Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/N95biM8po9LkIfGNRk8R4V9KS-M.roa
File:                     N95biM8po9LkIfGNRk8R4V9KS-M.roa (raw, json)
Hash identifier:          KU/5/u8GhD1Jsn0eZAeOtmPl1dRxrTmGw5vdeSquUBc=
Subject key identifier:   37:DE:5B:88:CF:29:A3:D2:E4:21:F1:8D:46:4F:11:E1:5F:4A:4B:E3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01851147C15D436578128CBBC394D8ACCE72
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/N95biM8po9LkIfGNRk8R4V9KS-M.roa
Signing time:             Wed 14 Dec 2022 15:36:33 +0000
ROA not before:           Wed 14 Dec 2022 15:36:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        163.5.91.0/24 maxlen: 24
                          163.5.97.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.31.0/24 maxlen: 24
                          163.5.249.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.37.0/24 maxlen: 24
                          163.5.34.0/24 maxlen: 24
                          163.5.38.0/24 maxlen: 24
                          163.5.39.0/24 maxlen: 24
                          163.5.254.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.152.0/24 maxlen: 24
                          163.5.169.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:11:47:c1:5d:43:65:78:12:8c:bb:c3:94:d8:ac:ce:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Dec 14 15:36:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=37de5b88cf29a3d2e421f18d464f11e15f4a4be3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ad:3d:60:81:b5:9e:b7:66:eb:d9:6b:4c:9a:
                    f4:d5:6d:86:39:6e:ba:64:f4:57:8a:9b:84:a2:54:
                    8d:b9:84:69:f8:c3:63:45:80:8e:df:17:47:ad:c2:
                    2a:ba:62:91:31:37:fb:f4:92:33:15:d2:ed:a6:2e:
                    ad:9d:82:ae:80:d8:6a:de:26:6d:e9:04:1b:dc:bf:
                    57:22:df:01:a6:ea:da:70:a6:f1:dd:ee:af:28:cf:
                    8b:a6:11:8e:72:49:c8:f8:c2:00:ee:10:e7:b3:4c:
                    e6:14:fb:45:6f:45:b9:e0:db:9c:2c:4a:c5:5a:d4:
                    07:09:bd:18:a0:e0:79:c9:e6:ee:f6:f3:f1:22:66:
                    21:d2:d3:89:bf:aa:6e:eb:c6:0f:9f:d1:0e:41:f9:
                    75:f4:49:a7:b6:aa:34:de:78:3f:f8:33:a3:eb:28:
                    37:6c:e1:77:be:22:e3:30:2f:88:7e:61:5e:4d:f0:
                    24:9d:10:31:75:bf:55:5b:26:41:f4:2c:31:da:18:
                    56:af:7b:2d:20:5d:7e:1a:73:31:42:95:98:28:0c:
                    f2:f4:63:c9:06:a4:cf:00:72:6c:69:20:57:0c:76:
                    81:d4:8c:85:96:be:63:e3:78:e0:cf:82:b7:8e:bb:
                    95:6a:b6:1c:c2:67:44:24:bb:1f:8c:69:bd:1f:67:
                    fb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DE:5B:88:CF:29:A3:D2:E4:21:F1:8D:46:4F:11:E1:5F:4A:4B:E3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/N95biM8po9LkIfGNRk8R4V9KS-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.33.0-163.5.34.255
