Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ykAhXPTuE_hi4EtN9y5U40eMEbI.roa
File:                     ykAhXPTuE_hi4EtN9y5U40eMEbI.roa (raw, json)
Hash identifier:          EEBxXOXLR/JxMCAAGNouWPuXGXuUphIbYcRDjxmvq8o=
Subject key identifier:   CA:40:21:5C:F4:EE:13:F8:62:E0:4B:4D:F7:2E:54:E3:47:8C:11:B2
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0184E2AF4AB5EDA4D654E617766BF231885A
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ykAhXPTuE_hi4EtN9y5U40eMEbI.roa
Signing time:             Mon 05 Dec 2022 14:27:29 +0000
ROA not before:           Mon 05 Dec 2022 14:27:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20632
IP address blocks:        109.188.0.0/16 maxlen: 24
                          84.204.230.0/24 maxlen: 24
                          195.16.96.0/19 maxlen: 24
                          84.204.160.0/20 maxlen: 20
                          84.204.176.0/21 maxlen: 21
                          79.171.8.0/21 maxlen: 21
                          84.204.188.0/22 maxlen: 22
                          84.204.192.0/18 maxlen: 18
                          193.201.228.0/22 maxlen: 24
                          217.195.64.0/19 maxlen: 19
                          178.23.144.0/21 maxlen: 24
                          109.124.64.0/18 maxlen: 24
                          213.154.160.0/19 maxlen: 24
                          213.168.32.0/19 maxlen: 24
                          185.3.32.0/22 maxlen: 24
                          84.204.0.0/17 maxlen: 17
                          94.25.128.0/17 maxlen: 24
                          93.153.128.0/17 maxlen: 24
                          86.109.192.0/19 maxlen: 24
                          212.69.96.0/19 maxlen: 24
                          185.210.140.0/22 maxlen: 24
                          212.119.160.0/19 maxlen: 24
                          80.247.176.0/20 maxlen: 20
                          91.193.212.0/22 maxlen: 24
                          84.204.132.0/22 maxlen: 22
                          84.204.138.0/24 maxlen: 24
                          84.204.136.0/24 maxlen: 24
                          84.204.139.0/24 maxlen: 24
                          84.204.140.0/22 maxlen: 22
                          84.204.144.0/20 maxlen: 20
                          195.5.128.0/19 maxlen: 24
                          82.140.64.0/18 maxlen: 18
                          128.204.64.0/18 maxlen: 24
                          82.140.93.0/24 maxlen: 24
                          95.137.0.0/17 maxlen: 24
                          212.14.160.0/19 maxlen: 24
                          195.230.64.0/19 maxlen: 24
                          195.149.111.0/24 maxlen: 24
                          82.196.64.0/19 maxlen: 19
                          81.24.128.0/20 maxlen: 20
                          195.78.116.0/23 maxlen: 24
                          213.172.0.0/19 maxlen: 19
                          188.162.0.0/16 maxlen: 24
                          188.94.168.0/21 maxlen: 24
                          109.74.112.0/20 maxlen: 24
                          195.144.224.0/19 maxlen: 19
