Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/UYKHab5-VsA2vuSiNzPNiBDRxs4.roa
File:                     UYKHab5-VsA2vuSiNzPNiBDRxs4.roa (raw, json)
Hash identifier:          QRGyGN+gxF+PHZgjyqeM8YO3hg1QPaL8PQb+PZn3zUQ=
Subject key identifier:   51:82:87:69:BE:7E:56:C0:36:BE:E4:A2:37:33:CD:88:10:D1:C6:CE
Certificate issuer:       /CN=49378660f5f01923946c35d94be5ccd7d2b71051
Certificate serial:       0182F80969921DF03356A86CC4D5DB204210
Authority key identifier: 49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/UYKHab5-VsA2vuSiNzPNiBDRxs4.roa
Signing time:             Thu 01 Sep 2022 07:52:22 +0000
ROA not before:           Thu 01 Sep 2022 07:52:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203593
IP address blocks:        185.129.253.0/24 maxlen: 24
                          185.129.252.0/24 maxlen: 24
                          185.129.254.0/24 maxlen: 24
                          185.129.255.0/24 maxlen: 24
                          157.97.163.0/24 maxlen: 24
                          213.244.40.0/24 maxlen: 24
                          193.254.202.0/24 maxlen: 24
                          193.254.203.0/24 maxlen: 24
                          2a06:d680::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f8:09:69:92:1d:f0:33:56:a8:6c:c4:d5:db:20:42:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49378660f5f01923946c35d94be5ccd7d2b71051
        Validity
            Not Before: Sep  1 07:52:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=51828769be7e56c036bee4a23733cd8810d1c6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8a:d4:ad:c5:53:77:4c:4d:24:6b:87:5d:aa:
                    57:17:af:99:68:14:4b:6e:09:67:dd:b1:5c:b1:9f:
                    70:28:43:52:60:ba:03:94:22:d5:6e:ed:c9:c0:39:
                    b6:64:7a:4f:d9:45:0d:a3:ad:08:b1:88:87:c3:c3:
                    e0:50:84:7b:45:6d:27:54:02:a2:06:8f:75:37:56:
                    7b:97:3c:27:86:57:57:59:16:e2:f3:32:e9:88:81:
                    ff:c6:8b:9e:c1:85:69:ae:e4:dd:5a:0a:cf:53:82:
                    ef:7c:b6:1e:8d:88:d3:22:b9:91:fb:d1:58:f7:7a:
                    a6:00:31:14:d1:ef:a5:d8:5f:08:7b:88:21:02:03:
                    15:e9:14:9a:3f:f3:a6:c5:1d:80:fd:15:56:01:cf:
                    48:c5:4a:bc:4a:59:40:51:db:8b:26:af:9d:e8:57:
                    94:2b:e5:00:e7:cf:df:61:5e:e4:21:e7:f5:6d:d5:
                    21:b8:e0:3e:e6:aa:b2:65:50:9d:41:09:27:58:a4:
                    7b:e3:63:08:c9:b9:04:2f:0a:77:26:5f:fc:88:6e:
                    9b:31:2a:c2:f0:99:d0:e6:a7:06:d1:fc:32:ea:79:
                    3d:f7:66:7f:a0:fa:63:c6:29:f4:4c:56:64:de:9b:
                    e9:f9:60:55:2e:04:9f:0e:cd:f3:89:34:6f:42:76:
                    c2:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:82:87:69:BE:7E:56:C0:36:BE:E4:A2:37:33:CD:88:10:D1:C6:CE
            X509v3 Authority Key Identifier:
                keyid:49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/UYKHab5-VsA2vuSiNzPNiBDRxs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/STeGYPXwGSOUbDXZS-XM19K3EFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.163.0/24
                  185.129.252.0/22
                  193.254.202.0/23
                  213.244.40.0/24
                IPv6:
                  2a06:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:b0:ea:13:aa:dc:60:8b:4e:9a:89:0d:f5:6a:36:17:df:4d:
         27:61:ea:a2:5e:49:8a:2e:22:91:26:5e:59:5b:56:09:5d:94:
         70:4d:a9:60:40:46:ff:5d:74:be:96:27:16:6b:c9:0e:e2:43:
         5f:3b:1e:83:f4:96:ee:c8:fa:37:99:eb:7f:a8:40:be:d1:72:
         f8:70:a5:b5:87:6d:6d:df:06:6c:6b:6b:56:4f:4c:4c:4e:15:
         a3:74:66:53:b8:bf:19:fd:a2:8f:b0:13:df:b3:87:cd:c4:11:
         c9:95:d3:38:68:a0:fd:06:93:f8:af:70:dc:4a:49:42:15:c2:
         83:19:77:bd:f4:54:84:f9:07:10:ae:0c:9a:9d:26:e8:65:bc:
         12:51:e0:a8:20:5c:a9:6c:2c:9b:c7:76:da:99:8d:93:2a:78:
         d4:a4:7b:e7:93:65:0a:b6:19:2b:2c:43:bb:8d:1d:1a:a5:b3:
         02:32:10:35:b2:3d:03:7d:c3:8e:25:b8:be:2b:e1:a8:97:e6:
         44:e9:d0:9a:a4:2a:03:1b:50:36:2b:8b:9d:99:7a:e0:76:75:
         14:b1:d3:bb:25:08:51:f8:28:ad:d4:35:88:35:b1:50:48:3f:
         bf:cf:61:f8:87:00:c5:9b:0f:e0:8d:d0:44:4e:4e:2e:64:c0:
         f7:61:b7:3c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYL4CWmSHfAzVqhsxNXbIEIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5Mzc4NjYwZjVmMDE5MjM5NDZjMzVkOTRiZTVjY2Q3ZDJi
NzEwNTEwHhcNMjIwOTAxMDc1MjIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTgyODc2OWJlN2U1NmMwMzZiZWU0YTIzNzMzY2Q4ODEwZDFjNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4rUrcVTd0xNJGuHXapXF6+ZaBRL
bgln3bFcsZ9wKENSYLoDlCLVbu3JwDm2ZHpP2UUNo60IsYiHw8PgUIR7RW0nVAKi
Bo91N1Z7lzwnhldXWRbi8zLpiIH/xouewYVpruTdWgrPU4LvfLYejYjTIrmR+9FY
93qmADEU0e+l2F8Ie4ghAgMV6RSaP/OmxR2A/RVWAc9IxUq8SllAUduLJq+d6FeU
K+UA58/fYV7kIef1bdUhuOA+5qqyZVCdQQknWKR742MIybkELwp3Jl/8iG6bMSrC
8JnQ5qcG0fwy6nk992Z/oPpjxin0TFZk3pvp+WBVLgSfDs3ziTRvQnbCBwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFFGCh2m+flbANr7kojczzYgQ0cbOMB8GA1UdIwQY
MBaAFEk3hmD18BkjlGw12UvlzNfStxBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUt
NDFiNzQ1YmY1M2RiLzEvVVlLSGFiNS1Wc0EydnVTaU56UE5pQkRSeHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUtNDFiNzQ1YmY1M2Ri
LzEvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAnWGjAwQC
uYH8AwQBwf7KAwQA1fQoMA0EAgACMAcDBQMqBtaAMA0GCSqGSIb3DQEBCwUAA4IB
AQBWsOoTqtxgi06aiQ31ajYX300nYeqiXkmKLiKRJl5ZW1YJXZRwTalgQEb/XXS+
licWa8kO4kNfOx6D9JbuyPo3met/qEC+0XL4cKW1h21t3wZsa2tWT0xMThWjdGZT
uL8Z/aKPsBPfs4fNxBHJldM4aKD9BpP4r3DcSklCFcKDGXe99FSE+QcQrgyanSbo
ZbwSUeCoIFypbCybx3bamY2TKnjUpHvnk2UKthkrLEO7jR0apbMCMhA1sj0DfcOO
Jbi+K+Gol+ZE6dCapCoDG1A2K4udmXrgdnUUsdO7JQhR+Cit1DWINbFQSD+/z2H4
hwDFmw/gjdBETk4uZMD3Ybc8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:52 2024 by rpki-client on console-fra.rpki-client.org