Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/OPtwaJdf_5cIH-aM3_Y-a02_DQk.roa
File:                     OPtwaJdf_5cIH-aM3_Y-a02_DQk.roa (raw, json)
Hash identifier:          KFGyuas+jMlH8hoXCWFw7QbDwe+U4yyT6Zv43zla51o=
Subject key identifier:   38:FB:70:68:97:5F:FF:97:08:1F:E6:8C:DF:F6:3E:6B:4D:BF:0D:09
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       43E9D16A
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/OPtwaJdf_5cIH-aM3_Y-a02_DQk.roa
Signing time:             Thu 24 Feb 2022 11:55:39 +0000
ROA not before:           Thu 24 Feb 2022 11:55:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        37.235.48.0/24 maxlen: 24
                          89.31.120.0/24 maxlen: 24
                          89.31.121.0/24 maxlen: 24
                          158.255.208.0/24 maxlen: 24
                          158.255.213.0/24 maxlen: 24
                          158.255.214.0/24 maxlen: 24
                          158.255.215.0/24 maxlen: 24
                          185.26.239.0/24 maxlen: 24
                          149.154.157.0/24 maxlen: 24
                          149.154.158.0/24 maxlen: 24
                          149.154.159.0/24 maxlen: 24
                          151.236.15.0/24 maxlen: 24
                          151.236.16.0/24 maxlen: 24
                          151.236.17.0/24 maxlen: 24
                          151.236.18.0/24 maxlen: 24
                          151.236.20.0/24 maxlen: 24
                          151.236.21.0/24 maxlen: 24
                          151.236.22.0/24 maxlen: 24
                          151.236.25.0/24 maxlen: 24
                          46.183.187.0/24 maxlen: 24
                          103.57.248.0/24 maxlen: 24
                          103.57.249.0/24 maxlen: 24
                          103.57.251.0/24 maxlen: 24
                          2a03:f80:45::/48 maxlen: 48
                          2a03:f80:65::/48 maxlen: 48
                          2a03:f80:40::/48 maxlen: 48
                          2a03:f80:39::/48 maxlen: 48
                          2a03:f80:33::/48 maxlen: 48
                          2a03:f80:971::/48 maxlen: 48
                          2a03:f80:47::/48 maxlen: 48
                          2a03:f80:49::/48 maxlen: 48
                          2a03:f80:852::/48 maxlen: 48
                          2a03:f80:32::/48 maxlen: 48
                          2a03:f80:48::/48 maxlen: 48
                          2a03:f80:61::/48 maxlen: 48
                          2a03:f80:381::/48 maxlen: 48
                          2a03:f80:81::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1139396970 (0x43e9d16a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Feb 24 11:55:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=38fb7068975fff97081fe68cdff63e6b4dbf0d09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:49:51:1a:46:cf:f8:cd:81:9b:01:7f:2f:84:
                    7f:48:1b:38:64:db:fa:b9:ef:7a:18:88:2a:04:8a:
                    1b:f8:49:8c:e1:47:34:74:a2:1e:f7:89:5a:93:68:
                    1c:f3:65:5e:08:e3:bd:11:2f:5f:8e:06:1e:31:ae:
                    f8:43:29:0b:a6:fc:6f:7b:33:58:39:c3:5e:cb:ed:
                    20:cb:14:99:88:f8:b1:13:1b:93:cb:44:5c:62:2c:
                    7a:14:84:6f:3f:a4:42:65:69:ef:cc:f0:8b:08:f5:
                    f5:23:04:ce:c2:0d:13:a5:22:ce:1f:21:d7:32:e0:
                    d9:29:b9:0a:d7:47:e8:57:07:f5:40:27:20:a8:4b:
                    b9:28:ed:c3:55:ae:e7:7d:fb:6d:a4:d8:43:6a:fb:
                    dd:0c:a3:85:30:69:fe:36:69:5b:e2:53:db:54:33:
                    5c:dc:79:9a:b7:e6:43:c9:57:00:d7:cf:90:af:fc:
                    55:63:75:4a:f3:94:c2:5a:5d:c8:13:fc:e7:e5:9c:
                    61:67:79:a1:91:14:7e:03:40:5d:77:56:c5:1f:6e:
                    9f:71:ae:e7:44:3d:21:5e:55:c4:b1:9d:c6:72:4d:
                    3f:c5:d5:a8:24:a4:36:bb:26:5c:ff:5d:4c:99:e5:
                    c1:58:da:f6:26:46:65:d2:41:e0:59:d7:df:ac:8d:
                    34:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:FB:70:68:97:5F:FF:97:08:1F:E6:8C:DF:F6:3E:6B:4D:BF:0D:09
