Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/cW5NaTMMdBFd603Zo1QB2DakbKU.roa
File:                     cW5NaTMMdBFd603Zo1QB2DakbKU.roa (raw, json)
Hash identifier:          2qWCrSzLrc2z0w80Bm0ZPW/A37JTRsnWF4MjX6DSAsc=
Subject key identifier:   71:6E:4D:69:33:0C:74:11:5D:EB:4D:D9:A3:54:01:D8:36:A4:6C:A5
Certificate issuer:       /CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
Certificate serial:       34FC86DA
Authority key identifier: 34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/cW5NaTMMdBFd603Zo1QB2DakbKU.roa
Signing time:             Sat 01 Jan 2022 10:03:37 +0000
ROA not before:           Sat 01 Jan 2022 10:03:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15734
IP address blocks:        217.15.42.0/24 maxlen: 24
                          217.15.46.0/24 maxlen: 24
                          88.84.64.0/19 maxlen: 24
                          88.84.80.0/24 maxlen: 24
                          88.84.82.0/24 maxlen: 24
                          88.84.93.0/24 maxlen: 24
                          88.84.92.0/24 maxlen: 24
                          185.117.178.0/24 maxlen: 24
                          185.117.179.0/24 maxlen: 24
                          185.117.176.0/24 maxlen: 24
                          217.15.32.0/20 maxlen: 24
                          217.149.144.0/20 maxlen: 24
                          95.142.0.0/20 maxlen: 24
                          95.142.3.0/24 maxlen: 24
                          217.149.148.0/22 maxlen: 24
                          95.142.8.0/24 maxlen: 24
                          95.142.10.0/24 maxlen: 24
                          217.149.157.0/24 maxlen: 24
                          217.149.156.0/24 maxlen: 24
                          95.142.13.0/24 maxlen: 24
                          2a02:2068::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 888964826 (0x34fc86da)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
        Validity
            Not Before: Jan  1 10:03:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=716e4d69330c74115deb4dd9a35401d836a46ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:70:9f:76:ae:9a:3f:58:ad:5f:6f:4d:08:d6:
                    29:7b:58:2c:51:42:83:df:3e:84:96:47:54:b5:32:
                    08:db:d1:df:bd:3b:ea:b2:02:e8:b1:c1:9c:ba:bb:
                    8f:ee:c2:8d:0b:db:38:99:6b:20:9b:0b:d2:b6:33:
                    0f:95:4b:bd:56:7e:e7:42:75:2b:9a:64:88:cc:35:
                    2f:04:77:02:6c:ea:cc:42:be:bf:14:57:4e:ab:84:
                    f5:9e:28:55:8f:35:fd:29:e3:94:fc:f1:f6:ee:07:
                    3c:52:7a:89:41:08:32:15:db:31:26:6c:5a:ba:0f:
                    dd:c7:12:25:77:6a:10:1b:d9:d7:28:9d:69:de:4b:
                    cc:93:95:bd:59:bc:28:41:c5:b8:50:97:5d:67:5f:
                    74:96:68:c9:95:32:3f:db:05:05:b1:f8:9e:35:d2:
                    f2:96:06:d0:8a:1b:f7:d2:40:5c:32:c4:bf:93:1d:
                    f9:c4:0c:4f:31:b7:96:43:81:00:91:a1:04:e8:a9:
                    70:a0:90:eb:e9:74:26:d2:ba:22:39:3b:2d:fa:6d:
                    23:b7:50:fd:d8:ab:e9:16:8d:6f:c6:9b:ce:86:14:
                    19:31:28:52:f9:85:23:fb:2e:a1:e6:ad:86:25:a0:
                    ec:8a:27:71:07:9e:66:4c:bd:89:42:d6:8e:24:ad:
