Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1GU43WrPWGThQa3rq2VRWTva9IU.roa
File:                     1GU43WrPWGThQa3rq2VRWTva9IU.roa (raw, json)
Hash identifier:          sxx4VupDarqyvPf8klE3P7qwsOSWv6+QpIaWV2AY+XY=
Subject key identifier:   D4:65:38:DD:6A:CF:58:64:E1:41:AD:EB:AB:65:51:59:3B:DA:F4:85
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0D32C0D8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1GU43WrPWGThQa3rq2VRWTva9IU.roa
Signing time:             Tue 08 Feb 2022 10:02:01 +0000
ROA not before:           Tue 08 Feb 2022 10:02:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206092
IP address blocks:        45.130.83.0/24 maxlen: 24
                          203.26.81.0/24 maxlen: 24
                          185.192.71.0/24 maxlen: 24
                          188.212.135.0/24 maxlen: 24
                          89.47.15.0/24 maxlen: 24
                          193.19.109.0/24 maxlen: 24
                          45.135.186.0/24 maxlen: 24
                          45.135.187.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 221429976 (0xd32c0d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb  8 10:02:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d46538dd6acf5864e141adebab6551593bdaf485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:19:6b:a1:dc:56:f1:8e:4f:98:d1:c7:2f:31:
                    c3:ae:89:f9:0f:11:99:44:84:6c:8f:96:8a:96:85:
                    2e:08:5c:1c:a1:4a:c2:5f:76:91:28:20:d8:90:b9:
                    35:0b:0a:cc:18:30:99:a9:6a:5d:72:d1:39:16:46:
                    bb:6f:e2:68:0a:ee:62:3a:2c:63:0b:33:75:7c:18:
                    07:db:63:ef:59:f2:88:55:46:15:8c:9f:ad:99:c5:
                    80:78:9b:3c:65:d0:ec:0a:5c:e9:ba:12:d0:37:4c:
                    32:b2:61:ae:a3:89:a4:f3:81:7f:1f:c0:30:33:9d:
                    61:7e:17:dc:0a:94:b4:7f:4d:2a:f7:31:e8:64:bf:
                    83:40:51:f9:d0:fe:ca:09:39:41:93:41:6f:6c:b2:
                    c1:44:11:0f:3d:0b:e1:39:de:ba:01:d1:43:82:f6:
                    21:d8:36:a2:64:3a:56:84:a8:37:27:f4:33:2a:8e:
                    a9:25:f9:b3:f0:7d:4e:64:ae:63:dd:2b:ad:64:d7:
                    ba:d9:d2:0e:53:50:83:1f:4c:65:fc:a8:78:84:1e:
                    ce:db:94:97:7f:ec:8a:63:71:e1:3c:33:6e:36:0b:
                    87:46:f4:72:67:d0:83:66:c5:7c:9c:fd:d6:39:34:
                    07:ac:55:fc:2f:55:20:d1:18:a8:cb:ee:1d:11:e2:
                    46:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:65:38:DD:6A:CF:58:64:E1:41:AD:EB:AB:65:51:59:3B:DA:F4:85
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1GU43WrPWGThQa3rq2VRWTva9IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.83.0/24
                  45.135.186.0/23
                  89.47.15.0/24
                  185.192.71.0/24
                  188.212.135.0/24
                  193.19.109.0/24
                  203.26.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:b4:65:3f:1b:27:e7:e2:0a:17:1e:a4:87:91:d4:31:2b:3c:
         04:6a:91:2a:bf:84:13:30:ea:83:02:26:75:d1:3e:28:d6:e2:
         ea:37:21:d4:4c:7d:d9:d0:e3:a7:a6:9f:73:94:2d:1b:fd:9a:
         dc:e5:13:fc:88:e5:48:23:15:88:05:d0:a1:b2:09:ba:f7:8e:
         ea:61:40:ae:17:17:d5:9a:5f:d2:d0:18:ec:81:82:e1:6e:a4:
         60:83:3c:f8:46:68:e4:76:7e:93:3e:44:af:ad:c3:17:13:e2:
         91:9d:2f:bb:52:93:1e:74:2c:3d:a8:54:76:1c:ec:7b:cd:e6:
         71:0d:12:b4:b0:f1:45:e7:55:24:c6:12:59:ec:00:b3:a4:68:
         25:6b:70:c9:60:f7:b8:1b:02:29:9a:7e:cb:70:04:9e:0a:35:
         6b:e6:79:3b:0d:cf:e2:07:ca:29:58:b8:50:2d:3f:54:af:7d:
         a4:24:48:19:0f:95:98:e6:fa:5e:0a:fc:69:72:69:29:82:87:
         1e:cd:8c:b7:25:6e:81:ee:62:39:6d:58:9e:63:d7:22:38:3b:
         71:fc:c1:5c:4c:5f:f3:e6:db:d1:1c:57:a2:0e:e1:ca:a6:15:
         f6:28:af:9a:c2:38:09:d2:c2:9e:6c:5d:af:e0:b6:a6:9a:c0:
         c2:4a:4b:bc
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEDTLA2DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDIw
ODEwMDIwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDQ2NTM4ZGQ2YWNm
NTg2NGUxNDFhZGViYWI2NTUxNTkzYmRhZjQ4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALkZa6HcVvGOT5jRxy8xw66J+Q8RmUSEbI+WipaFLghcHKFK
wl92kSgg2JC5NQsKzBgwmalqXXLRORZGu2/iaAruYjosYwszdXwYB9tj71nyiFVG
FYyfrZnFgHibPGXQ7Apc6boS0DdMMrJhrqOJpPOBfx/AMDOdYX4X3AqUtH9NKvcx
6GS/g0BR+dD+ygk5QZNBb2yywUQRDz0L4TneugHRQ4L2Idg2omQ6VoSoNyf0MyqO
qSX5s/B9TmSuY90rrWTXutnSDlNQgx9MZfyoeIQeztuUl3/simNx4TwzbjYLh0b0
cmfQg2bFfJz91jk0B6xV/C9VINEYqMvuHRHiRi8CAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBTUZTjdas9YZOFBreurZVFZO9r0hTAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
LzFHVTQzV3JQV0dUaFFhM3JxMlZSV1R2YTlJVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAC2CUwMEAS2HugMEAFkvDwMEALnA
RwMEALzUhwMEAMETbQMEAMsaUTANBgkqhkiG9w0BAQsFAAOCAQEAebRlPxsn5+IK
Fx6kh5HUMSs8BGqRKr+EEzDqgwImddE+KNbi6jch1Ex92dDjp6afc5QtG/2a3OUT
/IjlSCMViAXQobIJuveO6mFArhcX1Zpf0tAY7IGC4W6kYIM8+EZo5HZ+kz5Er63D
FxPikZ0vu1KTHnQsPahUdhzse83mcQ0StLDxRedVJMYSWewAs6RoJWtwyWD3uBsC
KZp+y3AEngo1a+Z5Ow3P4gfKKVi4UC0/VK99pCRIGQ+VmOb6Xgr8aXJpKYKHHs2M
tyVuge5iOW1YnmPXIjg7cfzBXExf8+bb0RxXog7hyqYV9iivmsI4CdLCnmxdr+C2
pprAwkpLvA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org