Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/nawF17Y2t8yWv7vHJnA4iX0ISnk.roa
File:                     nawF17Y2t8yWv7vHJnA4iX0ISnk.roa (raw, json)
Hash identifier:          Oo2EwyDJiSps9wRtvTUJZ7xnE+metULg5fpqiqGjzpg=
Subject key identifier:   9D:AC:05:D7:B6:36:B7:CC:96:BF:BB:C7:26:70:38:89:7D:08:4A:79
Certificate issuer:       /CN=881bd1402924ec2a644e8f54e6994cb4ac8e24a6
Certificate serial:       014FAC82
Authority key identifier: 88:1B:D1:40:29:24:EC:2A:64:4E:8F:54:E6:99:4C:B4:AC:8E:24:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBvRQCkk7CpkTo9U5plMtKyOJKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/nawF17Y2t8yWv7vHJnA4iX0ISnk.roa
Signing time:             Mon 11 Apr 2022 13:59:18 +0000
ROA not before:           Mon 11 Apr 2022 13:59:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3215
IP address blocks:        143.196.112.0/21 maxlen: 21
                          143.196.120.0/22 maxlen: 22
                          143.196.64.0/19 maxlen: 19
                          143.196.191.0/24 maxlen: 24
                          143.196.96.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21998722 (0x14fac82)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=881bd1402924ec2a644e8f54e6994cb4ac8e24a6
        Validity
            Not Before: Apr 11 13:59:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9dac05d7b636b7cc96bfbbc7267038897d084a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6d:72:28:60:14:6e:c2:40:d9:e2:70:45:0a:
                    03:b1:13:4a:71:b7:09:e0:da:22:8f:a4:98:14:8a:
                    15:64:38:b3:b1:4c:a8:47:db:49:f2:eb:1d:8f:3d:
                    c1:79:fd:03:90:c9:48:75:b5:60:12:1d:ed:c1:4d:
                    12:a1:f6:68:34:5e:26:52:10:55:6d:64:e7:6e:40:
                    74:29:81:8b:07:63:3d:ff:03:0b:07:c3:48:7d:ab:
                    bb:77:e6:95:0f:9e:17:ca:da:b1:d5:fa:6b:66:e3:
                    df:e8:7d:71:97:24:d3:ad:9e:4b:77:e5:56:a0:45:
                    ca:89:6e:1b:d4:29:27:59:29:47:19:fd:ca:8b:00:
                    27:3a:6f:d3:c2:76:61:7e:11:8c:da:bd:e7:f8:b9:
                    06:81:41:b9:a0:03:d6:f5:69:ff:49:94:b9:31:c7:
                    7f:7f:eb:55:32:1c:24:54:2a:57:e5:e6:4c:47:d7:
                    20:c5:a9:44:c8:da:6e:78:03:e1:cd:1f:e5:e9:a9:
                    e5:21:8c:63:63:19:22:0f:f2:29:ed:55:a9:76:9a:
                    ac:a2:b0:a8:cd:fa:98:26:06:04:a3:cc:79:19:bc:
                    f1:b4:01:f2:df:21:a6:37:52:3b:0e:1a:14:13:ae:
                    3a:42:76:ba:2d:a0:f5:46:c2:c7:4a:8a:f4:85:6d:
                    8c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:AC:05:D7:B6:36:B7:CC:96:BF:BB:C7:26:70:38:89:7D:08:4A:79
            X509v3 Authority Key Identifier:
                keyid:88:1B:D1:40:29:24:EC:2A:64:4E:8F:54:E6:99:4C:B4:AC:8E:24:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBvRQCkk7CpkTo9U5plMtKyOJKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/nawF17Y2t8yWv7vHJnA4iX0ISnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dcd3b7-7cc0-4c49-bab3-7a0b145cf62b/1/iBvRQCkk7CpkTo9U5plMtKyOJKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.196.64.0-143.196.123.255
