Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/8BHrgHKr3rK2nA029K9NJ79qT3s.roa
File:                     8BHrgHKr3rK2nA029K9NJ79qT3s.roa (raw, json)
Hash identifier:          vjz22/h/nxTvE7khKI95XJ4Sv7CyPAjdRk+atttAK2g=
Subject key identifier:   F0:11:EB:80:72:AB:DE:B2:B6:9C:0D:36:F4:AF:4D:27:BF:6A:4F:7B
Certificate issuer:       /CN=5b78c511a62c2e5b94f0693df6af947e5de210c0
Certificate serial:       0182D46F8B4258CAFCF1F60F9ACF26B5BD1E
Authority key identifier: 5B:78:C5:11:A6:2C:2E:5B:94:F0:69:3D:F6:AF:94:7E:5D:E2:10:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W3jFEaYsLluU8Gk99q-Ufl3iEMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/8BHrgHKr3rK2nA029K9NJ79qT3s.roa
Signing time:             Thu 25 Aug 2022 09:57:36 +0000
ROA not before:           Thu 25 Aug 2022 09:57:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212773
IP address blocks:        185.160.156.0/22 maxlen: 22
                          2a07:be80::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:d4:6f:8b:42:58:ca:fc:f1:f6:0f:9a:cf:26:b5:bd:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b78c511a62c2e5b94f0693df6af947e5de210c0
        Validity
            Not Before: Aug 25 09:57:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f011eb8072abdeb2b69c0d36f4af4d27bf6a4f7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:02:44:1f:ef:75:06:c2:b2:40:0a:2b:5c:d0:
                    b1:12:af:62:2f:27:4b:eb:1b:7b:d5:74:4e:3a:27:
                    c1:a8:33:b7:3b:f2:d4:4c:4f:32:ce:e6:90:38:83:
                    46:6d:72:18:11:99:ca:1d:5d:14:5b:e4:ac:9a:73:
                    1c:4d:dd:ed:ef:e3:08:8f:be:2b:59:9c:f5:18:52:
                    e2:80:28:48:b4:71:d7:8a:a7:84:ca:ba:bb:ef:a0:
                    e3:14:6b:f3:4b:5d:40:ac:19:8e:f3:1d:2d:dc:6a:
                    0b:52:d9:c5:be:06:3a:79:db:5d:db:4e:76:01:39:
                    54:26:35:f3:c9:6e:a7:4c:4d:24:12:b8:fa:d0:55:
                    ac:6d:1e:30:45:e7:d9:5d:bc:7c:91:52:90:c6:c7:
                    62:df:08:62:29:b2:64:3a:93:19:d7:c3:df:42:0a:
                    d0:76:cc:9f:9b:ce:ca:ca:6c:ff:3a:a2:af:44:26:
                    5e:cd:b2:a2:1e:b3:61:89:1c:5f:e3:e6:ea:b2:f1:
                    d5:35:0d:7d:b6:42:a6:69:c3:fd:b1:2f:71:4d:3b:
                    e3:5d:26:4a:06:c6:84:6f:e3:db:80:3f:2b:ea:2a:
                    2c:da:77:ca:77:f2:63:94:90:4a:6d:29:a7:cd:3f:
                    c0:5d:41:09:1a:6c:b9:95:d1:9a:f6:4d:66:87:93:
                    63:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:11:EB:80:72:AB:DE:B2:B6:9C:0D:36:F4:AF:4D:27:BF:6A:4F:7B
            X509v3 Authority Key Identifier:
                keyid:5B:78:C5:11:A6:2C:2E:5B:94:F0:69:3D:F6:AF:94:7E:5D:E2:10:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W3jFEaYsLluU8Gk99q-Ufl3iEMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/8BHrgHKr3rK2nA029K9NJ79qT3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/fbf160-63c8-4e04-9100-e6343c34a0be/1/W3jFEaYsLluU8Gk99q-Ufl3iEMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.156.0/22