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/OPtwaJdf_5cIH-aM3_Y-a02_DQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.48.0/24
                  46.183.187.0/24
                  89.31.120.0/23
                  103.57.248.0/23
                  103.57.251.0/24
                  149.154.157.0-149.154.159.255
                  151.236.15.0-151.236.18.255
                  151.236.20.0-151.236.22.255
                  151.236.25.0/24
                  158.255.208.0/24
                  158.255.213.0-158.255.215.255
                  185.26.239.0/24
                IPv6:
                  2a03:f80:32::/47
                  2a03:f80:39::/48
                  2a03:f80:40::/48
                  2a03:f80:45::/48
                  2a03:f80:47::-2a03:f80:49:ffff:ffff:ffff:ffff:ffff
                  2a03:f80:61::/48
                  2a03:f80:65::/48
                  2a03:f80:81::/48
                  2a03:f80:381::/48
                  2a03:f80:852::/48
                  2a03:f80:971::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:7d:56:5b:a0:dc:f4:49:65:bf:f0:4f:a0:79:ef:51:18:3e:
         f7:fa:1a:c5:7b:69:e6:f5:d7:24:38:57:3b:5e:2f:82:9b:a2:
         f8:bd:9e:6d:5b:a2:d8:56:a4:b4:aa:fc:73:78:d1:55:af:a8:
         67:c1:3e:35:ca:a4:4f:1d:ed:12:16:7b:68:0d:7b:86:4e:01:
         19:05:4d:c6:df:e5:20:3d:46:8a:4c:be:44:fb:9b:d1:bc:55:
         ed:e1:86:9a:1a:29:b7:ce:ea:b5:4f:3c:61:11:68:b4:09:1c:
         97:ee:26:a1:c4:14:0b:97:f3:78:46:cf:64:da:93:79:c0:ab:
         45:e8:65:19:81:1f:46:14:86:2a:bc:a0:12:36:40:03:e0:79:
         2c:5e:73:03:56:e5:b2:8e:89:a5:36:7f:37:2a:33:53:bf:17:
         7c:cd:fc:d8:8f:6b:75:bd:18:ba:28:5b:95:f9:1e:a3:3c:c6:
         91:e3:c7:41:e2:f0:63:d6:8a:e4:b0:7a:8d:0c:3a:ed:e1:17:
         a6:df:b2:bf:ff:80:bd:66:0a:91:8c:66:cd:76:8f:4d:57:9e:
         2f:17:fc:cf:40:41:5c:6a:9f:24:22:e8:d1:66:6f:46:3a:d3:
         3b:8e:6c:d0:8d:ba:b7:3f:46:53:0d:e3:74:40:a6:84:00:ac:
         26:fe:09:5d
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIEQ+nRajANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MjE3YjQ3MmM4NDFjMWQ2ODU1MGEyNGYxOTM2ZDI5Y2M2YzI4ZjZhMB4XDTIyMDIy
NDExNTUzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzhmYjcwNjg5NzVm
ZmY5NzA4MWZlNjhjZGZmNjNlNmI0ZGJmMGQwOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALBJURpGz/jNgZsBfy+Ef0gbOGTb+rnvehiIKgSKG/hJjOFH
NHSiHveJWpNoHPNlXgjjvREvX44GHjGu+EMpC6b8b3szWDnDXsvtIMsUmYj4sRMb
k8tEXGIsehSEbz+kQmVp78zwiwj19SMEzsINE6Uizh8h1zLg2Sm5CtdH6FcH9UAn
IKhLuSjtw1Wu5337baTYQ2r73QyjhTBp/jZpW+JT21QzXNx5mrfmQ8lXANfPkK/8
VWN1SvOUwlpdyBP85+WcYWd5oZEUfgNAXXdWxR9un3Gu50Q9IV5VxLGdxnJNP8XV
qCSkNrsmXP9dTJnlwVja9iZGZdJB4FnX36yNNPECAwEAAaOCAuQwggLgMB0GA1Ud
DgQWBBQ4+3Bol1//lwgf5ozf9j5rTb8NCTAfBgNVHSMEGDAWgBTSF7RyyEHB1oVQ
ok8ZNtKcxsKPajAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBoZTBjc2hCd2RhRlVLSlBHVGJTbk1iQ2oyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvMjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8x
L09QdHdhSmRmXzVjSUgtYU0zX1ktYTAyX0RRay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
MjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8xLzBoZTBjc2hCd2Rh
RlVLSlBHVGJTbk1iQ2oyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
+QYIKwYBBQUHAQcBAf8EgekwgeYwbgQCAAEwaAMEACXrMAMEAC63uwMEAVkfeAME
AWc5+AMEAGc5+zAMAwQAlZqdAwQFlZqAMAwDBACX7A8DBACX7BIwDAMEApfsFAME
AJfsFgMEAJfsGQMEAJ7/0DAMAwQAnv/VAwQDnv/QAwQAuRrvMHQEAgACMG4DBwEq
Aw+AADIDBwAqAw+AADkDBwAqAw+AAEADBwAqAw+AAEUwEgMHACoDD4AARwMHASoD
D4AASAMHACoDD4AAYQMHACoDD4AAZQMHACoDD4AAgQMHACoDD4ADgQMHACoDD4AI
UgMHACoDD4AJcTANBgkqhkiG9w0BAQsFAAOCAQEAcX1WW6Dc9Ellv/BPoHnvURg+
9/oaxXtp5vXXJDhXO14vgpui+L2ebVui2FaktKr8c3jRVa+oZ8E+NcqkTx3tEhZ7
aA17hk4BGQVNxt/lID1Giky+RPub0bxV7eGGmhopt87qtU88YRFotAkcl+4mocQU
C5fzeEbPZNqTecCrRehlGYEfRhSGKrygEjZAA+B5LF5zA1blso6JpTZ/NyozU78X
fM382I9rdb0YuihblfkeozzGkePHQeLwY9aK5LB6jQw67eEXpt+yv/+AvWYKkYxm
zXaPTVeeLxf8z0BBXGqfJCLo0WZvRjrTO45s0I26tz9GUw3jdECmhACsJv4JXQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:53:51 2024 by rpki-client on console-ams.rpki-client.org