Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/sZZOAUqi9Y6fCbCgnda_W4QMTlQ.roa
File:                     sZZOAUqi9Y6fCbCgnda_W4QMTlQ.roa (raw, json)
Hash identifier:          bgyqd1z80aJ5GnAqD2oSj0QxlGBa1brO5cN2ygXDW34=
Subject key identifier:   B1:96:4E:01:4A:A2:F5:8E:9F:09:B0:A0:9D:D6:BF:5B:84:0C:4E:54
Certificate issuer:       /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial:       0937E34B
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/sZZOAUqi9Y6fCbCgnda_W4QMTlQ.roa
Signing time:             Sat 01 Jan 2022 10:02:55 +0000
ROA not before:           Sat 01 Jan 2022 10:02:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211642
IP address blocks:        185.219.42.0/24 maxlen: 24
                          185.219.43.0/24 maxlen: 24
                          185.219.40.0/24 maxlen: 24
                          185.219.41.0/24 maxlen: 24
                          45.128.206.0/24 maxlen: 24
                          45.128.204.0/24 maxlen: 24
                          185.240.102.0/24 maxlen: 24
                          45.128.207.0/24 maxlen: 24
                          185.240.103.0/24 maxlen: 24
                          5.253.62.0/24 maxlen: 24
                          5.253.60.0/24 maxlen: 24
                          5.253.61.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154657611 (0x937e34b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
        Validity
            Not Before: Jan  1 10:02:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1964e014aa2f58e9f09b0a09dd6bf5b840c4e54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:68:6b:4a:1f:0e:8b:bc:ec:d6:a1:8b:5a:1f:
                    9f:05:4d:80:ec:aa:32:67:9e:e8:db:d8:66:11:47:
                    12:6e:02:71:5d:c3:c6:46:6e:1c:f0:9b:77:0f:a0:
                    cc:e7:10:60:6a:a7:5a:72:a1:81:e6:9f:0f:c7:78:
                    8d:02:1a:b2:b6:99:b8:71:92:26:d5:af:fc:15:28:
                    2c:c3:5a:17:fe:01:02:4a:b6:8b:f9:81:07:ce:55:
                    ec:c8:84:29:cb:d9:d8:2a:77:b5:c1:02:c2:75:6f:
                    13:19:8e:c3:b1:93:56:07:00:c2:59:18:57:b0:02:
                    e3:4e:54:a0:a4:af:ba:13:79:77:92:b8:fe:c1:d1:
                    e1:85:38:5a:3f:22:19:fa:31:05:26:0b:c4:c3:25:
                    69:26:5c:67:b3:83:3a:04:e9:b7:9c:91:d4:f3:86:
                    f4:4f:85:d8:55:50:f2:fe:3f:5e:46:77:1d:da:5a:
                    28:b3:c6:fa:bc:d4:1e:61:c1:fa:f5:1e:fb:ca:8b:
                    c5:7d:f9:23:f2:e6:87:dd:5c:3d:ee:3c:26:0f:43:
                    74:e3:4b:d2:17:5d:39:ee:a1:03:fa:62:a0:39:67:
                    bc:0f:a4:76:1c:33:21:f0:5c:0d:e1:6a:d9:12:26:
                    54:81:48:a0:ab:a9:cd:d3:a8:82:96:7b:7d:5e:5a:
                    8e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:96:4E:01:4A:A2:F5:8E:9F:09:B0:A0:9D:D6:BF:5B:84:0C:4E:54
            X509v3 Authority Key Identifier:
                keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/sZZOAUqi9Y6fCbCgnda_W4QMTlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.60.0-5.253.62.255
                  45.128.204.0/24
                  45.128.206.0/23
                  185.219.40.0/22
                  185.240.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:9d:ed:97:a2:9a:f5:53:48:95:aa:4d:55:e9:e4:8b:d0:6e:
         5f:bb:ce:25:0e:dd:75:a5:ab:e8:16:fa:fd:3e:de:1b:76:40:
         ee:98:ac:7a:05:89:fc:88:98:43:fd:03:9c:92:38:57:b4:69:
         93:2a:1b:6e:cc:6e:e0:8b:e8:ec:d3:b9:f2:d6:51:dd:6f:c5:
         6c:8c:dc:8a:14:44:76:0d:87:d7:a5:f8:b1:98:2f:94:dd:d9:
         b3:3c:85:f3:47:e6:e0:17:db:e8:af:54:f7:7b:e8:de:30:5c:
         1c:9e:40:74:fa:49:ab:86:03:36:c6:57:71:dc:c0:03:37:b6:
         a7:33:42:76:7c:43:c9:f1:48:ed:80:65:3a:e4:04:ff:29:22:
         a0:18:da:ec:80:23:2b:70:ab:26:b6:fa:55:9e:08:45:6b:2c:
         c4:4f:3e:12:88:18:cd:90:1a:79:2d:9e:de:bf:5e:a5:82:e1:
         89:00:ce:83:86:e0:2d:fc:5c:3c:8a:d7:f9:23:6b:0c:93:77:
         09:48:d5:84:fb:a8:87:44:e6:97:c3:69:cf:83:a7:88:56:bf:
         eb:3e:62:63:65:65:7c:56:05:a9:8c:19:e1:fd:da:8c:74:13:
         aa:38:b8:65:f6:c4:09:fd:6a:e2:3d:f4:b3:37:e6:fe:64:9c:
         ea:ef:34:af
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIECTfjSzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZmJlNjVhZTIzZjIwN2ZhNjk1MjU1ZjU1YTkwN2FjMTYwOGJlMDk0MB4XDTIyMDEw
MTEwMDI1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjE5NjRlMDE0YWEy
ZjU4ZTlmMDliMGEwOWRkNmJmNWI4NDBjNGU1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMRoa0ofDou87Nahi1ofnwVNgOyqMmee6NvYZhFHEm4CcV3D
xkZuHPCbdw+gzOcQYGqnWnKhgeafD8d4jQIasraZuHGSJtWv/BUoLMNaF/4BAkq2
i/mBB85V7MiEKcvZ2Cp3tcECwnVvExmOw7GTVgcAwlkYV7AC405UoKSvuhN5d5K4
/sHR4YU4Wj8iGfoxBSYLxMMlaSZcZ7ODOgTpt5yR1POG9E+F2FVQ8v4/XkZ3Hdpa
KLPG+rzUHmHB+vUe+8qLxX35I/Lmh91cPe48Jg9DdONL0hddOe6hA/pioDlnvA+k
dhwzIfBcDeFq2RImVIFIoKupzdOogpZ7fV5ajosCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBSxlk4BSqL1jp8JsKCd1r9bhAxOVDAfBgNVHSMEGDAWgBRfvmWuI/IH+mlS
VfVakHrBYIvglDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1g3NWxyaVB5Ql9wcFVsWDFXcEI2d1dDTDRKUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTEvZjQzMTlmLTNkZmItNDJlYS1iYTk1LTQ5MmFiMzcyNjg5ZC8x
L3NaWk9BVXFpOVk2ZkNiQ2duZGFfVzRRTVRsUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEv
ZjQzMTlmLTNkZmItNDJlYS1iYTk1LTQ5MmFiMzcyNjg5ZC8xL1g3NWxyaVB5Ql9w
cFVsWDFXcEI2d1dDTDRKUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJjAMAwQCBf08AwQABf0+AwQALYDMAwQB
LYDOAwQCudsoAwQBufBmMA0GCSqGSIb3DQEBCwUAA4IBAQCOne2Xopr1U0iVqk1V
6eSL0G5fu84lDt11pavoFvr9Pt4bdkDumKx6BYn8iJhD/QOckjhXtGmTKhtuzG7g
i+js07ny1lHdb8VsjNyKFER2DYfXpfixmC+U3dmzPIXzR+bgF9vor1T3e+jeMFwc
nkB0+kmrhgM2xldx3MADN7anM0J2fEPJ8UjtgGU65AT/KSKgGNrsgCMrcKsmtvpV
nghFayzETz4SiBjNkBp5LZ7ev16lguGJAM6DhuAt/Fw8itf5I2sMk3cJSNWE+6iH
ROaXw2nPg6eIVr/rPmJjZWV8VgWpjBnh/dqMdBOqOLhl9sQJ/WriPfSzN+b+ZJzq
7zSv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:59 2024 by rpki-client on console-fra.rpki-client.org