Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/XgrfWBGz3-Zwwglzkos6N7mo3hQ.roa
File:                     XgrfWBGz3-Zwwglzkos6N7mo3hQ.roa (raw, json)
Hash identifier:          r1vVzA5QZbj2FYgKoFgqjLxeKtV6GGzdylgM/B8TGEg=
Subject key identifier:   5E:0A:DF:58:11:B3:DF:E6:70:C2:09:73:92:8B:3A:37:B9:A8:DE:14
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0183F5A3BCE86591FA739C29B22FECE92A52
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/XgrfWBGz3-Zwwglzkos6N7mo3hQ.roa
Signing time:             Thu 20 Oct 2022 13:44:52 +0000
ROA not before:           Thu 20 Oct 2022 13:44:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35277
IP address blocks:        5.189.219.0/24 maxlen: 24
                          5.189.218.0/24 maxlen: 24
                          5.189.217.0/24 maxlen: 24
                          5.189.216.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.101.44.0/24 maxlen: 24
                          5.101.47.0/24 maxlen: 24
                          5.101.46.0/24 maxlen: 24
                          5.101.45.0/24 maxlen: 24
                          5.188.203.0/24 maxlen: 24
                          5.188.202.0/24 maxlen: 24
                          5.188.201.0/24 maxlen: 24
                          5.188.200.0/24 maxlen: 24
                          91.243.40.0/24 maxlen: 24
                          91.243.43.0/24 maxlen: 24
                          5.189.253.0/24 maxlen: 24
                          5.189.252.0/24 maxlen: 24
                          5.189.255.0/24 maxlen: 24
                          5.8.44.0/24 maxlen: 24
                          5.8.47.0/24 maxlen: 24
                          5.8.46.0/24 maxlen: 24
                          5.8.45.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:f5:a3:bc:e8:65:91:fa:73:9c:29:b2:2f:ec:e9:2a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Oct 20 13:44:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5e0adf5811b3dfe670c20973928b3a37b9a8de14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:20:9c:31:ee:e3:1e:fd:d6:df:bf:39:20:cd:
                    dc:de:62:8c:9d:25:bd:3e:99:8c:c9:ba:3c:b0:b4:
                    78:51:18:a1:72:7f:da:e9:ac:f8:48:31:1e:fd:bc:
                    cc:8b:5d:6f:eb:21:a9:21:ae:46:04:0c:b1:92:a1:
                    17:e1:23:81:da:ac:df:c1:be:ab:e2:3b:c8:48:9e:
                    59:cb:8a:5e:b0:73:07:cf:d3:b8:de:42:8a:4b:32:
                    f2:55:12:35:97:e1:8d:72:a2:a3:4c:a1:3a:e8:97:
                    3f:f3:5c:08:3c:26:83:ce:e0:6a:70:1e:7a:a4:2c:
                    73:a2:15:1a:1b:1d:eb:0e:4d:82:55:56:20:fc:6c:
                    99:ba:db:f1:6d:cb:1a:8c:7f:3f:97:07:2d:f3:ef:
                    b0:a7:72:a7:92:7a:de:99:fa:44:ae:b9:d4:10:b6:
                    b8:7e:99:52:50:37:72:5d:ea:88:77:b4:76:41:a7:
                    18:33:c6:2d:36:73:dd:b1:45:e1:20:c5:18:17:d1:
                    a2:54:77:6c:3c:24:35:52:e9:d1:9c:15:10:d6:46:
                    d8:96:87:1e:5d:ad:72:f9:aa:10:6e:5d:a6:fb:e4:
                    30:cf:2f:98:a6:64:c7:9d:aa:3f:c2:50:c4:ed:51:
                    a2:68:ee:92:5b:42:1e:88:32:ff:bf:b7:32:89:c7:
                    22:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:0A:DF:58:11:B3:DF:E6:70:C2:09:73:92:8B:3A:37:B9:A8:DE:14
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/XgrfWBGz3-Zwwglzkos6N7mo3hQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.44.0/22
                  5.101.44.0/22
                  5.188.50.0/24
                  5.188.200.0/22
                  5.189.216.0/22
                  5.189.252.0/23
                  5.189.255.0/24
                  91.243.40.0/24
                  91.243.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:9d:8d:58:01:bb:43:fc:2d:e0:2f:ab:41:9c:80:7c:97:b4:
         51:25:44:21:75:8f:77:fd:a3:11:82:ce:d3:83:df:61:67:48:
         2a:3e:0b:5a:04:23:1b:66:78:52:9f:1f:df:2a:a6:da:2a:20:
         1e:75:af:70:11:8d:d0:e8:1c:c3:b2:e3:c7:25:7a:a8:c0:9f:
         f8:77:73:d1:4b:ee:3b:18:d9:43:09:f8:87:d0:d6:dd:49:a5:
         df:f9:2a:68:47:b1:9e:55:52:32:c9:16:68:86:84:8b:e8:27:
         ec:3a:d4:58:2f:60:e5:51:f0:17:ab:30:bf:6d:14:8f:ab:7b:
         85:16:a6:2f:c1:30:75:e7:ba:43:88:c1:3c:5a:8b:c7:93:13:
         d2:6c:da:b7:e9:81:37:0b:1d:f4:6e:87:b6:c3:20:fb:e8:a2:
         05:f4:90:44:ec:fb:7d:dd:ec:88:44:05:db:9a:bc:42:ae:da:
         5c:94:1b:d1:b8:d1:8a:1e:41:80:ee:60:48:55:e5:b1:dd:fb:
         38:de:46:29:a7:f6:36:70:e6:e3:6d:d9:68:1e:19:f5:0e:b5:
         fd:28:8d:aa:14:75:d3:01:fa:f5:5a:a8:65:ac:8b:ad:fe:9b:
         bd:59:12:d5:97:48:48:7c:87:8c:e5:8d:3c:66:f4:ac:dc:31:
         93:39:29:db
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYP1o7zoZZH6c5wpsi/s6SpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIxMDIwMTM0NDUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTBhZGY1ODExYjNkZmU2NzBjMjA5NzM5MjhiM2EzN2I5YThkZTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriCcMe7jHv3W3785IM3c3mKMnSW9
PpmMybo8sLR4URihcn/a6az4SDEe/bzMi11v6yGpIa5GBAyxkqEX4SOB2qzfwb6r
4jvISJ5Zy4pesHMHz9O43kKKSzLyVRI1l+GNcqKjTKE66Jc/81wIPCaDzuBqcB56
pCxzohUaGx3rDk2CVVYg/GyZutvxbcsajH8/lwct8++wp3KnknremfpErrnUELa4
fplSUDdyXeqId7R2QacYM8YtNnPdsUXhIMUYF9GiVHdsPCQ1UunRnBUQ1kbYloce
Xa1y+aoQbl2m++Qwzy+YpmTHnao/wlDE7VGiaO6SW0IeiDL/v7cyiccimwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFF4K31gRs9/mcMIJc5KLOje5qN4UMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvWGdyZldCR3ozLVp3d2dsemtvczZON21vM2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCBQgsAwQC
BWUsAwQABbwyAwQCBbzIAwQCBb3YAwQBBb38AwQABb3/AwQAW/MoAwQAW/MrMA0G
CSqGSIb3DQEBCwUAA4IBAQBSnY1YAbtD/C3gL6tBnIB8l7RRJUQhdY93/aMRgs7T
g99hZ0gqPgtaBCMbZnhSnx/fKqbaKiAeda9wEY3Q6BzDsuPHJXqowJ/4d3PRS+47
GNlDCfiH0NbdSaXf+SpoR7GeVVIyyRZohoSL6CfsOtRYL2DlUfAXqzC/bRSPq3uF
FqYvwTB157pDiME8WovHkxPSbNq36YE3Cx30boe2wyD76KIF9JBE7Pt93eyIRAXb
mrxCrtpclBvRuNGKHkGA7mBIVeWx3fs43kYpp/Y2cObjbdloHhn1DrX9KI2qFHXT
Afr1WqhlrIut/pu9WRLVl0hIfIeM5Y08ZvSs3DGTOSnb
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:55 2024 by rpki-client on console-ams.rpki-client.org