Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/YgQSqPf-heymrU3mrs8CeV0r1IA.roa
File:                     YgQSqPf-heymrU3mrs8CeV0r1IA.roa (raw, json)
Hash identifier:          RtBWQ2t7Haphg++QP7Eq19S9dC0GlIv0nfasQLETnNY=
Subject key identifier:   62:04:12:A8:F7:FE:85:EC:A6:AD:4D:E6:AE:CF:02:79:5D:2B:D4:80
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       187D35EC
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/YgQSqPf-heymrU3mrs8CeV0r1IA.roa
Signing time:             Sun 30 Jan 2022 14:28:39 +0000
ROA not before:           Sun 30 Jan 2022 14:28:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7489
IP address blocks:        185.133.192.0/24 maxlen: 24
                          185.120.7.0/24 maxlen: 24
                          185.117.22.0/24 maxlen: 24
                          185.122.56.0/24 maxlen: 24
                          185.122.57.0/24 maxlen: 24
                          185.122.58.0/24 maxlen: 32
                          185.122.56.0/22 maxlen: 32
                          185.122.59.0/24 maxlen: 24
                          2a06:8e00::/48 maxlen: 48
                          2a06:8ec0:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 410858988 (0x187d35ec)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan 30 14:28:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=620412a8f7fe85eca6ad4de6aecf02795d2bd480
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d2:43:3f:63:a5:43:9f:d2:35:54:21:58:c7:
                    db:3d:ee:be:cb:f2:5d:e9:e3:41:b2:21:d2:43:f9:
                    9c:f6:c1:c7:cd:a2:7c:22:f2:a4:c6:ac:f1:ac:27:
                    32:13:01:e8:e7:ca:b9:bc:41:f1:23:8c:33:7f:57:
                    54:49:31:72:e7:8d:c5:2c:f4:e4:55:ed:4f:67:74:
                    94:9d:33:8a:8e:13:d9:cd:b4:74:66:8c:f9:fe:84:
                    4f:20:92:e2:8e:65:f2:1a:a8:c1:52:d4:28:19:86:
                    89:f8:8d:20:ce:75:f6:85:bc:c4:4a:52:b4:9f:b9:
                    f2:91:9c:a3:34:c1:a0:b2:15:b4:db:01:04:32:54:
                    82:07:ae:ce:48:22:dc:cc:c2:da:cf:8e:c7:78:18:
                    ab:ff:40:84:6a:5f:dd:71:e0:a9:85:38:7e:da:1b:
                    8b:fa:28:ef:0d:9f:83:01:36:93:f4:12:4b:76:43:
                    08:50:2d:b8:22:ed:dd:d9:55:08:11:83:72:b9:a5:
                    2a:48:c4:15:9d:72:c3:ee:93:1e:8a:c8:fc:31:94:
                    26:f7:2f:88:aa:b7:92:21:61:af:cc:ee:39:eb:a2:
                    3e:ef:c1:5e:1a:5c:ee:de:5a:76:02:7c:44:15:ea:
                    69:46:ae:b1:68:9e:18:99:7d:ff:64:dd:6b:50:7e:
                    66:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:04:12:A8:F7:FE:85:EC:A6:AD:4D:E6:AE:CF:02:79:5D:2B:D4:80
