Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Q5UPgPx_kR_ruvPsWoNPhB0pvxE.roa
File:                     Q5UPgPx_kR_ruvPsWoNPhB0pvxE.roa (raw, json)
Hash identifier:          0Wj/NDsaSmVRA5Xwnyu927XDB/hNG7bbtriiC4jrRPU=
Subject key identifier:   43:95:0F:80:FC:7F:91:1F:EB:BA:F3:EC:5A:83:4F:84:1D:29:BF:11
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       1563DC56
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Q5UPgPx_kR_ruvPsWoNPhB0pvxE.roa
Signing time:             Wed 15 Jun 2022 16:04:47 +0000
ROA not before:           Wed 15 Jun 2022 16:04:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        194.50.188.0/23 maxlen: 23
                          194.50.206.0/23 maxlen: 23
                          195.138.96.0/19 maxlen: 24
                          194.50.200.0/23 maxlen: 23
                          2.57.152.0/22 maxlen: 22
                          91.214.200.0/22 maxlen: 22
                          45.128.20.0/22 maxlen: 22
                          194.50.184.0/23 maxlen: 23
                          91.242.81.0/24 maxlen: 24
                          194.35.52.0/22 maxlen: 22
                          95.214.152.0/22 maxlen: 22
                          91.242.105.0/24 maxlen: 24
                          91.242.100.0/23 maxlen: 23
                          91.242.108.0/22 maxlen: 22
                          91.242.107.0/24 maxlen: 24
                          45.150.168.0/22 maxlen: 22
                          91.242.120.0/21 maxlen: 21
                          45.15.244.0/22 maxlen: 22
                          2.56.0.0/22 maxlen: 22
                          185.173.244.0/22 maxlen: 24
                          91.242.64.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 358866006 (0x1563dc56)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jun 15 16:04:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=43950f80fc7f911febbaf3ec5a834f841d29bf11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f6:fe:e9:a5:2f:b7:52:7e:08:6a:4b:b4:d1:
                    10:6c:9c:93:2b:ac:0f:40:a4:57:fa:ff:ec:ed:f0:
                    96:c0:b7:ae:70:31:b9:3f:a3:8b:e0:60:07:17:84:
                    cb:73:93:36:72:89:d0:b0:8d:73:7a:4e:74:bb:c3:
                    a1:99:91:6f:da:04:d0:79:be:ef:33:33:0d:1d:fd:
                    fa:8b:a9:b6:8c:85:52:06:e2:ef:16:11:d5:30:35:
                    9d:8e:5e:44:79:9f:43:ca:88:bd:55:aa:51:7a:26:
                    a2:8f:cf:a5:d1:1b:f9:e7:e6:75:8a:45:d6:2f:a4:
                    bc:21:b0:1d:47:ba:59:c1:b2:6b:78:70:b2:06:ed:
                    87:92:89:c7:3e:21:ac:d9:1f:20:71:56:fe:f8:38:
                    ec:7e:9c:cf:a9:73:f5:85:93:77:8d:4f:75:5a:80:
                    e7:d5:fc:5b:a1:9f:1b:84:67:a1:8f:ee:f6:c7:3c:
                    09:f5:dc:a4:20:fb:73:a2:95:38:6f:db:9f:f6:97:
                    a6:98:47:d7:07:dd:2a:23:16:ec:27:05:33:6c:4b:
                    07:51:60:13:bc:73:c2:01:98:d7:65:c1:bf:2a:4f:
                    c1:e4:7e:54:cf:0b:3b:5a:b9:05:d6:cd:ff:19:85:
                    26:22:de:40:9b:57:3f:57:73:35:9d:93:d1:f5:dc:
                    df:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:95:0F:80:FC:7F:91:1F:EB:BA:F3:EC:5A:83:4F:84:1D:29:BF:11
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Q5UPgPx_kR_ruvPsWoNPhB0pvxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.0.0/22
