Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/2LlDTq3UhShA5nK5hY-G-kcLbSo.roa
File:                     2LlDTq3UhShA5nK5hY-G-kcLbSo.roa (raw, json)
Hash identifier:          xFa+MdMa/uW/dcULWfjdTU+YRjFO7SJtxNi9Fos/SlM=
Subject key identifier:   D8:B9:43:4E:AD:D4:85:28:40:E6:72:B9:85:8F:86:FA:47:0B:6D:2A
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01853AAF75B57E66A4DE66EF21BD8F8B7DED
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/2LlDTq3UhShA5nK5hY-G-kcLbSo.roa
Signing time:             Thu 22 Dec 2022 16:34:15 +0000
ROA not before:           Thu 22 Dec 2022 16:34:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44486
IP address blocks:        45.145.227.0/24 maxlen: 24
                          212.87.214.0/23 maxlen: 23
                          185.132.55.0/24 maxlen: 24
                          185.132.54.0/24 maxlen: 24
                          45.137.71.0/24 maxlen: 24
                          45.137.69.0/24 maxlen: 24
                          45.131.109.0/24 maxlen: 24
                          45.145.224.0/23 maxlen: 23
                          45.91.251.0/24 maxlen: 24
                          5.180.252.0/23 maxlen: 23
                          5.180.254.0/23 maxlen: 23
                          5.253.244.0/24 maxlen: 24
                          45.84.199.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3a:af:75:b5:7e:66:a4:de:66:ef:21:bd:8f:8b:7d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Dec 22 16:34:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d8b9434eadd4852840e672b9858f86fa470b6d2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9e:f4:a7:aa:d5:27:95:a6:f7:1f:60:95:e9:
                    87:45:f3:c9:4e:77:d4:9a:ef:03:0c:d4:db:a6:c6:
                    7c:d6:48:e3:9d:f3:ca:af:9e:be:b3:30:ad:7e:2a:
                    7d:47:53:54:d9:21:be:51:09:39:8b:e1:e1:ac:f4:
                    4c:2f:eb:d5:61:62:95:ea:7c:a8:47:ce:f3:08:01:
                    4a:af:cc:c0:3e:2c:bb:03:e7:59:f5:27:83:ad:8d:
                    25:2b:f1:60:a8:f7:6d:47:d9:b9:a2:82:de:91:c3:
                    49:53:a8:bd:16:0d:40:38:4f:1d:53:3a:52:aa:94:
                    95:eb:8b:f4:87:eb:66:4e:2b:85:c1:b5:e5:d5:22:
                    f9:63:bd:e8:a2:a5:b5:92:48:2d:cf:3a:ae:74:1a:
                    79:ba:74:8e:70:88:91:8b:43:5d:80:db:06:91:46:
                    e0:22:43:4f:5b:02:bc:b9:03:c3:df:8f:8b:bf:4e:
                    73:15:cd:ae:f6:e7:6e:16:01:7a:69:77:94:d4:2a:
                    9a:78:80:95:18:ba:24:c6:3f:82:8a:a4:a1:a9:46:
                    85:09:13:7b:a3:64:27:66:32:98:8f:c4:59:8e:0f:
                    70:b0:c3:e3:c6:4b:6f:ab:a4:02:3e:69:ae:45:f1:
                    45:a7:b2:f5:32:7f:e5:fc:e0:1e:19:4f:f5:a8:09:
                    53:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B9:43:4E:AD:D4:85:28:40:E6:72:B9:85:8F:86:FA:47:0B:6D:2A
