Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/Kf7r4nLB2t_-1hOkHrkEtT65pmI.roa
File:                     Kf7r4nLB2t_-1hOkHrkEtT65pmI.roa (raw, json)
Hash identifier:          MNJRZo2gZ7GeXn2aU3MXyS2ykYYCoeLWJUJweWkMd2o=
Subject key identifier:   29:FE:EB:E2:72:C1:DA:DF:FE:D6:13:A4:1E:B9:04:B5:3E:B9:A6:62
Certificate issuer:       /CN=056ad2f4ffc5872e35a429e53ef179925ff4215e
Certificate serial:       19B89CC3
Authority key identifier: 05:6A:D2:F4:FF:C5:87:2E:35:A4:29:E5:3E:F1:79:92:5F:F4:21:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWrS9P_Fhy41pCnlPvF5kl_0IV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/Kf7r4nLB2t_-1hOkHrkEtT65pmI.roa
Signing time:             Wed 25 May 2022 01:33:14 +0000
ROA not before:           Wed 25 May 2022 01:33:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5605
IP address blocks:        193.102.227.0/24 maxlen: 24
                          193.101.58.0/24 maxlen: 24
                          195.244.233.0/24 maxlen: 24
                          195.244.232.0/24 maxlen: 24
                          195.244.228.0/24 maxlen: 24
                          195.244.229.0/24 maxlen: 24
                          195.244.240.0/24 maxlen: 24
                          195.244.235.0/24 maxlen: 24
                          195.244.234.0/24 maxlen: 24
                          195.244.236.0/24 maxlen: 24
                          195.244.246.0/24 maxlen: 24
                          195.244.242.0/24 maxlen: 24
                          195.244.241.0/24 maxlen: 24
                          195.244.243.0/24 maxlen: 24
                          195.244.245.0/24 maxlen: 24
                          195.244.244.0/24 maxlen: 24
                          193.98.110.0/24 maxlen: 24
                          195.244.247.0/24 maxlen: 24
                          195.244.254.0/24 maxlen: 24
                          195.244.255.0/24 maxlen: 24
                          2a00:fa8::/32 maxlen: 48
                          2a00:fa8:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 431529155 (0x19b89cc3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=056ad2f4ffc5872e35a429e53ef179925ff4215e
        Validity
            Not Before: May 25 01:33:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=29feebe272c1dadffed613a41eb904b53eb9a662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:05:5d:67:bb:3a:57:0c:fe:b4:e9:25:f1:fb:
                    23:43:48:9a:a2:43:06:7d:74:51:a3:dc:62:da:b0:
                    32:9e:2e:a6:88:c3:3b:bf:1f:ec:5d:2c:b2:7b:35:
                    81:0e:ee:74:f2:ec:60:ef:70:04:2c:ca:cd:5f:aa:
                    f5:6a:ff:bd:91:11:9d:bc:6a:78:69:9d:3f:6b:ef:
                    0a:99:30:98:54:1c:32:81:72:d2:96:e6:3f:67:94:
                    8b:bc:a8:fb:bc:5a:ae:a8:73:0f:87:ea:f2:82:e8:
                    ec:a3:27:21:75:ca:32:da:f1:00:53:8b:92:d0:47:
                    dd:4b:86:88:4d:2c:90:08:74:a6:22:a4:75:88:59:
                    4f:85:27:3f:69:5e:9c:ed:64:da:1b:16:82:65:5c:
                    f2:4a:ad:29:45:11:90:cc:fb:31:b5:28:6a:39:b6:
                    e0:50:ff:e6:6a:85:83:6e:91:04:2c:b7:49:fa:3b:
                    94:0d:80:fd:30:73:f6:b3:1c:61:f7:25:09:4b:b0:
                    e4:0b:58:1c:2a:d2:fb:b6:b1:02:59:71:bc:13:db:
                    7f:46:15:fb:16:b7:90:0e:56:37:3b:90:77:1e:c4:
                    09:48:a6:e6:4f:fb:15:fd:5f:85:f8:a2:68:b3:6d:
                    07:28:10:03:2d:e8:e9:79:9d:af:7f:e0:40:cc:e5:
                    3a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FE:EB:E2:72:C1:DA:DF:FE:D6:13:A4:1E:B9:04:B5:3E:B9:A6:62
