Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/ovqCBNiu07wzhCIazaj18G0bQlQ.roa
File:                     ovqCBNiu07wzhCIazaj18G0bQlQ.roa (raw, json)
Hash identifier:          3kyGq2wsT01oy/9HLO63DziUDVOjCrYIgwoTW5s0ne4=
Subject key identifier:   A2:FA:82:04:D8:AE:D3:BC:33:84:22:1A:CD:A8:F5:F0:6D:1B:42:54
Certificate issuer:       /CN=543e20bf5f252b1bdbd21dc99d94cd97ea7f0fe6
Certificate serial:       02A6062D
Authority key identifier: 54:3E:20:BF:5F:25:2B:1B:DB:D2:1D:C9:9D:94:CD:97:EA:7F:0F:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VD4gv18lKxvb0h3JnZTNl-p_D-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/ovqCBNiu07wzhCIazaj18G0bQlQ.roa
Signing time:             Fri 25 Mar 2022 08:42:42 +0000
ROA not before:           Fri 25 Mar 2022 08:42:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43872
IP address blocks:        185.253.176.0/22 maxlen: 22
                          185.187.61.0/24 maxlen: 24
                          185.183.20.0/22 maxlen: 22
                          193.247.165.0/24 maxlen: 24
                          193.247.94.0/24 maxlen: 24
                          193.247.103.0/24 maxlen: 24
                          193.247.101.0/24 maxlen: 24
                          193.105.189.0/24 maxlen: 24
                          5.253.252.0/22 maxlen: 22
                          92.118.111.0/24 maxlen: 24
                          2a10:c9c0::/29 maxlen: 29
                          2a10:cac0::/29 maxlen: 29
                          2a0b:180::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 44434989 (0x2a6062d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543e20bf5f252b1bdbd21dc99d94cd97ea7f0fe6
        Validity
            Not Before: Mar 25 08:42:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a2fa8204d8aed3bc3384221acda8f5f06d1b4254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:23:9a:c4:fa:56:44:c6:c5:54:d6:e2:22:9c:
                    87:bb:f5:b7:94:88:a7:cc:d1:63:4d:db:f8:8f:d7:
                    b1:1e:38:a8:9b:9e:4e:bb:72:0a:36:52:dd:b7:08:
                    8b:3b:c2:1c:36:75:12:14:fc:ef:7c:1e:a2:9a:96:
                    a3:7a:b9:e8:9f:c0:69:30:11:85:47:78:19:6b:9c:
                    e4:ec:48:81:e9:9f:55:b2:64:ae:11:14:ff:17:a9:
                    2b:a2:e7:01:2d:f1:35:90:d2:a7:58:8f:a8:50:37:
                    c3:85:10:39:1d:00:f4:95:01:5c:5f:47:78:54:0f:
                    23:27:49:91:c0:02:57:05:35:1b:e9:08:e7:26:5e:
                    d8:c6:fe:15:fe:ff:fd:98:2f:ff:72:70:eb:0e:9c:
                    de:cd:54:fc:d7:e3:a0:31:4d:01:b9:2b:79:45:83:
                    0b:32:5b:43:36:c0:8c:c1:d5:b9:51:63:13:61:7b:
                    3b:75:06:b5:f6:0c:e2:f7:c7:31:a0:cf:58:ac:9e:
                    d2:a5:59:7b:74:c3:d1:2c:c5:ba:72:7e:ca:1a:23:
                    06:1a:66:50:6c:f0:ed:9e:08:d6:60:fd:6a:c9:ee:
                    14:ba:9c:c1:2b:1d:41:c8:9b:51:21:30:9c:c8:17:
                    ea:6b:14:c4:20:f2:b0:d9:81:ba:51:87:65:71:d5:
                    dc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:FA:82:04:D8:AE:D3:BC:33:84:22:1A:CD:A8:F5:F0:6D:1B:42:54
            X509v3 Authority Key Identifier:
                keyid:54:3E:20:BF:5F:25:2B:1B:DB:D2:1D:C9:9D:94:CD:97:EA:7F:0F:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VD4gv18lKxvb0h3JnZTNl-p_D-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/ovqCBNiu07wzhCIazaj18G0bQlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/VD4gv18lKxvb0h3JnZTNl-p_D-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.252.0/22
