Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/kAeWkUCEBko3M1jMSnSp3BixF7w.roa
File:                     kAeWkUCEBko3M1jMSnSp3BixF7w.roa (raw, json)
Hash identifier:          GLd2yYbA1ktVxEaGdj73MB5m+6peaAcC4XAWEn7za5w=
Subject key identifier:   90:07:96:91:40:84:06:4A:37:33:58:CC:4A:74:A9:DC:18:B1:17:BC
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       01E927D4
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/kAeWkUCEBko3M1jMSnSp3BixF7w.roa
Signing time:             Sun 06 Mar 2022 07:49:55 +0000
ROA not before:           Sun 06 Mar 2022 07:49:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50131
IP address blocks:        194.124.218.0/23 maxlen: 32
                          194.124.224.0/23 maxlen: 32
                          45.142.157.0/24 maxlen: 32
                          45.142.158.0/23 maxlen: 32
                          45.142.156.0/24 maxlen: 32
                          194.147.98.0/23 maxlen: 32
                          194.147.100.0/23 maxlen: 32
                          45.150.226.0/23 maxlen: 32
                          193.218.200.0/23 maxlen: 32
                          45.154.212.0/22 maxlen: 32
                          193.221.94.0/23 maxlen: 32
                          45.150.164.0/22 maxlen: 32
                          45.151.132.0/22 maxlen: 32
                          45.145.74.0/23 maxlen: 32
                          45.145.72.0/23 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 32057300 (0x1e927d4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Mar  6 07:49:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=900796914084064a373358cc4a74a9dc18b117bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:66:89:75:ba:f4:35:2d:0d:6f:a2:8e:89:7d:
                    0c:e4:2c:ce:ba:92:d5:74:1a:24:1b:b5:fc:ec:e6:
                    5b:17:d7:11:de:49:ab:5e:c4:2d:f6:5e:48:d1:de:
                    32:9c:aa:6d:44:bf:14:50:0e:ba:43:88:9a:7f:78:
                    e5:67:4d:34:0a:40:2d:c6:a7:ec:52:50:ae:80:2b:
                    36:14:22:15:e1:75:4f:22:92:2c:2a:48:6c:d4:59:
                    db:90:16:72:e9:41:f2:8f:ff:14:fe:0e:8f:34:a1:
                    e6:75:83:a0:5c:c9:f2:26:ea:b1:1e:03:9f:47:1e:
                    fd:f0:f7:dd:cc:ce:48:31:10:f6:03:c9:e6:95:0a:
                    df:2a:5c:37:a0:b0:a4:45:fb:f4:cf:75:af:ea:b4:
                    54:69:d0:70:f5:02:d1:4a:8c:91:62:18:a9:b4:5e:
                    03:ed:4e:cd:e9:ed:29:4f:77:ad:4a:4f:4b:5c:70:
                    2c:5a:90:49:f6:5c:06:c9:c6:aa:d5:92:98:be:23:
                    a7:f6:e4:cd:cf:b4:eb:f6:6b:fa:6f:d5:a0:d7:08:
                    e4:15:9f:45:97:dc:3d:50:d6:3f:24:ed:fb:df:59:
                    3b:44:fe:43:4e:71:e1:92:e9:da:f2:37:82:92:7c:
                    02:52:c6:36:89:9c:8f:c8:27:51:03:cf:28:14:4f:
                    37:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:07:96:91:40:84:06:4A:37:33:58:CC:4A:74:A9:DC:18:B1:17:BC
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/kAeWkUCEBko3M1jMSnSp3BixF7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.156.0/22
                  45.145.72.0/22
