Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/a5XaPVVPS0yRxSgqvEnGVz0SAJw.roa
File:                     a5XaPVVPS0yRxSgqvEnGVz0SAJw.roa (raw, json)
Hash identifier:          8wLRylRE6qUHjIF/DzGHi3l5a2OnNT3qR395bcp9e5w=
Subject key identifier:   6B:95:DA:3D:55:4F:4B:4C:91:C5:28:2A:BC:49:C6:57:3D:12:00:9C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01ABAF2C
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/a5XaPVVPS0yRxSgqvEnGVz0SAJw.roa
Signing time:             Fri 01 Jul 2022 15:50:25 +0000
ROA not before:           Fri 01 Jul 2022 15:50:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        84.32.64.0/22 maxlen: 24
                          84.32.68.0/22 maxlen: 24
                          88.216.180.0/22 maxlen: 24
                          84.32.82.0/23 maxlen: 24
                          88.216.196.0/22 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.210.0/23 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          84.32.24.0/21 maxlen: 24
                          84.32.40.0/21 maxlen: 24
                          88.216.90.0/24 maxlen: 24
                          88.216.0.0/22 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 28028716 (0x1abaf2c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul  1 15:50:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6b95da3d554f4b4c91c5282abc49c6573d12009c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:38:77:60:a0:e0:4a:c7:50:33:b2:42:22:a1:
                    05:21:ca:d7:52:cf:b0:7e:b8:aa:0d:07:0e:a6:e4:
                    94:f1:ab:7c:7f:0e:ed:16:01:91:b0:a3:1a:cd:54:
                    db:5f:ed:f8:ca:28:c5:ce:2d:0a:b8:65:43:a5:90:
                    ab:fa:1e:9d:99:69:a9:db:aa:c1:48:19:09:57:75:
                    db:63:32:b7:cc:19:e1:22:fc:2c:00:42:58:37:73:
                    2d:07:55:33:da:b0:cf:df:cf:a1:51:a0:f1:84:dd:
                    26:13:26:04:0c:90:de:97:7f:50:f6:ed:08:cb:cf:
                    fc:8b:76:25:24:ec:eb:8f:2b:8d:b4:7f:af:85:7d:
                    18:69:1b:94:ba:b9:74:57:d6:fc:6d:25:34:a5:c3:
                    4d:68:d1:90:9c:c4:7c:18:c7:f6:b6:53:74:ce:f7:
                    32:63:49:85:8b:69:1b:74:11:9e:01:63:61:e3:e3:
                    d3:ce:a0:9b:c6:57:de:93:4c:20:f6:f6:fb:8a:90:
                    2d:55:52:6a:aa:ef:2e:54:a3:84:5a:4c:93:b3:0e:
                    b0:92:4c:a0:f5:07:c8:11:3f:37:08:cb:15:f7:2f:
                    68:26:8c:18:88:52:ed:89:a3:d4:ad:3a:e7:be:ab:
                    c8:53:af:3b:3c:7a:78:aa:40:ed:43:00:cc:58:4d:
                    34:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:95:DA:3D:55:4F:4B:4C:91:C5:28:2A:BC:49:C6:57:3D:12:00:9C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/a5XaPVVPS0yRxSgqvEnGVz0SAJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.8.0/22
                  84.32.24.0/21
                  84.32.40.0/21
                  84.32.64.0/21
                  84.32.82.0/23
                  88.216.0.0/22
                  88.216.16.0/24
