Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/7YkqAc87vmIyqjGOF3OXnOL0qog.roa
File:                     7YkqAc87vmIyqjGOF3OXnOL0qog.roa (raw, json)
Hash identifier:          QlUfBwU8eLYntJpPLdgnmD+0doEAGyYRI74cYxvE0lo=
Subject key identifier:   ED:89:2A:01:CF:3B:BE:62:32:AA:31:8E:17:73:97:9C:E2:F4:AA:88
Certificate issuer:       /CN=e61c07c951488f04cb3b0fd338af84d77e46bf52
Certificate serial:       1B862F94
Authority key identifier: E6:1C:07:C9:51:48:8F:04:CB:3B:0F:D3:38:AF:84:D7:7E:46:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hwHyVFIjwTLOw_TOK-E135Gv1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/7YkqAc87vmIyqjGOF3OXnOL0qog.roa
Signing time:             Sat 01 Jan 2022 08:59:59 +0000
ROA not before:           Sat 01 Jan 2022 08:59:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39603
IP address blocks:        94.254.144.0/20 maxlen: 20
                          5.173.192.0/19 maxlen: 19
                          94.254.160.0/19 maxlen: 19
                          5.173.0.0/17 maxlen: 17
                          5.173.128.0/18 maxlen: 18
                          46.112.0.0/16 maxlen: 16
                          109.243.128.0/17 maxlen: 17
                          89.108.192.0/18 maxlen: 18
                          89.108.200.0/21 maxlen: 21
                          94.254.128.0/17 maxlen: 17
                          46.113.0.0/16 maxlen: 16
                          94.254.128.0/20 maxlen: 20
                          89.108.208.0/21 maxlen: 21
                          94.254.192.0/19 maxlen: 19
                          109.243.0.0/16 maxlen: 16
                          94.254.224.0/20 maxlen: 20
                          31.174.0.0/15 maxlen: 15
                          164.126.0.0/15 maxlen: 15
                          2a00:1981::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 461778836 (0x1b862f94)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61c07c951488f04cb3b0fd338af84d77e46bf52
        Validity
            Not Before: Jan  1 08:59:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ed892a01cf3bbe6232aa318e1773979ce2f4aa88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8d:a9:2d:6f:7c:c1:8b:bb:66:72:e4:dd:5a:
                    5c:e7:bd:77:91:e1:fd:ea:a8:d8:61:13:41:c1:c7:
                    d7:82:ca:6f:1a:86:28:5a:26:b8:52:73:09:ce:b4:
                    bd:f6:58:74:e3:8e:f5:4f:3c:af:6f:97:4a:8b:cc:
                    f5:c1:3b:42:40:25:8c:b7:2c:89:22:7d:90:22:9e:
                    6a:17:d7:c2:a6:34:ae:09:20:48:3e:da:f2:3c:05:
                    d0:9d:15:14:1c:74:c5:04:02:26:b7:e4:82:ec:d8:
                    9f:59:2c:52:2b:72:61:10:52:93:eb:22:59:64:3b:
                    92:cf:cd:86:f3:80:d5:07:d2:b7:5f:ca:54:23:02:
                    a4:80:cf:c4:9d:11:fd:ad:30:e5:32:86:13:77:55:
                    21:0f:38:df:ca:90:13:32:28:fd:a8:22:1a:bc:b5:
                    c3:bc:07:61:74:95:d6:a5:7c:03:67:af:c8:18:09:
                    62:fc:82:59:dd:fe:1c:85:c9:57:45:9b:91:54:5e:
                    e5:79:f3:62:12:8d:9d:d8:92:be:26:c2:3e:1d:8a:
                    ec:f5:02:39:89:e8:df:5a:9d:b7:fc:74:17:f4:58:
                    91:08:b2:5b:ab:e0:1b:17:63:4f:e4:25:e5:40:07:
                    69:3b:cf:96:6c:9b:10:f2:4d:e4:41:45:be:1e:a6:
                    b8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:89:2A:01:CF:3B:BE:62:32:AA:31:8E:17:73:97:9C:E2:F4:AA:88
            X509v3 Authority Key Identifier:
