Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/AZHG-6lQ7zKu-90MvRqeOqaNniQ.roa
File:                     AZHG-6lQ7zKu-90MvRqeOqaNniQ.roa (raw, json)
Hash identifier:          Ao19c6ilIKhFkK27SHNPNBXX8bIy9flEW24yoF7g+BI=
Subject key identifier:   01:91:C6:FB:A9:50:EF:32:AE:FB:DD:0C:BD:1A:9E:3A:A6:8D:9E:24
Certificate issuer:       /CN=cfb75191978866f1fc97f523c7dda40a88f7e777
Certificate serial:       263724
Authority key identifier: CF:B7:51:91:97:88:66:F1:FC:97:F5:23:C7:DD:A4:0A:88:F7:E7:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/AZHG-6lQ7zKu-90MvRqeOqaNniQ.roa
Signing time:             Sun 02 Jan 2022 15:33:22 +0000
ROA not before:           Sun 02 Jan 2022 15:33:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     13150
IP address blocks:        185.114.121.0/24 maxlen: 24
                          185.114.120.0/24 maxlen: 24
                          185.114.123.0/24 maxlen: 24
                          185.114.122.0/24 maxlen: 24
                          209.206.25.0/24 maxlen: 24
                          209.206.29.0/24 maxlen: 24
                          209.206.28.0/24 maxlen: 24
                          209.206.27.0/24 maxlen: 24
                          209.206.26.0/24 maxlen: 24
                          209.206.31.0/24 maxlen: 24
                          85.255.16.0/24 maxlen: 24
                          85.255.17.0/24 maxlen: 24
                          85.255.20.0/24 maxlen: 24
                          85.255.19.0/24 maxlen: 24
                          209.206.1.0/24 maxlen: 24
                          209.206.0.0/24 maxlen: 24
                          209.206.4.0/24 maxlen: 24
                          209.206.3.0/24 maxlen: 24
                          209.206.2.0/24 maxlen: 24
                          209.206.11.0/24 maxlen: 24
                          209.206.10.0/24 maxlen: 24
                          209.206.9.0/24 maxlen: 24
                          209.206.5.0/24 maxlen: 24
                          209.206.8.0/24 maxlen: 24
                          209.206.7.0/24 maxlen: 24
                          209.206.6.0/24 maxlen: 24
                          209.206.12.0/24 maxlen: 24
                          209.206.15.0/24 maxlen: 24
                          209.206.14.0/24 maxlen: 24
                          209.206.13.0/24 maxlen: 24
                          209.206.17.0/24 maxlen: 24
                          209.206.16.0/24 maxlen: 24
                          209.206.24.0/24 maxlen: 24
                          209.206.23.0/24 maxlen: 24
                          209.206.19.0/24 maxlen: 24
                          209.206.18.0/24 maxlen: 24
                          209.206.22.0/24 maxlen: 24
                          209.206.21.0/24 maxlen: 24
                          209.206.20.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2504484 (0x263724)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfb75191978866f1fc97f523c7dda40a88f7e777
        Validity
            Not Before: Jan  2 15:33:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0191c6fba950ef32aefbdd0cbd1a9e3aa68d9e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6d:53:15:5e:d6:3b:73:0a:66:a1:d8:80:38:
                    fd:ab:a2:0f:c6:5d:37:a6:55:2b:19:ad:96:e2:a9:
                    75:f3:2d:1c:2d:34:5b:b5:da:f8:9b:49:2f:1c:a1:
                    b7:d7:8a:3a:62:fe:03:6f:d7:55:37:ba:b6:5a:73:
                    69:fb:24:53:bf:c3:54:b4:c9:49:42:6c:19:cb:75:
                    25:86:01:f9:7f:72:f2:da:f5:64:4e:8d:a7:da:62:
                    65:1b:dd:ba:14:94:33:f0:99:61:25:2b:63:61:48:
                    ba:e5:0e:a0:7b:c7:93:73:20:b9:9e:3c:fc:64:93:
                    2d:00:f9:cf:41:2a:29:42:18:75:72:fc:88:bf:16:
                    97:79:ac:46:3d:5c:0c:27:95:6a:40:03:8d:5b:c2:
                    37:8f:e8:67:7f:57:e3:62:7c:ed:44:45:d5:36:c5:
