Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/5T_GkE7_MAixTWMmHMNXAUmpajE.roa
File:                     5T_GkE7_MAixTWMmHMNXAUmpajE.roa (raw, json)
Hash identifier:          bpKx4s57YgjFodfafingrASKVPk7cUK/GGq69kUvirI=
Subject key identifier:   E5:3F:C6:90:4E:FF:30:08:B1:4D:63:26:1C:C3:57:01:49:A9:6A:31
Certificate issuer:       /CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
Certificate serial:       08C96AE5
Authority key identifier: A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/5T_GkE7_MAixTWMmHMNXAUmpajE.roa
Signing time:             Sat 01 Jan 2022 04:04:25 +0000
ROA not before:           Sat 01 Jan 2022 04:04:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8473
IP address blocks:        109.228.128.0/18 maxlen: 18
                          213.80.96.0/19 maxlen: 19
                          5.150.192.0/18 maxlen: 18
                          85.24.128.0/17 maxlen: 17
                          82.196.96.0/19 maxlen: 19
                          178.174.128.0/17 maxlen: 17
                          212.85.64.0/19 maxlen: 19
                          79.136.0.0/17 maxlen: 17
                          217.31.160.0/19 maxlen: 19
                          94.254.0.0/17 maxlen: 17
                          213.164.192.0/19 maxlen: 19
                          213.136.32.0/19 maxlen: 19
                          185.57.4.0/22 maxlen: 22
                          185.90.176.0/22 maxlen: 22
                          62.63.192.0/18 maxlen: 18
                          81.170.128.0/17 maxlen: 17
                          176.10.128.0/17 maxlen: 17
                          98.128.0.0/16 maxlen: 16
                          212.116.64.0/19 maxlen: 19
                          46.59.0.0/17 maxlen: 17
                          195.178.160.0/19 maxlen: 19
                          217.27.160.0/19 maxlen: 19
                          37.123.128.0/18 maxlen: 18
                          2a02:508::/32 maxlen: 32
                          2001:9b0::/32 maxlen: 32
                          2001:9b0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147417829 (0x8c96ae5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
        Validity
            Not Before: Jan  1 04:04:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e53fc6904eff3008b14d63261cc3570149a96a31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c1:47:ed:24:02:04:95:44:3d:11:83:85:4c:
                    90:50:bd:fc:31:31:b2:ea:16:09:31:7a:b2:1b:08:
                    81:3f:0b:3e:ab:25:0c:33:2f:74:58:dc:66:22:c2:
                    54:c3:41:04:c1:26:98:cd:cd:fc:da:0f:aa:51:e9:
                    18:50:d1:3d:01:4d:12:59:f9:3c:d4:ac:28:fb:44:
                    32:0c:58:6b:4c:85:b6:22:7b:e6:bc:3c:81:ec:71:
                    fd:6e:6a:b4:68:a7:e8:d5:39:5d:17:48:c8:9d:18:
                    3c:df:be:a6:79:ca:74:5b:48:0e:81:d1:c5:d1:73:
                    77:75:9e:62:3b:16:7e:23:20:3e:b7:3a:43:50:5c:
                    7b:ad:47:9b:22:74:ed:4f:70:52:9f:d7:ff:12:01:
                    12:27:5f:9b:28:b8:88:fc:6a:f0:28:9a:30:f1:03:
                    bd:c2:1a:21:b5:6f:90:32:04:8d:a2:25:a8:01:6d:
                    c4:1f:ef:e2:3e:b8:1e:92:86:c1:e3:38:1c:38:ea:
                    8f:66:a2:10:ef:4e:dd:7e:1b:0a:95:92:de:eb:72:
                    3f:84:fe:0c:44:d4:bb:a4:d5:b8:ce:24:64:ad:fa:
                    82:c4:34:a2:b4:54:0c:cf:a1:c8:ee:70:86:79:00:
                    af:78:13:51:18:ca:8f:bb:77:af:14:ff:b6:f8:59:
                    6c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:3F:C6:90:4E:FF:30:08:B1:4D:63:26:1C:C3:57:01:49:A9:6A:31
            X509v3 Authority Key Identifier:
                keyid:A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/5T_GkE7_MAixTWMmHMNXAUmpajE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.150.192.0/18
