Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ozybYYUFlqKiGnUReJt_w6_oHac.roa
File:                     ozybYYUFlqKiGnUReJt_w6_oHac.roa (raw, json)
Hash identifier:          b3kzuaJ7iEuPSYuwioDdx0fYuIS1gDI1QRiduls9hbk=
Subject key identifier:   A3:3C:9B:61:85:05:96:A2:A2:1A:75:11:78:9B:7F:C3:AF:E8:1D:A7
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       018457FAC788D698E8D1C72B34074E835C23
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ozybYYUFlqKiGnUReJt_w6_oHac.roa
Signing time:             Tue 08 Nov 2022 16:02:43 +0000
ROA not before:           Tue 08 Nov 2022 16:02:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34219
IP address blocks:        178.255.16.0/22 maxlen: 22
                          178.255.22.0/24 maxlen: 24
                          178.255.20.0/23 maxlen: 23
                          93.94.4.0/23 maxlen: 23
                          185.2.56.0/22 maxlen: 22
                          2a03:1e00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:57:fa:c7:88:d6:98:e8:d1:c7:2b:34:07:4e:83:5c:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Nov  8 16:02:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a33c9b61850596a2a21a7511789b7fc3afe81da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:23:43:78:8a:bd:f8:3a:8a:34:48:fc:a0:a0:
                    92:e0:5a:49:36:e2:f5:e0:48:10:d9:ef:bb:8c:cb:
                    bb:e4:2c:c1:0a:84:97:98:8d:d8:9e:09:dd:24:0a:
                    9d:fc:24:9b:e0:1e:e6:4a:f9:21:e9:b9:d0:3a:22:
                    0a:2c:27:e1:cf:63:59:ce:bc:c8:ad:0d:52:2c:31:
                    74:31:73:a8:36:ac:e7:98:c2:66:fc:1d:46:9e:10:
                    bc:7d:f3:51:52:51:42:50:c0:9e:bd:7b:3f:9e:26:
                    1d:d2:96:6e:6d:47:09:25:b0:23:79:47:0c:2c:ba:
                    8a:70:09:0a:40:e2:68:e4:7c:92:d9:de:9b:50:45:
                    c8:d2:33:79:b3:ab:5c:ce:df:5e:a2:43:03:70:77:
                    49:74:a6:70:f0:a0:18:f6:16:0e:11:4d:53:24:b0:
                    58:ef:7d:9e:ab:21:de:e1:65:bc:7e:1e:52:fa:db:
                    c9:f5:b6:1a:3d:76:89:1f:85:61:17:15:88:ed:95:
                    51:a9:5b:ac:cd:fe:39:4c:43:c9:88:19:93:74:8f:
                    d4:a8:63:9d:03:60:3c:41:30:cb:bc:77:a2:e8:f0:
                    a5:64:a4:ec:43:6c:87:85:0d:e0:ce:86:14:0d:99:
                    d6:80:6e:48:7f:88:9a:25:35:0a:5e:aa:d2:c3:da:
                    15:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:3C:9B:61:85:05:96:A2:A2:1A:75:11:78:9B:7F:C3:AF:E8:1D:A7
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ozybYYUFlqKiGnUReJt_w6_oHac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.4.0/23
                  178.255.16.0-178.255.22.255
                  185.2.56.0/22
                IPv6:
                  2a03:1e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:c9:15:de:7e:af:83:ba:36:a7:f0:85:cf:cf:e0:2a:4b:9f:
         f7:a2:f9:23:48:ef:f2:b9:d5:44:33:c1:f0:f6:b1:9b:de:15:
         a6:b1:c7:82:13:b4:82:d7:28:1e:94:4b:36:68:5e:e5:ed:6d:
         7c:96:72:21:e4:1a:8b:83:c6:9d:6e:22:ab:4b:f2:87:d3:fc:
         10:a1:37:a5:4d:53:ee:5e:83:32:fe:b5:2c:ac:0b:db:d2:ae:
         b9:2e:30:07:5f:91:df:55:74:2b:04:66:fe:36:74:d6:34:9e:
         f4:8d:45:53:c6:15:54:ac:46:96:ad:6f:5a:e5:75:be:89:7c:
         a6:78:f6:aa:7e:8c:86:38:ff:d8:8a:56:3d:3d:c1:67:96:fd:
         94:2d:56:41:a4:b5:77:b5:a6:b0:a6:38:7e:5a:39:8e:7d:2e:
         da:15:fe:3e:82:cd:aa:64:90:f6:fc:f7:62:01:af:62:49:fd:
         44:e8:c5:be:87:19:c6:b5:a2:89:ca:ec:e5:60:c4:02:82:75:
         b2:51:2d:c6:aa:6b:c8:21:fd:8e:25:b6:45:1f:e5:9f:d5:f3:
         c9:3f:d7:a2:2f:a6:39:29:c8:3d:b2:3c:9c:6a:f9:51:35:cd:
         7c:fd:89:be:1d:ce:53:7f:1d:05:8e:18:c1:64:ad:1d:28:c0:
         d7:bb:9d:e5
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYRX+seI1pjo0ccrNAdOg1wjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjIxMTA4MTYwMjQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzNjOWI2MTg1MDU5NmEyYTIxYTc1MTE3ODliN2ZjM2FmZTgxZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyNDeIq9+DqKNEj8oKCS4FpJNuL1
4EgQ2e+7jMu75CzBCoSXmI3YngndJAqd/CSb4B7mSvkh6bnQOiIKLCfhz2NZzrzI
rQ1SLDF0MXOoNqznmMJm/B1GnhC8ffNRUlFCUMCevXs/niYd0pZubUcJJbAjeUcM
LLqKcAkKQOJo5HyS2d6bUEXI0jN5s6tczt9eokMDcHdJdKZw8KAY9hYOEU1TJLBY
732eqyHe4WW8fh5S+tvJ9bYaPXaJH4VhFxWI7ZVRqVuszf45TEPJiBmTdI/UqGOd
A2A8QTDLvHei6PClZKTsQ2yHhQ3gzoYUDZnWgG5If4iaJTUKXqrSw9oVwQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFKM8m2GFBZaiohp1EXibf8Ov6B2nMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvb3p5YllZVUZscUtpR25VUmVKdF93Nl9vSGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQBXV4EMAwD
BASy/xADBACy/xYDBAK5AjgwDQQCAAIwBwMFACoDHgAwDQYJKoZIhvcNAQELBQAD
ggEBACvJFd5+r4O6Nqfwhc/P4CpLn/ei+SNI7/K51UQzwfD2sZveFaaxx4ITtILX
KB6USzZoXuXtbXyWciHkGouDxp1uIqtL8ofT/BChN6VNU+5egzL+tSysC9vSrrku
MAdfkd9VdCsEZv42dNY0nvSNRVPGFVSsRpatb1rldb6JfKZ49qp+jIY4/9iKVj09
wWeW/ZQtVkGktXe1prCmOH5aOY59LtoV/j6CzapkkPb892IBr2JJ/UToxb6HGca1
oonK7OVgxAKCdbJRLcaqa8gh/Y4ltkUf5Z/V88k/16IvpjkpyD2yPJxq+VE1zXz9
ib4dzlN/HQWOGMFkrR0owNe7neU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:57 2024 by rpki-client on console-ams.rpki-client.org