Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/YPYhNkUky3g-WajP2sSmMOD_FxE.roa
File:                     YPYhNkUky3g-WajP2sSmMOD_FxE.roa (raw, json)
Hash identifier:          lx+wB/Jlk1h1zyGcUGHaoiI0t3lxwFG73ktZCLR8sro=
Subject key identifier:   60:F6:21:36:45:24:CB:78:3E:59:A8:CF:DA:C4:A6:30:E0:FF:17:11
Certificate issuer:       /CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
Certificate serial:       09324FA0
Authority key identifier: 92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/YPYhNkUky3g-WajP2sSmMOD_FxE.roa
Signing time:             Mon 02 May 2022 09:15:50 +0000
ROA not before:           Mon 02 May 2022 09:15:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203020
IP address blocks:        87.239.254.0/24 maxlen: 32
                          89.44.205.0/24 maxlen: 32
                          91.228.216.0/24 maxlen: 24
                          185.36.254.0/24 maxlen: 32
                          185.217.64.0/22 maxlen: 22
                          185.166.84.0/24 maxlen: 32
                          86.105.183.0/24 maxlen: 32
                          185.188.61.0/24 maxlen: 24
                          185.188.62.0/24 maxlen: 24
                          185.188.63.0/24 maxlen: 24
                          94.46.206.0/24 maxlen: 32
                          185.152.248.0/22 maxlen: 32
                          5.154.174.0/24 maxlen: 24
                          80.246.30.0/24 maxlen: 32
                          185.153.151.0/24 maxlen: 32
                          188.119.154.0/24 maxlen: 32
                          185.160.44.0/22 maxlen: 32
                          185.96.162.0/24 maxlen: 32
                          77.246.152.0/22 maxlen: 22
                          185.152.36.0/22 maxlen: 32
                          195.47.194.0/24 maxlen: 32
                          89.35.249.0/24 maxlen: 32
                          185.108.104.0/24 maxlen: 32
                          185.108.105.0/24 maxlen: 32
                          2a06:4a00::/29 maxlen: 32
                          2a05:28c0::/29 maxlen: 32
                          2a06:5700::/29 maxlen: 32
                          2a01:4740::/32 maxlen: 32
                          2a06:46c0::/29 maxlen: 32
                          2a06:5000::/29 maxlen: 32
                          2a05:f4c0::/29 maxlen: 29
                          2a06:3040::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154292128 (0x9324fa0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
        Validity
            Not Before: May  2 09:15:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=60f621364524cb783e59a8cfdac4a630e0ff1711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2d:59:12:bb:be:9b:7d:80:71:2f:7b:55:e0:
                    a4:42:3a:9c:4a:53:f2:5d:80:18:fe:82:c4:d1:77:
                    28:1d:88:1b:6c:64:08:d6:76:e1:ce:b5:2f:48:a0:
                    85:74:a6:4a:18:6a:80:8e:09:d3:39:45:c1:1d:1a:
                    cc:25:15:ff:ab:fd:5d:12:f8:9a:4e:99:35:28:2d:
                    e1:88:78:05:00:72:74:33:5c:44:af:50:0c:26:d3:
                    94:bf:88:f9:e9:e9:4f:d6:2e:dc:17:23:7b:54:ce:
                    08:2c:08:ca:b1:c5:ca:a0:50:ce:6e:85:81:51:83:
                    41:b5:42:eb:56:29:9c:9b:32:bf:d3:78:9e:96:52:
                    5e:d3:4f:fa:38:bd:5c:da:6f:8d:20:78:d6:25:5b:
                    d8:eb:d1:cb:96:18:27:82:56:3a:9d:c8:75:3a:e9:
                    94:bd:65:48:f5:9a:37:2d:60:8d:9e:7d:24:ec:0e:
                    e4:6a:99:99:8d:e5:45:8e:7d:50:1b:44:33:7d:28:
                    57:95:09:e5:a5:7d:5b:e6:9d:bb:9e:ff:08:30:b1:
                    3e:ba:ff:3c:2e:10:6c:0b:9a:1f:80:28:69:2b:94:
                    79:8a:e4:66:eb:e8:fc:39:4a:25:bb:6e:3c:35:dd:
                    b7:99:3a:29:05:09:2b:64:4d:de:32:87:13:65:79:
                    e9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F6:21:36:45:24:CB:78:3E:59:A8:CF:DA:C4:A6:30:E0:FF:17:11
            X509v3 Authority Key Identifier:
