Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/zoVMtTuGGMH8Y6N4Ck1qXh_JLLU.roa
File:                     zoVMtTuGGMH8Y6N4Ck1qXh_JLLU.roa (raw, json)
Hash identifier:          4sXQhkB5Fsd2h9StoxvsisT62KBmw2wLO9q8H5izyOk=
Subject key identifier:   CE:85:4C:B5:3B:86:18:C1:FC:63:A3:78:0A:4D:6A:5E:1F:C9:2C:B5
Certificate issuer:       /CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Certificate serial:       029565ED
Authority key identifier: 86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/zoVMtTuGGMH8Y6N4Ck1qXh_JLLU.roa
Signing time:             Sat 01 Jan 2022 02:55:33 +0000
ROA not before:           Sat 01 Jan 2022 02:55:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197720
IP address blocks:        31.186.29.0/24 maxlen: 24
                          31.186.2.0/24 maxlen: 24
                          31.186.4.0/24 maxlen: 24
                          31.186.3.0/24 maxlen: 24
                          31.186.7.0/24 maxlen: 24
                          31.186.9.0/24 maxlen: 24
                          31.186.11.0/24 maxlen: 24
                          31.186.10.0/24 maxlen: 24
                          31.186.5.0/24 maxlen: 24
                          31.186.13.0/24 maxlen: 24
                          31.186.12.0/24 maxlen: 24
                          31.186.15.0/24 maxlen: 24
                          31.186.14.0/24 maxlen: 24
                          31.186.16.0/24 maxlen: 24
                          31.186.17.0/24 maxlen: 24
                          31.186.23.0/24 maxlen: 24
                          31.186.18.0/24 maxlen: 24
                          31.186.20.0/24 maxlen: 24
                          31.186.19.0/24 maxlen: 24
                          2a0d:a000:0:1400::/56 maxlen: 56
                          2a0d:a000:0:f00::/56 maxlen: 56
                          2a0d:a000:0:1800::/56 maxlen: 56
                          2a0d:a000:0:b00::/56 maxlen: 56
                          2a0d:a000:0:1500::/56 maxlen: 56
                          2a0d:a000:0:1100::/56 maxlen: 56
                          2a0d:a000:0:1000::/56 maxlen: 56
                          2a0d:a000:0:1900::/56 maxlen: 56
                          2a0d:a000:0:c00::/56 maxlen: 56
                          2a0d:a000:0:1600::/56 maxlen: 56
                          2a0d:a000:0:1200::/56 maxlen: 56
                          2a0d:a000:0:1a00::/56 maxlen: 56
                          2a0d:a000:0:d00::/56 maxlen: 56
                          2a0d:a000:0:a00::/56 maxlen: 56
                          2a0d:a000:0:1300::/56 maxlen: 56
                          2a0d:a000:0:e00::/56 maxlen: 56
                          2a0d:a000:0:1700::/56 maxlen: 56

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 43345389 (0x29565ed)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
        Validity
            Not Before: Jan  1 02:55:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ce854cb53b8618c1fc63a3780a4d6a5e1fc92cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0d:74:e2:4a:40:af:66:ae:24:49:1d:58:95:
                    e6:5b:40:ca:0c:a5:e1:8c:9a:01:33:a2:5e:7a:79:
                    05:b4:24:63:fc:b4:cc:ef:c7:2b:30:c8:e0:ca:f2:
                    dc:ea:ea:c1:69:9a:c8:2d:af:e6:7c:84:2b:f0:b6:
                    d0:42:44:23:3d:45:0c:14:af:8a:ee:82:43:ad:d0:
                    93:e5:38:eb:12:53:10:09:47:b7:44:ef:09:00:3c:
                    fa:c7:c0:a7:45:20:87:8b:06:5e:01:26:d1:5f:9c:
                    91:cc:ec:2f:19:07:53:41:38:51:b3:be:fd:d7:77:
                    b3:5a:52:3b:4c:fd:af:2b:38:21:64:ef:e4:c9:25:
                    59:7e:44:7d:b0:d5:8c:87:e4:6c:23:42:eb:5f:76:
                    97:2d:07:2e:06:a6:67:85:ae:31:68:04:3c:07:36:
                    ba:51:3b:77:a8:26:ed:06:db:f1:c3:e6:c3:03:45:
                    02:2c:9e:dd:38:71:9f:f0:db:f8:fe:47:10:0d:04:
                    c1:a3:bf:44:c6:ff:d5:1c:39:bc:59:52:e1:7b:76:
                    3b:fe:4e:f8:02:e1:b1:fa:c2:0e:35:1f:35:92:9f:
                    fe:75:a9:7d:5b:81:9a:52:56:60:e5:30:da:31:8d:
                    6b:78:71:1c:0e:78:30:7f:a3:a8:e7:ac:e1:f0:5c:
                    50:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:85:4C:B5:3B:86:18:C1:FC:63:A3:78:0A:4D:6A:5E:1F:C9:2C:B5
            X509v3 Authority Key Identifier:
                keyid:86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/zoVMtTuGGMH8Y6N4Ck1qXh_JLLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.2.0-31.186.5.255
                  31.186.7.0/24
                  31.186.9.0-31.186.20.255
                  31.186.23.0/24
                  31.186.29.0/24
                IPv6:
                  2a0d:a000:0:a00::-2a0d:a000:0:1aff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         41:58:a9:c5:4b:4a:fa:dc:01:90:55:dc:91:5f:2d:e5:40:cf:
         ef:24:e5:83:56:53:fe:3d:13:10:57:2d:d7:45:08:5c:5f:a2:
         4c:70:fa:fc:16:9a:88:76:4f:d7:32:52:44:50:64:40:f7:43:
         d0:df:f6:fe:71:c1:4d:62:41:ea:8c:19:68:73:c1:31:e2:d7:
         2c:90:fe:69:39:a7:ee:81:6c:f5:a7:ef:31:e7:15:f0:06:98:
         5c:c3:22:c0:4d:af:db:63:b6:5d:6f:01:47:04:91:7d:8c:2a:
         c3:ba:53:3f:f8:c8:1f:1e:58:45:21:61:98:6b:9b:da:1c:71:
         c2:b2:da:8a:69:6e:4b:cd:86:77:b5:f8:7f:3f:fc:6e:00:68:
         ec:2c:9c:c3:ec:f4:d1:8f:22:49:69:e0:ac:56:2a:fe:17:f0:
         9d:50:9a:79:31:7f:b7:56:b8:c7:2d:bc:5f:58:fc:9b:cd:8b:
         dc:20:18:bc:a6:bd:ef:47:6a:ae:44:ac:d3:e9:0b:28:73:dc:
         92:1d:68:02:ea:9b:67:03:ad:e8:c9:26:79:13:f4:c9:33:86:
         27:e0:55:c5:22:dd:34:45:36:2c:47:2a:e4:86:03:85:3d:99:
         da:7a:79:1a:5a:90:7d:a5:5a:82:ab:d0:e0:ef:27:10:39:19:
         7e:05:bd:b9
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEApVl7TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NmFmMmM3MTY2YmIzNGE2OTZmZGUyZmJhY2VmNDAwMWIwYThlN2UyMB4XDTIyMDEw
MTAyNTUzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2U4NTRjYjUzYjg2
MThjMWZjNjNhMzc4MGE0ZDZhNWUxZmM5MmNiNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALENdOJKQK9mriRJHViV5ltAygyl4YyaATOiXnp5BbQkY/y0
zO/HKzDI4Mry3OrqwWmayC2v5nyEK/C20EJEIz1FDBSviu6CQ63Qk+U46xJTEAlH
t0TvCQA8+sfAp0Ugh4sGXgEm0V+ckczsLxkHU0E4UbO+/dd3s1pSO0z9rys4IWTv
5MklWX5EfbDVjIfkbCNC6192ly0HLgamZ4WuMWgEPAc2ulE7d6gm7Qbb8cPmwwNF
Aiye3Thxn/Db+P5HEA0EwaO/RMb/1Rw5vFlS4Xt2O/5O+ALhsfrCDjUfNZKf/nWp
fVuBmlJWYOUw2jGNa3hxHA54MH+jqOes4fBcUAECAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBTOhUy1O4YYwfxjo3gKTWpeH8kstTAfBgNVHSMEGDAWgBSGryxxZrs0ppb9
4vus70ABsKjn4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hxOHNjV2E3TkthV19lTDdyTzlBQWJDbzUtSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2YvZjhmNjZkLThhNDctNDQzMS1hZjUxLWU0ZjU4NzA0ODA0ZS8x
L3pvVk10VHVHR01IOFk2TjRDazFxWGhfSkxMVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Yv
ZjhmNjZkLThhNDctNDQzMS1hZjUxLWU0ZjU4NzA0ODA0ZS8xL2hxOHNjV2E3Tkth
V19lTDdyTzlBQWJDbzUtSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwNAQCAAEwLjAMAwQBH7oCAwQBH7oEAwQAH7oHMAwD
BAAfugkDBAAfuhQDBAAfuhcDBAAfuh0wHAQCAAIwFjAUAwgBKg2gAAAACgMIACoN
oAAAABowDQYJKoZIhvcNAQELBQADggEBAEFYqcVLSvrcAZBV3JFfLeVAz+8k5YNW
U/49ExBXLddFCFxfokxw+vwWmoh2T9cyUkRQZED3Q9Df9v5xwU1iQeqMGWhzwTHi
1yyQ/mk5p+6BbPWn7zHnFfAGmFzDIsBNr9tjtl1vAUcEkX2MKsO6Uz/4yB8eWEUh
YZhrm9occcKy2oppbkvNhne1+H8//G4AaOwsnMPs9NGPIklp4KxWKv4X8J1Qmnkx
f7dWuMctvF9Y/JvNi9wgGLymve9Haq5ErNPpCyhz3JIdaALqm2cDrejJJnkT9Mkz
hifgVcUi3TRFNixHKuSGA4U9mdp6eRpakH2lWoKr0ODvJxA5GX4Fvbk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:35 2024 by rpki-client on console-fra.rpki-client.org