Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/i-Ue8CFMbgXgIAVKTiuzHd0p860.roa
File:                     i-Ue8CFMbgXgIAVKTiuzHd0p860.roa (raw, json)
Hash identifier:          abrAh8w/avTJ3rKqf5bsv57n83Z+lxP/DoYvknCZ77A=
Subject key identifier:   8B:E5:1E:F0:21:4C:6E:05:E0:20:05:4A:4E:2B:B3:1D:DD:29:F3:AD
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       3832C49E
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/i-Ue8CFMbgXgIAVKTiuzHd0p860.roa
Signing time:             Thu 05 May 2022 09:42:50 +0000
ROA not before:           Thu 05 May 2022 09:42:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213220
IP address blocks:        109.248.168.0/23 maxlen: 24
                          188.130.209.0/24 maxlen: 24
                          109.248.6.0/23 maxlen: 24
                          95.182.110.0/24 maxlen: 24
                          95.182.108.0/24 maxlen: 24
                          109.248.33.0/24 maxlen: 24
                          109.248.42.0/24 maxlen: 24
                          109.248.45.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 942851230 (0x3832c49e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: May  5 09:42:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8be51ef0214c6e05e020054a4e2bb31ddd29f3ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cb:56:3c:eb:d9:6a:e3:d2:f0:23:88:34:fa:
                    5f:67:31:8b:81:84:09:e8:d3:d0:a7:ed:8a:45:1b:
                    80:4e:58:73:14:8e:e4:18:e7:06:fc:e4:c4:cb:c3:
                    b5:17:4d:1a:e6:fe:83:d3:09:dc:ab:c3:b1:9f:b3:
                    29:c1:84:fa:f2:96:ac:cf:33:d2:62:ad:83:ac:b2:
                    71:fb:7e:bc:20:5a:e9:ec:0a:94:14:3a:e8:0d:71:
                    ff:7d:9c:e5:71:ed:1a:fb:f3:5d:f6:9a:ab:d7:be:
                    75:92:10:4a:7c:ac:58:6e:68:4d:5d:2a:7d:85:3a:
                    b3:45:2d:11:4a:53:01:3d:b2:d0:b3:b9:07:d2:d1:
                    46:41:89:f2:cf:86:e7:90:85:44:7d:c1:ea:c5:02:
                    81:33:9f:6b:42:88:e2:25:4c:17:d2:96:39:aa:80:
                    2a:05:5f:69:3a:29:d7:16:27:ca:da:0b:82:cf:f0:
                    34:98:26:ec:ed:48:6f:78:07:ae:8c:d2:c1:76:58:
                    3d:12:27:fa:a7:fc:24:17:f3:f7:23:8f:cf:1e:af:
                    e9:ea:f3:8f:b1:35:3a:a8:d8:8f:a2:48:a9:b7:ed:
                    2f:09:e9:67:85:87:87:a4:47:2a:49:34:16:ba:a2:
                    1e:cd:0a:68:31:09:00:d1:16:3d:e4:c2:8b:07:f6:
                    b7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:E5:1E:F0:21:4C:6E:05:E0:20:05:4A:4E:2B:B3:1D:DD:29:F3:AD
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/i-Ue8CFMbgXgIAVKTiuzHd0p860.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.182.108.0/24
                  95.182.110.0/24
                  109.248.6.0/23
                  109.248.33.0/24
                  109.248.42.0/24
                  109.248.45.0/24
                  109.248.168.0/23
                  188.130.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:c7:ee:fa:4c:f6:38:b4:48:bd:8e:89:59:56:96:19:77:1b:
         da:2e:28:24:e8:a7:d3:1f:35:78:e5:eb:20:1a:f7:3e:7b:0a:
         d4:df:6a:58:d5:9a:da:7a:be:f8:54:06:d3:05:f2:df:67:2d:
         52:92:24:f5:d9:c6:52:c3:1d:3d:ac:d1:cf:13:fa:05:a2:8b:
         6b:bc:6a:b6:f3:93:ed:88:25:19:13:73:4f:3c:82:a4:75:cf:
         2c:1d:5a:9b:1c:76:50:bf:01:27:3f:bc:c7:44:d1:fd:ed:51:
         7f:f4:1f:e4:81:ce:f2:ab:24:c9:0e:83:b4:11:99:25:76:7f:
         37:7a:24:27:b1:24:73:63:22:e7:3b:be:62:ad:c2:7c:6c:5f:
         9b:17:a6:6d:49:61:ff:ee:a7:3e:6b:d2:62:31:00:75:08:9c:
         69:39:23:d6:e4:39:42:7b:a8:db:78:17:42:4a:cb:f1:57:c7:
         ae:b6:1c:cd:39:75:e2:ed:7d:be:2e:17:18:b5:61:1d:2a:07:
         c4:29:3f:d8:ea:84:84:ee:fe:e8:9f:19:60:63:09:21:bb:83:
         5a:a2:f8:59:1e:84:c8:d9:6e:3d:87:43:af:3e:95:83:1b:8a:
         38:f6:2f:9c:22:87:65:93:70:dc:0d:da:82:20:c5:9c:8d:77:
         c8:c7:cc:55
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEODLEnjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDUw
NTA5NDI1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGJlNTFlZjAyMTRj
NmUwNWUwMjAwNTRhNGUyYmIzMWRkZDI5ZjNhZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANPLVjzr2Wrj0vAjiDT6X2cxi4GECejT0KftikUbgE5YcxSO
5BjnBvzkxMvDtRdNGub+g9MJ3KvDsZ+zKcGE+vKWrM8z0mKtg6yycft+vCBa6ewK
lBQ66A1x/32c5XHtGvvzXfaaq9e+dZIQSnysWG5oTV0qfYU6s0UtEUpTAT2y0LO5
B9LRRkGJ8s+G55CFRH3B6sUCgTOfa0KI4iVMF9KWOaqAKgVfaTop1xYnytoLgs/w
NJgm7O1Ib3gHrozSwXZYPRIn+qf8JBfz9yOPzx6v6erzj7E1OqjYj6JIqbftLwnp
Z4WHh6RHKkk0FrqiHs0KaDEJANEWPeTCiwf2t6MCAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBSL5R7wIUxuBeAgBUpOK7Md3SnzrTAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L2ktVWU4Q0ZNYmdYZ0lBVktUaXV6SGQwcDg2MC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAF+2bAMEAF+2bgMEAW34BgMEAG34
IQMEAG34KgMEAG34LQMEAW34qAMEALyC0TANBgkqhkiG9w0BAQsFAAOCAQEAa8fu
+kz2OLRIvY6JWVaWGXcb2i4oJOin0x81eOXrIBr3PnsK1N9qWNWa2nq++FQG0wXy
32ctUpIk9dnGUsMdPazRzxP6BaKLa7xqtvOT7YglGRNzTzyCpHXPLB1amxx2UL8B
Jz+8x0TR/e1Rf/Qf5IHO8qskyQ6DtBGZJXZ/N3okJ7Ekc2Mi5zu+Yq3CfGxfmxem
bUlh/+6nPmvSYjEAdQicaTkj1uQ5Qnuo23gXQkrL8VfHrrYczTl14u19vi4XGLVh
HSoHxCk/2OqEhO7+6J8ZYGMJIbuDWqL4WR6EyNluPYdDrz6VgxuKOPYvnCKHZZNw
3A3agiDFnI13yMfMVQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:57 2024 by rpki-client on console-fra.rpki-client.org