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/YgQSqPf-heymrU3mrs8CeV0r1IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.22.0/24
                  185.120.7.0/24
                  185.122.56.0/22
                  185.133.192.0/24
                IPv6:
                  2a06:8e00::/48
                  2a06:8ec0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:e7:82:c4:fe:cc:e2:a9:71:1e:dd:85:2d:81:83:0d:d7:dc:
         30:59:1d:79:13:29:40:5a:19:c0:fb:c9:b5:6f:98:a9:93:2a:
         ed:4f:02:24:4e:0c:57:5a:15:fd:6c:ce:b5:8f:bf:d8:ed:1a:
         60:b2:04:d8:13:e0:78:6a:ad:ed:5a:fb:c0:3e:21:7e:8c:4f:
         fe:58:c8:9d:a0:2b:b6:0c:15:5c:7e:2b:d5:f0:b1:d6:70:10:
         1d:5e:d9:2f:4e:ed:c7:35:d0:11:1a:f8:12:2b:29:56:16:af:
         8d:ed:00:0b:db:3d:20:b9:7d:61:1f:9e:37:c4:fc:5c:a8:69:
         2b:c4:ef:08:51:83:84:39:3e:4e:91:7a:6d:9b:73:d6:db:84:
         42:a1:08:c4:69:0e:dc:7a:42:e0:98:5c:3e:af:ae:04:58:bd:
         89:45:19:3e:25:44:c0:3c:e2:11:13:f7:f5:43:b2:7f:8f:34:
         50:09:a0:a1:94:ce:ff:94:45:e1:d2:d0:42:fa:f5:9e:d6:5e:
         d2:dd:d2:70:82:fd:65:cd:f8:d7:7c:02:53:1a:60:9c:89:dc:
         e4:b9:16:21:0c:6e:64:6b:ef:b3:78:b3:51:70:3b:72:81:6e:
         bf:89:00:26:0f:0d:88:c3:6b:6d:93:9c:de:c8:2d:17:e3:fa:
         d9:5a:5f:dd
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIEGH017DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEz
MDE0MjgzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjIwNDEyYThmN2Zl
ODVlY2E2YWQ0ZGU2YWVjZjAyNzk1ZDJiZDQ4MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOPSQz9jpUOf0jVUIVjH2z3uvsvyXenjQbIh0kP5nPbBx82i
fCLypMas8awnMhMB6OfKubxB8SOMM39XVEkxcueNxSz05FXtT2d0lJ0zio4T2c20
dGaM+f6ETyCS4o5l8hqowVLUKBmGifiNIM519oW8xEpStJ+58pGcozTBoLIVtNsB
BDJUggeuzkgi3MzC2s+Ox3gYq/9AhGpf3XHgqYU4ftobi/oo7w2fgwE2k/QSS3ZD
CFAtuCLt3dlVCBGDcrmlKkjEFZ1yw+6THorI/DGUJvcviKq3kiFhr8zuOeuiPu/B
Xhpc7t5adgJ8RBXqaUausWieGJl9/2Tda1B+ZlMCAwEAAaOCAjUwggIxMB0GA1Ud
DgQWBBRiBBKo9/6F7KatTeauzwJ5XSvUgDAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L1lnUVNxUGYtaGV5bXJVM21yczhDZVYwcjFJQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBL
BggrBgEFBQcBBwEB/wQ8MDowHgQCAAEwGAMEALl1FgMEALl4BwMEArl6OAMEALmF
wDAYBAIAAjASAwcAKgaOAAAAAwcAKgaOwAADMA0GCSqGSIb3DQEBCwUAA4IBAQBJ
54LE/sziqXEe3YUtgYMN19wwWR15EylAWhnA+8m1b5ipkyrtTwIkTgxXWhX9bM61
j7/Y7RpgsgTYE+B4aq3tWvvAPiF+jE/+WMidoCu2DBVcfivV8LHWcBAdXtkvTu3H
NdARGvgSKylWFq+N7QAL2z0guX1hH543xPxcqGkrxO8IUYOEOT5OkXptm3PW24RC
oQjEaQ7cekLgmFw+r64EWL2JRRk+JUTAPOIRE/f1Q7J/jzRQCaChlM7/lEXh0tBC
+vWe1l7S3dJwgv1lzfjXfAJTGmCcidzkuRYhDG5ka++zeLNRcDtygW6/iQAmDw2I
w2ttk5zeyC0X4/rZWl/d
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:33 2024 by rpki-client on console-ams.rpki-client.org