                  45.150.164.0/22
                  45.150.226.0/23
                  45.151.132.0/22
                  45.154.212.0/22
                  193.218.200.0/23
                  193.221.94.0/23
                  194.124.218.0/23
                  194.124.224.0/23
                  194.147.98.0-194.147.101.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:2a:4a:83:ab:b9:23:d0:60:b2:d0:d0:3f:8e:84:cf:8e:32:
         c8:51:76:73:7c:f0:2c:66:d3:3c:90:85:d8:1d:3f:b6:bd:a4:
         13:22:ea:db:11:6d:e9:fb:27:d1:74:18:59:41:14:2f:93:a0:
         b4:18:3f:c6:46:3b:cd:30:fa:0c:bf:ed:16:a3:0d:3f:4c:fb:
         93:bd:f8:34:6e:61:77:f5:4b:dd:cb:c6:27:2e:8b:b1:9d:5a:
         80:4d:07:6e:a1:40:e3:19:ba:80:b6:d6:2c:22:f6:22:19:8d:
         1a:bb:e6:0d:2e:a2:0a:28:ed:c3:38:b8:6f:5b:af:cb:2a:11:
         04:df:26:a5:9a:10:62:39:78:7c:b4:b1:4e:92:03:e3:d1:54:
         11:10:f0:4b:fa:f7:5b:ff:1f:7c:de:6b:a2:de:11:e0:c4:ca:
         4f:cd:e9:ed:31:26:17:08:de:dc:b3:57:84:9f:fd:82:64:3a:
         c0:33:ec:99:3c:79:2b:2c:72:55:26:1f:dc:75:ee:e0:fd:bd:
         f8:f7:33:cb:70:ef:9c:28:54:b9:2c:a9:80:3f:47:12:45:ac:
         7c:56:21:bf:ad:81:59:a5:a1:71:d4:44:f2:c3:01:72:d0:ea:
         d9:f9:2d:f1:6a:74:96:4f:2b:fe:5e:79:49:92:30:00:b0:95:
         4c:ec:02:85
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIEAekn1DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZGI2N2M1YzdmYTdmZTI0OTJlZWMzN2NmNDI3NjQyYjcxZDQyNWIwMB4XDTIyMDMw
NjA3NDk1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTAwNzk2OTE0MDg0
MDY0YTM3MzM1OGNjNGE3NGE5ZGMxOGIxMTdiYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK1miXW69DUtDW+ijol9DOQszrqS1XQaJBu1/OzmWxfXEd5J
q17ELfZeSNHeMpyqbUS/FFAOukOImn945WdNNApALcan7FJQroArNhQiFeF1TyKS
LCpIbNRZ25AWculB8o//FP4OjzSh5nWDoFzJ8ibqsR4Dn0ce/fD33czOSDEQ9gPJ
5pUK3ypcN6CwpEX79M91r+q0VGnQcPUC0UqMkWIYqbReA+1OzentKU93rUpPS1xw
LFqQSfZcBsnGqtWSmL4jp/bkzc+06/Zr+m/VoNcI5BWfRZfcPVDWPyTt+99ZO0T+
Q05x4ZLp2vI3gpJ8AlLGNomcj8gnUQPPKBRPN2UCAwEAAaOCAk0wggJJMB0GA1Ud
DgQWBBSQB5aRQIQGSjczWMxKdKncGLEXvDAfBgNVHSMEGDAWgBQNtnxcf6f+JJLu
w3z0J2QrcdQlsDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RiWjhYSC1uX2lTUzdzTjg5Q2RrSzNIVUpiQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTkvMGYzNzU3LWYwZWQtNGU3ZS05MzI5LWIwM2RmOTk2ZTQ4MS8x
L2tBZVdrVUNFQmtvM00xak1TblNwM0JpeEY3dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTkv
MGYzNzU3LWYwZWQtNGU3ZS05MzI5LWIwM2RmOTk2ZTQ4MS8xL0RiWjhYSC1uX2lT
UzdzTjg5Q2RrSzNIVUpiQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBj
BggrBgEFBQcBBwEB/wRUMFIwUAQCAAEwSgMEAi2OnAMEAi2RSAMEAi2WpAMEAS2W
4gMEAi2XhAMEAi2a1AMEAcHayAMEAcHdXgMEAcJ82gMEAcJ84DAMAwQBwpNiAwQB
wpNkMA0GCSqGSIb3DQEBCwUAA4IBAQBcKkqDq7kj0GCy0NA/joTPjjLIUXZzfPAs
ZtM8kIXYHT+2vaQTIurbEW3p+yfRdBhZQRQvk6C0GD/GRjvNMPoMv+0Wow0/TPuT
vfg0bmF39Uvdy8YnLouxnVqATQduoUDjGbqAttYsIvYiGY0au+YNLqIKKO3DOLhv
W6/LKhEE3yalmhBiOXh8tLFOkgPj0VQREPBL+vdb/x983mui3hHgxMpPzentMSYX
CN7cs1eEn/2CZDrAM+yZPHkrLHJVJh/cde7g/b349zPLcO+cKFS5LKmAP0cSRax8
ViG/rYFZpaFx1ETywwFy0OrZ+S3xanSWTyv+XnlJkjAAsJVM7AKF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:57 2024 by rpki-client on console-fra.rpki-client.org