Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/07d5eb-6211-4d7a-a96d-ee42745d8fd1/1/R-3vOVD46BUts1RUHdHZQ8KdGqA.roa
File:                     R-3vOVD46BUts1RUHdHZQ8KdGqA.roa (raw, json)
Hash identifier:          FgHkE00MG3n/RaNBicnw4Q0KQpOLXYodAHSH1nWf1iA=
Subject key identifier:   47:ED:EF:39:50:F8:E8:15:2D:B3:54:54:1D:D1:D9:43:C2:9D:1A:A0
Certificate issuer:       /CN=66ff1e6a5cc3c0697629f4afbb0b07ae79133c5c
Certificate serial:       105DEBF1
Authority key identifier: 66:FF:1E:6A:5C:C3:C0:69:76:29:F4:AF:BB:0B:07:AE:79:13:3C:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv8ealzDwGl2KfSvuwsHrnkTPFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/07d5eb-6211-4d7a-a96d-ee42745d8fd1/1/R-3vOVD46BUts1RUHdHZQ8KdGqA.roa
Signing time:             Sat 01 Jan 2022 11:55:14 +0000
ROA not before:           Sat 01 Jan 2022 11:55:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50266
IP address blocks:        5.132.0.0/17 maxlen: 24
                          195.191.16.0/23 maxlen: 24
                          85.146.0.0/17 maxlen: 24
                          185.180.148.0/22 maxlen: 24
                          85.146.128.0/18 maxlen: 24
                          85.144.0.0/15 maxlen: 24
                          185.35.112.0/22 maxlen: 24
                          37.143.80.0/21 maxlen: 24
                          31.201.0.0/16 maxlen: 24
                          2a02:4240::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 274590705 (0x105debf1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ff1e6a5cc3c0697629f4afbb0b07ae79133c5c
        Validity
            Not Before: Jan  1 11:55:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=47edef3950f8e8152db354541dd1d943c29d1aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:56:85:bf:2a:5e:6f:e3:a3:d5:53:a2:c4:d1:
                    ef:ab:ed:19:04:c3:54:a6:5a:06:be:73:9f:64:8f:
                    bf:d5:a4:25:37:4b:ce:02:a0:70:a5:4b:e8:7e:e9:
                    9a:8e:d2:25:5b:cb:79:64:9b:aa:7f:2e:fe:46:9d:
                    3e:f3:ea:ee:e8:a6:e2:81:52:1d:7e:37:c4:10:0b:
                    a1:3f:f5:08:4e:30:a8:2f:9a:18:ea:f1:f1:90:34:
                    dd:47:96:0b:c9:9c:03:18:fd:1a:58:8c:d1:b5:9f:
                    f2:95:60:5e:d4:e9:82:30:2e:7d:52:43:80:4a:a6:
                    7f:29:61:8a:15:6a:bf:ef:96:4d:d9:f1:f8:c6:0c:
                    86:c4:8a:49:52:e9:48:f7:ff:83:fa:52:6b:32:40:
                    f2:f0:4a:72:60:fd:7f:6b:a2:a9:1e:de:f6:bf:d2:
                    2d:58:d3:ad:2f:1e:ad:2c:eb:87:50:b3:13:4d:ad:
                    0d:33:b7:36:dd:90:d2:25:bf:c8:5c:5a:bb:f9:00:
                    33:df:80:07:48:2f:86:e3:b9:7e:dc:c8:30:71:1b:
                    fb:8e:71:88:9c:69:02:36:69:f7:58:b2:46:32:b3:
                    8a:be:54:40:fc:17:a5:a0:6d:79:f7:40:58:f6:a2:
                    0f:2b:17:e1:8c:fd:04:ce:98:d4:87:dc:be:6b:74:
                    3d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:ED:EF:39:50:F8:E8:15:2D:B3:54:54:1D:D1:D9:43:C2:9D:1A:A0
            X509v3 Authority Key Identifier:
                keyid:66:FF:1E:6A:5C:C3:C0:69:76:29:F4:AF:BB:0B:07:AE:79:13:3C:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv8ealzDwGl2KfSvuwsHrnkTPFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/07d5eb-6211-4d7a-a96d-ee42745d8fd1/1/R-3vOVD46BUts1RUHdHZQ8KdGqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/07d5eb-6211-4d7a-a96d-ee42745d8fd1/1/Zv8ealzDwGl2KfSvuwsHrnkTPFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.132.0.0/17
                  31.201.0.0/16
                  37.143.80.0/21
                  85.144.0.0-85.146.191.255
                  185.35.112.0/22
                  185.180.148.0/22
                  195.191.16.0/23
                IPv6:
                  2a02:4240::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:eb:b8:8c:5a:51:66:92:23:c7:24:bf:5f:9e:29:10:8a:66:
         52:1e:3f:7d:1e:15:20:0e:1d:bd:7e:5c:a0:8a:08:e3:76:6a:
         d9:69:31:8b:4c:78:92:98:a0:01:44:d8:62:e1:0e:31:91:01:
         e4:1f:56:cb:9b:9f:df:fe:c4:6d:1b:be:c2:38:9b:63:69:67:
         cc:ce:39:15:e7:7b:c5:8a:13:7c:ba:b5:c2:d6:25:4c:da:ee:
         b8:2b:5e:4e:41:11:40:44:cb:e6:0d:a5:77:ca:f4:a4:bf:a3:
         6a:b0:76:56:b7:72:5c:2d:a2:67:43:38:40:a5:92:19:5f:a7:
         f2:fb:d7:db:7c:81:f9:8a:79:42:a1:f1:65:31:82:f4:d6:4a:
         95:e3:86:ea:df:b1:f2:2f:88:8b:5c:ad:18:a1:eb:05:c4:20:
         22:ac:03:26:2d:c9:0f:e8:fc:c8:f4:79:f6:b6:74:06:bf:c5:
         5d:f3:7e:c9:8a:49:e4:ed:2f:1f:98:03:0c:e9:42:fd:81:ee:
         50:b3:31:34:6a:6b:1c:9c:6c:2c:7c:4f:60:06:82:2b:74:60:
         7d:49:d4:10:82:6a:cf:f3:3c:5b:46:8a:36:1a:36:11:52:f0:
         33:e0:cf:c1:9a:da:47:e1:69:c6:c2:56:57:eb:10:ae:3a:cd:
         d4:44:b8:ab
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIEEF3r8TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NmZmMWU2YTVjYzNjMDY5NzYyOWY0YWZiYjBiMDdhZTc5MTMzYzVjMB4XDTIyMDEw
MTExNTUxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDdlZGVmMzk1MGY4
ZTgxNTJkYjM1NDU0MWRkMWQ5NDNjMjlkMWFhMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI5Whb8qXm/jo9VTosTR76vtGQTDVKZaBr5zn2SPv9WkJTdL
zgKgcKVL6H7pmo7SJVvLeWSbqn8u/kadPvPq7uim4oFSHX43xBALoT/1CE4wqC+a
GOrx8ZA03UeWC8mcAxj9GliM0bWf8pVgXtTpgjAufVJDgEqmfylhihVqv++WTdnx
+MYMhsSKSVLpSPf/g/pSazJA8vBKcmD9f2uiqR7e9r/SLVjTrS8erSzrh1CzE02t
DTO3Nt2Q0iW/yFxau/kAM9+AB0gvhuO5ftzIMHEb+45xiJxpAjZp91iyRjKzir5U
QPwXpaBtefdAWPaiDysX4Yz9BM6Y1Ifcvmt0PXUCAwEAAaOCAkIwggI+MB0GA1Ud
DgQWBBRH7e85UPjoFS2zVFQd0dlDwp0aoDAfBgNVHSMEGDAWgBRm/x5qXMPAaXYp
9K+7CweueRM8XDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1p2OGVhbHpEd0dsMktmU3Z1d3NIcm5rVFBGdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWIvMDdkNWViLTYyMTEtNGQ3YS1hOTZkLWVlNDI3NDVkOGZkMS8x
L1ItM3ZPVkQ0NkJVdHMxUlVIZEhaUThLZEdxQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIv
MDdkNWViLTYyMTEtNGQ3YS1hOTZkLWVlNDI3NDVkOGZkMS8xL1p2OGVhbHpEd0ds
MktmU3Z1d3NIcm5rVFBGdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBY
BggrBgEFBQcBBwEB/wRJMEcwNgQCAAEwMAMEBwWEAAMDAB/JAwQDJY9QMAsDAwRV
kAMEBlWSgAMEArkjcAMEArm0lAMEAcO/EDANBAIAAjAHAwUAKgJCQDANBgkqhkiG
9w0BAQsFAAOCAQEAeuu4jFpRZpIjxyS/X54pEIpmUh4/fR4VIA4dvX5coIoI43Zq
2Wkxi0x4kpigAUTYYuEOMZEB5B9Wy5uf3/7EbRu+wjibY2lnzM45Fed7xYoTfLq1
wtYlTNruuCteTkERQETL5g2ld8r0pL+jarB2VrdyXC2iZ0M4QKWSGV+n8vvX23yB
+Yp5QqHxZTGC9NZKleOG6t+x8i+Ii1ytGKHrBcQgIqwDJi3JD+j8yPR59rZ0Br/F
XfN+yYpJ5O0vH5gDDOlC/YHuULMxNGprHJxsLHxPYAaCK3RgfUnUEIJqz/M8W0aK
Nho2EVLwM+DPwZraR+FpxsJWV+sQrjrN1ES4qw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:04 2024 by rpki-client on console-fra.rpki-client.org