Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/E6ZlHbXWk3Q2l-wg6FkVkSKGB64.roa
File:                     E6ZlHbXWk3Q2l-wg6FkVkSKGB64.roa (raw, json)
Hash identifier:          O/1Oo7PaLeG8yhqzcDlMBMOJRzTV+TLYifNa6DZl8Hw=
Subject key identifier:   13:A6:65:1D:B5:D6:93:74:36:97:EC:20:E8:59:15:91:22:86:07:AE
Certificate issuer:       /CN=09e5518e68467b4290c3509268b6d6d664962c86
Certificate serial:       02E13AA8
Authority key identifier: 09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/E6ZlHbXWk3Q2l-wg6FkVkSKGB64.roa
Signing time:             Thu 30 Jun 2022 09:37:28 +0000
ROA not before:           Thu 30 Jun 2022 09:37:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31515
IP address blocks:        161.30.33.0/24 maxlen: 24
                          161.30.40.0/23 maxlen: 23
                          161.30.5.0/24 maxlen: 24
                          161.30.12.0/22 maxlen: 22
                          161.30.16.0/22 maxlen: 22
                          161.30.237.0/24 maxlen: 24
                          161.30.22.0/23 maxlen: 23
                          161.30.238.0/24 maxlen: 24
                          161.30.236.0/22 maxlen: 24
                          2a11:ae00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 48315048 (0x2e13aa8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e5518e68467b4290c3509268b6d6d664962c86
        Validity
            Not Before: Jun 30 09:37:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=13a6651db5d693743697ec20e8591591228607ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:55:69:44:c5:cf:51:33:5b:98:ac:de:89:69:
                    75:aa:80:b6:83:bd:9b:29:f3:90:45:d5:52:0d:2c:
                    0f:fa:54:f8:a2:5f:63:04:b7:9a:d6:f8:72:85:1a:
                    80:33:bc:00:7a:79:24:fb:89:ff:1b:43:87:ce:46:
                    c6:06:95:a4:47:69:e0:a9:fd:40:13:2e:d4:22:8c:
                    f8:cb:97:d6:85:a8:1a:33:0e:e7:53:00:53:7d:3b:
                    cb:52:eb:d7:f7:54:fe:db:48:27:9d:6c:f5:ca:89:
                    78:e3:1c:b1:bb:1f:03:7c:5b:11:bb:d0:68:a8:ea:
                    8c:dc:3f:51:06:9a:d9:d1:a1:22:1e:26:bb:5d:a4:
                    83:5f:f8:4f:89:b4:20:52:be:38:1a:51:99:5b:14:
                    42:e4:02:17:41:a6:d1:17:1e:53:3d:6b:d4:36:5b:
                    80:c0:e9:aa:5a:40:d0:e4:db:9a:24:fe:ca:34:4b:
                    fb:cb:86:e7:40:f3:67:eb:be:6c:6e:21:03:eb:b7:
                    0f:23:5f:02:87:b6:5c:61:5e:b3:a5:f9:28:52:4f:
                    dd:5c:fb:fe:63:41:28:3e:51:f1:b6:d1:83:15:b0:
                    c7:61:62:b4:df:e7:35:bd:b5:64:0d:e2:1a:14:d7:
                    cc:93:05:75:de:a7:cd:7a:4b:2f:d2:b7:6b:d9:6f:
                    e1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:A6:65:1D:B5:D6:93:74:36:97:EC:20:E8:59:15:91:22:86:07:AE
            X509v3 Authority Key Identifier:
                keyid:09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/E6ZlHbXWk3Q2l-wg6FkVkSKGB64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.30.5.0/24
