Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/AywtoPFiX7tcawTs8ix3JaSe9Wo.roa
File:                     AywtoPFiX7tcawTs8ix3JaSe9Wo.roa (raw, json)
Hash identifier:          mBj2G1xQUtaUUIqP9TilISaeb4flwCmftxWm3palg34=
Subject key identifier:   03:2C:2D:A0:F1:62:5F:BB:5C:6B:04:EC:F2:2C:77:25:A4:9E:F5:6A
Certificate issuer:       /CN=cac21641bdbcfac24c54b6a4859483c5e41640b6
Certificate serial:       01836408BB44BBB98E4AC851A181AD81DCBD
Authority key identifier: CA:C2:16:41:BD:BC:FA:C2:4C:54:B6:A4:85:94:83:C5:E4:16:40:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ysIWQb28-sJMVLakhZSDxeQWQLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/AywtoPFiX7tcawTs8ix3JaSe9Wo.roa
Signing time:             Thu 22 Sep 2022 07:10:37 +0000
ROA not before:           Thu 22 Sep 2022 07:10:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203101
IP address blocks:        199.5.180.0/23 maxlen: 23
                          185.98.100.0/22 maxlen: 22
                          72.46.154.0/23 maxlen: 23
                          172.93.4.0/23 maxlen: 23
                          45.56.224.0/21 maxlen: 21
                          45.56.233.0/24 maxlen: 24
                          45.56.232.0/24 maxlen: 24
                          45.56.238.0/23 maxlen: 23
                          45.56.236.0/22 maxlen: 23
                          45.56.234.0/23 maxlen: 23
                          45.56.240.0/20 maxlen: 20
                          199.195.130.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:64:08:bb:44:bb:b9:8e:4a:c8:51:a1:81:ad:81:dc:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cac21641bdbcfac24c54b6a4859483c5e41640b6
        Validity
            Not Before: Sep 22 07:10:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=032c2da0f1625fbb5c6b04ecf22c7725a49ef56a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4c:05:18:3f:49:50:76:eb:90:e5:d7:f0:ca:
                    c8:10:49:99:b5:9b:6c:0c:0e:0d:2f:7b:2d:27:5f:
                    ca:61:11:f4:e5:ef:40:01:ab:ee:33:23:c7:fb:ed:
                    6b:5e:2a:5c:aa:73:36:e5:55:3c:b0:dc:d6:5c:d1:
                    7c:06:5b:6d:be:ec:a8:b7:ed:53:10:af:61:40:a1:
                    b0:e4:28:15:9d:b9:f1:44:3e:b5:9c:0a:3c:9c:6f:
                    23:5f:59:bd:97:63:13:1f:ff:33:7b:2f:ac:fb:ba:
                    9b:51:13:66:ef:20:51:40:50:51:1d:0f:9b:b6:b9:
                    ca:26:b6:a8:be:55:4b:b8:47:bf:b4:13:c5:e9:aa:
                    de:29:57:79:9b:a9:c8:dd:e5:59:7c:59:c5:9f:7a:
                    1f:bc:eb:59:62:b1:30:72:ea:9f:93:14:8b:41:8f:
                    3a:4a:f0:2a:65:4d:6b:9a:48:c7:fc:a7:42:d7:a8:
                    b9:50:03:c4:cc:e2:87:34:89:0f:34:d1:3f:10:1f:
                    0c:99:1f:ca:17:78:0b:cf:75:a4:5e:8d:a0:3a:60:
                    64:a8:d0:c8:d5:d2:c9:ee:3c:87:23:47:f2:66:23:
                    e2:fa:ee:e4:b1:c3:a1:3c:ee:c9:5d:30:9f:5c:ae:
                    a0:5a:82:98:cb:9e:f7:8f:0c:22:03:48:fe:83:d2:
                    3d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:2C:2D:A0:F1:62:5F:BB:5C:6B:04:EC:F2:2C:77:25:A4:9E:F5:6A
            X509v3 Authority Key Identifier:
                keyid:CA:C2:16:41:BD:BC:FA:C2:4C:54:B6:A4:85:94:83:C5:E4:16:40:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ysIWQb28-sJMVLakhZSDxeQWQLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/AywtoPFiX7tcawTs8ix3JaSe9Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/ysIWQb28-sJMVLakhZSDxeQWQLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.56.224.0/19
                  72.46.154.0/23
                  172.93.4.0/23
                  185.98.100.0/22
                  199.5.180.0/23
                  199.195.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:dd:a0:55:d4:82:62:51:bd:83:6c:73:67:67:f3:fd:f5:fc:
         95:61:65:9a:ad:4b:7d:ee:e3:24:7a:d3:ff:e4:cf:db:0a:fd:
         a8:fa:b6:82:a7:16:a5:92:ad:e1:19:83:4c:87:3e:68:3a:6c:
         da:ba:b8:a6:33:db:41:1a:cd:d2:ac:a1:41:44:aa:71:44:2c:
         22:47:12:4d:f7:73:a8:db:be:ad:69:7c:13:3e:74:ca:bb:29:
         cf:a3:b2:0e:b5:02:0a:7b:9a:e0:66:8f:3f:15:7f:38:dc:02:
         66:d8:fd:06:1c:8e:a6:af:60:20:c6:5a:2b:da:30:ad:7a:ed:
         8e:a6:6a:5d:04:36:bb:ff:97:7c:22:43:aa:7c:c0:a8:2a:9e:
         1f:45:6c:ee:ed:e1:23:8a:1e:fe:31:63:ea:56:34:fa:ca:70:
         f8:ba:35:ba:a8:b7:0b:87:94:3d:35:fb:90:35:ad:f7:90:e4:
         28:2d:af:d3:f3:dc:b0:95:f5:fd:07:37:4b:a2:d3:5e:db:47:
         43:e9:6e:74:d8:4f:41:0c:6f:bc:0d:8f:3f:3f:d1:80:05:34:
         74:51:d0:5e:ce:2e:6c:3a:a1:aa:12:37:86:aa:6e:90:38:e3:
         04:5c:dd:d2:73:20:38:45:51:88:96:01:65:6a:e8:33:4b:e8:
         af:46:52:fd
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYNkCLtEu7mOSshRoYGtgdy9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYzIxNjQxYmRiY2ZhYzI0YzU0YjZhNDg1OTQ4M2M1ZTQx
NjQwYjYwHhcNMjIwOTIyMDcxMDM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzJjMmRhMGYxNjI1ZmJiNWM2YjA0ZWNmMjJjNzcyNWE0OWVmNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokwFGD9JUHbrkOXX8MrIEEmZtZts
DA4NL3stJ1/KYRH05e9AAavuMyPH++1rXipcqnM25VU8sNzWXNF8Blttvuyot+1T
EK9hQKGw5CgVnbnxRD61nAo8nG8jX1m9l2MTH/8zey+s+7qbURNm7yBRQFBRHQ+b
trnKJraovlVLuEe/tBPF6areKVd5m6nI3eVZfFnFn3ofvOtZYrEwcuqfkxSLQY86
SvAqZU1rmkjH/KdC16i5UAPEzOKHNIkPNNE/EB8MmR/KF3gLz3WkXo2gOmBkqNDI
1dLJ7jyHI0fyZiPi+u7kscOhPO7JXTCfXK6gWoKYy573jwwiA0j+g9I9LQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFAMsLaDxYl+7XGsE7PIsdyWknvVqMB8GA1UdIwQY
MBaAFMrCFkG9vPrCTFS2pIWUg8XkFkC2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXNJV1FiMjgtc0pNVkxha2haU0R4ZVFXUUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84NzdlNDAtNmNhMS00YTJiLTg5YTUt
OGFiZjVlZTZjNGFkLzEvQXl3dG9QRmlYN3RjYXdUczhpeDNKYVNlOVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84NzdlNDAtNmNhMS00YTJiLTg5YTUtOGFiZjVlZTZjNGFk
LzEveXNJV1FiMjgtc0pNVkxha2haU0R4ZVFXUUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQFLTjgAwQB
SC6aAwQBrF0EAwQCuWJkAwQBxwW0AwQBx8OCMA0GCSqGSIb3DQEBCwUAA4IBAQBT
3aBV1IJiUb2DbHNnZ/P99fyVYWWarUt97uMketP/5M/bCv2o+raCpxalkq3hGYNM
hz5oOmzaurimM9tBGs3SrKFBRKpxRCwiRxJN93Oo276taXwTPnTKuynPo7IOtQIK
e5rgZo8/FX843AJm2P0GHI6mr2Agxlor2jCteu2OpmpdBDa7/5d8IkOqfMCoKp4f
RWzu7eEjih7+MWPqVjT6ynD4ujW6qLcLh5Q9NfuQNa33kOQoLa/T89ywlfX9BzdL
otNe20dD6W502E9BDG+8DY8/P9GABTR0UdBezi5sOqGqEjeGqm6QOOMEXN3ScyA4
RVGIlgFlaugzS+ivRlL9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:29 2024 by rpki-client on console-fra.rpki-client.org