Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Qr0cdWuRxF47zbpm2lBFWQHA4kE.roa
File:                     Qr0cdWuRxF47zbpm2lBFWQHA4kE.roa (raw, json)
Hash identifier:          IippI7gulYmsDeUAM5Gfobur+M5oq4QmcuyYlby0Ys0=
Subject key identifier:   42:BD:1C:75:6B:91:C4:5E:3B:CD:BA:66:DA:50:45:59:01:C0:E2:41
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01852E930CC8FECD46C75B5B4E332C88B9CE
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Qr0cdWuRxF47zbpm2lBFWQHA4kE.roa
Signing time:             Tue 20 Dec 2022 08:07:46 +0000
ROA not before:           Tue 20 Dec 2022 08:07:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35277
IP address blocks:        5.189.219.0/24 maxlen: 24
                          5.189.218.0/24 maxlen: 24
                          5.189.217.0/24 maxlen: 24
                          5.189.216.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.101.44.0/24 maxlen: 24
                          5.101.47.0/24 maxlen: 24
                          5.101.46.0/24 maxlen: 24
                          5.101.45.0/24 maxlen: 24
                          5.188.202.0/24 maxlen: 24
                          5.188.201.0/24 maxlen: 24
                          5.188.200.0/24 maxlen: 24
                          91.243.40.0/24 maxlen: 24
                          91.243.43.0/24 maxlen: 24
                          5.189.253.0/24 maxlen: 24
                          5.189.252.0/24 maxlen: 24
                          5.189.255.0/24 maxlen: 24
                          5.8.44.0/24 maxlen: 24
                          5.8.47.0/24 maxlen: 24
                          5.8.46.0/24 maxlen: 24
                          5.8.45.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2e:93:0c:c8:fe:cd:46:c7:5b:5b:4e:33:2c:88:b9:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Dec 20 08:07:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=42bd1c756b91c45e3bcdba66da50455901c0e241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:34:d9:b4:06:67:74:4e:81:15:50:f4:6a:a7:
                    aa:e4:8f:08:42:7e:80:4d:4b:54:c7:e6:38:ce:db:
                    47:bd:2d:28:c8:e6:68:71:5f:f6:15:ab:e8:0f:47:
                    19:2e:d3:58:53:6b:ce:c7:23:41:39:c5:0b:49:f6:
                    84:43:31:59:e3:12:a5:ca:1d:b0:1c:24:11:66:9c:
                    c7:21:e9:8b:9e:c3:15:78:7d:a4:d6:f0:37:55:d9:
                    8b:db:06:81:d6:8f:23:01:23:d4:ef:c5:ff:87:89:
                    59:a9:8d:b6:a9:79:18:d3:07:2d:64:be:70:54:ff:
                    e6:b5:4b:af:75:8b:34:84:d0:09:eb:60:e2:ba:15:
                    57:52:f1:3a:aa:76:33:e4:c1:5a:94:06:87:d9:22:
                    48:03:aa:99:6a:80:83:33:e4:be:9f:ee:02:6a:f3:
                    4b:8d:0e:ae:d5:04:13:56:e4:7d:3c:d6:c2:44:6a:
                    f7:f1:2b:a1:2a:ec:1d:e8:a7:81:07:0e:81:9d:61:
                    e4:b6:a1:47:9c:03:da:8d:35:10:b4:b8:e6:ad:6b:
                    e9:f2:3b:d7:11:46:bf:ed:b9:9f:40:51:35:0e:d1:
                    bb:a6:dd:ca:e9:c1:b4:03:fb:54:63:77:1c:5b:38:
                    e7:1c:02:5d:56:3e:64:33:7d:42:98:8d:b8:73:a9:
                    bd:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:BD:1C:75:6B:91:C4:5E:3B:CD:BA:66:DA:50:45:59:01:C0:E2:41
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Qr0cdWuRxF47zbpm2lBFWQHA4kE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.44.0/22
                  5.101.44.0/22
                  5.188.50.0/24
                  5.188.200.0-5.188.202.255
                  5.189.216.0/22
                  5.189.252.0/23
                  5.189.255.0/24
                  91.243.40.0/24
                  91.243.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:82:eb:99:a5:8e:31:ad:96:2c:f6:5f:e0:09:2a:4e:b4:ab:
         19:67:f6:35:11:39:99:b6:31:2c:f4:57:dc:51:30:54:59:e7:
         1b:2c:6d:52:15:56:6b:8e:20:fd:24:28:68:8c:db:fb:2f:45:
         e5:37:ca:44:2b:78:d2:cb:0a:10:5e:4d:c7:f2:22:56:a0:6b:
         66:48:ef:38:5b:83:d8:23:fc:ae:26:f2:0a:fe:0a:fd:8f:95:
         f4:af:7c:e6:3c:45:48:10:3f:2a:b7:01:55:e0:15:33:5b:33:
         13:16:94:0e:24:39:7e:ab:f4:f3:f8:3c:5b:e4:bc:ea:62:04:
         d8:ba:0d:28:99:61:42:39:12:d8:08:80:7c:49:45:3a:64:48:
         8b:ce:19:2f:52:3e:2f:20:af:72:72:a1:68:dd:cc:8d:09:c8:
         e4:97:29:cb:f6:56:20:ae:d3:fd:87:bb:cb:4b:e9:ce:02:7a:
         a0:94:bf:3f:ce:28:c7:d2:7b:2c:17:da:f6:85:0e:6b:f2:0d:
         bc:19:79:4e:0a:0f:96:5a:9e:a0:94:2a:84:bb:e4:d7:a3:38:
         bc:90:94:63:f0:83:b0:d8:64:2b:35:9d:20:cd:f9:75:53:12:
         c6:94:7a:2b:0c:6b:02:e1:3c:0c:bf:95:9f:a5:d1:3b:82:ea:
         bd:56:5a:cc
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYUukwzI/s1Gx1tbTjMsiLnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIxMjIwMDgwNzQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmJkMWM3NTZiOTFjNDVlM2JjZGJhNjZkYTUwNDU1OTAxYzBlMjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDTZtAZndE6BFVD0aqeq5I8IQn6A
TUtUx+Y4zttHvS0oyOZocV/2FavoD0cZLtNYU2vOxyNBOcULSfaEQzFZ4xKlyh2w
HCQRZpzHIemLnsMVeH2k1vA3VdmL2waB1o8jASPU78X/h4lZqY22qXkY0wctZL5w
VP/mtUuvdYs0hNAJ62DiuhVXUvE6qnYz5MFalAaH2SJIA6qZaoCDM+S+n+4CavNL
jQ6u1QQTVuR9PNbCRGr38SuhKuwd6KeBBw6BnWHktqFHnAPajTUQtLjmrWvp8jvX
EUa/7bmfQFE1DtG7pt3K6cG0A/tUY3ccWzjnHAJdVj5kM31CmI24c6m9XQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFEK9HHVrkcReO826ZtpQRVkBwOJBMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvUXIwY2RXdVJ4RjQ3emJwbTJsQkZXUUhBNGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCBQgsAwQC
BWUsAwQABbwyMAwDBAMFvMgDBAAFvMoDBAIFvdgDBAEFvfwDBAAFvf8DBABb8ygD
BABb8yswDQYJKoZIhvcNAQELBQADggEBAEOC65mljjGtliz2X+AJKk60qxln9jUR
OZm2MSz0V9xRMFRZ5xssbVIVVmuOIP0kKGiM2/svReU3ykQreNLLChBeTcfyIlag
a2ZI7zhbg9gj/K4m8gr+Cv2PlfSvfOY8RUgQPyq3AVXgFTNbMxMWlA4kOX6r9PP4
PFvkvOpiBNi6DSiZYUI5EtgIgHxJRTpkSIvOGS9SPi8gr3JyoWjdzI0JyOSXKcv2
ViCu0/2Hu8tL6c4CeqCUvz/OKMfSeywX2vaFDmvyDbwZeU4KD5ZanqCUKoS75Nej
OLyQlGPwg7DYZCs1nSDN+XVTEsaUeisMawLhPAy/lZ+l0TuC6r1WWsw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:29 2024 by rpki-client on console-fra.rpki-client.org