Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/QtHf7HkaGsCby6Xdevlun9q6qBQ.roa
File:                     QtHf7HkaGsCby6Xdevlun9q6qBQ.roa (raw, json)
Hash identifier:          qr4d5grgxhgmS45WxJpe/4d4PLpupGQBZOsZasfy1dA=
Subject key identifier:   42:D1:DF:EC:79:1A:1A:C0:9B:CB:A5:DD:7A:F9:6E:9F:DA:BA:A8:14
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       01855EC009B502EAD44BCD9C21802C0FA1F1
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/QtHf7HkaGsCby6Xdevlun9q6qBQ.roa
Signing time:             Thu 29 Dec 2022 16:38:41 +0000
ROA not before:           Thu 29 Dec 2022 16:38:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        5.105.138.0/23 maxlen: 24
                          5.105.142.0/23 maxlen: 24
                          5.105.164.0/23 maxlen: 24
                          91.200.212.0/22 maxlen: 24
                          5.105.68.0/23 maxlen: 24
                          5.105.94.0/23 maxlen: 24
                          5.105.112.0/23 maxlen: 24
                          5.105.114.0/23 maxlen: 24
                          5.105.29.0/24 maxlen: 24
                          5.105.248.0/23 maxlen: 24
                          5.105.186.0/23 maxlen: 24
                          5.105.198.0/23 maxlen: 24
                          5.105.206.0/23 maxlen: 24
                          5.105.202.0/23 maxlen: 24
                          85.255.176.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:5e:c0:09:b5:02:ea:d4:4b:cd:9c:21:80:2c:0f:a1:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Dec 29 16:38:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=42d1dfec791a1ac09bcba5dd7af96e9fdabaa814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:46:74:e6:63:fa:28:3a:be:ae:f6:dc:db:91:
                    86:88:ee:5b:44:63:c1:9d:78:9d:94:92:ae:a8:1f:
                    5d:66:63:2b:c1:b3:67:0f:a9:39:6c:16:78:24:0b:
                    38:d4:cf:cf:4d:fb:88:87:d5:8e:ae:a5:c2:74:12:
                    b8:16:90:a5:94:fc:0c:e8:ea:44:4c:c9:8d:fa:0d:
                    1c:ec:d4:a5:82:f9:8d:0e:db:34:b4:35:ab:79:71:
                    3d:a8:06:36:d0:f9:cf:95:3d:58:03:1c:cd:51:c7:
                    b3:c0:44:a2:d9:a7:b5:41:a5:99:1d:9d:36:ea:0f:
                    aa:75:13:00:56:73:ec:28:d3:a7:ab:62:d6:73:17:
                    33:01:4a:94:a2:a3:39:ea:5b:ae:a6:9d:7a:28:ae:
                    a4:88:67:8c:2c:12:2c:ee:00:10:2a:c5:a7:67:d5:
                    f7:6a:4f:46:87:76:1e:61:2f:7e:a5:a8:c2:0c:16:
                    0b:07:67:a9:96:9c:8a:b4:2c:40:1d:82:e3:bb:ff:
                    1f:59:8f:d4:9c:47:a0:98:1e:f1:16:71:ac:7a:52:
                    58:43:40:79:9c:8b:92:5b:68:bf:dc:25:6c:a0:12:
                    17:8e:0b:3b:c1:99:60:b1:6a:b6:19:2d:08:78:58:
                    e9:46:b7:a2:4d:a3:a4:0d:74:66:07:b0:d8:6e:85:
                    60:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:D1:DF:EC:79:1A:1A:C0:9B:CB:A5:DD:7A:F9:6E:9F:DA:BA:A8:14
