Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/z7pZV5IMNH8FrrC87iu7t3J4SlE.roa
File:                     z7pZV5IMNH8FrrC87iu7t3J4SlE.roa (raw, json)
Hash identifier:          eg1RiS/TxqMD2s85ctrtWEMt7SUXLkGe+Xt+8c0oMCQ=
Subject key identifier:   CF:BA:59:57:92:0C:34:7F:05:AE:B0:BC:EE:2B:BB:B7:72:78:4A:51
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       3A744319
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/z7pZV5IMNH8FrrC87iu7t3J4SlE.roa
Signing time:             Mon 30 May 2022 11:58:14 +0000
ROA not before:           Mon 30 May 2022 11:58:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44889
IP address blocks:        212.16.64.0/19 maxlen: 24
                          212.16.72.0/24 maxlen: 25
                          212.16.73.0/24 maxlen: 24
                          212.80.0.0/19 maxlen: 24
                          212.80.10.0/24 maxlen: 24
                          212.80.8.0/24 maxlen: 24
                          212.80.9.0/24 maxlen: 24
                          212.80.7.0/24 maxlen: 24
                          212.80.24.0/24 maxlen: 24
                          212.80.22.0/23 maxlen: 24
                          212.80.18.0/23 maxlen: 24
                          212.80.29.0/24 maxlen: 24
                          185.24.148.0/24 maxlen: 24
                          46.38.136.0/22 maxlen: 24
                          46.38.141.0/24 maxlen: 24
                          46.38.144.0/22 maxlen: 22
                          46.38.140.0/24 maxlen: 24
                          46.38.148.0/22 maxlen: 24
                          46.38.129.0/24 maxlen: 24
                          46.38.132.0/22 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          2a00:7d80::/29 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 980697881 (0x3a744319)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May 30 11:58:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cfba5957920c347f05aeb0bcee2bbbb772784a51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:8e:d5:02:6b:b3:5d:d6:d6:3d:92:14:88:98:
                    3b:e5:72:b2:a2:96:33:82:87:7a:b3:d2:db:a0:f8:
                    46:7b:02:1e:fd:cb:be:84:9c:d2:37:6b:43:ce:d6:
                    1d:a7:98:4d:ad:4e:82:a3:04:65:7e:0b:90:77:a6:
                    97:89:7d:7c:ff:d1:0e:7f:94:08:71:45:a7:2c:36:
                    dc:ae:ed:e1:d5:46:0d:a8:62:39:fc:39:7a:a6:a2:
                    43:be:b0:df:9b:b2:6b:ec:b5:5e:b1:18:91:01:1a:
                    97:08:c8:c1:40:f7:d7:c5:79:ef:a9:75:38:e9:8e:
                    09:97:00:dd:c8:29:17:c7:03:86:89:7b:e8:2d:12:
                    3e:b1:74:68:17:a8:c4:4e:41:ee:77:b6:52:5e:6c:
                    88:26:6d:e7:9d:4e:ec:9f:67:de:11:0f:70:e0:98:
                    11:95:c3:72:ae:89:37:96:92:e0:37:db:61:ab:67:
                    3e:3f:f7:2d:c5:50:6b:7b:a5:47:96:ad:51:b2:ce:
                    05:08:e5:62:6c:55:eb:4d:47:5d:27:d1:67:92:f3:
                    25:4c:2d:f3:f4:33:42:ff:41:0f:19:61:35:5c:78:
                    5b:38:2f:16:28:bb:dc:db:66:7c:9c:ef:ce:4e:3b:
                    18:f9:76:c3:f9:c2:a7:c8:f8:a3:8b:38:64:1f:a7:
                    57:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:BA:59:57:92:0C:34:7F:05:AE:B0:BC:EE:2B:BB:B7:72:78:4A:51