                  2.57.152.0/22
                  45.15.244.0/22
                  45.128.20.0/22
                  45.150.168.0/22
                  91.214.200.0/22
                  91.242.64.0/22
                  91.242.81.0/24
                  91.242.100.0/23
                  91.242.105.0/24
                  91.242.107.0-91.242.111.255
                  91.242.120.0/21
                  95.214.152.0/22
                  185.173.244.0/22
                  194.35.52.0/22
                  194.50.184.0/23
                  194.50.188.0/23
                  194.50.200.0/23
                  194.50.206.0/23
                  195.138.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         92:4d:ea:66:c0:0b:b7:88:23:06:bf:3e:fb:0f:17:54:1c:83:
         2c:f5:3a:11:ca:b8:d7:93:16:50:a6:67:1b:82:0f:41:c8:05:
         98:65:53:67:be:88:2e:f7:3d:07:19:57:8e:f2:28:ed:17:f7:
         e5:b0:20:f1:b7:30:fe:06:13:7e:ac:62:2c:82:ec:2f:0f:e4:
         bf:62:af:00:3b:76:3e:7b:74:a6:aa:f8:89:6b:9b:a2:f1:50:
         02:d9:40:96:e6:37:79:8c:cd:5c:b0:97:7e:4e:c5:71:d6:47:
         39:08:e6:f7:b1:6e:be:bf:99:40:51:9c:f1:c0:f2:c0:4d:7c:
         63:b1:bd:ca:c3:19:58:b9:b8:73:e2:10:90:65:65:8c:02:0a:
         8f:c6:f1:8d:5e:78:b0:84:08:4d:98:3f:29:0a:ed:64:51:ff:
         4b:d7:e2:e4:95:50:d9:e6:f9:d5:da:dc:0f:7b:63:5b:13:21:
         1f:20:37:62:b6:a7:f0:df:b0:db:7b:0d:50:e8:09:b2:43:ad:
         00:0a:3e:6c:66:8e:57:6e:28:f5:c2:1d:22:ca:85:1a:ca:33:
         a7:5e:79:ea:04:dd:df:6d:19:07:7a:da:7c:30:99:0f:47:38:
         ed:fb:52:8c:7b:77:14:38:16:10:f5:d1:c8:6e:a0:a0:dd:6b:
         6f:a7:67:a9
-----BEGIN CERTIFICATE-----
MIIFbjCCBFagAwIBAgIEFWPcVjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YmFiMzA2ODM4NTllYzdlMDIwNmZlOTI2NTM2M2U4ZTM5NzFhOWE4MB4XDTIyMDYx
NTE2MDQ0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDM5NTBmODBmYzdm
OTExZmViYmFmM2VjNWE4MzRmODQxZDI5YmYxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKT2/umlL7dSfghqS7TREGyckyusD0CkV/r/7O3wlsC3rnAx
uT+ji+BgBxeEy3OTNnKJ0LCNc3pOdLvDoZmRb9oE0Hm+7zMzDR39+ouptoyFUgbi
7xYR1TA1nY5eRHmfQ8qIvVWqUXomoo/PpdEb+efmdYpF1i+kvCGwHUe6WcGya3hw
sgbth5KJxz4hrNkfIHFW/vg47H6cz6lz9YWTd41PdVqA59X8W6GfG4RnoY/u9sc8
CfXcpCD7c6KVOG/bn/aXpphH1wfdKiMW7CcFM2xLB1FgE7xzwgGY12XBvypPweR+
VM8LO1q5BdbN/xmFJiLeQJtXP1dzNZ2T0fXc378CAwEAAaOCAogwggKEMB0GA1Ud
DgQWBBRDlQ+A/H+RH+u68+xag0+EHSm/ETAfBgNVHSMEGDAWgBSLqzBoOFnsfgIG
/pJlNj6OOXGpqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8x
L1E1VVBnUHhfa1JfcnV2UHNXb05QaEIwcHZ4RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
ODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8xL2k2c3dhRGhaN0g0
Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
nQYIKwYBBQUHAQcBAf8EgY0wgYowgYcEAgABMIGAAwQCAjgAAwQCAjmYAwQCLQ/0
AwQCLYAUAwQCLZaoAwQCW9bIAwQCW/JAAwQAW/JRAwQBW/JkAwQAW/JpMAwDBABb
8msDBARb8mADBANb8ngDBAJf1pgDBAK5rfQDBALCIzQDBAHCMrgDBAHCMrwDBAHC
MsgDBAHCMs4DBAXDimAwDQYJKoZIhvcNAQELBQADggEBAJJN6mbAC7eIIwa/PvsP
F1Qcgyz1OhHKuNeTFlCmZxuCD0HIBZhlU2e+iC73PQcZV47yKO0X9+WwIPG3MP4G
E36sYiyC7C8P5L9irwA7dj57dKaq+Ilrm6LxUALZQJbmN3mMzVywl35OxXHWRzkI
5vexbr6/mUBRnPHA8sBNfGOxvcrDGVi5uHPiEJBlZYwCCo/G8Y1eeLCECE2YPykK
7WRR/0vX4uSVUNnm+dXa3A97Y1sTIR8gN2K2p/DfsNt7DVDoCbJDrQAKPmxmjldu
KPXCHSLKhRrKM6deeeoE3d9tGQd62nwwmQ9HOO37Uox7dxQ4FhD10chuoKDda2+n
Z6k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org