b9:cd:58:
         7a:0d:69:4b:cd:1f:41:63:7f:04:06:9d:bc:2b:6d:38:3b:d5:
         51:bf:74:fe:c7:ba:05:e9:b7:73:66:e3:9e:c0:9a:8f:b3:7e:
         91:b1:68:f6:20:d8:40:a0:4b:ef:83:d1:4a:d6:ae:53:97:2d:
         8d:f0:12:b1:cc:74:7b:ed:fb:e3:70:94:9b:ca:0f:de:73:1e:
         30:9e:f7:52:5e:98:f4:b9:26:73:24:cd:07:c0:24:62:49:fe:
         69:bf:7f:f3:5c:9c:dc:61:f4:4d:60:35:be:87:66:dd:cb:1d:
         e5:c5:fa:fa:c5:8f:3b:60:15:32:b6:1a:de:e3:2c:e2:9a:33:
         c1:9b:53:d6:91:85:e4:52:b1:47:b1:e4:06:23:3c:45:7c:50:
         2f:f0:0d:7c:6a:aa:c0:4a:3c:9a:f2:47:38:7b:69:e3:39:1a:
         40:3e:cc:22
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYODEdiy+r7+K+7u/4TBOUNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmRjNjBkMTZkZmUxNjQ5ZDg2YzE2OTNlMTc4NThjMjMw
NjM4N2YwHhcNMjIwOTI4MDc0ODQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWNhNWYyMjFlN2NhNmY0MjZlOGMzZDA2MDliY2NkMjA4NDA1NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd3HIssMcDuRLopJphzocbGPBULl
8aeJzxQh4PAvZe2o7+RCY5mM9xNB1UfBavOKWvyaTj7llaS9CZyv6PXKfhaEThhf
DRH03N3NsDwD7mnf0p7MtF9K/9QjFbnyqq4mMfS28LHGsvU3BrVpjBnS8592awqr
hjffHs8Kcg5SyDDx7URY22Cfv+aGfjuUC6cEc29QSx9cYyxRPBGm2wdtLh7kVqzL
ut9ymCAgtGJ/MtjD4ULabJKyfIRY5ic3/buZBt9DMnFu7JmevPsN7v3sUYwmC8X5
kbt8Pv/lfpNdfLVEzoATAj64dNwDctvMaeXFk4SL7oCjS3XoK+A0zOME/QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFKHKXyIefKb0JujD0GCbzNIIQFYmMB8GA1UdIwQY
MBaAFMZtxg0W3+FknYbBaT4XhYwjBjh/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0zR0RSYmY0V1NkaHNGcFBoZUZqQ01HT0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9mMGUxNjEtYTQzYy00ZDMxLWI2NWQt
ZDRmZWQ1MDg1MzkyLzEvb2NwZkloNThwdlFtNk1QUVlKdk0wZ2hBVmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9mMGUxNjEtYTQzYy00ZDMxLWI2NWQtZDRmZWQ1MDg1Mzky
LzEveG0zR0RSYmY0V1NkaHNGcFBoZUZqQ01HT0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCLYE8AwQC
uWPMMBQEAgACMA4DBQMqBhSAAwUDKg5EwDANBgkqhkiG9w0BAQsFAAOCAQEAXo4y
MXgu/bluzH92rX1a0Nb8XaKB2htoSuu20OAus76kSu/MBhyEpx0lpM58Rj/XXh3W
F6faHPo8OSl+wcZT6adHQ4hr1fChLl7B+boeJYsn1c4FacT7uc1Yeg1pS80fQWN/
BAadvCttODvVUb90/se6Bem3c2bjnsCaj7N+kbFo9iDYQKBL74PRStauU5ctjfAS
scx0e+3743CUm8oP3nMeMJ73Ul6Y9LkmcyTNB8AkYkn+ab9/81yc3GH0TWA1vodm
3csd5cX6+sWPO2AVMrYa3uMs4pozwZtT1pGF5FKxR7HkBiM8RXxQL/ANfGqqwEo8
mvJHOHtp4zkaQD7MIg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:50 2024 by rpki-client on console-ams.rpki-client.org