Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/C1KUuMF9FzgFXXl0yUkOwcvxup8.roa
File:                     C1KUuMF9FzgFXXl0yUkOwcvxup8.roa (raw, json)
Hash identifier:          VMQRIrjGzGRB6izExnt9wJ3yDEOdBbyoGRyY0CqDASk=
Subject key identifier:   0B:52:94:B8:C1:7D:17:38:05:5D:79:74:C9:49:0E:C1:CB:F1:BA:9F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0183DDC71DF37099F83B22D2A00C4ABA4724
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/C1KUuMF9FzgFXXl0yUkOwcvxup8.roa
Signing time:             Sat 15 Oct 2022 22:32:37 +0000
ROA not before:           Sat 15 Oct 2022 22:32:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58057
IP address blocks:        45.136.136.0/22 maxlen: 24
                          94.177.122.0/24 maxlen: 24
                          194.50.94.0/24 maxlen: 24
                          85.202.203.0/24 maxlen: 24
                          194.50.92.0/24 maxlen: 24
                          194.50.111.0/24 maxlen: 24
                          139.28.96.0/22 maxlen: 24
                          31.42.183.0/24 maxlen: 24
                          2a0e:97c0:260::/44 maxlen: 44
                          2a0e:b107:1165::/48 maxlen: 48
                          2a0c:3b80::/29 maxlen: 48
                          2a0e:97c1:200::/40 maxlen: 48
                          2001:7f8:119::/48 maxlen: 48
                          2a10:cc46:1000::/36 maxlen: 48
                          2a0e:97c0:170::/48 maxlen: 48
                          2a0e:b107:9f2::/48 maxlen: 48
                          2a10:cc40:1c0::/44 maxlen: 44
                          2a0f:e404:102::/48 maxlen: 48
                          2a09:4c0::/29 maxlen: 64
                          2a0e:b107:1786::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:dd:c7:1d:f3:70:99:f8:3b:22:d2:a0:0c:4a:ba:47:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 15 22:32:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0b5294b8c17d1738055d7974c9490ec1cbf1ba9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6f:11:06:0e:db:e8:38:b0:fb:7d:2d:7d:31:
                    5a:88:f3:22:8c:f5:97:82:cf:de:f6:5b:23:d0:7d:
                    3f:8c:ef:db:ba:7f:92:d9:80:e5:0c:4b:59:c7:88:
                    83:f5:ca:0d:9d:a3:d0:05:5e:fc:ca:b9:0e:51:01:
                    d6:91:a9:e3:8a:d6:dc:36:4b:40:0c:b2:26:87:65:
                    c4:91:26:3c:c9:d5:3d:97:fa:f7:42:71:36:f3:19:
                    24:8a:a8:9c:fb:2f:54:fc:52:5c:34:5d:c3:b5:8d:
                    83:c2:85:d4:c7:5d:ed:b7:f5:ab:c4:e9:0d:6a:e8:
                    d3:d7:13:34:de:60:93:39:af:50:a5:07:60:2a:ea:
                    6c:60:1c:86:e6:95:05:1d:60:73:79:c7:70:c1:c2:
                    7c:d4:a7:00:3c:31:a1:59:d1:83:81:cd:50:ed:54:
                    ed:85:64:83:33:b7:2f:fb:59:6d:cd:f8:a6:00:c1:
                    ef:69:f3:dd:b5:db:7d:a0:fc:00:f3:05:fa:85:54:
                    8c:2f:72:93:a8:f5:d6:22:1f:2f:dc:82:bb:f3:76:
                    ae:2c:38:45:14:b3:af:a5:02:bb:54:fd:8d:fc:2c:
                    53:f2:22:c1:0a:06:5b:6e:e7:f4:e0:5f:cf:0a:42:
                    58:69:a8:6f:77:50:be:a3:36:9a:2b:bc:6d:44:53:
                    d0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:52:94:B8:C1:7D:17:38:05:5D:79:74:C9:49:0E:C1:CB:F1:BA:9F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/C1KUuMF9FzgFXXl0yUkOwcvxup8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.183.0/24