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.90.0/24
                  88.216.180.0/22
                  88.216.196.0/22
                  88.216.209.0-88.216.215.255

    Signature Algorithm: sha256WithRSAEncryption
         8f:65:9f:66:8c:df:ec:bc:6f:8c:9f:a4:ed:95:61:bb:ff:d4:
         e3:ac:0a:11:a7:4b:3d:ab:0e:98:a1:c1:92:d1:4b:f6:58:6e:
         0b:25:b5:e9:49:74:47:9e:f1:1a:90:99:86:ce:85:64:79:5c:
         3a:da:4e:07:c5:1f:c3:65:a0:7a:8c:f2:45:66:3c:bb:12:53:
         8f:22:09:8e:ec:00:6c:ae:ed:c0:b2:fc:dd:17:bc:7c:31:95:
         fd:1d:c9:56:10:ec:5c:e3:a3:31:e3:55:a6:5d:b7:ef:fe:aa:
         ef:d4:58:8a:70:2d:02:a7:10:23:1a:a3:f0:3e:65:a0:91:3a:
         8d:85:13:cb:fd:87:ed:a4:8a:11:11:b6:b7:b3:fc:c4:13:f7:
         48:ca:43:d0:ea:43:bf:c8:9c:83:a1:b8:c1:76:3d:40:d9:54:
         de:8c:81:80:ee:cb:0f:6d:4a:b5:d8:7f:75:08:5a:27:cb:c9:
         28:a7:b4:7a:bd:a0:5a:e4:6c:7c:62:37:8c:b8:94:53:50:d0:
         f8:f1:b3:87:c9:ce:d1:51:34:cb:26:6c:87:58:08:29:0c:02:
         0d:2b:13:37:8e:6d:06:0d:2f:5a:b8:ec:42:aa:9e:8d:b4:a8:
         e5:fb:3c:b9:cf:18:35:5f:1a:14:53:1f:83:09:2b:3e:7b:ae:
         76:6f:49:d0
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgIEAauvLDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZmJkNDVmY2UzNTZlMmE2NWYxZTRkMWRhZjc4MTRiNmQ2YmRhM2M1MB4XDTIyMDcw
MTE1NTAyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmI5NWRhM2Q1NTRm
NGI0YzkxYzUyODJhYmM0OWM2NTczZDEyMDA5YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIA4d2Cg4ErHUDOyQiKhBSHK11LPsH64qg0HDqbklPGrfH8O
7RYBkbCjGs1U21/t+Mooxc4tCrhlQ6WQq/oenZlpqduqwUgZCVd122Myt8wZ4SL8
LABCWDdzLQdVM9qwz9/PoVGg8YTdJhMmBAyQ3pd/UPbtCMvP/It2JSTs648rjbR/
r4V9GGkblLq5dFfW/G0lNKXDTWjRkJzEfBjH9rZTdM73MmNJhYtpG3QRngFjYePj
086gm8ZX3pNMIPb2+4qQLVVSaqrvLlSjhFpMk7MOsJJMoPUHyBE/NwjLFfcvaCaM
GIhS7Ymj1K06576ryFOvOzx6eKpA7UMAzFhNNEUCAwEAAaOCAmcwggJjMB0GA1Ud
DgQWBBRrldo9VU9LTJHFKCq8ScZXPRIAnDAfBgNVHSMEGDAWgBRPvUX841bipl8e
TR2veBS21r2jxTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1Q3MUZfT05XNHFaZkhrMGRyM2dVdHRhOW84VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGMvMzk0YzkzLWRjYTMtNGJjNS04YzliLTIzNDgxYmYwOTFjMy8x
L2E1WGFQVlZQUzB5UnhTZ3F2RW5HVnowU0FKdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMv
Mzk0YzkzLWRjYTMtNGJjNS04YzliLTIzNDgxYmYwOTFjMy8xL1Q3MUZfT05XNHFa
ZkhrMGRyM2dVdHRhOW84VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB9
BggrBgEFBQcBBwEB/wRuMGwwagQCAAEwZAMEAlQgCAMEA1QgGAMEA1QgKAMEA1Qg
QAMEAVQgUgMEAljYAAMEAFjYEDAMAwQAWNgTAwQDWNgQAwQAWNggAwQAWNguAwQA
WNhaAwQCWNi0AwQCWNjEMAwDBABY2NEDBANY2NAwDQYJKoZIhvcNAQELBQADggEB
AI9ln2aM3+y8b4yfpO2VYbv/1OOsChGnSz2rDpihwZLRS/ZYbgsltelJdEee8RqQ
mYbOhWR5XDraTgfFH8NloHqM8kVmPLsSU48iCY7sAGyu7cCy/N0XvHwxlf0dyVYQ
7FzjozHjVaZdt+/+qu/UWIpwLQKnECMao/A+ZaCROo2FE8v9h+2kihERtrez/MQT
90jKQ9DqQ7/InIOhuMF2PUDZVN6MgYDuyw9tSrXYf3UIWifLySintHq9oFrkbHxi
N4y4lFNQ0Pjxs4fJztFRNMsmbIdYCCkMAg0rEzeObQYNL1q47EKqno20qOX7PLnP
GDVfGhRTH4MJKz57rnZvSdA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:29 2024 by rpki-client on console-ams.rpki-client.org