                IPv6:
                  2a07:be80::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:17:ce:48:65:dd:42:37:9c:b8:3a:75:b7:08:7f:6a:dc:8b:
         70:40:36:a3:7b:2b:54:2c:a7:50:a5:16:5b:c0:1a:b8:85:13:
         4a:6a:c6:0e:12:98:f4:51:7b:93:cc:49:c2:75:ba:83:20:14:
         65:ff:d4:86:93:c4:46:96:dd:5d:7e:54:ee:1c:99:f3:24:82:
         91:fa:f5:0d:0d:48:ed:9e:9c:54:f6:c4:4a:a2:58:66:57:0a:
         80:5c:e2:5e:c5:2b:ae:a2:f0:79:d8:a3:36:c3:08:77:2f:6a:
         76:5e:27:d5:03:6b:e4:99:6d:3c:d9:f1:00:1f:77:11:b1:ab:
         82:a3:bd:d3:a2:a1:28:de:32:df:b3:09:04:3c:8c:f1:1f:3d:
         85:0f:38:95:70:cb:bf:06:46:ee:be:b0:8e:a6:75:7f:d3:9f:
         f0:86:c7:2d:ea:31:b1:bb:7c:90:7e:ab:bf:cc:f8:6a:d8:c7:
         2f:47:5d:41:dd:04:74:41:f0:7e:95:2a:ab:40:e7:95:07:88:
         6f:2c:56:c9:e0:85:fb:9b:11:c0:d6:51:24:39:32:47:22:0a:
         4b:35:0d:75:06:19:fc:2c:2a:af:24:99:8a:01:c3:6e:34:b5:
         83:df:95:1e:5c:ec:6f:ec:89:d8:8f:09:aa:bf:6e:c5:a4:af:
         92:a3:99:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYLUb4tCWMr88fYPms8mtb0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNzhjNTExYTYyYzJlNWI5NGYwNjkzZGY2YWY5NDdlNWRl
MjEwYzAwHhcNMjIwODI1MDk1NzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDExZWI4MDcyYWJkZWIyYjY5YzBkMzZmNGFmNGQyN2JmNmE0ZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwJEH+91BsKyQAorXNCxEq9iLydL
6xt71XROOifBqDO3O/LUTE8yzuaQOINGbXIYEZnKHV0UW+SsmnMcTd3t7+MIj74r
WZz1GFLigChItHHXiqeEyrq776DjFGvzS11ArBmO8x0t3GoLUtnFvgY6edtd2052
ATlUJjXzyW6nTE0kErj60FWsbR4wRefZXbx8kVKQxsdi3whiKbJkOpMZ18PfQgrQ
dsyfm87Kymz/OqKvRCZezbKiHrNhiRxf4+bqsvHVNQ19tkKmacP9sS9xTTvjXSZK
BsaEb+PbgD8r6ios2nfKd/JjlJBKbSmnzT/AXUEJGmy5ldGa9k1mh5NjXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPAR64Byq96ytpwNNvSvTSe/ak97MB8GA1UdIwQY
MBaAFFt4xRGmLC5blPBpPfavlH5d4hDAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzNqRkVhWXNMbHVVOEdrOTlxLVVmbDNpRU1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mYmYxNjAtNjNjOC00ZTA0LTkxMDAt
ZTYzNDNjMzRhMGJlLzEvOEJIcmdIS3IzcksybkEwMjlLOU5KNzlxVDNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mYmYxNjAtNjNjOC00ZTA0LTkxMDAtZTYzNDNjMzRhMGJl
LzEvVzNqRkVhWXNMbHVVOEdrOTlxLVVmbDNpRU1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaCcMA0E
AgACMAcDBQMqB76AMA0GCSqGSIb3DQEBCwUAA4IBAQCrF85IZd1CN5y4OnW3CH9q
3ItwQDajeytULKdQpRZbwBq4hRNKasYOEpj0UXuTzEnCdbqDIBRl/9SGk8RGlt1d
flTuHJnzJIKR+vUNDUjtnpxU9sRKolhmVwqAXOJexSuuovB52KM2wwh3L2p2XifV
A2vkmW082fEAH3cRsauCo73ToqEo3jLfswkEPIzxHz2FDziVcMu/BkbuvrCOpnV/
05/whsct6jGxu3yQfqu/zPhq2McvR11B3QR0QfB+lSqrQOeVB4hvLFbJ4IX7mxHA
1lEkOTJHIgpLNQ11Bhn8LCqvJJmKAcNuNLWD35UeXOxv7InYjwmqv27FpK+So5nZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:12 2024 by rpki-client on console-ams.rpki-client.org