                  143.196.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c9:22:d3:a8:20:e1:0b:b1:20:60:21:f6:12:dc:5b:e5:53:
         7c:b0:19:8f:f9:b2:df:2f:bb:90:8c:d6:28:b9:45:1e:ca:f6:
         a0:86:63:68:cd:21:eb:9a:7c:c8:a5:79:eb:a5:d1:01:f4:4d:
         91:fe:ce:41:03:bb:a1:70:54:95:8c:85:3f:41:c5:22:04:29:
         b4:97:d1:99:65:16:54:db:b4:5d:a5:b3:05:69:fe:9c:41:5b:
         76:c6:29:78:78:4a:a4:73:df:d9:8c:a1:4f:7d:cb:c1:bf:5d:
         09:56:cb:8c:bc:b7:a2:69:bd:f3:0d:1a:2c:d9:c6:35:e4:60:
         69:9a:be:a0:fd:cd:54:8c:b6:ce:75:d1:53:b2:af:28:73:21:
         8e:0c:68:18:9c:0f:5b:e5:7c:9b:a6:fe:00:50:0d:ce:0f:28:
         02:1e:36:4f:b3:c1:7a:c0:55:c9:c5:95:fa:85:c4:4e:65:6d:
         51:02:4e:b9:0d:d6:9f:b2:6a:83:29:41:14:ef:0f:81:e5:fd:
         c5:5e:75:e6:7d:2b:aa:a2:ea:f5:78:a6:e8:4c:d8:0e:49:1d:
         eb:0c:a0:a2:ae:6c:c8:5d:92:cf:26:58:49:b3:7b:3d:48:db:
         4f:e2:f0:60:4d:27:a3:59:29:e0:f2:0c:31:9d:8f:c9:ed:b0:
         5a:19:d5:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIEAU+sgjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODFiZDE0MDI5MjRlYzJhNjQ0ZThmNTRlNjk5NGNiNGFjOGUyNGE2MB4XDTIyMDQx
MTEzNTkxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWRhYzA1ZDdiNjM2
YjdjYzk2YmZiYmM3MjY3MDM4ODk3ZDA4NGE3OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKhtcihgFG7CQNnicEUKA7ETSnG3CeDaIo+kmBSKFWQ4s7FM
qEfbSfLrHY89wXn9A5DJSHW1YBId7cFNEqH2aDReJlIQVW1k525AdCmBiwdjPf8D
CwfDSH2ru3fmlQ+eF8rasdX6a2bj3+h9cZck062eS3flVqBFyoluG9QpJ1kpRxn9
yosAJzpv08J2YX4RjNq95/i5BoFBuaAD1vVp/0mUuTHHf3/rVTIcJFQqV+XmTEfX
IMWpRMjabngD4c0f5emp5SGMY2MZIg/yKe1VqXaarKKwqM36mCYGBKPMeRm88bQB
8t8hpjdSOw4aFBOuOkJ2ui2g9UbCx0qK9IVtjEUCAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBSdrAXXtja3zJa/u8cmcDiJfQhKeTAfBgNVHSMEGDAWgBSIG9FAKSTsKmRO
j1TmmUy0rI4kpjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lCdlJRQ2trN0Nwa1RvOVU1cGxNdEt5T0pLWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWMvZGNkM2I3LTdjYzAtNGM0OS1iYWIzLTdhMGIxNDVjZjYyYi8x
L25hd0YxN1kydDh5V3Y3dkhKbkE0aVgwSVNuay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWMv
ZGNkM2I3LTdjYzAtNGM0OS1iYWIzLTdhMGIxNDVjZjYyYi8xL2lCdlJRQ2trN0Nw
a1RvOVU1cGxNdEt5T0pLWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQGj8RAAwQCj8R4AwQAj8S/MA0G
CSqGSIb3DQEBCwUAA4IBAQAKySLTqCDhC7EgYCH2Etxb5VN8sBmP+bLfL7uQjNYo
uUUeyvaghmNozSHrmnzIpXnrpdEB9E2R/s5BA7uhcFSVjIU/QcUiBCm0l9GZZRZU
27RdpbMFaf6cQVt2xil4eEqkc9/ZjKFPfcvBv10JVsuMvLeiab3zDRos2cY15GBp
mr6g/c1UjLbOddFTsq8ocyGODGgYnA9b5Xybpv4AUA3ODygCHjZPs8F6wFXJxZX6
hcROZW1RAk65DdafsmqDKUEU7w+B5f3FXnXmfSuqour1eKboTNgOSR3rDKCirmzI
XZLPJlhJs3s9SNtP4vBgTSejWSng8gwxnY/J7bBaGdVo
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:41 2024 by rpki-client on console-fra.rpki-client.org