                          81.3.128.0/18 maxlen: 18
                          213.243.64.0/18 maxlen: 24
                          213.182.160.0/19 maxlen: 19
                          217.115.80.0/20 maxlen: 24
                          212.44.64.0/19 maxlen: 24
                          46.47.192.0/18 maxlen: 18
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e2:af:4a:b5:ed:a4:d6:54:e6:17:76:6b:f2:31:88:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Dec  5 14:27:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca40215cf4ee13f862e04b4df72e54e3478c11b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f4:77:55:1c:7e:57:86:6e:16:9c:86:ff:0d:
                    6a:7b:c5:f3:d3:11:cf:18:ce:5f:9d:48:12:82:39:
                    af:04:d7:d3:19:ee:55:83:60:2b:fb:6c:77:e8:0b:
                    b6:0d:d1:1a:06:47:32:8a:a6:ae:64:25:b5:62:09:
                    97:c0:33:c3:ab:76:96:57:2b:ac:9e:1d:ec:ce:a4:
                    f1:5b:25:93:84:a9:0d:dd:29:31:21:6e:dd:7f:4b:
                    73:12:52:6f:0d:b8:a2:cd:98:7e:70:78:f3:c5:7f:
                    c1:8f:af:fc:1a:9e:e1:01:45:8b:08:34:a8:c9:52:
                    b8:de:1a:cb:e5:20:dc:11:90:82:9c:e4:d5:88:a9:
                    f6:06:29:6f:c5:16:ff:cc:9d:c8:9a:0c:92:ab:f1:
                    7e:a6:7b:83:b7:e2:5b:cd:60:1b:9c:d4:a9:23:f6:
                    c1:6d:de:a5:e3:8b:c3:3e:0b:6a:a1:f4:3a:40:e4:
                    60:b5:31:61:6f:58:83:d2:db:3b:07:c6:09:66:8c:
                    e9:10:76:fa:2f:d2:8d:a2:9e:39:77:6e:ef:c0:6e:
                    ab:30:b5:d9:9e:79:b2:62:b3:01:5f:eb:1c:84:d5:
                    bf:ae:be:51:f6:0d:ae:ca:e7:45:6a:57:5f:a8:fa:
                    85:cf:85:ae:10:fe:f0:a0:42:f4:6e:35:06:6f:e8:
                    14:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:40:21:5C:F4:EE:13:F8:62:E0:4B:4D:F7:2E:54:E3:47:8C:11:B2
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ykAhXPTuE_hi4EtN9y5U40eMEbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.47.192.0/18
                  79.171.8.0/21
                  80.247.176.0/20
                  81.3.128.0/18
                  81.24.128.0/20
                  82.140.64.0/18
                  82.196.64.0/19
                  84.204.0.0/17
                  84.204.132.0-84.204.136.255
                  84.204.138.0-84.204.183.255
                  84.204.188.0-84.204.255.255
                  86.109.192.0/19
                  91.193.212.0/22
                  93.153.128.0/17
                  94.25.128.0/17
                  95.137.0.0/17
                  109.74.112.0/20
                  109.124.64.0/18
                  109.188.0.0/16
                  128.204.64.0/18
                  178.23.144.0/21
                  185.3.32.0/22
                  185.210.140.0/22
                  188.94.168.0/21
                  188.162.0.0/16
                  193.201.228.0/22
                  195.5.128.0/19
                  195.16.96.0/19
                  195.78.116.0/23
                  195.144.224.0/19
                  195.149.111.0/24