                  161.30.12.0-161.30.19.255
                  161.30.22.0/23
                  161.30.33.0/24
                  161.30.40.0/23
                  161.30.236.0/22
                IPv6:
                  2a11:ae00::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:7e:c0:4b:d0:a4:3c:12:cf:53:29:a8:3a:d5:ea:42:74:d9:
         68:89:59:af:be:f1:38:f6:d8:b7:8c:b7:19:67:13:1b:98:9d:
         09:f6:24:5f:42:bc:88:a5:2a:ea:54:31:1d:8c:0b:5c:28:34:
         94:24:ec:48:86:9d:8f:33:e9:a1:60:6e:12:a9:79:95:76:79:
         ba:c0:8d:ac:7e:14:ad:39:f6:bb:8f:1b:c9:b5:d8:67:9e:c1:
         72:6f:27:2c:b2:1f:f2:24:43:84:88:39:2a:0d:88:89:d8:b5:
         85:f5:ab:9e:f4:20:7e:59:46:a1:82:7e:12:e9:b1:24:59:b7:
         8a:d5:b4:39:b7:c6:ff:2f:1d:14:e5:ab:e4:e3:80:2b:ba:ec:
         be:74:1a:98:75:57:fa:1e:47:1a:94:cc:f5:6e:c9:65:a9:ad:
         05:7d:ea:34:76:24:7f:4a:bd:c1:21:a8:a5:e0:96:9a:01:82:
         be:4d:73:69:1e:ac:bf:02:18:81:86:44:9d:61:d9:17:55:62:
         70:0f:f5:ef:df:15:dd:b5:33:f2:63:9a:05:f2:d1:aa:13:68:
         f0:f7:e6:47:a0:2c:66:8b:1a:fa:d1:2b:6c:af:8e:6a:81:3f:
         a0:6d:92:b5:c8:d8:91:af:76:af:eb:fb:c9:9b:11:f5:5d:d6:
         2f:47:36:14
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIEAuE6qDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
OWU1NTE4ZTY4NDY3YjQyOTBjMzUwOTI2OGI2ZDZkNjY0OTYyYzg2MB4XDTIyMDYz
MDA5MzcyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTNhNjY1MWRiNWQ2
OTM3NDM2OTdlYzIwZTg1OTE1OTEyMjg2MDdhZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJRVaUTFz1EzW5is3olpdaqAtoO9mynzkEXVUg0sD/pU+KJf
YwS3mtb4coUagDO8AHp5JPuJ/xtDh85GxgaVpEdp4Kn9QBMu1CKM+MuX1oWoGjMO
51MAU307y1Lr1/dU/ttIJ51s9cqJeOMcsbsfA3xbEbvQaKjqjNw/UQaa2dGhIh4m
u12kg1/4T4m0IFK+OBpRmVsUQuQCF0Gm0RceUz1r1DZbgMDpqlpA0OTbmiT+yjRL
+8uG50DzZ+u+bG4hA+u3DyNfAoe2XGFes6X5KFJP3Vz7/mNBKD5R8bbRgxWwx2Fi
tN/nNb21ZA3iGhTXzJMFdd6nzXpLL9K3a9lv4TMCAwEAAaOCAj4wggI6MB0GA1Ud
DgQWBBQTpmUdtdaTdDaX7CDoWRWRIoYHrjAfBgNVHSMEGDAWgBQJ5VGOaEZ7QpDD
UJJottbWZJYshjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NlVlJqbWhHZTBLUXcxQ1NhTGJXMW1TV0xJWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGQvMzAyODJjLTNjODItNDczMC1iOTVlLWU3NDU5NDg5ODNlZC8x
L0U2WmxIYlhXazNRMmwtd2c2RmtWa1NLR0I2NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGQv
MzAyODJjLTNjODItNDczMC1iOTVlLWU3NDU5NDg5ODNlZC8xL0NlVlJqbWhHZTBL
UXcxQ1NhTGJXMW1TV0xJWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBU
BggrBgEFBQcBBwEB/wRFMEMwMgQCAAEwLAMEAKEeBTAMAwQCoR4MAwQCoR4QAwQB
oR4WAwQAoR4hAwQBoR4oAwQCoR7sMA0EAgACMAcDBQAqEa4AMA0GCSqGSIb3DQEB
CwUAA4IBAQASfsBL0KQ8Es9TKag61epCdNloiVmvvvE49ti3jLcZZxMbmJ0J9iRf
QryIpSrqVDEdjAtcKDSUJOxIhp2PM+mhYG4SqXmVdnm6wI2sfhStOfa7jxvJtdhn
nsFybycssh/yJEOEiDkqDYiJ2LWF9aue9CB+WUahgn4S6bEkWbeK1bQ5t8b/Lx0U
5avk44Aruuy+dBqYdVf6HkcalMz1bsllqa0Ffeo0diR/Sr3BIail4JaaAYK+TXNp
Hqy/AhiBhkSdYdkXVWJwD/Xv3xXdtTPyY5oF8tGqE2jw9+ZHoCxmixr60Stsr45q
gT+gbZK1yNiRr3av6/vJmxH1XdYvRzYU
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:53 2024 by rpki-client on console-ams.rpki-client.org