            X509v3 Authority Key Identifier:
                keyid:05:6A:D2:F4:FF:C5:87:2E:35:A4:29:E5:3E:F1:79:92:5F:F4:21:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWrS9P_Fhy41pCnlPvF5kl_0IV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/Kf7r4nLB2t_-1hOkHrkEtT65pmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/BWrS9P_Fhy41pCnlPvF5kl_0IV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.98.110.0/24
                  193.101.58.0/24
                  193.102.227.0/24
                  195.244.228.0/23
                  195.244.232.0-195.244.236.255
                  195.244.240.0/21
                  195.244.254.0/23
                IPv6:
                  2a00:fa8::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:23:63:73:4b:30:3c:e1:4b:83:3a:a3:60:88:b8:0a:7d:07:
         8e:10:40:9d:aa:fa:66:9d:6b:e2:17:88:ba:63:44:46:55:b2:
         3b:e2:48:c6:f3:87:68:6c:bf:4a:79:66:f2:a0:a5:8e:cc:47:
         0d:61:c2:d2:ab:26:25:0f:3c:ec:e6:94:af:f7:82:63:53:59:
         5b:93:4d:d9:e4:bc:5b:a9:c0:bc:68:a7:4b:a1:dc:64:f8:04:
         a4:aa:2c:79:36:5f:86:64:16:9c:4b:28:91:4e:bf:93:a8:56:
         08:8e:a4:3a:49:6f:a6:d6:f3:ae:b6:21:c4:12:fe:b8:c1:88:
         07:55:90:f1:79:43:1b:df:51:6a:5f:a4:ff:59:40:49:83:79:
         cc:b6:41:d6:0a:9a:e7:40:fc:8e:4f:74:76:23:7d:bb:db:cd:
         6f:e0:e5:2a:68:5d:b5:09:5c:f5:01:60:a7:94:38:a2:fb:96:
         19:49:b5:33:a9:3e:b6:f1:b6:c4:21:7d:b3:e2:5a:54:e6:5e:
         ad:33:ff:1d:09:ee:92:5d:87:0b:8b:c7:73:19:ac:d8:4f:3f:
         65:1d:22:a0:2a:ea:3f:15:98:0f:8b:a7:50:ed:62:53:5c:92:
         8e:6e:6d:94:05:98:d3:6c:97:97:a0:4d:1a:29:4f:cc:18:44:
         e7:0c:76:66
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIEGbicwzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTZhZDJmNGZmYzU4NzJlMzVhNDI5ZTUzZWYxNzk5MjVmZjQyMTVlMB4XDTIyMDUy
NTAxMzMxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjlmZWViZTI3MmMx
ZGFkZmZlZDYxM2E0MWViOTA0YjUzZWI5YTY2MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO0FXWe7OlcM/rTpJfH7I0NImqJDBn10UaPcYtqwMp4upojD
O78f7F0ssns1gQ7udPLsYO9wBCzKzV+q9Wr/vZERnbxqeGmdP2vvCpkwmFQcMoFy
0pbmP2eUi7yo+7xarqhzD4fq8oLo7KMnIXXKMtrxAFOLktBH3UuGiE0skAh0piKk
dYhZT4UnP2lenO1k2hsWgmVc8kqtKUURkMz7MbUoajm24FD/5mqFg26RBCy3Sfo7
lA2A/TBz9rMcYfclCUuw5AtYHCrS+7axAllxvBPbf0YV+xa3kA5WNzuQdx7ECUim
5k/7Ff1fhfiiaLNtBygQAy3o6Xmdr3/gQMzlOqECAwEAAaOCAkQwggJAMB0GA1Ud
DgQWBBQp/uvicsHa3/7WE6QeuQS1PrmmYjAfBgNVHSMEGDAWgBQFatL0/8WHLjWk
KeU+8XmSX/QhXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JXclM5UF9GaHk0MXBDbmxQdkY1a2xfMElWNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzgvNDMzMGZlLWRiZmMtNDgxZi04ZmQ5LTFlNGZjYjFjNjBjYi8x
L0tmN3I0bkxCMnRfLTFoT2tIcmtFdFQ2NXBtSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgv
NDMzMGZlLWRiZmMtNDgxZi04ZmQ5LTFlNGZjYjFjNjBjYi8xL0JXclM5UF9GaHk0
MXBDbmxQdkY1a2xfMElWNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBa
BggrBgEFBQcBBwEB/wRLMEkwOAQCAAEwMgMEAMFibgMEAMFlOgMEAMFm4wMEAcP0
5DAMAwQDw/ToAwQAw/TsAwQDw/TwAwQBw/T+MA0EAgACMAcDBQAqAA+oMA0GCSqG
SIb3DQEBCwUAA4IBAQAMI2NzSzA84UuDOqNgiLgKfQeOEECdqvpmnWviF4i6Y0RG
VbI74kjG84dobL9KeWbyoKWOzEcNYcLSqyYlDzzs5pSv94JjU1lbk03Z5LxbqcC8
aKdLodxk+ASkqix5Nl+GZBacSyiRTr+TqFYIjqQ6SW+m1vOutiHEEv64wYgHVZDx
eUMb31FqX6T/WUBJg3nMtkHWCprnQPyOT3R2I327281v4OUqaF21CVz1AWCnlDii
+5YZSbUzqT628bbEIX2z4lpU5l6tM/8dCe6SXYcLi8dzGazYTz9lHSKgKuo/FZgP
i6dQ7WJTXJKObm2UBZjTbJeXoE0aKU/MGETnDHZm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:44 2024 by rpki-client on console-ams.rpki-client.org