Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/rY5DE6lnZURUZh9MgZPKORCx4SE.roa
File:                     rY5DE6lnZURUZh9MgZPKORCx4SE.roa (raw, json)
Hash identifier:          UDNcbMAf/IPcqqimEIdB7BKZ2BpZ3kL7AzpHR9OfD2I=
Subject key identifier:   AD:8E:43:13:A9:67:65:44:54:66:1F:4C:81:93:CA:39:10:B1:E1:21
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       09548AEA
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/rY5DE6lnZURUZh9MgZPKORCx4SE.roa
Signing time:             Sat 01 Jan 2022 07:57:37 +0000
ROA not before:           Sat 01 Jan 2022 07:57:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49562
IP address blocks:        185.2.172.0/22 maxlen: 22
                          2a02:80c0::/30 maxlen: 30

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 156535530 (0x9548aea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Jan  1 07:57:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ad8e4313a967654454661f4c8193ca3910b1e121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:64:d8:a0:81:42:89:d3:4a:e6:2d:d4:bf:16:
                    6a:32:d7:9f:d4:3f:3c:7c:65:9f:c5:87:ef:ac:f0:
                    2c:a2:e7:8a:2d:96:a6:d0:62:08:11:59:ec:d1:2b:
                    c4:c5:2b:5e:27:8f:bf:e5:38:dc:4b:ea:35:cd:00:
                    0e:54:fa:8f:f4:f4:b3:f3:eb:d8:54:41:88:f9:63:
                    25:35:bc:9c:d0:ce:98:bf:cf:4a:9d:c5:77:82:8c:
                    b2:9e:04:48:07:9e:ad:84:11:e2:8f:ca:ad:9b:dd:
                    9b:29:86:da:bd:ff:ba:77:86:c0:e2:6c:64:4d:6c:
                    e8:82:0e:98:63:4e:ff:e9:82:7c:8d:8a:36:0d:e6:
                    42:ad:d6:dd:38:08:ad:a2:34:3e:6b:8f:4e:98:92:
                    3b:ab:91:43:4f:30:d4:f0:66:30:0a:42:5d:01:6d:
                    e3:e7:31:7b:32:39:9b:7e:79:68:7c:22:d8:9b:c0:
                    09:d8:e9:a9:04:51:96:53:61:4b:c4:de:28:1a:aa:
                    fd:e1:ca:45:40:f0:b1:ce:fe:83:bc:5e:e6:91:4e:
                    2c:1a:74:15:e3:41:15:a2:6c:27:94:fd:ee:4d:52:
                    5e:50:fe:87:8b:56:31:4a:7e:0f:c2:31:98:b3:ce:
                    0d:e6:a2:81:36:b3:2a:6c:6d:97:b3:ec:86:b8:9c:
                    c4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:8E:43:13:A9:67:65:44:54:66:1F:4C:81:93:CA:39:10:B1:E1:21
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/rY5DE6lnZURUZh9MgZPKORCx4SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.172.0/22
                IPv6:
                  2a02:80c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         1c:33:a6:a2:9b:c2:f8:1a:06:51:73:41:92:3a:e6:0c:23:eb:
         5f:5e:80:d9:81:16:f3:eb:b6:e9:26:2c:ba:91:4f:89:cf:dd:
         e1:35:7f:8c:92:75:af:1f:fa:74:8a:7d:74:05:b4:d7:06:bf:
         3f:17:0c:2b:c5:54:90:d3:b1:27:f6:62:62:db:5d:8c:55:42:
         58:08:d7:f0:2b:82:e2:32:b7:fc:65:43:97:2f:cb:19:e3:a9:
         e1:20:a0:d1:2f:10:c4:a6:f8:50:c1:e1:96:94:7b:ee:75:62:
         94:42:96:24:29:83:68:10:04:26:02:bb:d2:73:f0:f1:03:0d:
         27:ce:c3:75:06:7f:14:2b:68:25:91:13:70:11:f9:50:5d:eb:
         71:49:db:de:8b:cc:9a:3c:79:06:fe:77:e9:3b:e9:6d:f3:7a:
         28:bc:90:69:fa:8d:fe:96:01:d5:8a:46:c5:51:1c:45:5a:05:
         65:68:8b:b5:b7:7f:96:dd:33:6e:f0:c6:cb:91:9b:d4:6b:70:
         78:34:78:1a:1e:5e:32:53:7d:42:17:9b:9e:b5:5b:15:aa:3d:
         68:93:c5:62:f8:ba:ee:db:40:db:17:cd:76:d6:ca:7b:c5:d9:
         57:66:9f:45:47:01:22:fa:15:00:e7:e5:d6:bb:e6:5f:94:2a:
         0b:fd:77:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECVSK6jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MWVlZDQwOTEzODNkOWVkNDA1NmQ5ZjRlZmY3ZDI2MjJkZGNlMjA1MB4XDTIyMDEw
MTA3NTczN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWQ4ZTQzMTNhOTY3
NjU0NDU0NjYxZjRjODE5M2NhMzkxMGIxZTEyMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJhk2KCBQonTSuYt1L8WajLXn9Q/PHxln8WH76zwLKLnii2W
ptBiCBFZ7NErxMUrXiePv+U43EvqNc0ADlT6j/T0s/Pr2FRBiPljJTW8nNDOmL/P
Sp3Fd4KMsp4ESAeerYQR4o/KrZvdmymG2r3/uneGwOJsZE1s6IIOmGNO/+mCfI2K
Ng3mQq3W3TgIraI0PmuPTpiSO6uRQ08w1PBmMApCXQFt4+cxezI5m355aHwi2JvA
CdjpqQRRllNhS8TeKBqq/eHKRUDwsc7+g7xe5pFOLBp0FeNBFaJsJ5T97k1SXlD+
h4tWMUp+D8IxmLPODeaigTazKmxtl7PshricxMECAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBStjkMTqWdlRFRmH0yBk8o5ELHhITAfBgNVHSMEGDAWgBSB7tQJE4PZ7UBW
2fTv99JiLdziBTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dlN1VDUk9EMmUxQVZ0bjA3X2ZTWWkzYzRnVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvNGE5Y2M0LTJiOWEtNGVmMi1hMzNhLTg3MmIzNzEwYzJhMS8x
L3JZNURFNmxuWlVSVVpoOU1nWlBLT1JDeDRTRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
NGE5Y2M0LTJiOWEtNGVmMi1hMzNhLTg3MmIzNzEwYzJhMS8xL2dlN1VDUk9EMmUx
QVZ0bjA3X2ZTWWkzYzRnVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArkCrDANBAIAAjAHAwUCKgKAwDAN
BgkqhkiG9w0BAQsFAAOCAQEAHDOmopvC+BoGUXNBkjrmDCPrX16A2YEW8+u26SYs
upFPic/d4TV/jJJ1rx/6dIp9dAW01wa/PxcMK8VUkNOxJ/ZiYttdjFVCWAjX8CuC
4jK3/GVDly/LGeOp4SCg0S8QxKb4UMHhlpR77nVilEKWJCmDaBAEJgK70nPw8QMN
J87DdQZ/FCtoJZETcBH5UF3rcUnb3ovMmjx5Bv536TvpbfN6KLyQafqN/pYB1YpG
xVEcRVoFZWiLtbd/lt0zbvDGy5Gb1GtweDR4Gh5eMlN9QhebnrVbFao9aJPFYvi6
7ttA2xfNdtbKe8XZV2afRUcBIvoVAOfl1rvmX5QqC/13lA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:55 2024 by rpki-client on console-fra.rpki-client.org