Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/X6nipF34DMAJlQpuhv6TV1SLX-A.roa
File:                     X6nipF34DMAJlQpuhv6TV1SLX-A.roa (raw, json)
Hash identifier:          16maDyXLPUtVJcbY8JOE+sn+PpMbcbG5weuuB0IZC4w=
Subject key identifier:   5F:A9:E2:A4:5D:F8:0C:C0:09:95:0A:6E:86:FE:93:57:54:8B:5F:E0
Certificate issuer:       /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial:       01851653955661DB9CA018807E867293DEBE
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/X6nipF34DMAJlQpuhv6TV1SLX-A.roa
Signing time:             Thu 15 Dec 2022 15:07:34 +0000
ROA not before:           Thu 15 Dec 2022 15:07:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56971
IP address blocks:        193.43.72.0/24 maxlen: 32
                          45.152.112.0/24 maxlen: 32
                          45.152.113.0/24 maxlen: 32
                          193.242.145.0/24 maxlen: 32
                          45.145.4.0/24 maxlen: 24
                          45.145.6.0/24 maxlen: 32
                          45.145.7.0/24 maxlen: 32
                          45.159.210.0/24 maxlen: 24
                          45.159.208.0/24 maxlen: 24
                          45.159.209.0/24 maxlen: 24
                          45.154.3.0/24 maxlen: 32
                          45.152.84.0/24 maxlen: 32
                          45.154.1.0/24 maxlen: 32
                          45.154.2.0/24 maxlen: 32
                          45.152.86.0/24 maxlen: 32
                          45.11.93.0/24 maxlen: 24
                          45.11.94.0/24 maxlen: 24
                          45.11.92.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:16:53:95:56:61:db:9c:a0:18:80:7e:86:72:93:de:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
        Validity
            Not Before: Dec 15 15:07:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5fa9e2a45df80cc009950a6e86fe9357548b5fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3f:18:20:4d:28:37:2c:00:0f:44:44:3f:25:
                    e4:61:8d:07:42:09:ea:d2:90:33:06:0b:81:d4:48:
                    41:ab:a7:b0:64:2e:28:3e:af:2f:73:71:bd:42:98:
                    10:6d:ac:dd:4d:4b:91:80:52:f2:e7:cd:7e:df:37:
                    70:30:35:50:f9:7d:c6:f4:72:46:b4:53:ed:3f:1d:
                    11:2c:03:f9:22:c1:ce:4a:1e:88:42:47:41:65:72:
                    c4:1f:1e:92:7a:f9:6e:b1:5c:b9:3c:9a:9b:8e:44:
                    cf:a3:a8:cd:10:19:22:60:0e:ad:ae:73:99:49:58:
                    f0:10:91:9f:d0:e3:83:34:4b:10:ae:92:80:f6:27:
                    1b:9e:0d:c6:0b:44:0d:20:29:92:49:2c:63:ae:d3:
                    9e:3d:f2:65:45:fe:46:5a:c6:8b:bb:d6:0d:17:cf:
                    35:37:fb:c8:c6:77:c0:81:cd:71:2b:3f:3e:6a:7f:
                    00:f8:a0:ee:b5:fb:20:0e:5e:90:c8:f3:fc:ca:f3:
                    16:2e:02:6f:7b:2a:d9:36:bf:6c:0a:ea:a3:b8:d1:
                    44:51:a8:c3:a6:73:88:d0:6f:f9:db:ee:6a:4b:04:
                    29:e8:b4:7b:5f:66:c0:ea:42:73:13:f1:47:b1:5d:
                    86:cc:38:73:4f:9a:42:94:3b:40:02:bf:44:01:c8:
                    d0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A9:E2:A4:5D:F8:0C:C0:09:95:0A:6E:86:FE:93:57:54:8B:5F:E0