                  92.118.111.0/24
                  185.183.20.0/22
                  185.187.61.0/24
                  185.253.176.0/22
                  193.105.189.0/24
                  193.247.94.0/24
                  193.247.101.0/24
                  193.247.103.0/24
                  193.247.165.0/24
                IPv6:
                  2a0b:180::/29
                  2a10:c9c0::/29
                  2a10:cac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:88:ea:4e:63:5b:99:bd:30:dc:89:fe:f4:2a:e4:ea:4d:cd:
         73:50:63:79:c3:72:59:80:66:d3:f8:ba:ad:46:07:1e:1a:a8:
         d5:3e:9e:14:1b:43:bf:35:03:4b:37:2f:f0:3c:46:7f:da:52:
         86:e0:20:f5:4a:13:bd:fb:8a:fd:86:39:74:1c:50:30:52:1f:
         d6:7d:b2:af:ce:6b:04:78:e9:e2:d3:dc:26:c2:c3:7a:4e:6d:
         81:d5:01:f9:e0:fc:f1:05:ea:fb:cf:81:79:39:01:ae:a8:ba:
         71:d0:c5:e3:df:79:13:38:a9:7f:59:53:1d:09:7d:fd:0f:1a:
         e8:a3:67:37:d0:94:f3:c9:e3:bc:fa:fa:ca:d4:47:05:94:02:
         44:b9:07:dc:55:c6:63:dc:68:9b:43:ab:4c:d2:aa:88:62:0b:
         ce:32:6c:84:38:e9:2e:53:17:70:94:3c:97:ef:56:ad:6e:54:
         4d:de:09:d3:12:da:c4:2a:33:4c:12:69:e1:b9:53:72:9c:31:
         14:4c:0a:c3:e2:3f:af:e8:6b:3d:6f:e3:f8:8a:67:2e:39:48:
         b7:f1:a0:39:e9:4b:fb:9c:5f:21:58:d7:c8:e8:a2:d9:0d:0d:
         07:e5:62:cb:54:64:4e:81:ec:60:4d:ea:89:83:97:88:32:95:
         61:fe:a1:8c
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgIEAqYGLTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NDNlMjBiZjVmMjUyYjFiZGJkMjFkYzk5ZDk0Y2Q5N2VhN2YwZmU2MB4XDTIyMDMy
NTA4NDI0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTJmYTgyMDRkOGFl
ZDNiYzMzODQyMjFhY2RhOGY1ZjA2ZDFiNDI1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALEjmsT6VkTGxVTW4iKch7v1t5SIp8zRY03b+I/XsR44qJue
TrtyCjZS3bcIizvCHDZ1EhT873weopqWo3q56J/AaTARhUd4GWuc5OxIgemfVbJk
rhEU/xepK6LnAS3xNZDSp1iPqFA3w4UQOR0A9JUBXF9HeFQPIydJkcACVwU1G+kI
5yZe2Mb+Ff7//Zgv/3Jw6w6c3s1U/NfjoDFNAbkreUWDCzJbQzbAjMHVuVFjE2F7
O3UGtfYM4vfHMaDPWKye0qVZe3TD0SzFunJ+yhojBhpmUGzw7Z4I1mD9asnuFLqc
wSsdQcibUSEwnMgX6msUxCDysNmBulGHZXHV3IECAwEAAaOCAlwwggJYMB0GA1Ud
DgQWBBSi+oIE2K7TvDOEIhrNqPXwbRtCVDAfBgNVHSMEGDAWgBRUPiC/XyUrG9vS
HcmdlM2X6n8P5jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZENGd2MThsS3h2YjBoM0puWlRObC1wX0QtWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvNGU4N2E2LTY1MzYtNDU0YS1hNTllLWQ1YWQ5OTZhMWFjOC8x
L292cUNCTml1MDd3emhDSWF6YWoxOEcwYlFsUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
NGU4N2E2LTY1MzYtNDU0YS1hNTllLWQ1YWQ5OTZhMWFjOC8xL1ZENGd2MThsS3h2
YjBoM0puWlRObC1wX0QtWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBy
BggrBgEFBQcBBwEB/wRjMGEwQgQCAAEwPAMEAgX9/AMEAFx2bwMEArm3FAMEALm7
PQMEArn9sAMEAMFpvQMEAMH3XgMEAMH3ZQMEAMH3ZwMEAMH3pTAbBAIAAjAVAwUD
KgsBgAMFAyoQycADBQMqEMrAMA0GCSqGSIb3DQEBCwUAA4IBAQCciOpOY1uZvTDc
if70KuTqTc1zUGN5w3JZgGbT+LqtRgceGqjVPp4UG0O/NQNLNy/wPEZ/2lKG4CD1
ShO9+4r9hjl0HFAwUh/WfbKvzmsEeOni09wmwsN6Tm2B1QH54PzxBer7z4F5OQGu
qLpx0MXj33kTOKl/WVMdCX39Dxroo2c30JTzyeO8+vrK1EcFlAJEuQfcVcZj3Gib
Q6tM0qqIYgvOMmyEOOkuUxdwlDyX71atblRN3gnTEtrEKjNMEmnhuVNynDEUTArD
4j+v6Gs9b+P4imcuOUi38aA56Uv7nF8hWNfI6KLZDQ0H5WLLVGROgexgTeqJg5eI
MpVh/qGM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:06 2024 by rpki-client on console-fra.rpki-client.org