Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9QMnbHkg-jPJQM0oObf0Ux_66DA.roa
File:                     9QMnbHkg-jPJQM0oObf0Ux_66DA.roa (raw, json)
Hash identifier:          ksh9wbE4GDlilIEGtpkVUCETSnMv6zCGu8SyqXgf1/k=
Subject key identifier:   F5:03:27:6C:79:20:FA:33:C9:40:CD:28:39:B7:F4:53:1F:FA:E8:30
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       19F8501D
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9QMnbHkg-jPJQM0oObf0Ux_66DA.roa
Signing time:             Mon 02 May 2022 10:13:12 +0000
ROA not before:           Mon 02 May 2022 10:13:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21859
IP address blocks:        91.189.186.0/24 maxlen: 32
                          37.10.112.0/24 maxlen: 32
                          185.240.218.0/24 maxlen: 32
                          5.253.137.0/24 maxlen: 32
                          185.171.3.0/24 maxlen: 32
                          79.143.55.0/24 maxlen: 32
                          193.222.103.0/24 maxlen: 32
                          193.149.160.0/24 maxlen: 32
                          185.224.146.0/24 maxlen: 32
                          185.226.73.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 435703837 (0x19f8501d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: May  2 10:13:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f503276c7920fa33c940cd2839b7f4531ffae830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4c:b2:01:54:22:c9:c2:e8:68:1e:a2:29:02:
                    47:93:08:aa:84:b6:f2:78:02:65:a4:8f:1b:aa:12:
                    3c:09:86:9c:11:4b:a8:e6:ef:a4:ce:34:85:d0:1b:
                    ee:cf:af:5d:23:7c:bf:91:50:4b:ac:e3:91:71:61:
                    69:92:85:97:c4:85:77:2c:bb:1a:14:bb:6b:ea:2f:
                    e1:eb:16:2c:ce:97:b2:f5:38:91:9e:ef:0a:38:20:
                    d5:ac:07:2a:33:e9:a6:ec:68:eb:5c:49:97:dd:63:
                    78:89:6d:81:bb:df:82:01:f8:cc:f8:38:23:6b:3e:
                    11:d7:49:ad:2d:95:0e:ba:75:ff:57:0f:61:e8:80:
                    a9:cc:5e:ab:af:32:26:79:02:35:28:02:2e:c6:c4:
                    47:9f:05:22:87:5f:cc:f2:0c:33:c6:f2:7b:09:70:
                    53:a3:ba:2d:08:c0:21:e7:4b:28:41:b9:ce:08:1c:
                    1f:3b:28:4b:ae:4c:60:59:a6:61:2a:a4:43:23:35:
                    87:9f:b0:23:a9:0a:88:83:59:82:88:5a:9b:9a:65:
                    89:82:de:fe:b6:0d:a1:74:41:1d:cd:8d:db:71:08:
                    f1:ae:53:02:d1:b7:cd:67:43:da:d6:48:d5:14:6a:
                    cf:fb:fc:a9:a8:9e:e7:6c:e4:ba:19:a6:ca:7f:8e:
                    28:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:03:27:6C:79:20:FA:33:C9:40:CD:28:39:B7:F4:53:1F:FA:E8:30
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9QMnbHkg-jPJQM0oObf0Ux_66DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.137.0/24
                  37.10.112.0/24
                  79.143.55.0/24
                  91.189.186.0/24
                  185.171.3.0/24
                  185.224.146.0/24
                  185.226.73.0/24
                  185.240.218.0/24
                  193.149.160.0/24
                  193.222.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:1d:5a:9a:c5:f7:4a:4b:7c:1f:46:eb:a8:95:96:50:bb:ba:
         4a:0c:16:d4:75:07:54:67:09:1d:b6:dc:73:8c:58:b6:11:81:
         89:93:8a:3d:55:f5:84:06:b0:6e:27:ae:18:ad:6f:d9:b4:d6:
         d2:8a:56:e8:7f:ff:aa:5a:68:f1:ac:1f:86:c2:ad:02:dd:1c:
         3b:19:89:ed:27:80:ce:17:27:9b:07:3e:85:4d:96:11:1d:f1:
         3a:77:d3:81:69:2a:3a:87:b0:63:49:1b:fb:29:c3:87:d4:dd:
         a7:c5:3f:fe:f1:23:6c:cb:bf:fb:22:a8:06:f0:34:60:21:45:
         8f:fd:2c:ea:47:6e:7b:6d:8f:9f:ef:65:dc:56:c2:9d:fe:ec:
         54:00:a3:50:5c:b5:b0:5c:ac:f6:c4:ca:d8:63:6e:d0:f7:c0:
         0e:05:00:f1:fa:e8:4f:a6:d1:6c:27:c9:9b:0f:8c:78:81:46:
         77:72:59:90:81:6c:cf:29:8c:5c:7a:b3:da:fd:1a:01:fa:fc:
         e7:b3:73:73:a5:4a:9c:35:58:1f:a2:5e:31:5a:9f:de:2b:fa:
         32:7b:8c:15:87:6c:aa:2c:3d:3e:ef:4e:cb:c1:0e:34:c5:2a:
         18:9b:2a:10:28:11:63:06:21:45:54:0d:05:84:46:29:03:ef:
         50:f7:80:98
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEGfhQHTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDUw
MjEwMTMxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjUwMzI3NmM3OTIw
ZmEzM2M5NDBjZDI4MzliN2Y0NTMxZmZhZTgzMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIRMsgFUIsnC6GgeoikCR5MIqoS28ngCZaSPG6oSPAmGnBFL
qObvpM40hdAb7s+vXSN8v5FQS6zjkXFhaZKFl8SFdyy7GhS7a+ov4esWLM6XsvU4
kZ7vCjgg1awHKjPppuxo61xJl91jeIltgbvfggH4zPg4I2s+EddJrS2VDrp1/1cP
YeiAqcxeq68yJnkCNSgCLsbER58FIodfzPIMM8byewlwU6O6LQjAIedLKEG5zggc
HzsoS65MYFmmYSqkQyM1h5+wI6kKiINZgoham5pliYLe/rYNoXRBHc2N23EI8a5T
AtG3zWdD2tZI1RRqz/v8qaie52zkuhmmyn+OKDMCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBT1AydseSD6M8lAzSg5t/RTH/roMDAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
LzlRTW5iSGtnLWpQSlFNMG9PYmYwVXhfNjZEQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAAX9iQMEACUKcAMEAE+PNwMEAFu9
ugMEALmrAwMEALngkgMEALniSQMEALnw2gMEAMGVoAMEAMHeZzANBgkqhkiG9w0B
AQsFAAOCAQEAOB1amsX3Skt8H0brqJWWULu6SgwW1HUHVGcJHbbcc4xYthGBiZOK
PVX1hAawbieuGK1v2bTW0opW6H//qlpo8awfhsKtAt0cOxmJ7SeAzhcnmwc+hU2W
ER3xOnfTgWkqOoewY0kb+ynDh9Tdp8U//vEjbMu/+yKoBvA0YCFFj/0s6kdue22P
n+9l3FbCnf7sVACjUFy1sFys9sTK2GNu0PfADgUA8froT6bRbCfJmw+MeIFGd3JZ
kIFszymMXHqz2v0aAfr857Nzc6VKnDVYH6JeMVqf3iv6MnuMFYdsqiw9Pu9Oy8EO
NMUqGJsqECgRYwYhRVQNBYRGKQPvUPeAmA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:32 2024 by rpki-client on console-ams.rpki-client.org