Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/qY2ux3w_d0UPJTirgjo2ClvAX9M.roa
File:                     qY2ux3w_d0UPJTirgjo2ClvAX9M.roa (raw, json)
Hash identifier:          Mlk2+X3JkWPMK0LhlJmnCuNxbw47Hi3eCxwWlyArsW8=
Subject key identifier:   A9:8D:AE:C7:7C:3F:77:45:0F:25:38:AB:82:3A:36:0A:5B:C0:5F:D3
Certificate issuer:       /CN=9b3f29ff9ea71b3c3dc1f5af054b41647c91af98
Certificate serial:       1014D4E0
Authority key identifier: 9B:3F:29:FF:9E:A7:1B:3C:3D:C1:F5:AF:05:4B:41:64:7C:91:AF:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mz8p_56nGzw9wfWvBUtBZHyRr5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/qY2ux3w_d0UPJTirgjo2ClvAX9M.roa
Signing time:             Sat 01 Jan 2022 00:54:02 +0000
ROA not before:           Sat 01 Jan 2022 00:54:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60602
IP address blocks:        194.33.40.0/22 maxlen: 24
                          185.181.230.0/24 maxlen: 24
                          185.181.228.0/24 maxlen: 24
                          185.181.228.0/23 maxlen: 23
                          185.181.229.0/24 maxlen: 24
                          2a0a:d580::/32 maxlen: 32
                          2a0a:d580::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 269800672 (0x1014d4e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b3f29ff9ea71b3c3dc1f5af054b41647c91af98
        Validity
            Not Before: Jan  1 00:54:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a98daec77c3f77450f2538ab823a360a5bc05fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d0:65:4e:0e:59:e5:73:53:e4:0e:8d:c1:b9:
                    b6:b7:74:ab:51:14:a2:13:05:34:d1:33:60:36:cd:
                    18:97:7c:77:e3:75:a8:d5:d5:b9:0d:fa:10:4b:83:
                    7b:68:b8:86:39:bb:29:24:78:f0:c7:14:01:f0:90:
                    0a:4e:40:72:7d:0e:5e:3f:c1:50:8f:e4:b0:13:25:
                    77:05:c3:e2:0d:9b:da:b0:d1:72:4c:54:75:c2:5e:
                    71:ba:37:e7:aa:a4:20:b8:07:ec:b7:0b:cb:a9:12:
                    ff:47:80:b8:30:64:a3:b7:de:1c:79:12:4a:d7:84:
                    37:45:0d:13:18:d5:af:3a:3a:28:b1:f4:34:d4:52:
                    69:8d:18:19:1a:2d:89:af:0d:51:f2:16:d9:bb:dc:
                    e6:41:c1:25:1c:51:65:aa:02:09:dc:d3:de:6a:1f:
                    cc:84:cb:9f:b5:d0:42:ed:b1:ed:3e:63:6d:23:25:
                    d2:45:93:c3:93:ea:cf:e8:e1:23:9a:86:74:ce:57:
                    6b:0a:82:33:1d:1b:5c:e7:10:d6:c5:dd:5e:51:14:
                    e8:23:64:cb:a6:de:ba:09:e3:52:fd:e5:3f:6b:fe:
                    30:60:28:bc:4d:90:83:df:9f:33:7e:8a:36:40:1c:
                    b8:62:c9:24:83:7f:24:59:a2:ce:a3:c7:76:99:9c:
                    96:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8D:AE:C7:7C:3F:77:45:0F:25:38:AB:82:3A:36:0A:5B:C0:5F:D3
            X509v3 Authority Key Identifier:
