Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/Z9kCzpbC6X6RsU7CxuRFU7w-xNI.roa
File:                     Z9kCzpbC6X6RsU7CxuRFU7w-xNI.roa (raw, json)
Hash identifier:          POdTNXOt1s6cbjhxBGXyQAemyvjSxvVzonNVyom3Mdk=
Subject key identifier:   67:D9:02:CE:96:C2:E9:7E:91:B1:4E:C2:C6:E4:45:53:BC:3E:C4:D2
Certificate issuer:       /CN=18e1732f2c80e3ea4d7279d252b874a6164c35b4
Certificate serial:       03FF9C2D
Authority key identifier: 18:E1:73:2F:2C:80:E3:EA:4D:72:79:D2:52:B8:74:A6:16:4C:35:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GOFzLyyA4-pNcnnSUrh0phZMNbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/Z9kCzpbC6X6RsU7CxuRFU7w-xNI.roa
Signing time:             Sat 01 Jan 2022 15:06:49 +0000
ROA not before:           Sat 01 Jan 2022 15:06:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202984
IP address blocks:        45.139.239.0/24 maxlen: 24
                          45.139.238.0/24 maxlen: 24
                          45.139.237.0/24 maxlen: 24
                          45.139.236.0/24 maxlen: 24
                          185.211.246.0/24 maxlen: 24
                          185.211.245.0/24 maxlen: 24
                          185.211.244.0/24 maxlen: 24
                          185.211.247.0/24 maxlen: 24
                          2a0b:6cc1:7::/48 maxlen: 48
                          2a0b:6cc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 67083309 (0x3ff9c2d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18e1732f2c80e3ea4d7279d252b874a6164c35b4
        Validity
            Not Before: Jan  1 15:06:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=67d902ce96c2e97e91b14ec2c6e44553bc3ec4d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:68:13:ae:45:cb:67:6e:d3:b1:da:33:05:b3:
                    69:ed:65:c7:05:fd:37:ce:2f:0b:70:f8:ee:16:60:
                    a9:43:2d:b5:10:65:93:ef:f1:2c:48:8d:3a:6c:d4:
                    c3:5a:29:de:d3:8f:99:cd:5a:e2:09:1e:fb:f5:32:
                    c3:4c:96:63:6d:09:de:c7:92:aa:86:f0:73:39:c1:
                    8f:19:7c:8e:31:e8:02:f2:4a:b9:7e:12:4d:bb:5a:
                    a8:39:9f:93:e0:eb:4a:d1:45:bc:67:d3:ff:9e:c4:
                    47:51:57:a5:cd:b9:d4:b5:2f:c9:2c:e0:70:d1:b7:
                    0d:c4:82:0a:2f:c6:c9:e8:47:e7:e9:3e:74:b8:fd:
                    2a:90:09:c8:c9:25:76:41:59:a7:96:c9:4d:7b:56:
                    75:76:f5:be:51:f9:d9:d9:57:b8:92:07:5d:5e:a3:
                    14:68:cd:e0:cf:d6:22:3c:dd:5b:c2:7b:bb:d2:fa:
                    be:ed:e3:c3:2c:57:37:df:a8:d7:61:af:16:13:5e:
                    1f:42:b3:57:e2:af:f1:b8:16:00:4d:16:66:78:3a:
                    26:ad:7f:2e:37:74:9d:9a:f0:e8:96:48:24:17:6e:
                    11:c3:89:4a:2c:4c:d8:90:c0:d7:81:3d:82:f7:25:
                    6a:d9:73:fe:c6:e6:ac:0d:ca:1f:99:b8:b6:6a:07:
                    7f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D9:02:CE:96:C2:E9:7E:91:B1:4E:C2:C6:E4:45:53:BC:3E:C4:D2
            X509v3 Authority Key Identifier:
