Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/248e6f-b1fb-4da7-97dd-954372965c5e/1/YCM13NdXVhVJBF25vPLwPZlNz78.roa
File:                     YCM13NdXVhVJBF25vPLwPZlNz78.roa (raw, json)
Hash identifier:          97DZAkuHry42j6Fx5oKLAEilNDS1rCLik2vz7s9d9Rc=
Subject key identifier:   60:23:35:DC:D7:57:56:15:49:04:5D:B9:BC:F2:F0:3D:99:4D:CF:BF
Certificate issuer:       /CN=2e2f84f555a666aa0c04a8fbe7dc1910075f5658
Certificate serial:       0DD166F3
Authority key identifier: 2E:2F:84:F5:55:A6:66:AA:0C:04:A8:FB:E7:DC:19:10:07:5F:56:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Li-E9VWmZqoMBKj759wZEAdfVlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/248e6f-b1fb-4da7-97dd-954372965c5e/1/YCM13NdXVhVJBF25vPLwPZlNz78.roa
Signing time:             Sat 01 Jan 2022 16:05:11 +0000
ROA not before:           Sat 01 Jan 2022 16:05:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41090
IP address blocks:        93.95.232.0/21 maxlen: 21
                          185.14.0.0/22 maxlen: 22
                          195.189.64.0/22 maxlen: 22
                          2a00:c000::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 231827187 (0xdd166f3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2f84f555a666aa0c04a8fbe7dc1910075f5658
        Validity
            Not Before: Jan  1 16:05:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=602335dcd757561549045db9bcf2f03d994dcfbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f1:ca:e7:dd:a8:61:f9:de:58:87:52:54:4f:
                    57:f6:69:e2:0b:d6:27:5d:5c:21:88:43:f9:68:5a:
                    c2:dc:e5:c0:19:d8:df:52:53:0a:75:41:7c:07:6f:
                    99:58:07:be:d2:54:84:7f:1e:f1:37:49:7f:4e:c7:
                    90:4d:06:3e:0c:5f:ad:e8:f9:94:5c:c8:dc:28:4f:
                    1a:8e:a0:81:b3:d9:4a:13:0c:92:18:25:25:48:36:
                    85:f7:e0:e6:0b:cc:a1:ba:3a:6d:a0:52:15:b0:2c:
                    40:cf:c6:08:4c:82:09:3f:ea:3d:b5:5c:f2:0a:de:
                    7e:b5:2a:30:e4:a7:96:ba:7a:5c:72:ff:4e:b2:1f:
                    bb:be:5d:a5:05:c2:a0:27:d7:bf:4b:91:be:51:30:
                    5f:90:4c:e9:07:fa:24:63:a4:19:46:af:f6:0b:15:
                    ba:ab:1f:8e:fd:10:c5:32:2d:0b:60:9c:c1:49:ea:
                    cb:ba:43:41:e7:98:c5:79:e9:82:05:e3:a5:ce:52:
                    ee:09:8e:75:ab:66:25:fe:f1:99:e9:14:45:d8:84:
                    55:fd:14:72:6d:2f:23:12:e9:6a:88:0a:26:62:fe:
                    c3:da:bc:74:45:04:70:65:06:b2:b3:c2:ee:5e:16:
                    db:0f:3a:e0:a7:ff:5e:0a:72:74:bb:58:92:fc:b8:
                    f4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:23:35:DC:D7:57:56:15:49:04:5D:B9:BC:F2:F0:3D:99:4D:CF:BF
            X509v3 Authority Key Identifier:
                keyid:2E:2F:84:F5:55:A6:66:AA:0C:04:A8:FB:E7:DC:19:10:07:5F:56:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Li-E9VWmZqoMBKj759wZEAdfVlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/248e6f-b1fb-4da7-97dd-954372965c5e/1/YCM13NdXVhVJBF25vPLwPZlNz78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/248e6f-b1fb-4da7-97dd-954372965c5e/1/Li-E9VWmZqoMBKj759wZEAdfVlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.232.0/21