            X509v3 Authority Key Identifier:
                keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/X6nipF34DMAJlQpuhv6TV1SLX-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.92.0-45.11.94.255
                  45.145.4.0/24
                  45.145.6.0/23
                  45.152.84.0/24
                  45.152.86.0/24
                  45.152.112.0/23
                  45.154.1.0-45.154.3.255
                  45.159.208.0-45.159.210.255
                  193.43.72.0/24
                  193.242.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:fe:5f:3a:f4:50:75:f0:e8:19:4f:8e:60:fe:d2:78:b2:b6:
         23:81:c6:b3:9b:06:ca:26:4e:f6:85:29:6f:30:94:d4:23:98:
         8c:79:66:a7:72:0a:f1:26:d4:64:03:22:4a:e3:e2:67:00:f7:
         3b:73:e5:3d:03:25:d6:0b:f7:4c:5a:b6:00:2a:35:da:b4:9c:
         b6:e5:df:96:91:0a:3c:29:fd:e5:d5:17:6d:75:13:f1:68:53:
         b0:eb:1f:d2:70:0a:49:5c:1e:ae:6c:52:d1:9d:10:00:ad:ff:
         7f:34:b3:fb:ac:25:4d:da:5c:46:80:d4:0f:39:4b:97:91:13:
         40:64:a0:dd:92:8d:fc:ab:d5:c8:3b:8f:3d:89:16:4e:14:f7:
         fb:e4:18:ac:29:87:68:b4:3c:4c:49:07:de:ee:59:17:62:07:
         89:d9:4f:78:f1:97:09:65:5c:8e:d8:bb:17:a1:1c:63:24:c6:
         78:99:c2:29:78:ac:32:66:9f:47:ee:6f:e7:94:54:f5:76:ce:
         6d:1f:68:7e:8c:44:ba:bc:40:4e:7f:18:d5:d9:a4:9d:76:0f:
         b9:09:f0:7c:09:df:88:36:9b:ec:68:bd:55:44:2b:3b:27:36:
         4a:bc:7d:27:6c:5d:1c:3a:10:a8:d3:23:8a:1b:04:bf:40:01:
         f7:79:84:2b
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYUWU5VWYducoBiAfoZyk96+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjhiYmIxZTE4NmE1OTlkNGNjMDU4Y2FiZjRkZjBlMjUy
ZjMxZmEwHhcNMjIxMjE1MTUwNzM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmE5ZTJhNDVkZjgwY2MwMDk5NTBhNmU4NmZlOTM1NzU0OGI1ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxD8YIE0oNywAD0REPyXkYY0HQgnq
0pAzBguB1EhBq6ewZC4oPq8vc3G9QpgQbazdTUuRgFLy581+3zdwMDVQ+X3G9HJG
tFPtPx0RLAP5IsHOSh6IQkdBZXLEHx6SevlusVy5PJqbjkTPo6jNEBkiYA6trnOZ
SVjwEJGf0OODNEsQrpKA9icbng3GC0QNICmSSSxjrtOePfJlRf5GWsaLu9YNF881
N/vIxnfAgc1xKz8+an8A+KDutfsgDl6QyPP8yvMWLgJveyrZNr9sCuqjuNFEUajD
pnOI0G/52+5qSwQp6LR7X2bA6kJzE/FHsV2GzDhzT5pClDtAAr9EAcjQZQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFF+p4qRd+AzACZUKbob+k1dUi1/gMB8GA1UdIwQY
MBaAFPG4u7HhhqWZ1MwFjKv03w4lLzH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQt
NWI0Yjg1ZmQ1YWU1LzEvWDZuaXBGMzRETUFKbFFwdWh2NlRWMVNMWC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQtNWI0Yjg1ZmQ1YWU1
LzEvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUMAwDBAItC1wD
BAAtC14DBAAtkQQDBAEtkQYDBAAtmFQDBAAtmFYDBAEtmHAwDAMEAC2aAQMEAi2a
ADAMAwQELZ/QAwQALZ/SAwQAwStIAwQAwfKRMA0GCSqGSIb3DQEBCwUAA4IBAQBV
/l869FB18OgZT45g/tJ4srYjgcazmwbKJk72hSlvMJTUI5iMeWancgrxJtRkAyJK
4+JnAPc7c+U9AyXWC/dMWrYAKjXatJy25d+WkQo8Kf3l1RdtdRPxaFOw6x/ScApJ
XB6ubFLRnRAArf9/NLP7rCVN2lxGgNQPOUuXkRNAZKDdko38q9XIO489iRZOFPf7
5BisKYdotDxMSQfe7lkXYgeJ2U948ZcJZVyO2LsXoRxjJMZ4mcIpeKwyZp9H7m/n
lFT1ds5tH2h+jES6vEBOfxjV2aSddg+5CfB8Cd+INpvsaL1VRCs7JzZKvH0nbF0c
OhCo0yOKGwS/QAH3eYQr
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:00 2024 by rpki-client on console-fra.rpki-client.org