                keyid:18:E1:73:2F:2C:80:E3:EA:4D:72:79:D2:52:B8:74:A6:16:4C:35:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GOFzLyyA4-pNcnnSUrh0phZMNbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/Z9kCzpbC6X6RsU7CxuRFU7w-xNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/GOFzLyyA4-pNcnnSUrh0phZMNbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.236.0/22
                  185.211.244.0/22
                IPv6:
                  2a0b:6cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:52:32:ad:84:a4:01:95:36:f8:07:df:6a:4e:57:98:00:3a:
         f2:ec:66:ab:f4:36:fa:92:63:2c:cd:91:b7:77:60:b3:8e:1e:
         cd:1a:a1:c9:3c:89:61:8a:42:f5:13:cc:1b:e1:59:0e:4e:b3:
         6f:0f:74:b4:af:4f:dd:df:14:b8:de:c4:f7:55:9d:d7:77:df:
         43:f0:1c:fe:ff:09:4b:8d:1e:bc:cb:32:db:1d:f9:b0:37:26:
         4c:cb:e7:7f:cf:32:a2:0d:cc:c5:d6:b9:65:4b:00:1a:94:6b:
         f1:eb:b8:cc:75:28:c9:3d:17:cd:46:65:dd:60:18:ce:8e:02:
         a2:fd:d6:93:d7:c2:96:8a:66:e9:6b:be:7e:49:c0:27:e4:0c:
         c9:f0:ec:bf:a1:a5:5c:4d:27:d5:3a:8c:46:6c:8c:a3:82:f8:
         67:c8:c3:32:a7:fd:df:8e:d4:53:67:76:4e:b9:39:97:2d:cf:
         94:cd:f4:45:52:0a:4e:61:4f:12:e7:20:8d:82:2d:07:a3:2c:
         d0:1a:cd:3b:b3:cb:82:08:6d:c9:c8:03:c8:81:eb:4f:52:06:
         83:7c:5c:63:e8:ac:64:25:3a:ce:2a:9a:6c:71:e8:bd:be:52:
         22:2c:c0:7a:5a:7f:85:ed:18:e3:7c:f6:db:a2:ff:12:fa:1a:
         fa:7b:f6:5c
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEA/+cLTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
OGUxNzMyZjJjODBlM2VhNGQ3Mjc5ZDI1MmI4NzRhNjE2NGMzNWI0MB4XDTIyMDEw
MTE1MDY0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjdkOTAyY2U5NmMy
ZTk3ZTkxYjE0ZWMyYzZlNDQ1NTNiYzNlYzRkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVoE65Fy2du07HaMwWzae1lxwX9N84vC3D47hZgqUMttRBl
k+/xLEiNOmzUw1op3tOPmc1a4gke+/Uyw0yWY20J3seSqobwcznBjxl8jjHoAvJK
uX4STbtaqDmfk+DrStFFvGfT/57ER1FXpc251LUvySzgcNG3DcSCCi/GyehH5+k+
dLj9KpAJyMkldkFZp5bJTXtWdXb1vlH52dlXuJIHXV6jFGjN4M/WIjzdW8J7u9L6
vu3jwyxXN9+o12GvFhNeH0KzV+Kv8bgWAE0WZng6Jq1/Ljd0nZrw6JZIJBduEcOJ
SixM2JDA14E9gvclatlz/sbmrA3KH5m4tmoHf0kCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBRn2QLOlsLpfpGxTsLG5EVTvD7E0jAfBgNVHSMEGDAWgBQY4XMvLIDj6k1y
edJSuHSmFkw1tDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dPRnpMeXlBNC1wTmNublNVcmgwcGhaTU5iUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWIvYWNlMThmLWVkN2MtNDc5Zi04NTVkLWU0MDkyNjAwMTVlZi8x
L1o5a0N6cGJDNlg2UnNVN0N4dVJGVTd3LXhOSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIv
YWNlMThmLWVkN2MtNDc5Zi04NTVkLWU0MDkyNjAwMTVlZi8xL0dPRnpMeXlBNC1w
TmNublNVcmgwcGhaTU5iUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAi2L7AMEArnT9DANBAIAAjAHAwUD
KgtswDANBgkqhkiG9w0BAQsFAAOCAQEAkFIyrYSkAZU2+Affak5XmAA68uxmq/Q2
+pJjLM2Rt3dgs44ezRqhyTyJYYpC9RPMG+FZDk6zbw90tK9P3d8UuN7E91Wd13ff
Q/Ac/v8JS40evMsy2x35sDcmTMvnf88yog3Mxda5ZUsAGpRr8eu4zHUoyT0XzUZl
3WAYzo4Cov3Wk9fClopm6Wu+fknAJ+QMyfDsv6GlXE0n1TqMRmyMo4L4Z8jDMqf9
347UU2d2Trk5ly3PlM30RVIKTmFPEucgjYItB6Ms0BrNO7PLgghtycgDyIHrT1IG
g3xcY+isZCU6ziqabHHovb5SIizAelp/he0Y43z226L/Evoa+nv2XA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:57 2024 by rpki-client on console-ams.rpki-client.org