Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/DTUF18d1rWuqCidM9HmZxYhiMZ4.roa
File:                     DTUF18d1rWuqCidM9HmZxYhiMZ4.roa (raw, json)
Hash identifier:          IY6QyVMpXWO8znzxGcBtxmlejOrEI/eGlRhiYMOFLSU=
Subject key identifier:   0D:35:05:D7:C7:75:AD:6B:AA:0A:27:4C:F4:79:99:C5:88:62:31:9E
Certificate issuer:       /CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
Certificate serial:       09334F9D
Authority key identifier: 39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/DTUF18d1rWuqCidM9HmZxYhiMZ4.roa
Signing time:             Sat 01 Jan 2022 06:05:35 +0000
ROA not before:           Sat 01 Jan 2022 06:05:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15626
IP address blocks:        217.12.219.0/24 maxlen: 24
                          217.12.216.0/23 maxlen: 23
                          217.12.220.0/22 maxlen: 22
                          217.12.223.0/24 maxlen: 24
                          217.12.221.0/24 maxlen: 24
                          217.12.192.0/21 maxlen: 21
                          217.12.199.0/24 maxlen: 24
                          217.12.204.0/23 maxlen: 23
                          82.118.16.0/22 maxlen: 22
                          82.118.17.0/24 maxlen: 24
                          217.12.212.0/22 maxlen: 22
                          5.34.182.0/23 maxlen: 24
                          217.12.210.0/24 maxlen: 24
                          217.12.210.0/23 maxlen: 23
                          46.28.64.0/21 maxlen: 24
                          2a02:27a8::/32 maxlen: 32
                          2a02:27a8:0:a::/64 maxlen: 64
                          2a02:27a8:0:2::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154357661 (0x9334f9d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
        Validity
            Not Before: Jan  1 06:05:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0d3505d7c775ad6baa0a274cf47999c58862319e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9a:14:9c:ce:31:73:0f:df:20:5d:56:5c:5e:
                    f4:59:35:a1:3b:cd:b7:00:ed:7f:c8:09:52:dc:7c:
                    4a:5f:44:67:f5:d1:59:2b:93:ff:64:15:f7:aa:6d:
                    d3:4a:23:b2:64:06:39:08:7d:96:3e:66:0e:88:fd:
                    d6:68:46:ae:49:a2:87:d2:91:c2:49:da:8c:c6:01:
                    6a:4b:d8:f1:23:f3:68:95:ad:e0:7f:73:3d:ac:21:
                    35:5e:ac:5f:37:55:32:f1:99:30:ed:88:93:86:72:
                    0c:15:bd:f0:31:97:8b:7e:e7:64:6c:e0:f2:88:45:
                    10:58:f6:74:7c:5d:c4:db:0a:ee:33:bd:83:a5:76:
                    49:01:b5:a5:de:da:bd:21:56:69:d7:95:1d:d6:7c:
                    17:e2:4e:93:b3:45:a3:af:4a:c6:4d:44:ad:e9:3e:
                    c1:4f:d5:3f:f9:0f:6a:90:8a:a6:d2:07:cd:f9:9e:
                    04:c5:31:be:4a:b2:3a:be:c2:9b:38:68:fa:da:4e:
                    81:df:55:78:ec:2d:ec:2b:b2:8c:1c:f7:d8:b3:ad:
                    26:e8:73:48:0b:e0:dd:76:b1:49:e0:e0:7c:f7:fb:
                    89:b2:6b:6f:95:b6:52:d5:b3:ae:ad:f2:20:a8:e2:
                    66:97:b3:b7:f6:42:e7:28:73:f6:ff:ee:22:59:7c:
                    21:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:35:05:D7:C7:75:AD:6B:AA:0A:27:4C:F4:79:99:C5:88:62:31:9E
            X509v3 Authority Key Identifier:
                keyid:39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/DTUF18d1rWuqCidM9HmZxYhiMZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/OVAwNhWspuX29bVpHHwsjcpfI00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.182.0/23
                  46.28.64.0/21
                  82.118.16.0/22
                  217.12.192.0/21
                  217.12.204.0/23
                  217.12.210.0-217.12.217.255
                  217.12.219.0-217.12.223.255
                IPv6:
                  2a02:27a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:8a:ab:2d:3b:59:c2:68:4c:0b:7f:76:19:ff:dd:40:aa:ab:
         7d:66:5c:4c:3f:ee:26:a9:a9:23:7f:9a:e5:db:c1:74:dc:f0:
         52:0c:17:70:31:70:98:76:d0:8d:ab:25:dc:f1:9e:92:19:5f:
         3d:62:f7:38:29:47:d7:7c:2f:d9:f2:b8:6e:89:08:d5:d1:7a:
         97:a3:0a:34:ae:49:16:b0:b1:ef:0f:fa:98:76:9a:95:fc:f6:
         b4:95:12:ab:1d:9e:2a:ec:51:e7:74:76:b8:29:e1:2b:28:27:
         89:e4:99:cb:e1:a9:35:0a:cb:ca:5d:99:ab:51:0a:85:c9:d6:
         0f:f4:2b:ea:4c:b1:0a:9d:8b:af:f8:82:b1:e3:64:14:d2:90:
         69:c9:56:f0:c6:3e:88:8e:ba:2d:bd:1f:33:5e:04:a1:88:b2:
         1f:8b:f0:c4:fa:94:97:ed:c6:67:1b:1a:ea:2b:06:3e:71:ed:
         02:36:12:6b:52:fb:5f:ee:9b:d2:34:0c:ef:24:af:c4:41:93:
         b0:45:1d:b5:28:fb:6b:77:4a:31:8b:4b:22:68:ba:52:c3:2c:
         f3:07:ea:c7:ac:1c:23:62:a8:8f:27:a9:4f:46:7f:3a:36:d4:
         23:d2:de:06:f8:b3:a9:09:39:87:df:e4:61:69:61:79:a4:69:
         58:76:27:2b
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIECTNPnTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OTUwMzAzNjE1YWNhNmU1ZjZmNWI1NjkxYzdjMmM4ZGNhNWYyMzRkMB4XDTIyMDEw
MTA2MDUzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGQzNTA1ZDdjNzc1
YWQ2YmFhMGEyNzRjZjQ3OTk5YzU4ODYyMzE5ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKSaFJzOMXMP3yBdVlxe9Fk1oTvNtwDtf8gJUtx8Sl9EZ/XR
WSuT/2QV96pt00ojsmQGOQh9lj5mDoj91mhGrkmih9KRwknajMYBakvY8SPzaJWt
4H9zPawhNV6sXzdVMvGZMO2Ik4ZyDBW98DGXi37nZGzg8ohFEFj2dHxdxNsK7jO9
g6V2SQG1pd7avSFWadeVHdZ8F+JOk7NFo69Kxk1Erek+wU/VP/kPapCKptIHzfme
BMUxvkqyOr7Cmzho+tpOgd9VeOwt7CuyjBz32LOtJuhzSAvg3XaxSeDgfPf7ibJr
b5W2UtWzrq3yIKjiZpezt/ZC5yhz9v/uIll8IRkCAwEAAaOCAkwwggJIMB0GA1Ud
DgQWBBQNNQXXx3Wta6oKJ0z0eZnFiGIxnjAfBgNVHSMEGDAWgBQ5UDA2Faym5fb1
tWkcfCyNyl8jTTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09WQXdOaFdzcHVYMjliVnBISHdzamNwZkkwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWIvMzhjNjk0LTIzYTctNDhiMi1hYWVjLTZjOGZkMGJjNWIwMC8x
L0RUVUYxOGQxcld1cUNpZE05SG1aeFloaU1aNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWIv
MzhjNjk0LTIzYTctNDhiMi1hYWVjLTZjOGZkMGJjNWIwMC8xL09WQXdOaFdzcHVY
MjliVnBISHdzamNwZkkwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBi
BggrBgEFBQcBBwEB/wRTMFEwQAQCAAEwOgMEAQUitgMEAy4cQAMEAlJ2EAMEA9kM
wAMEAdkMzDAMAwQB2QzSAwQB2QzYMAwDBADZDNsDBAXZDMAwDQQCAAIwBwMFACoC
J6gwDQYJKoZIhvcNAQELBQADggEBAHqKqy07WcJoTAt/dhn/3UCqq31mXEw/7iap
qSN/muXbwXTc8FIMF3AxcJh20I2rJdzxnpIZXz1i9zgpR9d8L9nyuG6JCNXRepej
CjSuSRawse8P+ph2mpX89rSVEqsdnirsUed0drgp4SsoJ4nkmcvhqTUKy8pdmatR
CoXJ1g/0K+pMsQqdi6/4grHjZBTSkGnJVvDGPoiOui29HzNeBKGIsh+L8MT6lJft
xmcbGuorBj5x7QI2EmtS+1/um9I0DO8kr8RBk7BFHbUo+2t3SjGLSyJoulLDLPMH
6sesHCNiqI8nqU9Gfzo21CPS3gb4s6kJOYff5GFpYXmkaVh2Jys=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:46 2024 by rpki-client on console-ams.rpki-client.org