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/z7pZV5IMNH8FrrC87iu7t3J4SlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0/24
                  46.38.131.0-46.38.141.255
                  46.38.144.0/21
                  185.24.148.0/24
                  212.16.64.0/19
                  212.80.0.0/19
                IPv6:
                  2a00:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:74:82:8e:fc:e6:90:b8:b4:93:2b:70:e9:5c:a2:99:68:dc:
         c8:3c:dd:9e:d5:39:bd:03:19:00:4c:c0:b3:8d:26:2a:e4:0c:
         fd:82:a7:d3:10:3e:9c:cc:7a:22:c0:28:e6:5b:4b:5b:bb:27:
         00:96:77:70:13:6e:4a:b2:74:d3:0a:9f:22:73:2e:5c:98:8a:
         5c:d0:71:5a:d1:a4:8a:86:40:46:d9:7b:be:64:da:9f:bf:4c:
         58:a5:c5:e7:f4:64:41:29:8b:c6:7e:b7:27:bf:94:c6:c4:a4:
         48:8e:4f:6e:d8:54:89:98:5b:b2:af:17:d8:b3:3f:8e:03:2f:
         a1:12:1b:ee:4c:1c:77:23:33:fd:54:2b:ac:8d:2e:dc:1f:79:
         f0:1d:53:04:7c:d9:cb:26:96:b7:0a:d3:ef:0e:3c:56:22:68:
         51:47:01:34:56:55:fc:50:9e:ee:1c:46:0c:0c:32:ad:03:c8:
         a1:71:e1:29:d7:de:26:ff:6e:60:49:39:f6:25:78:03:20:8a:
         e4:94:a5:0d:df:00:da:83:e6:15:a2:d3:7d:31:ba:e2:2b:d2:
         51:6a:aa:f7:51:8e:9e:a2:9a:70:69:65:db:ee:45:57:d9:60:
         fc:7e:6e:5d:d3:5f:a9:b5:d6:28:ac:60:41:f6:e5:95:19:2b:
         3b:67:96:a1
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIEOnRDGTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NzI5NDVmNTcxMDMxNTNhMDc4NTRlNzRlMjI3ZjJhZWMxYzVmNDMwMB4XDTIyMDUz
MDExNTgxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2ZiYTU5NTc5MjBj
MzQ3ZjA1YWViMGJjZWUyYmJiYjc3Mjc4NGE1MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANyO1QJrs13W1j2SFIiYO+VysqKWM4KHerPS26D4RnsCHv3L
voSc0jdrQ87WHaeYTa1OgqMEZX4LkHeml4l9fP/RDn+UCHFFpyw23K7t4dVGDahi
Ofw5eqaiQ76w35uya+y1XrEYkQEalwjIwUD318V576l1OOmOCZcA3cgpF8cDhol7
6C0SPrF0aBeoxE5B7ne2Ul5siCZt551O7J9n3hEPcOCYEZXDcq6JN5aS4DfbYatn
Pj/3LcVQa3ulR5atUbLOBQjlYmxV601HXSfRZ5LzJUwt8/QzQv9BDxlhNVx4Wzgv
Fii73NtmfJzvzk47GPl2w/nCp8j4o4s4ZB+nV6MCAwEAAaOCAj4wggI6MB0GA1Ud
DgQWBBTPullXkgw0fwWusLzuK7u3cnhKUTAfBgNVHSMEGDAWgBS3KUX1cQMVOgeF
TnTiJ/KuwcX0MDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3R5bEY5WEVERlRvSGhVNTA0aWZ5cnNIRjlEQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjEvNWY2OTA2LTNmYjAtNGRmZi04ZDAxLTJhMDljYzUzYTgwNS8x
L3o3cFpWNUlNTkg4RnJyQzg3aXU3dDNKNFNsRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEv
NWY2OTA2LTNmYjAtNGRmZi04ZDAxLTJhMDljYzUzYTgwNS8xL3R5bEY5WEVERlRv
SGhVNTA0aWZ5cnNIRjlEQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBU
BggrBgEFBQcBBwEB/wRFMEMwMgQCAAEwLAMEAC4mgTAMAwQALiaDAwQBLiaMAwQD
LiaQAwQAuRiUAwQF1BBAAwQF1FAAMA0EAgACMAcDBQMqAH2AMA0GCSqGSIb3DQEB
CwUAA4IBAQBZdIKO/OaQuLSTK3DpXKKZaNzIPN2e1Tm9AxkATMCzjSYq5Az9gqfT
ED6czHoiwCjmW0tbuycAlndwE25KsnTTCp8icy5cmIpc0HFa0aSKhkBG2Xu+ZNqf
v0xYpcXn9GRBKYvGfrcnv5TGxKRIjk9u2FSJmFuyrxfYsz+OAy+hEhvuTBx3IzP9
VCusjS7cH3nwHVMEfNnLJpa3CtPvDjxWImhRRwE0VlX8UJ7uHEYMDDKtA8ihceEp
194m/25gSTn2JXgDIIrklKUN3wDag+YVotN9MbriK9JRaqr3UY6eoppwaWXb7kVX
2WD8fm5d01+ptdYorGBB9uWVGSs7Z5ah
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:07 2024 by rpki-client on console-ams.rpki-client.org