Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/RRBBpeBmJ60gBzwUzfGeed0tQ_w.roa
File:                     RRBBpeBmJ60gBzwUzfGeed0tQ_w.roa (raw, json)
Hash identifier:          6Rj/EJwJwY5BgaS2BG6DXzaRSyS3Fz3GNydPjHEHBB0=
Subject key identifier:   45:10:41:A5:E0:66:27:AD:20:07:3C:14:CD:F1:9E:79:DD:2D:43:FC
Certificate issuer:       /CN=5bf81435ed13789895f375dc34d04ce91aca4744
Certificate serial:       018506CA8476D8329E13989D4CCAADE9D14B
Authority key identifier: 5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/RRBBpeBmJ60gBzwUzfGeed0tQ_w.roa
Signing time:             Mon 12 Dec 2022 14:43:33 +0000
ROA not before:           Mon 12 Dec 2022 14:43:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201271
IP address blocks:        158.233.228.0/24 maxlen: 24
                          158.233.228.0/23 maxlen: 23
                          158.233.227.0/24 maxlen: 24
                          158.233.229.0/24 maxlen: 24
                          158.233.245.0/24 maxlen: 24
                          158.233.246.0/23 maxlen: 23
                          158.233.246.0/24 maxlen: 24
                          158.233.242.0/24 maxlen: 24
                          158.233.242.0/23 maxlen: 23
                          158.233.244.0/24 maxlen: 24
                          158.233.244.0/23 maxlen: 23
                          158.233.243.0/24 maxlen: 24
                          158.233.247.0/24 maxlen: 24
                          158.233.249.0/24 maxlen: 24
                          158.233.248.0/24 maxlen: 24
                          158.233.248.0/23 maxlen: 23
                          158.233.250.0/24 maxlen: 24
                          158.233.250.0/23 maxlen: 23
                          158.233.224.0/24 maxlen: 24
                          2001:67c:2af0::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:06:ca:84:76:d8:32:9e:13:98:9d:4c:ca:ad:e9:d1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bf81435ed13789895f375dc34d04ce91aca4744
        Validity
            Not Before: Dec 12 14:43:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=451041a5e06627ad20073c14cdf19e79dd2d43fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:50:37:1f:93:2c:89:78:e5:3b:17:2c:46:29:
                    b8:1b:0f:44:98:0d:78:14:59:07:d4:b0:0f:c7:33:
                    d9:2c:40:39:f7:56:5d:21:8a:eb:b3:94:2f:f7:c9:
                    c3:69:6b:28:05:6b:f5:6b:bb:73:6b:85:27:68:7d:
                    c6:93:ec:7f:d2:b2:75:33:d2:af:3f:fb:91:31:95:
                    23:de:42:fa:24:65:5e:75:c6:ba:fe:95:7d:74:73:
                    51:fc:04:7a:e4:3d:a7:61:e1:5b:a5:04:8b:c0:66:
                    5d:b5:5d:51:5f:0a:12:72:c3:ba:d9:2b:77:54:0b:
                    76:78:06:bc:68:32:13:ec:42:9d:d5:46:25:0c:8a:
                    c3:a9:20:76:81:02:a4:2f:71:bc:b3:06:a5:58:fb:
                    a9:47:67:70:13:00:1b:6d:54:ee:7a:d9:82:c1:7b:
                    13:d5:c2:7d:b7:3e:be:5b:10:f2:f0:ef:4f:89:9d:
                    e9:20:e8:10:c9:fe:6c:58:2e:1a:80:45:f8:28:ee:
                    74:3e:d1:2a:81:5b:5a:8b:fa:f9:e4:e6:1a:ef:bf:
                    d4:8b:01:7e:d1:c5:ae:6f:ba:17:d6:9b:27:ee:ac:
                    3a:94:89:7f:94:93:ce:69:84:a1:32:a4:d1:b1:39:
                    46:ab:0f:e0:3f:91:2c:c2:ae:20:c3:ec:2e:bb:f4:
                    d6:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:10:41:A5:E0:66:27:AD:20:07:3C:14:CD:F1:9E:79:DD:2D:43:FC
            X509v3 Authority Key Identifier:
                keyid:5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/RRBBpeBmJ60gBzwUzfGeed0tQ_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/W_gUNe0TeJiV83XcNNBM6RrKR0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.233.224.0/24
                  158.233.227.0-158.233.229.255
                  158.233.242.0-158.233.251.255
                IPv6:
                  2001:67c:2af0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:34:a8:65:c9:0d:2c:49:55:fd:cb:11:ee:f6:af:45:85:1f:
         cb:a6:52:de:d7:e1:69:8c:da:6b:1d:ab:dd:26:73:50:be:11:
         2e:dc:8e:b5:31:6a:6c:c9:d7:db:eb:f0:93:bd:95:82:32:a3:
         05:02:c1:e4:f6:b8:2b:d1:cd:0e:f9:d2:8b:3d:f6:ed:d0:32:
         86:ae:0c:45:a1:df:80:51:d3:f5:56:52:db:f6:9c:10:fa:67:
         ad:2f:b5:38:19:ae:7e:62:bf:60:50:a0:48:0e:7c:ea:30:37:
         05:33:c4:09:8d:36:a7:dd:a6:33:b5:54:cd:1f:2d:13:e3:6f:
         fd:f6:a2:a4:4f:7c:0c:cf:08:01:33:f5:04:7e:fd:66:de:cb:
         ce:2a:51:a4:72:c2:20:11:4a:23:04:a7:a9:59:4c:92:5a:c6:
         d5:ca:1f:73:47:5e:87:f3:d2:e7:4e:f8:d5:52:42:d2:92:fc:
         a5:3d:49:69:52:aa:59:93:95:ce:91:14:c4:cc:1e:a7:a5:37:
         a6:56:5b:69:b5:82:84:df:c5:54:38:bd:89:b0:cf:9f:ab:52:
         49:e4:ab:69:9c:5f:51:33:5c:d7:49:02:fa:9a:c1:f2:e7:7e:
         df:37:e9:d5:32:ca:98:ad:5a:13:47:f0:33:82:01:2a:37:14:
         28:67:c2:8c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYUGyoR22DKeE5idTMqt6dFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZjgxNDM1ZWQxMzc4OTg5NWYzNzVkYzM0ZDA0Y2U5MWFj
YTQ3NDQwHhcNMjIxMjEyMTQ0MzMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTEwNDFhNWUwNjYyN2FkMjAwNzNjMTRjZGYxOWU3OWRkMmQ0M2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlA3H5MsiXjlOxcsRim4Gw9EmA14
FFkH1LAPxzPZLEA591ZdIYrrs5Qv98nDaWsoBWv1a7tza4UnaH3Gk+x/0rJ1M9Kv
P/uRMZUj3kL6JGVedca6/pV9dHNR/AR65D2nYeFbpQSLwGZdtV1RXwoScsO62St3
VAt2eAa8aDIT7EKd1UYlDIrDqSB2gQKkL3G8swalWPupR2dwEwAbbVTuetmCwXsT
1cJ9tz6+WxDy8O9PiZ3pIOgQyf5sWC4agEX4KO50PtEqgVtai/r55OYa77/UiwF+
0cWub7oX1psn7qw6lIl/lJPOaYShMqTRsTlGqw/gP5Eswq4gw+wuu/TWAQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFEUQQaXgZietIAc8FM3xnnndLUP8MB8GA1UdIwQY
MBaAFFv4FDXtE3iYlfN13DTQTOkaykdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEt
NDhlNGNjNmIzM2EzLzEvUlJCQnBlQm1KNjBnQnp3VXpmR2VlZDB0UV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEtNDhlNGNjNmIzM2Ez
LzEvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAoBAIAATAiAwQAnungMAwD
BACe6eMDBAGe6eQwDAMEAZ7p8gMEAp7p+DAPBAIAAjAJAwcAIAEGfCrwMA0GCSqG
SIb3DQEBCwUAA4IBAQCiNKhlyQ0sSVX9yxHu9q9FhR/LplLe1+FpjNprHavdJnNQ
vhEu3I61MWpsydfb6/CTvZWCMqMFAsHk9rgr0c0O+dKLPfbt0DKGrgxFod+AUdP1
VlLb9pwQ+metL7U4Ga5+Yr9gUKBIDnzqMDcFM8QJjTan3aYztVTNHy0T42/99qKk
T3wMzwgBM/UEfv1m3svOKlGkcsIgEUojBKepWUySWsbVyh9zR16H89LnTvjVUkLS
kvylPUlpUqpZk5XOkRTEzB6npTemVltptYKE38VUOL2JsM+fq1JJ5KtpnF9RM1zX
SQL6msHy537fN+nVMsqYrVoTR/AzggEqNxQoZ8KM
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:12:01 2024 by rpki-client on console-ams.rpki-client.org