                    3a:0c:cc:ea:06:21:55:e6:81:ea:d7:89:3a:7e:78:
                    ba:58:cf:e5:b7:ae:3c:9a:63:79:07:55:cc:14:1d:
                    75:43:5a:c8:74:4e:2f:98:85:18:ab:e2:a9:81:0f:
                    23:e0:91:a8:3c:d7:dd:4b:7a:9e:5b:3b:73:6f:83:
                    fd:db:1e:5f:69:67:a9:df:bf:35:c3:8c:41:5b:03:
                    39:5a:8f:2b:71:77:14:4c:55:be:04:14:a6:c7:45:
                    b3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:91:C6:FB:A9:50:EF:32:AE:FB:DD:0C:BD:1A:9E:3A:A6:8D:9E:24
            X509v3 Authority Key Identifier:
                keyid:CF:B7:51:91:97:88:66:F1:FC:97:F5:23:C7:DD:A4:0A:88:F7:E7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/AZHG-6lQ7zKu-90MvRqeOqaNniQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/z7dRkZeIZvH8l_Ujx92kCoj353c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.16.0/23
                  85.255.19.0-85.255.20.255
                  185.114.120.0/22
                  209.206.0.0-209.206.29.255
                  209.206.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5a:a8:b2:61:52:e2:ab:51:f3:2b:b6:01:7d:56:df:64:79:
         98:14:d7:90:61:48:bc:d0:b4:96:11:aa:3c:af:a7:48:c2:13:
         5f:7b:c1:c1:d0:80:c9:07:dc:66:fa:b5:49:f6:3f:2f:5f:e8:
         96:ee:78:bb:07:25:86:13:5d:22:df:17:52:7b:ed:29:94:3b:
         95:b2:af:ba:a9:6e:b4:d1:51:b8:8e:2f:0a:90:78:36:d5:03:
         c8:a2:40:7d:d9:4c:b4:ed:2a:e5:fe:9e:d2:18:57:f6:6c:f3:
         ae:96:1b:7c:fe:79:91:49:f1:47:24:56:77:05:24:7e:d6:07:
         00:74:2c:6c:81:bf:c0:9f:4b:f8:50:37:34:9b:1b:64:83:9c:
         7c:a2:0f:29:76:36:a6:16:95:6d:21:8c:f7:82:43:db:4b:82:
         25:2a:88:6f:93:a8:bb:36:71:fb:1a:64:a5:f9:83:a4:d3:2b:
         9a:0b:38:41:b0:8a:11:1b:2f:df:a6:58:0b:e4:50:5c:cf:e3:
         c2:6b:36:70:65:55:05:bf:de:b9:bc:2d:fc:c8:20:73:d6:c6:
         3c:60:d8:be:28:1b:b5:97:c2:ee:07:9a:6f:f5:1d:e2:13:47:
         cc:1b:02:be:1d:b3:dd:50:c2:10:66:95:8a:d7:45:cb:ae:5e:
         bf:54:f2:bb
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIDJjckMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNm
Yjc1MTkxOTc4ODY2ZjFmYzk3ZjUyM2M3ZGRhNDBhODhmN2U3NzcwHhcNMjIwMTAy
MTUzMzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwMTkxYzZmYmE5NTBl
ZjMyYWVmYmRkMGNiZDFhOWUzYWE2OGQ5ZTI0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqG1TFV7WO3MKZqHYgDj9q6IPxl03plUrGa2W4ql18y0cLTRb
tdr4m0kvHKG314o6Yv4Db9dVN7q2WnNp+yRTv8NUtMlJQmwZy3UlhgH5f3Ly2vVk
To2n2mJlG926FJQz8JlhJStjYUi65Q6ge8eTcyC5njz8ZJMtAPnPQSopQhh1cvyI
vxaXeaxGPVwMJ5VqQAONW8I3j+hnf1fjYnztREXVNsU6DMzqBiFV5oHq14k6fni6
WM/lt648mmN5B1XMFB11Q1rIdE4vmIUYq+KpgQ8j4JGoPNfdS3qeWztzb4P92x5f
aWep3781w4xBWwM5Wo8rcXcUTFW+BBSmx0WzDQIDAQABo4ICMDCCAiwwHQYDVR0O
BBYEFAGRxvupUO8yrvvdDL0anjqmjZ4kMB8GA1UdIwQYMBaAFM+3UZGXiGbx/Jf1
I8fdpAqI9+d3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
ejdkUmtaZUladkg4bF9Vang5MmtDb2ozNTNjLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9iZS9iOTU3NWItYjdjMS00YzVjLTlkYWItYzE5OWM3YjRjYWMyLzEv
QVpIRy02bFE3ekt1LTkwTXZScWVPcWFObmlRLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9i
OTU3NWItYjdjMS00YzVjLTlkYWItYzE5OWM3YjRjYWMyLzEvejdkUmtaZUladkg4
bF9Vang5MmtDb2ozNTNjLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEYG
CCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtAwQBVf8QMAwDBABV/xMDBABV/xQDBAK5
cngwCwMDAdHOAwQB0c4cAwQA0c4fMA0GCSqGSIb3DQEBCwUAA4IBAQAkWqiyYVLi
q1HzK7YBfVbfZHmYFNeQYUi80LSWEao8r6dIwhNfe8HB0IDJB9xm+rVJ9j8vX+iW
7ni7ByWGE10i3xdSe+0plDuVsq+6qW600VG4ji8KkHg21QPIokB92Uy07Srl/p7S
GFf2bPOulht8/nmRSfFHJFZ3BSR+1gcAdCxsgb/An0v4UDc0mxtkg5x8og8pdjam
FpVtIYz3gkPbS4IlKohvk6i7NnH7GmSl+YOk0yuaCzhBsIoRGy/fplgL5FBcz+PC
azZwZVUFv965vC38yCBz1sY8YNi+KBu1l8LuB5pv9R3iE0fMGwK+HbPdUMIQZpWK
10XLrl6/VPK7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:41 2024 by rpki-client on console-ams.rpki-client.org