                  163.5.37.0-163.5.39.255
                  163.5.91.0/24
                  163.5.97.0/24
                  163.5.114.0/24
                  163.5.131.0/24
                  163.5.152.0/24
                  163.5.169.0/24
                  163.5.249.0/24
                  163.5.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:44:85:72:51:34:08:8b:7b:fc:be:0b:1c:65:22:ac:e2:bc:
         3e:a4:b1:d2:e6:41:03:7a:6c:d9:88:09:70:76:4f:f9:f3:82:
         65:04:84:d4:82:cd:3e:37:50:12:ea:0e:d7:82:b6:9f:d2:04:
         f1:55:f0:04:d7:ec:c6:fd:71:48:02:ad:be:11:47:93:b1:0e:
         b4:39:4d:8f:93:a1:91:34:2c:af:09:af:8c:8b:88:ef:cc:90:
         3e:4c:66:f5:2a:fa:ac:1c:3b:e2:c9:44:8d:38:a6:4b:dc:53:
         2e:39:5c:c2:f2:71:31:5b:32:c2:9c:31:37:23:34:e3:6a:96:
         73:03:a7:17:5d:aa:7b:bd:4e:5a:9e:14:1c:bb:10:b0:6c:5b:
         92:c9:ac:e5:59:df:e5:b6:07:54:e3:e7:02:af:6c:86:fe:87:
         9c:c4:f6:25:dd:2a:1a:f6:7f:9f:ee:91:71:bd:68:5b:26:df:
         74:0a:32:a3:d7:0f:01:d6:70:f7:9a:22:93:53:d6:47:6b:84:
         b8:1c:f0:10:98:e7:3d:fa:23:2d:17:15:b6:9f:2b:39:be:1a:
         dc:a2:9d:fb:9d:bb:d4:f8:f4:44:1a:25:74:a8:3a:91:61:fe:
         6d:7f:f0:53:57:ee:a3:af:87:1f:6b:9c:cb:4a:77:04:e6:e1:
         20:b9:6d:db
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYURR8FdQ2V4Eoy7w5TYrM5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMjE0MTUzNjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RlNWI4OGNmMjlhM2QyZTQyMWYxOGQ0NjRmMTFlMTVmNGE0YmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyq09YIG1nrdm69lrTJr01W2GOW66
ZPRXipuEolSNuYRp+MNjRYCO3xdHrcIqumKRMTf79JIzFdLtpi6tnYKugNhq3iZt
6QQb3L9XIt8BpuracKbx3e6vKM+LphGOcknI+MIA7hDns0zmFPtFb0W54NucLErF
WtQHCb0YoOB5yebu9vPxImYh0tOJv6pu68YPn9EOQfl19Emntqo03ng/+DOj6yg3
bOF3viLjMC+IfmFeTfAknRAxdb9VWyZB9Cwx2hhWr3stIF1+GnMxQpWYKAzy9GPJ
BqTPAHJsaSBXDHaB1IyFlr5j43jgz4K3jruVarYcwmdEJLsfjGm9H2f7CQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFDfeW4jPKaPS5CHxjUZPEeFfSkvjMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTjk1YmlNOHBvOUxrSWZHTlJrOFI0VjlLUy1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAowUfMAwD
BACjBSEDBACjBSIwDAMEAKMFJQMEA6MFIAMEAKMFWwMEAKMFYQMEAKMFcgMEAKMF
gwMEAKMFmAMEAKMFqQMEAKMF+QMEAKMF/jANBgkqhkiG9w0BAQsFAAOCAQEAQUSF
clE0CIt7/L4LHGUirOK8PqSx0uZBA3ps2YgJcHZP+fOCZQSE1ILNPjdQEuoO14K2
n9IE8VXwBNfsxv1xSAKtvhFHk7EOtDlNj5OhkTQsrwmvjIuI78yQPkxm9Sr6rBw7
4slEjTimS9xTLjlcwvJxMVsywpwxNyM042qWcwOnF12qe71OWp4UHLsQsGxbksms
5Vnf5bYHVOPnAq9shv6HnMT2Jd0qGvZ/n+6Rcb1oWybfdAoyo9cPAdZw95oik1PW
R2uEuBzwEJjnPfojLRcVtp8rOb4a3KKd+5271Pj0RBoldKg6kWH+bX/wU1fuo6+H
H2ucy0p3BObhILlt2w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:05 2024 by rpki-client on console-fra.rpki-client.org