                  185.14.0.0/22
                  195.189.64.0/22
                IPv6:
                  2a00:c000::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:46:f2:92:50:bf:93:a4:4e:cb:0c:95:5e:4c:7f:09:62:da:
         40:f9:3d:20:ec:88:b8:7a:b4:0b:55:bd:21:70:6c:d3:69:96:
         76:31:f7:31:6a:eb:bd:7b:7c:df:95:2d:73:37:7f:bc:0c:89:
         1a:b8:8e:d5:c7:2a:9f:8a:a6:f8:b5:85:2d:c3:38:9f:36:71:
         ad:93:fd:82:6f:1b:3c:84:90:93:92:c9:b6:5a:0c:5a:46:5e:
         bd:02:41:c3:a4:d1:04:f8:0f:04:d4:03:16:ce:1b:d2:e2:79:
         09:74:ad:3c:85:9a:b6:1b:30:b9:0b:01:d4:2d:16:6c:43:42:
         30:22:69:bf:0a:e2:ab:a4:9f:82:5b:06:cd:d9:25:ef:08:ee:
         29:be:70:9c:8c:e7:bc:48:ee:32:6b:a6:52:90:30:de:21:98:
         cd:c6:e5:13:8e:ee:a3:74:e4:68:b9:65:0d:ec:38:1b:30:51:
         58:a6:95:1b:b4:d9:58:af:75:f6:95:75:0b:d5:c5:3f:59:8d:
         38:e3:5e:ec:c2:e2:a4:f9:99:d7:b3:14:a8:05:2e:27:7b:b7:
         b0:34:15:2c:54:6d:fb:4e:06:0d:a4:c7:25:a7:79:62:dc:c2:
         38:2e:8c:b7:c3:e8:79:9e:22:df:e6:54:f3:ee:5b:3d:c5:87:
         51:c3:52:d6
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEDdFm8zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZTJmODRmNTU1YTY2NmFhMGMwNGE4ZmJlN2RjMTkxMDA3NWY1NjU4MB4XDTIyMDEw
MTE2MDUxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjAyMzM1ZGNkNzU3
NTYxNTQ5MDQ1ZGI5YmNmMmYwM2Q5OTRkY2ZiZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALPxyufdqGH53liHUlRPV/Zp4gvWJ11cIYhD+WhawtzlwBnY
31JTCnVBfAdvmVgHvtJUhH8e8TdJf07HkE0GPgxfrej5lFzI3ChPGo6ggbPZShMM
khglJUg2hffg5gvMobo6baBSFbAsQM/GCEyCCT/qPbVc8grefrUqMOSnlrp6XHL/
TrIfu75dpQXCoCfXv0uRvlEwX5BM6Qf6JGOkGUav9gsVuqsfjv0QxTItC2CcwUnq
y7pDQeeYxXnpggXjpc5S7gmOdatmJf7xmekURdiEVf0Ucm0vIxLpaogKJmL+w9q8
dEUEcGUGsrPC7l4W2w864Kf/XgpydLtYkvy49IcCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBRgIzXc11dWFUkEXbm88vA9mU3PvzAfBgNVHSMEGDAWgBQuL4T1VaZmqgwE
qPvn3BkQB19WWDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xpLUU5VldtWnFvTUJLajc1OXdaRUFkZlZsZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvMjQ4ZTZmLWIxZmItNGRhNy05N2RkLTk1NDM3Mjk2NWM1ZS8x
L1lDTTEzTmRYVmhWSkJGMjV2UEx3UFpsTno3OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
MjQ4ZTZmLWIxZmItNGRhNy05N2RkLTk1NDM3Mjk2NWM1ZS8xL0xpLUU5VldtWnFv
TUJLajc1OXdaRUFkZlZsZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEA11f6AMEArkOAAMEAsO9QDANBAIA
AjAHAwUAKgDAADANBgkqhkiG9w0BAQsFAAOCAQEAW0byklC/k6ROywyVXkx/CWLa
QPk9IOyIuHq0C1W9IXBs02mWdjH3MWrrvXt835Utczd/vAyJGriO1ccqn4qm+LWF
LcM4nzZxrZP9gm8bPISQk5LJtloMWkZevQJBw6TRBPgPBNQDFs4b0uJ5CXStPIWa
thswuQsB1C0WbENCMCJpvwriq6SfglsGzdkl7wjuKb5wnIznvEjuMmumUpAw3iGY
zcblE47uo3TkaLllDew4GzBRWKaVG7TZWK919pV1C9XFP1mNOONe7MLipPmZ17MU
qAUuJ3u3sDQVLFRt+04GDaTHJad5YtzCOC6Mt8PoeZ4i3+ZU8+5bPcWHUcNS1g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:02 2024 by rpki-client on console-ams.rpki-client.org