Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/60hNs6ShnZkwwn_tY671wcbQKqw.roa
File:                     60hNs6ShnZkwwn_tY671wcbQKqw.roa (raw, json)
Hash identifier:          qxmXpZ12YwMA3LHnmM70u4zZfP56nKO+KLkkkrYgkfQ=
Subject key identifier:   EB:48:4D:B3:A4:A1:9D:99:30:C2:7F:ED:63:AE:F5:C1:C6:D0:2A:AC
Certificate issuer:       /CN=881bd1402924ec2a644e8f54e6994cb4ac8e24a6
Certificate serial:       6A653C
Authority key identifier: 88:1B:D1:40:29:24:EC:2A:64:4E:8F:54:E6:99:4C:B4:AC:8E:24:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBvRQCkk7CpkTo9U5plMtKyOJKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/60hNs6ShnZkwwn_tY671wcbQKqw.roa
Signing time:             Sat 01 Jan 2022 02:56:59 +0000
ROA not before:           Sat 01 Jan 2022 02:56:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60855
IP address blocks:        143.196.146.0/24 maxlen: 24
                          143.196.146.0/23 maxlen: 23
                          143.196.147.0/24 maxlen: 24
                          143.196.148.0/24 maxlen: 24
                          143.196.215.0/24 maxlen: 24
                          143.196.224.0/24 maxlen: 24
                          143.196.231.0/24 maxlen: 24
                          143.196.14.0/24 maxlen: 24
                          143.196.22.0/23 maxlen: 23
                          143.196.22.0/24 maxlen: 24
                          143.196.23.0/24 maxlen: 24
                          143.196.251.0/24 maxlen: 24
                          143.196.255.0/24 maxlen: 24
                          143.196.172.0/24 maxlen: 24
                          143.196.175.0/24 maxlen: 24
                          143.196.176.0/24 maxlen: 24
                          143.196.187.0/24 maxlen: 24
                          143.196.192.0/24 maxlen: 24
                          143.196.199.0/24 maxlen: 24
                          143.196.200.0/24 maxlen: 24
                          143.196.208.0/24 maxlen: 24
                          143.196.207.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6972732 (0x6a653c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=881bd1402924ec2a644e8f54e6994cb4ac8e24a6
        Validity
            Not Before: Jan  1 02:56:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=eb484db3a4a19d9930c27fed63aef5c1c6d02aac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:07:8d:83:31:52:fb:6c:3f:4e:d4:41:8f:ed:
                    5c:9b:13:95:a1:30:4b:75:5e:56:1b:2c:1a:b0:15:
                    46:c9:58:ff:96:d5:7b:a3:a1:e8:cb:38:73:41:02:
                    d0:6e:15:4b:4c:c8:0d:b7:01:6c:66:5e:c0:b8:16:
                    8c:62:d4:63:2b:32:8e:36:4e:8d:ae:68:31:2f:81:
                    21:5b:37:4a:d9:b7:79:01:3c:4b:d1:fd:f8:34:22:
                    03:81:0f:3a:8f:cb:be:76:d6:b5:fc:21:66:ba:af:
                    2d:a1:b7:8d:c5:00:18:3f:2d:8a:43:f8:9d:1b:4b:
                    a9:ec:00:02:64:4c:20:72:e3:c9:88:4d:de:64:24:
                    25:a3:fd:56:93:d7:8c:58:7d:c4:91:83:35:fc:5b:
                    25:9d:0e:87:62:3d:ea:45:27:64:2b:6f:fe:00:52:
                    6e:64:1c:95:a4:be:5d:de:44:da:b1:a9:04:3f:7c:
                    d5:ce:a6:37:d7:d3:1a:85:00:11:f3:18:3e:3b:86:
                    7b:2f:41:94:f9:2c:5f:d4:ec:a5:4c:e0:1a:43:b2:
                    03:b0:39:0b:65:65:17:36:e9:bd:51:6a:e6:fc:8d:
                    f1:98:bd:0d:d1:c1:4b:f2:35:36:5d:ab:34:b2:d0:
                    b3:e7:d3:c7:83:51:e6:2b:52:8b:f9:84:4e:40:b5:
                    99:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:48:4D:B3:A4:A1:9D:99:30:C2:7F:ED:63:AE:F5:C1:C6:D0:2A:AC
            X509v3 Authority Key Identifier:
                keyid:88:1B:D1:40:29:24:EC:2A:64:4E:8F:54:E6:99:4C:B4:AC:8E:24:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBvRQCkk7CpkTo9U5plMtKyOJKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/60hNs6ShnZkwwn_tY671wcbQKqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/iBvRQCkk7CpkTo9U5plMtKyOJKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.196.14.0/24
                  143.196.22.0/23
                  143.196.146.0-143.196.148.255
                  143.196.172.0/24
                  143.196.175.0-143.196.176.255
                  143.196.187.0/24
                  143.196.192.0/24
                  143.196.199.0-143.196.200.255
                  143.196.207.0-143.196.208.255
                  143.196.215.0/24
                  143.196.224.0/24
                  143.196.231.0/24
                  143.196.251.0/24
                  143.196.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:23:56:e9:5b:4c:3e:9f:1c:92:05:41:17:c6:e3:3c:67:b7:
         e9:d2:40:3b:67:0d:d6:8e:fb:5d:5b:b1:ac:71:36:86:b1:21:
         7f:e2:eb:75:c4:47:77:c5:33:91:3d:bc:86:a4:61:55:72:8c:
         44:23:18:f6:0c:bc:64:67:06:c5:23:fe:05:7f:fa:1c:93:ba:
         24:ff:98:2f:fd:a9:fa:ff:40:86:b3:1d:34:f4:51:92:ed:e1:
         9e:d3:6d:10:03:79:83:e8:c8:b6:44:b4:73:da:47:82:5c:b0:
         ad:d4:46:79:92:01:2c:f1:5c:03:10:7c:5d:10:26:33:d8:95:
         f1:1c:ea:ad:14:12:3a:d4:e8:eb:82:1f:09:65:59:a7:24:e1:
         c6:f6:6b:ff:2b:16:d9:99:5d:1e:1c:72:ad:b0:de:d7:0b:5e:
         6f:16:fe:3e:72:e1:ca:fe:5f:0b:9c:a6:2c:b5:22:d7:c0:ba:
         23:b6:ef:47:c2:8a:29:04:15:ad:f3:2d:db:ee:a2:c5:cf:0e:
         34:2c:a5:fa:90:e9:af:c9:d4:25:06:c8:ce:80:f1:a2:90:b2:
         f5:64:f0:22:10:c9:e1:89:69:18:cd:38:39:24:f7:5c:31:ea:
         4e:bb:9b:1b:05:fe:4d:8b:b3:7c:50:6c:18:7d:23:ed:72:5c:
         26:ad:77:c2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIDamU8MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDg4
MWJkMTQwMjkyNGVjMmE2NDRlOGY1NGU2OTk0Y2I0YWM4ZTI0YTYwHhcNMjIwMTAx
MDI1NjU5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhlYjQ4NGRiM2E0YTE5
ZDk5MzBjMjdmZWQ2M2FlZjVjMWM2ZDAyYWFjMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyQeNgzFS+2w/TtRBj+1cmxOVoTBLdV5WGywasBVGyVj/ltV7
o6HoyzhzQQLQbhVLTMgNtwFsZl7AuBaMYtRjKzKONk6NrmgxL4EhWzdK2bd5ATxL
0f34NCIDgQ86j8u+dta1/CFmuq8tobeNxQAYPy2KQ/idG0up7AACZEwgcuPJiE3e
ZCQlo/1Wk9eMWH3EkYM1/FslnQ6HYj3qRSdkK2/+AFJuZByVpL5d3kTasakEP3zV
zqY319MahQAR8xg+O4Z7L0GU+Sxf1OylTOAaQ7IDsDkLZWUXNum9UWrm/I3xmL0N
0cFL8jU2Xas0stCz59PHg1HmK1KL+YROQLWZEwIDAQABo4ICeDCCAnQwHQYDVR0O
BBYEFOtITbOkoZ2ZMMJ/7WOu9cHG0CqsMB8GA1UdIwQYMBaAFIgb0UApJOwqZE6P
VOaZTLSsjiSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
aUJ2UlFDa2s3Q3BrVG85VTVwbE10S3lPSktZLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9lYy9kY2QzYjctN2NjMC00YzQ5LWJhYjMtN2EwYjE0NWNmNjJiLzEv
NjBoTnM2U2huWmt3d25fdFk2NzF3Y2JRS3F3LnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9k
Y2QzYjctN2NjMC00YzQ5LWJhYjMtN2EwYjE0NWNmNjJiLzEvaUJ2UlFDa2s3Q3Br
VG85VTVwbE10S3lPSktZLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGN
BggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAI/EDgMEAY/EFjAMAwQBj8SSAwQA
j8SUAwQAj8SsMAwDBACPxK8DBACPxLADBACPxLsDBACPxMAwDAMEAI/ExwMEAI/E
yDAMAwQAj8TPAwQAj8TQAwQAj8TXAwQAj8TgAwQAj8TnAwQAj8T7AwQAj8T/MA0G
CSqGSIb3DQEBCwUAA4IBAQCVI1bpW0w+nxySBUEXxuM8Z7fp0kA7Zw3WjvtdW7Gs
cTaGsSF/4ut1xEd3xTORPbyGpGFVcoxEIxj2DLxkZwbFI/4Ff/ock7ok/5gv/an6
/0CGsx009FGS7eGe020QA3mD6Mi2RLRz2keCXLCt1EZ5kgEs8VwDEHxdECYz2JXx
HOqtFBI61Ojrgh8JZVmnJOHG9mv/KxbZmV0eHHKtsN7XC15vFv4+cuHK/l8LnKYs
tSLXwLojtu9HwoopBBWt8y3b7qLFzw40LKX6kOmvydQlBsjOgPGikLL1ZPAiEMnh
iWkYzTg5JPdcMepOu5sbBf5Ni7N8UGwYfSPtclwmrXfC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:11 2024 by rpki-client on console-ams.rpki-client.org