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/QtHf7HkaGsCby6Xdevlun9q6qBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.29.0/24
                  5.105.68.0/23
                  5.105.94.0/23
                  5.105.112.0/22
                  5.105.138.0/23
                  5.105.142.0/23
                  5.105.164.0/23
                  5.105.186.0/23
                  5.105.198.0/23
                  5.105.202.0/23
                  5.105.206.0/23
                  5.105.248.0/23
                  85.255.176.0/21
                  91.200.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:12:06:b9:d5:45:28:f4:f2:f6:e5:60:a2:d2:d4:ed:b2:27:
         e9:d5:f5:6c:f0:c3:4c:be:e6:d6:99:82:6a:44:2d:4f:37:f1:
         b2:23:e3:31:ab:e3:61:97:f7:4b:95:41:62:4a:9b:fa:11:7c:
         19:ec:a0:73:c8:68:c7:57:af:84:5a:55:57:36:0f:4f:90:7a:
         22:1c:6f:21:df:19:04:25:18:53:4d:39:95:05:a8:73:ce:e3:
         66:ae:e9:ae:a7:4f:4c:d6:fc:c1:97:c7:80:6c:e4:1e:3d:f8:
         c3:db:e2:dd:76:ab:82:35:2a:94:08:e7:b7:c7:43:a1:51:ae:
         42:35:05:2a:3d:9b:27:da:77:a5:5f:8c:da:f5:8e:61:8d:10:
         55:a3:84:61:13:c9:86:7e:d9:03:b0:ac:fe:e8:1e:1b:27:51:
         26:bd:f7:93:91:7d:b1:12:61:8c:29:ae:e1:2c:61:03:ba:8c:
         a1:ad:c5:65:11:1f:a8:18:2d:14:d0:a3:bc:ab:3b:63:54:31:
         ca:9f:32:ff:07:53:90:27:8a:62:f6:be:e3:70:b8:3a:61:2c:
         a7:06:d7:c2:60:c9:0e:88:90:6c:c6:fb:b4:cc:45:b9:50:bb:
         6c:e8:85:9a:23:f0:aa:04:9f:de:8a:5d:8f:c1:be:5e:01:ec:
         e8:d2:1d:c3
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVewAm1AurUS82cIYAsD6HxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjIxMjI5MTYzODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmQxZGZlYzc5MWExYWMwOWJjYmE1ZGQ3YWY5NmU5ZmRhYmFhODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Z05mP6KDq+rvbc25GGiO5bRGPB
nXidlJKuqB9dZmMrwbNnD6k5bBZ4JAs41M/PTfuIh9WOrqXCdBK4FpCllPwM6OpE
TMmN+g0c7NSlgvmNDts0tDWreXE9qAY20PnPlT1YAxzNUcezwESi2ae1QaWZHZ02
6g+qdRMAVnPsKNOnq2LWcxczAUqUoqM56luupp16KK6kiGeMLBIs7gAQKsWnZ9X3
ak9Gh3YeYS9+pajCDBYLB2eplpyKtCxAHYLju/8fWY/UnEegmB7xFnGselJYQ0B5
nIuSW2i/3CVsoBIXjgs7wZlgsWq2GS0IeFjpRreiTaOkDXRmB7DYboVgLQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFELR3+x5GhrAm8ul3Xr5bp/auqgUMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvUXRIZjdIa2FHc0NieTZYZGV2bHVuOXE2cUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQABWkdAwQB
BWlEAwQBBWleAwQCBWlwAwQBBWmKAwQBBWmOAwQBBWmkAwQBBWm6AwQBBWnGAwQB
BWnKAwQBBWnOAwQBBWn4AwQDVf+wAwQCW8jUMA0GCSqGSIb3DQEBCwUAA4IBAQAc
Ega51UUo9PL25WCi0tTtsifp1fVs8MNMvubWmYJqRC1PN/GyI+Mxq+Nhl/dLlUFi
Spv6EXwZ7KBzyGjHV6+EWlVXNg9PkHoiHG8h3xkEJRhTTTmVBahzzuNmrumup09M
1vzBl8eAbOQePfjD2+LddquCNSqUCOe3x0OhUa5CNQUqPZsn2nelX4za9Y5hjRBV
o4RhE8mGftkDsKz+6B4bJ1EmvfeTkX2xEmGMKa7hLGEDuoyhrcVlER+oGC0U0KO8
qztjVDHKnzL/B1OQJ4pi9r7jcLg6YSynBtfCYMkOiJBsxvu0zEW5ULts6IWaI/Cq
BJ/eil2Pwb5eAezo0h3D
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:57 2024 by rpki-client on console-ams.rpki-client.org