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/2LlDTq3UhShA5nK5hY-G-kcLbSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.252.0/22
                  5.253.244.0/24
                  45.84.199.0/24
                  45.91.251.0/24
                  45.131.109.0/24
                  45.137.69.0/24
                  45.137.71.0/24
                  45.145.224.0/23
                  45.145.227.0/24
                  185.132.54.0/23
                  212.87.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:2b:95:4e:b9:96:88:e2:10:6a:de:dc:5e:0c:e0:70:f9:37:
         5b:39:42:9e:3f:5e:6d:60:a8:a6:cd:43:2b:b4:6e:81:91:af:
         f8:fc:95:b1:a7:83:c7:f3:f6:f7:7c:f4:86:af:64:86:da:73:
         65:d9:cc:f6:0c:52:7e:7d:a7:44:25:78:11:9f:59:3b:9e:e3:
         d0:23:ea:70:ec:2e:5e:ed:56:90:0f:1a:11:4c:59:5d:ed:2c:
         04:7d:ac:bc:25:42:cf:70:28:c9:80:30:be:65:de:3f:97:ea:
         94:22:bc:5d:fc:c8:2b:1c:a5:9c:b2:a8:42:d0:ce:ef:b6:c4:
         0f:82:c6:8d:c4:64:d0:f3:47:1d:e5:71:98:fe:da:7a:52:09:
         eb:ff:fb:cc:e6:40:b7:69:e4:04:ac:81:ee:29:88:9c:d3:6c:
         68:30:bc:31:a2:df:2e:3a:2c:eb:cc:90:9d:c2:ec:81:9a:36:
         bc:d6:65:cb:8b:2c:39:5f:c1:e8:84:fc:89:90:5e:cb:4c:ed:
         b6:ca:96:ab:db:b0:0b:44:9f:e5:a1:35:51:1c:37:03:06:f4:
         d8:e9:4c:2d:ed:2b:7f:18:fb:70:63:29:13:fa:03:1a:1f:2f:
         c1:3d:62:28:fc:93:08:69:a4:45:72:bf:e0:8f:e0:4e:f0:8b:
         2e:c0:35:42
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYU6r3W1fmak3mbvIb2Pi33tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjIxMjIyMTYzNDE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGI5NDM0ZWFkZDQ4NTI4NDBlNjcyYjk4NThmODZmYTQ3MGI2ZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhp70p6rVJ5Wm9x9glemHRfPJTnfU
mu8DDNTbpsZ81kjjnfPKr56+szCtfip9R1NU2SG+UQk5i+HhrPRML+vVYWKV6nyo
R87zCAFKr8zAPiy7A+dZ9SeDrY0lK/FgqPdtR9m5ooLekcNJU6i9Fg1AOE8dUzpS
qpSV64v0h+tmTiuFwbXl1SL5Y73ooqW1kkgtzzqudBp5unSOcIiRi0NdgNsGkUbg
IkNPWwK8uQPD34+Lv05zFc2u9uduFgF6aXeU1CqaeICVGLokxj+CiqShqUaFCRN7
o2QnZjKYj8RZjg9wsMPjxktvq6QCPmmuRfFFp7L1Mn/l/OAeGU/1qAlTawIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNi5Q06t1IUoQOZyuYWPhvpHC20qMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvMkxsRFRxM1VoU2hBNW5LNWhZLUcta2NMYlNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCBbT8AwQA
Bf30AwQALVTHAwQALVv7AwQALYNtAwQALYlFAwQALYlHAwQBLZHgAwQALZHjAwQB
uYQ2AwQB1FfWMA0GCSqGSIb3DQEBCwUAA4IBAQCIK5VOuZaI4hBq3txeDOBw+Tdb
OUKeP15tYKimzUMrtG6Bka/4/JWxp4PH8/b3fPSGr2SG2nNl2cz2DFJ+fadEJXgR
n1k7nuPQI+pw7C5e7VaQDxoRTFld7SwEfay8JULPcCjJgDC+Zd4/l+qUIrxd/Mgr
HKWcsqhC0M7vtsQPgsaNxGTQ80cd5XGY/tp6Ugnr//vM5kC3aeQErIHuKYic02xo
MLwxot8uOizrzJCdwuyBmja81mXLiyw5X8HohPyJkF7LTO22ypar27ALRJ/loTVR
HDcDBvTY6Uwt7St/GPtwYykT+gMaHy/BPWIo/JMIaaRFcr/gj+BO8IsuwDVC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:27 2024 by rpki-client on console-fra.rpki-client.org