                keyid:E6:1C:07:C9:51:48:8F:04:CB:3B:0F:D3:38:AF:84:D7:7E:46:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hwHyVFIjwTLOw_TOK-E135Gv1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/7YkqAc87vmIyqjGOF3OXnOL0qog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/5hwHyVFIjwTLOw_TOK-E135Gv1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.173.0.0-5.173.223.255
                  31.174.0.0/15
                  46.112.0.0/15
                  89.108.192.0/18
                  94.254.128.0/17
                  109.243.0.0/16
                  164.126.0.0/15
                IPv6:
                  2a00:1981::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:76:ff:6c:66:05:86:b8:83:e6:cc:b0:ca:ad:54:56:3e:09:
         6d:52:a6:04:ff:e8:09:c2:c1:72:be:02:8c:a9:1a:e5:6d:f5:
         fb:be:bc:04:0d:f9:22:ca:ca:68:98:e8:ff:6e:1b:6c:91:cd:
         64:c0:3d:71:d9:60:fd:e1:f2:27:37:4f:06:18:fe:4d:62:f7:
         db:7e:fb:fe:99:7a:41:a5:6a:01:da:71:db:3e:43:e2:3d:d9:
         82:da:3a:c3:61:69:aa:2f:21:f7:40:30:4e:1f:8f:f7:8c:14:
         a6:29:7b:f0:08:5e:2e:e9:9c:8e:a1:a3:26:79:78:05:0f:7b:
         40:21:82:4b:16:e8:6f:e0:3a:1a:f8:15:c8:ed:38:46:50:f8:
         c1:63:9e:4a:c3:ee:02:c5:53:99:b8:7b:eb:1d:d7:83:54:a0:
         62:1f:ec:6c:dc:95:5f:90:32:43:9b:cf:59:dc:5a:3e:2d:2a:
         15:98:ae:7d:b5:7c:27:da:29:b8:6c:37:8f:35:98:06:3a:f6:
         48:09:89:47:9d:5a:9b:eb:f1:7a:cf:7e:ab:61:f8:fa:53:25:
         42:84:58:ea:e9:df:34:f2:d9:af:0f:fc:1e:d2:2b:74:ea:dc:
         9a:f1:1d:70:bc:45:da:b2:b6:2d:6c:91:cc:cc:68:4e:62:94:
         04:ba:70:64
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEG4YvlDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
NjFjMDdjOTUxNDg4ZjA0Y2IzYjBmZDMzOGFmODRkNzdlNDZiZjUyMB4XDTIyMDEw
MTA4NTk1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWQ4OTJhMDFjZjNi
YmU2MjMyYWEzMThlMTc3Mzk3OWNlMmY0YWE4ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKKNqS1vfMGLu2Zy5N1aXOe9d5Hh/eqo2GETQcHH14LKbxqG
KFomuFJzCc60vfZYdOOO9U88r2+XSovM9cE7QkAljLcsiSJ9kCKeahfXwqY0rgkg
SD7a8jwF0J0VFBx0xQQCJrfkguzYn1ksUityYRBSk+siWWQ7ks/NhvOA1QfSt1/K
VCMCpIDPxJ0R/a0w5TKGE3dVIQ8438qQEzIo/agiGry1w7wHYXSV1qV8A2evyBgJ
YvyCWd3+HIXJV0WbkVRe5XnzYhKNndiSvibCPh2K7PUCOYno31qdt/x0F/RYkQiy
W6vgGxdjT+Ql5UAHaTvPlmybEPJN5EFFvh6muC0CAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBTtiSoBzzu+YjKqMY4Xc5ec4vSqiDAfBgNVHSMEGDAWgBTmHAfJUUiPBMs7
D9M4r4TXfka/UjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzVod0h5VkZJandUTE93X1RPSy1FMTM1R3YxSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvMmRiYTVjLTlhOTAtNDA1Mi1hMWViLTZhODQ3N2NiNmMyYS8x
LzdZa3FBYzg3dm1JeXFqR09GM09Ybk9MMHFvZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
MmRiYTVjLTlhOTAtNDA1Mi1hMWViLTZhODQ3N2NiNmMyYS8xLzVod0h5VkZJandU
TE93X1RPSy1FMTM1R3YxSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwMwQCAAEwLTALAwMABa0DBAUFrcADAwEfrgMDAS5w
AwQGWWzAAwQHXv6AAwMAbfMDAwGkfjANBAIAAjAHAwUAKgAZgTANBgkqhkiG9w0B
AQsFAAOCAQEAiXb/bGYFhriD5sywyq1UVj4JbVKmBP/oCcLBcr4CjKka5W31+768
BA35IsrKaJjo/24bbJHNZMA9cdlg/eHyJzdPBhj+TWL32377/pl6QaVqAdpx2z5D
4j3Zgto6w2Fpqi8h90AwTh+P94wUpil78AheLumcjqGjJnl4BQ97QCGCSxbob+A6
GvgVyO04RlD4wWOeSsPuAsVTmbh76x3Xg1SgYh/sbNyVX5AyQ5vPWdxaPi0qFZiu
fbV8J9opuGw3jzWYBjr2SAmJR51am+vxes9+q2H4+lMlQoRY6unfNPLZrw/8HtIr
dOrcmvEdcLxF2rK2LWyRzMxoTmKUBLpwZA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:03 2024 by rpki-client on console-ams.rpki-client.org