                keyid:92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/YPYhNkUky3g-WajP2sSmMOD_FxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.174.0/24
                  77.246.152.0/22
                  80.246.30.0/24
                  86.105.183.0/24
                  87.239.254.0/24
                  89.35.249.0/24
                  89.44.205.0/24
                  91.228.216.0/24
                  94.46.206.0/24
                  185.36.254.0/24
                  185.96.162.0/24
                  185.108.104.0/23
                  185.152.36.0/22
                  185.152.248.0/22
                  185.153.151.0/24
                  185.160.44.0/22
                  185.166.84.0/24
                  185.188.61.0-185.188.63.255
                  185.217.64.0/22
                  188.119.154.0/24
                  195.47.194.0/24
                IPv6:
                  2a01:4740::/32
                  2a05:28c0::/29
                  2a05:f4c0::/29
                  2a06:3040::/29
                  2a06:46c0::/29
                  2a06:4a00::/29
                  2a06:5000::/29
                  2a06:5700::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:3e:8b:a2:2a:46:71:1b:42:83:98:76:66:c8:a4:65:96:4f:
         b6:f8:06:f5:9a:2e:91:85:d4:d5:bc:b0:79:e1:06:62:c4:73:
         2c:c9:ea:27:d1:61:0c:3e:a9:da:20:f7:8d:9c:e9:6b:87:82:
         e1:87:4a:56:dc:2d:40:b1:16:f5:86:ff:25:a9:27:dd:c0:c8:
         80:cc:f6:92:f6:05:94:06:bd:a5:f9:44:e9:95:4f:7f:7b:f9:
         9c:47:85:75:80:12:e9:41:f3:d3:6c:2d:f1:ba:aa:c4:b1:f4:
         87:2f:f3:cd:ac:e7:16:4b:e6:a6:b4:0c:74:48:a6:ba:49:3f:
         8f:bc:88:b8:b4:d5:37:23:85:d5:d7:e0:9f:8f:d8:31:85:2d:
         74:57:b8:90:0d:87:59:99:e1:fc:86:ec:88:37:5d:43:d4:ac:
         dc:c3:86:e2:5d:55:c8:77:47:b9:10:90:ef:66:f0:0e:35:ad:
         42:c1:e5:7e:3c:97:fb:30:3b:5e:2d:96:ce:42:aa:71:8b:dc:
         3a:fb:b2:f6:99:1d:e9:af:8d:22:03:4d:56:79:96:01:fd:e4:
         71:c5:d0:04:97:42:4f:a4:c1:b6:ac:84:dd:4c:b8:67:a5:c4:
         84:78:17:5c:73:81:aa:e0:79:66:1a:c7:8e:0b:2f:ba:b4:26:
         d8:29:24:75
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIECTJPoDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MjIyMDhiNDdiNmE4NjRkOWQxZmYzM2UwNmFhODFkMTM4MTlhNzRlMB4XDTIyMDUw
MjA5MTU1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjBmNjIxMzY0NTI0
Y2I3ODNlNTlhOGNmZGFjNGE2MzBlMGZmMTcxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJAtWRK7vpt9gHEve1XgpEI6nEpT8l2AGP6CxNF3KB2IG2xk
CNZ24c61L0ighXSmShhqgI4J0zlFwR0azCUV/6v9XRL4mk6ZNSgt4Yh4BQBydDNc
RK9QDCbTlL+I+enpT9Yu3Bcje1TOCCwIyrHFyqBQzm6FgVGDQbVC61YpnJsyv9N4
npZSXtNP+ji9XNpvjSB41iVb2OvRy5YYJ4JWOp3IdTrplL1lSPWaNy1gjZ59JOwO
5GqZmY3lRY59UBtEM30oV5UJ5aV9W+adu57/CDCxPrr/PC4QbAuaH4AoaSuUeYrk
Zuvo/DlKJbtuPDXdt5k6KQUJK2RN3jKHE2V56T8CAwEAAaOCAs4wggLKMB0GA1Ud
DgQWBBRg9iE2RSTLeD5ZqM/axKYw4P8XETAfBgNVHSMEGDAWgBSSIgi0e2qGTZ0f
8z4GqoHROBmnTjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2tpSUl0SHRxaGsyZEhfTS1CcXFCMFRnWnAwNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjUvNjk5MGU5LWMzYzAtNDc4YS05OTk3LTk1YjA4ZTM2NjBjZi8x
L1lQWWhOa1VreTNnLVdhalAyc1NtTU9EX0Z4RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjUv
Njk5MGU5LWMzYzAtNDc4YS05OTk3LTk1YjA4ZTM2NjBjZi8xL2tpSUl0SHRxaGsy
ZEhfTS1CcXFCMFRnWnAwNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
4wYIKwYBBQUHAQcBAf8EgdMwgdAwgY0EAgABMIGGAwQABZquAwQCTfaYAwQAUPYe
AwQAVmm3AwQAV+/+AwQAWSP5AwQAWSzNAwQAW+TYAwQAXi7OAwQAuST+AwQAuWCi
AwQBuWxoAwQCuZgkAwQCuZj4AwQAuZmXAwQCuaAsAwQAuaZUMAwDBAC5vD0DBAa5
vAADBAK52UADBAC8d5oDBADDL8IwPgQCAAIwOAMFACoBR0ADBQMqBSjAAwUDKgX0
wAMFAyoGMEADBQMqBkbAAwUDKgZKAAMFAyoGUAADBQMqBlcAMA0GCSqGSIb3DQEB
CwUAA4IBAQAyPouiKkZxG0KDmHZmyKRllk+2+Ab1mi6RhdTVvLB54QZixHMsyeon
0WEMPqnaIPeNnOlrh4Lhh0pW3C1AsRb1hv8lqSfdwMiAzPaS9gWUBr2l+UTplU9/
e/mcR4V1gBLpQfPTbC3xuqrEsfSHL/PNrOcWS+amtAx0SKa6ST+PvIi4tNU3I4XV
1+Cfj9gxhS10V7iQDYdZmeH8huyIN11D1Kzcw4biXVXId0e5EJDvZvAONa1CweV+
PJf7MDteLZbOQqpxi9w6+7L2mR3pr40iA01WeZYB/eRxxdAEl0JPpMG2rITdTLhn
pcSEeBdcc4Gq4HlmGseOCy+6tCbYKSR1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:46 2024 by rpki-client on console-fra.rpki-client.org