                keyid:9B:3F:29:FF:9E:A7:1B:3C:3D:C1:F5:AF:05:4B:41:64:7C:91:AF:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mz8p_56nGzw9wfWvBUtBZHyRr5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/qY2ux3w_d0UPJTirgjo2ClvAX9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/mz8p_56nGzw9wfWvBUtBZHyRr5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.228.0-185.181.230.255
                  194.33.40.0/22
                IPv6:
                  2a0a:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:81:84:43:d1:5d:7c:c6:4f:1f:1b:d2:6a:3f:62:b9:50:8b:
         68:1c:56:80:60:9f:aa:8d:b6:5f:d5:c5:44:8c:2a:e6:a0:a9:
         45:69:3d:65:ef:13:ed:2d:d1:c9:27:59:ee:46:f8:aa:1d:1c:
         dd:d1:58:75:04:65:ff:c4:e9:4f:79:a6:4c:19:e4:21:dc:48:
         56:a7:92:53:30:e8:5b:b5:ed:ff:02:26:8e:dc:16:d8:68:e3:
         0b:6a:c1:67:5d:04:12:85:23:f3:b7:70:dd:e3:98:05:77:13:
         25:24:b0:f2:a7:86:03:b6:7d:47:78:4f:5c:0c:14:74:c4:40:
         be:9b:09:32:2d:19:9a:bf:66:5d:3b:e5:78:86:c9:78:7e:c1:
         bc:f6:e3:d1:f5:06:ef:6f:ae:17:83:5c:f6:12:af:81:c0:b4:
         2a:82:cf:ab:94:7c:26:3d:65:1d:be:52:b2:4a:ed:6a:32:ef:
         a5:5d:a2:0f:67:84:42:fc:6f:93:af:61:b4:e4:df:a7:dc:95:
         39:ad:86:81:b2:85:86:27:2b:b8:b9:db:e6:c5:c4:c9:d9:62:
         cf:17:90:92:a3:97:24:e6:dd:06:4c:86:95:8c:3a:b1:b7:e1:
         f4:d5:89:d7:22:be:f6:a7:52:b4:f1:5a:2e:4f:07:f5:8b:9c:
         62:f9:2b:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIEEBTU4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YjNmMjlmZjllYTcxYjNjM2RjMWY1YWYwNTRiNDE2NDdjOTFhZjk4MB4XDTIyMDEw
MTAwNTQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTk4ZGFlYzc3YzNm
Nzc0NTBmMjUzOGFiODIzYTM2MGE1YmMwNWZkMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALbQZU4OWeVzU+QOjcG5trd0q1EUohMFNNEzYDbNGJd8d+N1
qNXVuQ36EEuDe2i4hjm7KSR48McUAfCQCk5Acn0OXj/BUI/ksBMldwXD4g2b2rDR
ckxUdcJecbo356qkILgH7LcLy6kS/0eAuDBko7feHHkSSteEN0UNExjVrzo6KLH0
NNRSaY0YGRotia8NUfIW2bvc5kHBJRxRZaoCCdzT3mofzITLn7XQQu2x7T5jbSMl
0kWTw5Pqz+jhI5qGdM5XawqCMx0bXOcQ1sXdXlEU6CNky6beugnjUv3lP2v+MGAo
vE2Qg9+fM36KNkAcuGLJJIN/JFmizqPHdpmclvUCAwEAAaOCAiYwggIiMB0GA1Ud
DgQWBBSpja7HfD93RQ8lOKuCOjYKW8Bf0zAfBgNVHSMEGDAWgBSbPyn/nqcbPD3B
9a8FS0FkfJGvmDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L216OHBfNTZuR3p3OXdmV3ZCVXRCWkh5UnI1Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTUvMWFhMmQ4LTYxMDYtNDgwOC04Yzk3LWY0NjIyNGIwZDE2MS8x
L3FZMnV4M3dfZDBVUEpUaXJnam8yQ2x2QVg5TS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTUv
MWFhMmQ4LTYxMDYtNDgwOC04Yzk3LWY0NjIyNGIwZDE2MS8xL216OHBfNTZuR3p3
OXdmV3ZCVXRCWkh5UnI1Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA8
BggrBgEFBQcBBwEB/wQtMCswGgQCAAEwFDAMAwQCubXkAwQAubXmAwQCwiEoMA0E
AgACMAcDBQAqCtWAMA0GCSqGSIb3DQEBCwUAA4IBAQCEgYRD0V18xk8fG9JqP2K5
UItoHFaAYJ+qjbZf1cVEjCrmoKlFaT1l7xPtLdHJJ1nuRviqHRzd0Vh1BGX/xOlP
eaZMGeQh3EhWp5JTMOhbte3/AiaO3BbYaOMLasFnXQQShSPzt3Dd45gFdxMlJLDy
p4YDtn1HeE9cDBR0xEC+mwkyLRmav2ZdO+V4hsl4fsG89uPR9Qbvb64Xg1z2Eq+B
wLQqgs+rlHwmPWUdvlKySu1qMu+lXaIPZ4RC/G+Tr2G05N+n3JU5rYaBsoWGJyu4
udvmxcTJ2WLPF5CSo5ck5t0GTIaVjDqxt+H01YnXIr72p1K08VouTwf1i5xi+Svf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:35 2024 by rpki-client on console-ams.rpki-client.org