                  195.230.64.0/19
                  212.14.160.0/19
                  212.44.64.0/19
                  212.69.96.0/19
                  212.119.160.0/19
                  213.154.160.0/19
                  213.168.32.0/19
                  213.172.0.0/19
                  213.182.160.0/19
                  213.243.64.0/18
                  217.115.80.0/20
                  217.195.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8f:d6:8c:24:62:6b:c0:71:2a:d0:8c:31:67:e7:4f:4c:81:6b:
         44:e3:c4:d9:46:a2:37:4f:cd:35:ef:7c:ad:ae:39:91:20:64:
         62:53:b0:df:a3:46:c1:a7:c7:93:2b:a0:24:6f:ba:0e:ad:f4:
         1f:28:12:ac:71:e8:82:c5:dd:1e:8a:8c:14:de:79:24:73:5f:
         e2:30:0a:f8:5d:29:f0:68:5a:7b:b2:de:af:48:d1:25:20:0f:
         21:54:c8:97:92:72:0e:f1:e7:a2:d4:fe:1e:8c:de:7d:65:99:
         07:08:55:7c:6c:03:dc:d4:44:77:f5:04:e7:9b:f8:a8:b8:09:
         43:cb:67:f7:c3:cb:ae:b5:21:44:1d:e5:2d:69:dd:b1:e2:7f:
         8e:4c:c8:47:3b:37:1d:c5:21:cf:29:27:ca:fa:b4:03:2e:1f:
         fb:76:f0:0e:0f:16:88:e2:c3:94:31:5e:c9:76:2c:f0:d1:d0:
         3e:23:da:a7:44:6a:05:a6:d9:41:27:df:39:1d:bf:97:9d:49:
         5d:07:b9:c1:5a:5c:05:6d:63:91:06:b3:e1:bc:d3:26:c4:2f:
         37:ba:47:30:8c:59:58:24:78:d7:d1:a2:bb:8a:77:b9:b4:ce:
         fe:6a:f8:12:b4:2b:f2:c1:43:f9:db:9c:29:95:3c:64:2d:00:
         28:35:0a:78
-----BEGIN CERTIFICATE-----
MIIGGDCCBQCgAwIBAgISAYTir0q17aTWVOYXdmvyMYhaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjA1MTQyNzI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQwMjE1Y2Y0ZWUxM2Y4NjJlMDRiNGRmNzJlNTRlMzQ3OGMxMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfR3VRx+V4ZuFpyG/w1qe8Xz0xHP
GM5fnUgSgjmvBNfTGe5Vg2Ar+2x36Au2DdEaBkcyiqauZCW1YgmXwDPDq3aWVyus
nh3szqTxWyWThKkN3SkxIW7df0tzElJvDbiizZh+cHjzxX/Bj6/8Gp7hAUWLCDSo
yVK43hrL5SDcEZCCnOTViKn2BilvxRb/zJ3ImgySq/F+pnuDt+JbzWAbnNSpI/bB
bd6l44vDPgtqofQ6QORgtTFhb1iD0ts7B8YJZozpEHb6L9KNop45d27vwG6rMLXZ
nnmyYrMBX+schNW/rr5R9g2uyudFaldfqPqFz4WuEP7woEL0bjUGb+gUCQIDAQAB
o4IDJDCCAyAwHQYDVR0OBBYEFMpAIVz07hP4YuBLTfcuVONHjBGyMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEveWtBaFhQVHVFX2hpNEV0Tjl5NVU0MGVNRWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOAYIKwYBBQUHAQcBAf8EggEnMIIBIzCCAR8EAgABMIIB
FwMEBi4vwAMEA0+rCAMEBFD3sAMEBlEDgAMEBFEYgAMEBlKMQAMEBVLEQAMEB1TM
ADAMAwQCVMyEAwQAVMyIMAwDBAFUzIoDBANUzLAwCwMEAlTMvAMDAFTMAwQFVm3A
AwQCW8HUAwQHXZmAAwQHXhmAAwQHX4kAAwQEbUpwAwQGbXxAAwMAbbwDBAaAzEAD
BAOyF5ADBAK5AyADBAK50owDBAO8XqgDAwC8ogMEAsHJ5AMEBcMFgAMEBcMQYAME
AcNOdAMEBcOQ4AMEAMOVbwMEBcPmQAMEBdQOoAMEBdQsQAMEBdRFYAMEBdR3oAME
BdWaoAMEBdWoIAMEBdWsAAMEBdW2oAMEBtXzQAMEBNlzUAMEBdnDQDANBgkqhkiG
9w0BAQsFAAOCAQEAj9aMJGJrwHEq0IwxZ+dPTIFrROPE2UaiN0/NNe98ra45kSBk
YlOw36NGwafHkyugJG+6Dq30HygSrHHogsXdHoqMFN55JHNf4jAK+F0p8Ghae7Le
r0jRJSAPIVTIl5JyDvHnotT+HozefWWZBwhVfGwD3NREd/UE55v4qLgJQ8tn98PL
rrUhRB3lLWndseJ/jkzIRzs3HcUhzyknyvq0Ay4f+3bwDg8WiOLDlDFeyXYs8NHQ
PiPap0RqBabZQSffOR2/l51JXQe5wVpcBW1jkQaz4bzTJsQvN7pHMIxZWCR419Gi
u4p3ubTO/mr4ErQr8sFD+ducKZU8ZC0AKDUKeA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:47 2025 by rpki-client