                  45.136.136.0/22
                  85.202.203.0/24
                  94.177.122.0/24
                  139.28.96.0/22
                  194.50.92.0/24
                  194.50.94.0/24
                  194.50.111.0/24
                IPv6:
                  2001:7f8:119::/48
                  2a09:4c0::/29
                  2a0c:3b80::/29
                  2a0e:97c0:170::/48
                  2a0e:97c0:260::/44
                  2a0e:97c1:200::/40
                  2a0e:b107:9f2::/48
                  2a0e:b107:1165::/48
                  2a0e:b107:1786::/48
                  2a0f:e404:102::/48
                  2a10:cc40:1c0::/44
                  2a10:cc46:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         b4:36:37:2c:36:f4:04:79:9e:a2:4e:be:61:6a:74:e9:d1:cf:
         d4:32:a6:51:a3:a1:f4:60:85:cc:02:c0:ba:f7:ea:9f:11:16:
         c5:af:d4:d9:ff:72:ed:ec:c3:98:58:d6:b6:c9:2e:ac:8c:5b:
         80:81:ea:c1:11:fc:e0:19:f3:60:9a:0e:ec:04:eb:b3:ce:17:
         3e:9b:b5:06:a8:a1:80:ca:4c:1c:72:d3:12:cc:be:8b:4f:05:
         03:17:d3:d3:58:ff:a7:d8:a3:c2:26:dd:9a:e7:5e:1f:5c:c6:
         22:02:a9:08:c0:da:f8:69:43:32:f2:db:ad:f6:c3:fe:b8:5c:
         a7:31:c7:5e:26:a0:14:3a:33:91:84:a8:23:ff:e3:66:54:93:
         02:b5:20:08:6a:47:b9:a8:2e:64:93:5b:08:94:04:3b:c3:6a:
         16:a8:3b:0f:1c:b1:c5:8e:fe:d1:03:2b:c8:27:94:94:38:99:
         68:f4:32:2e:22:d9:b6:88:0f:80:53:d3:94:9c:2f:c0:d0:6b:
         d5:0f:6c:92:8e:38:0a:64:7f:d4:86:b6:a8:f6:fe:a0:ea:fa:
         06:0f:84:48:01:8c:30:89:e6:32:15:22:22:95:04:09:06:f4:
         94:a0:ed:f5:54:71:53:9f:84:a3:59:f3:a5:c2:65:57:ad:d7:
         8b:e6:f3:1f
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgISAYPdxx3zcJn4OyLSoAxKukckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMDE1MjIzMjM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjUyOTRiOGMxN2QxNzM4MDU1ZDc5NzRjOTQ5MGVjMWNiZjFiYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmm8RBg7b6Diw+30tfTFaiPMijPWX
gs/e9lsj0H0/jO/bun+S2YDlDEtZx4iD9coNnaPQBV78yrkOUQHWkanjitbcNktA
DLImh2XEkSY8ydU9l/r3QnE28xkkiqic+y9U/FJcNF3DtY2DwoXUx13tt/WrxOkN
aujT1xM03mCTOa9QpQdgKupsYByG5pUFHWBzecdwwcJ81KcAPDGhWdGDgc1Q7VTt
hWSDM7cv+1ltzfimAMHvafPdtdt9oPwA8wX6hVSML3KTqPXWIh8v3IK783auLDhF
FLOvpQK7VP2N/CxT8iLBCgZbbuf04F/PCkJYaahvd1C+ozaaK7xtRFPQRQIDAQAB
o4ICpDCCAqAwHQYDVR0OBBYEFAtSlLjBfRc4BV15dMlJDsHL8bqfMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQzFLVXVNRjlGemdGWFhsMHlVa093Y3Z4dXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG5BggrBgEFBQcBBwEB/wSBqTCBpjA2BAIAATAwAwQAHyq3
AwQCLYiIAwQAVcrLAwQAXrF6AwQCixxgAwQAwjJcAwQAwjJeAwQAwjJvMGwEAgAC
MGYDBwAgAQf4ARkDBQMqCQTAAwUDKgw7gAMHACoOl8ABcAMHBCoOl8ACYAMGACoO
l8ECAwcAKg6xBwnyAwcAKg6xBxFlAwcAKg6xBxeGAwcAKg/kBAECAwcEKhDMQAHA
AwYEKhDMRhAwDQYJKoZIhvcNAQELBQADggEBALQ2Nyw29AR5nqJOvmFqdOnRz9Qy
plGjofRghcwCwLr36p8RFsWv1Nn/cu3sw5hY1rbJLqyMW4CB6sER/OAZ82CaDuwE
67POFz6btQaooYDKTBxy0xLMvotPBQMX09NY/6fYo8Im3ZrnXh9cxiICqQjA2vhp
QzLy2632w/64XKcxx14moBQ6M5GEqCP/42ZUkwK1IAhqR7moLmSTWwiUBDvDahao
Ow8cscWO/tEDK8gnlJQ4mWj0Mi4i2baID4BT05ScL8DQa9UPbJKOOApkf9SGtqj2
/qDq+gYPhEgBjDCJ5jIVIiKVBAkG9JSg7fVUcVOfhKNZ86XCZVet14vm8x8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:27 2024 by rpki-client on console-fra.rpki-client.org