Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/5wK7q4Fevb7ApENnNoSmFqKRemQ.roa
File:                     5wK7q4Fevb7ApENnNoSmFqKRemQ.roa (raw, json)
Hash identifier:          2Nwd/fze7tEJiNwFhdzERU7api1snRS+4P/TSKCWrKY=
Subject key identifier:   E7:02:BB:AB:81:5E:BD:BE:C0:A4:43:67:36:84:A6:16:A2:91:7A:64
Certificate issuer:       /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial:       35E1E840
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/5wK7q4Fevb7ApENnNoSmFqKRemQ.roa
Signing time:             Sat 01 Jan 2022 12:57:08 +0000
ROA not before:           Sat 01 Jan 2022 12:57:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     64437
IP address blocks:        37.156.228.0/24 maxlen: 24
                          37.156.252.0/22 maxlen: 24
                          37.143.39.0/24 maxlen: 24
                          5.104.141.0/24 maxlen: 24
                          5.104.143.0/24 maxlen: 24
                          5.104.142.0/24 maxlen: 24
                          185.107.36.0/24 maxlen: 24
                          185.107.38.0/24 maxlen: 24
                          212.92.124.0/23 maxlen: 23
                          89.38.160.0/24 maxlen: 24
                          37.143.35.0/24 maxlen: 24
                          37.143.38.0/24 maxlen: 24
                          185.107.100.0/24 maxlen: 24
                          185.107.102.0/24 maxlen: 24
                          185.107.101.0/24 maxlen: 24
                          185.107.103.0/24 maxlen: 24
                          176.126.232.0/24 maxlen: 24
                          176.126.233.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 903997504 (0x35e1e840)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
        Validity
            Not Before: Jan  1 12:57:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e702bbab815ebdbec0a443673684a616a2917a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8a:27:14:e3:80:7b:32:e5:30:72:7d:b7:40:
                    50:5f:70:79:37:5d:6f:d8:a0:88:f6:04:f3:4c:f4:
                    60:0e:f3:07:5b:5a:1d:f7:d6:f9:25:bf:09:e0:07:
                    c7:e3:68:84:47:b3:41:c0:e0:c5:14:d1:81:a2:43:
                    6e:bf:ac:37:2b:15:d6:49:79:b3:b0:a2:90:af:49:
                    62:8b:eb:17:03:3a:13:af:bc:ee:ea:89:1a:03:b4:
                    14:8d:5f:8e:a0:f7:c2:0a:22:1b:f2:9c:a1:f6:b2:
                    3f:0d:b1:51:06:62:66:00:aa:5a:d3:89:83:a1:22:
                    ee:c1:91:78:40:fb:73:fe:f1:49:78:25:6e:3b:08:
                    b5:67:d3:fe:f3:a8:cb:f2:32:bd:19:4d:4c:80:14:
                    ab:06:e4:48:dc:8e:a1:e5:79:a9:35:42:09:7c:ba:
                    b0:c1:ac:6b:b8:48:ea:34:5c:84:24:6f:f3:67:c8:
                    52:05:ec:11:96:b7:f1:a5:10:fe:da:9c:b3:42:35:
                    8f:06:48:ed:f1:3b:62:33:6d:f7:6a:09:0b:1a:d5:
                    3e:35:b2:46:53:86:19:33:b9:68:dd:d9:7a:69:36:
                    08:1b:25:19:b4:6c:da:19:06:f1:42:d2:f3:d2:1b:
                    13:b9:32:a0:1d:d1:c0:7e:32:8a:7d:e4:26:82:94:
                    cf:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:02:BB:AB:81:5E:BD:BE:C0:A4:43:67:36:84:A6:16:A2:91:7A:64
            X509v3 Authority Key Identifier:
                keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/5wK7q4Fevb7ApENnNoSmFqKRemQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.141.0-5.104.143.255
                  37.143.35.0/24
                  37.143.38.0/23
                  37.156.228.0/24
                  37.156.252.0/22
                  89.38.160.0/24
                  176.126.232.0/23
                  185.107.36.0/24
                  185.107.38.0/24
                  185.107.100.0/22
                  212.92.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:9a:77:e4:87:dd:fe:3b:b1:bf:e3:f4:1f:00:50:11:33:d3:
         9a:16:69:9f:8f:dc:12:f2:e6:a9:eb:96:38:0f:c1:63:2b:42:
         bc:49:bc:a2:08:40:84:41:01:fa:f5:3a:07:09:c3:49:67:d9:
         69:4d:09:d9:6c:ff:73:36:45:f3:d5:2a:e5:99:60:27:88:ac:
         28:f2:08:ec:d9:3c:6b:9e:5f:98:3d:58:35:50:9b:80:57:02:
         ce:10:f1:b6:74:7e:0d:b9:f3:3c:dc:e0:c2:44:96:7e:5f:f8:
         70:26:59:37:d1:16:d6:4e:6b:1d:4f:52:9b:fc:01:03:f6:05:
         62:f5:c0:cd:35:02:f8:63:2f:ec:0a:f6:2f:dc:ce:fe:5a:88:
         fa:c3:77:32:68:0b:fa:e0:12:9b:b7:a6:01:82:1a:c0:ff:4f:
         9a:20:bd:d5:e4:b6:25:8c:34:a6:5a:0c:78:76:44:94:bf:d7:
         b0:ad:6a:aa:f6:e9:65:ab:a6:3c:fc:9b:c5:2d:a9:c7:5e:e3:
         c2:f0:86:50:08:44:19:89:20:9d:d8:12:20:e0:09:22:6e:16:
         bf:c7:cc:ff:f0:03:9a:8e:fc:c9:da:4d:ab:09:32:96:f5:e0:
         70:a1:aa:d0:af:31:03:4d:db:6c:ad:bd:61:5b:01:36:9f:f6:
         ba:4c:47:13
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIENeHoQDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
MTM4ZWMyNDJhNDNlOWM5ZDRjZWIyNWRjOTBlNTQ1MzM3M2QzZjQ2MB4XDTIyMDEw
MTEyNTcwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTcwMmJiYWI4MTVl
YmRiZWMwYTQ0MzY3MzY4NGE2MTZhMjkxN2E2NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKeKJxTjgHsy5TByfbdAUF9weTddb9igiPYE80z0YA7zB1ta
HffW+SW/CeAHx+NohEezQcDgxRTRgaJDbr+sNysV1kl5s7CikK9JYovrFwM6E6+8
7uqJGgO0FI1fjqD3wgoiG/KcofayPw2xUQZiZgCqWtOJg6Ei7sGReED7c/7xSXgl
bjsItWfT/vOoy/IyvRlNTIAUqwbkSNyOoeV5qTVCCXy6sMGsa7hI6jRchCRv82fI
UgXsEZa38aUQ/tqcs0I1jwZI7fE7YjNt92oJCxrVPjWyRlOGGTO5aN3Zemk2CBsl
GbRs2hkG8ULS89IbE7kyoB3RwH4yin3kJoKUz30CAwEAAaOCAk0wggJJMB0GA1Ud
DgQWBBTnArurgV69vsCkQ2c2hKYWopF6ZDAfBgNVHSMEGDAWgBThOOwkKkPpydTO
sl3JDlRTNz0/RjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzRUanNKQ3BENmNuVXpySmR5UTVVVXpjOVAwWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGYvMGI3ZmQzLTkwZjAtNDVkMS04YTU4LTY3ODVjZDQ1Njg3MS8x
LzV3SzdxNEZldmI3QXBFTm5Ob1NtRnFLUmVtUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGYv
MGI3ZmQzLTkwZjAtNDVkMS04YTU4LTY3ODVjZDQ1Njg3MS8xLzRUanNKQ3BENmNu
VXpySmR5UTVVVXpjOVAwWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBj
BggrBgEFBQcBBwEB/wRUMFIwUAQCAAEwSjAMAwQABWiNAwQEBWiAAwQAJY8jAwQB
JY8mAwQAJZzkAwQCJZz8AwQAWSagAwQBsH7oAwQAuWskAwQAuWsmAwQCuWtkAwQB
1Fx8MA0GCSqGSIb3DQEBCwUAA4IBAQBjmnfkh93+O7G/4/QfAFARM9OaFmmfj9wS
8uap65Y4D8FjK0K8SbyiCECEQQH69ToHCcNJZ9lpTQnZbP9zNkXz1SrlmWAniKwo
8gjs2Txrnl+YPVg1UJuAVwLOEPG2dH4NufM83ODCRJZ+X/hwJlk30RbWTmsdT1Kb
/AED9gVi9cDNNQL4Yy/sCvYv3M7+Woj6w3cyaAv64BKbt6YBghrA/0+aIL3V5LYl
jDSmWgx4dkSUv9ewrWqq9ullq6Y8/JvFLanHXuPC8IZQCEQZiSCd2BIg4Akibha/
x8z/8AOajvzJ2k2rCTKW9eBwoarQrzEDTdtsrb1hWwE2n/a6TEcT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:58 2024 by rpki-client on console-fra.rpki-client.org