                    bc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:6E:4D:69:33:0C:74:11:5D:EB:4D:D9:A3:54:01:D8:36:A4:6C:A5
            X509v3 Authority Key Identifier:
                keyid:34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/cW5NaTMMdBFd603Zo1QB2DakbKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.64.0/19
                  95.142.0.0/20
                  185.117.176.0/24
                  185.117.178.0/23
                  217.15.32.0/20
                  217.149.144.0/20
                IPv6:
                  2a02:2068::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:db:cb:80:81:c3:a2:74:f3:8f:77:c6:ab:73:0d:84:48:42:
         e8:bf:b8:7a:68:c1:c5:99:4e:7b:d0:2c:6b:7b:da:8a:ab:5a:
         c2:25:84:fa:c3:b4:d4:71:60:2e:d6:2f:3d:5e:bf:8b:85:db:
         f8:bd:0e:56:fa:71:af:21:ed:6f:35:65:32:fa:00:0b:3f:43:
         7a:89:d9:fd:00:d5:f2:12:e8:31:d5:27:3f:6a:d8:d3:c4:47:
         db:53:54:29:b1:ba:42:94:fa:0d:17:24:98:5f:b2:16:82:d5:
         61:7f:ce:f8:60:10:c7:82:ee:f8:21:30:3f:ea:29:dc:e6:37:
         16:09:47:87:49:74:89:27:1b:ca:21:d8:de:9a:a7:6b:00:a3:
         ea:67:cf:01:20:aa:fe:6d:41:ee:87:98:e2:ac:81:bb:62:1c:
         02:22:ac:d6:8e:a7:98:2a:0f:fd:5f:2a:3f:23:93:26:bf:ef:
         01:71:21:a4:b5:69:17:cf:d2:0a:fe:81:a2:f6:60:02:76:d9:
         18:58:97:8a:3e:4c:fb:91:fe:26:5f:83:8f:29:44:f2:e9:e1:
         6c:a6:48:1e:a9:e6:1a:13:b1:e8:f0:a2:3a:0f:fa:53:cb:5f:
         b9:12:af:c1:46:8f:e8:d0:e6:00:a2:92:65:81:5b:f7:88:57:
         3b:52:1a:cf
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIENPyG2jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NGY0N2I3M2VlOGZiZWRkMjVmNDFiM2IxN2IyYmUwOGY1YmY2NTYzMB4XDTIyMDEw
MTEwMDMzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzE2ZTRkNjkzMzBj
NzQxMTVkZWI0ZGQ5YTM1NDAxZDgzNmE0NmNhNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALdwn3aumj9YrV9vTQjWKXtYLFFCg98+hJZHVLUyCNvR3707
6rIC6LHBnLq7j+7CjQvbOJlrIJsL0rYzD5VLvVZ+50J1K5pkiMw1LwR3AmzqzEK+
vxRXTquE9Z4oVY81/SnjlPzx9u4HPFJ6iUEIMhXbMSZsWroP3ccSJXdqEBvZ1yid
ad5LzJOVvVm8KEHFuFCXXWdfdJZoyZUyP9sFBbH4njXS8pYG0Iob99JAXDLEv5Md
+cQMTzG3lkOBAJGhBOipcKCQ6+l0JtK6Ijk7LfptI7dQ/dir6RaNb8abzoYUGTEo
UvmFI/suoeathiWg7IoncQeeZky9iULWjiStvIcCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBRxbk1pMwx0EV3rTdmjVAHYNqRspTAfBgNVHSMEGDAWgBQ09Htz7o++3SX0
GzsXsr4I9b9lYzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05QUjdjLTZQdnQwbDlCczdGN0stQ1BXX1pXTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTUvMGZjNWM5LTRlYzYtNGRmNi04MmM0LWQ4N2U0MDQ3Zjg1My8x
L2NXNU5hVE1NZEJGZDYwM1pvMVFCMkRha2JLVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUv
MGZjNWM5LTRlYzYtNGRmNi04MmM0LWQ4N2U0MDQ3Zjg1My8xL05QUjdjLTZQdnQw
bDlCczdGN0stQ1BXX1pXTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEBVhUQAMEBF+OAAMEALl1sAMEAbl1
sgMEBNkPIAMEBNmVkDANBAIAAjAHAwUDKgIgaDANBgkqhkiG9w0BAQsFAAOCAQEA
MNvLgIHDonTzj3fGq3MNhEhC6L+4emjBxZlOe9Asa3vaiqtawiWE+sO01HFgLtYv
PV6/i4Xb+L0OVvpxryHtbzVlMvoACz9DeonZ/QDV8hLoMdUnP2rY08RH21NUKbG6
QpT6DRckmF+yFoLVYX/O+GAQx4Lu+CEwP+op3OY3FglHh0l0iScbyiHY3pqnawCj
6mfPASCq/m1B7oeY4qyBu2IcAiKs1o6nmCoP/V8qPyOTJr/vAXEhpLVpF8/SCv6B
ovZgAnbZGFiXij5M+5H+Jl+DjylE8unhbKZIHqnmGhOx6PCiOg/6U8tfuRKvwUaP
6NDmAKKSZYFb94hXO1Iazw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:23 2024 by rpki-client on console-fra.rpki-client.org