                  37.123.128.0/18
                  46.59.0.0/17
                  62.63.192.0/18
                  79.136.0.0/17
                  81.170.128.0/17
                  82.196.96.0/19
                  85.24.128.0/17
                  94.254.0.0/17
                  98.128.0.0/16
                  109.228.128.0/18
                  176.10.128.0/17
                  178.174.128.0/17
                  185.57.4.0/22
                  185.90.176.0/22
                  195.178.160.0/19
                  212.85.64.0/19
                  212.116.64.0/19
                  213.80.96.0/19
                  213.136.32.0/19
                  213.164.192.0/19
                  217.27.160.0/19
                  217.31.160.0/19
                IPv6:
                  2001:9b0::/29
                  2a02:508::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:58:5b:b7:23:93:43:5c:71:a6:39:78:51:87:31:49:dd:eb:
         e3:e0:19:0a:cf:6c:5a:f6:0d:4f:c7:31:1d:c3:ba:9e:71:06:
         a5:19:c4:44:2a:bf:fe:50:c8:58:30:cb:de:21:82:cf:35:87:
         63:9f:a3:ec:f3:c6:3d:57:62:bf:69:d1:f3:f4:73:ec:d7:38:
         1c:ce:31:56:27:0d:4e:86:0e:f0:bf:6a:54:ef:36:f6:d7:db:
         4c:40:67:9d:60:6a:5e:c9:9f:92:6f:98:ff:02:f5:1e:ef:c7:
         22:d4:eb:fd:4c:b1:f1:ab:53:c8:3b:a7:1d:8f:b9:30:d2:0c:
         69:e4:2b:db:2b:d3:c6:d9:8f:0a:06:ea:53:a7:fa:4d:ac:20:
         70:a8:b8:5a:08:9a:7f:f0:c8:f5:27:08:e1:4a:9c:41:52:e2:
         4d:1b:60:9a:cb:3c:1a:aa:b3:b7:f0:f5:e6:87:cd:eb:8f:44:
         64:5c:65:36:79:4c:a0:99:ed:fc:b6:a5:a1:bf:5f:72:66:b5:
         cd:f0:c7:01:98:fb:66:55:0f:9e:2e:f7:6b:3e:24:3c:d6:bc:
         d0:3e:4a:11:0a:74:44:4a:d7:ae:ee:79:53:58:83:59:68:54:
         69:50:b9:2f:f6:90:6b:a0:45:f9:d7:f3:61:63:ce:45:c6:74:
         b8:b3:1f:0d
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIECMlq5TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MzIyZjIyOWVkYzJmMzE0YTJmYTVlZjBkN2FmMWRkZGI0OTllYTMxMB4XDTIyMDEw
MTA0MDQyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTUzZmM2OTA0ZWZm
MzAwOGIxNGQ2MzI2MWNjMzU3MDE0OWE5NmEzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALjBR+0kAgSVRD0Rg4VMkFC9/DExsuoWCTF6shsIgT8LPqsl
DDMvdFjcZiLCVMNBBMEmmM3N/NoPqlHpGFDRPQFNEln5PNSsKPtEMgxYa0yFtiJ7
5rw8gexx/W5qtGin6NU5XRdIyJ0YPN++pnnKdFtIDoHRxdFzd3WeYjsWfiMgPrc6
Q1Bce61HmyJ07U9wUp/X/xIBEidfmyi4iPxq8CiaMPEDvcIaIbVvkDIEjaIlqAFt
xB/v4j64HpKGweM4HDjqj2aiEO9O3X4bCpWS3utyP4T+DETUu6TVuM4kZK36gsQ0
orRUDM+hyO5whnkAr3gTURjKj7t3rxT/tvhZbDsCAwEAAaOCAqcwggKjMB0GA1Ud
DgQWBBTlP8aQTv8wCLFNYyYcw1cBSalqMTAfBgNVHSMEGDAWgBSjIvIp7cLzFKL6
XvDXrx3dtJnqMTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L295THlLZTNDOHhTaS1sN3cxNjhkM2JTWjZqRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2QvZWRmZmJiLTEwODItNDQ4Mi04YTA4LTY1ZjgyNDdmZmE5MS8x
LzVUX0drRTdfTUFpeFRXTW1ITU5YQVVtcGFqRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Qv
ZWRmZmJiLTEwODItNDQ4Mi04YTA4LTY1ZjgyNDdmZmE5MS8xL295THlLZTNDOHhT
aS1sN3cxNjhkM2JTWjZqRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
vAYIKwYBBQUHAQcBAf8EgawwgakwgZAEAgABMIGJAwQGBZbAAwQGJXuAAwQHLjsA
AwQGPj/AAwQHT4gAAwQHUaqAAwQFUsRgAwQHVRiAAwQHXv4AAwMAYoADBAZt5IAD
BAewCoADBAeyroADBAK5OQQDBAK5WrADBAXDsqADBAXUVUADBAXUdEADBAXVUGAD
BAXViCADBAXVpMADBAXZG6ADBAXZH6AwFAQCAAIwDgMFAyABCbADBQAqAgUIMA0G
CSqGSIb3DQEBCwUAA4IBAQCCWFu3I5NDXHGmOXhRhzFJ3evj4BkKz2xa9g1PxzEd
w7qecQalGcREKr/+UMhYMMveIYLPNYdjn6Ps88Y9V2K/adHz9HPs1zgczjFWJw1O
hg7wv2pU7zb219tMQGedYGpeyZ+Sb5j/AvUe78ci1Ov9TLHxq1PIO6cdj7kw0gxp
5CvbK9PG2Y8KBupTp/pNrCBwqLhaCJp/8Mj1JwjhSpxBUuJNG2CayzwaqrO38PXm
h83rj0RkXGU2eUygme38tqWhv19yZrXN8McBmPtmVQ+eLvdrPiQ81rzQPkoRCnRE
Steu7nlTWINZaFRpULkv9pBroEX51/NhY85FxnS4sx8N
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:55 2024 by rpki-client on console-ams.rpki-client.org