Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/ZoBAzvbHU3qJucoOqXDEbekHD4E.roa
File:                     ZoBAzvbHU3qJucoOqXDEbekHD4E.roa (raw, json)
Hash identifier:          4rU4qv8SwHWRUjEH+L8cqpUcGTrl+ZQxsV3aoZHbD2c=
Subject key identifier:   66:80:40:CE:F6:C7:53:7A:89:B9:CA:0E:A9:70:C4:6D:E9:07:0F:81
Certificate issuer:       /CN=c42708df93954aac601aef1835bd5d69245fb02f
Certificate serial:       0182ABE700F2AA25CA20415E5C3C164D5D40
Authority key identifier: C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/ZoBAzvbHU3qJucoOqXDEbekHD4E.roa
Signing time:             Wed 17 Aug 2022 13:03:39 +0000
ROA not before:           Wed 17 Aug 2022 13:03:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     45012
IP address blocks:        193.22.255.0/24 maxlen: 24
                          185.80.92.0/24 maxlen: 24
                          185.80.93.0/24 maxlen: 24
                          185.80.94.0/23 maxlen: 23
                          91.220.49.0/24 maxlen: 24
                          185.137.168.0/22 maxlen: 24
                          128.127.65.0/24 maxlen: 24
                          128.127.66.0/24 maxlen: 24
                          194.145.226.0/24 maxlen: 24
                          91.203.108.0/22 maxlen: 24
                          178.250.170.0/24 maxlen: 24
                          93.90.178.0/24 maxlen: 24
                          178.250.174.0/24 maxlen: 24
                          37.218.252.0/24 maxlen: 24
                          37.218.248.0/22 maxlen: 22
                          37.218.254.0/24 maxlen: 24
                          178.20.96.0/21 maxlen: 24
                          5.44.108.0/22 maxlen: 24
                          192.162.87.0/24 maxlen: 24
                          185.207.230.0/24 maxlen: 24
                          185.207.228.0/22 maxlen: 24
                          185.207.228.0/24 maxlen: 24
                          31.47.240.0/20 maxlen: 24
                          81.88.16.0/24 maxlen: 24
                          89.22.100.0/22 maxlen: 24
                          89.22.108.0/24 maxlen: 24
                          89.22.110.0/23 maxlen: 24
                          89.22.112.0/22 maxlen: 24
                          89.22.116.0/22 maxlen: 24
                          89.22.122.0/23 maxlen: 24
                          89.22.124.0/22 maxlen: 24
                          5.44.100.0/23 maxlen: 24
                          5.44.104.0/22 maxlen: 24
                          2a00:fa40:3000::/36 maxlen: 36
                          2a00:fa40:4000::/36 maxlen: 36
                          2a01:64c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ab:e7:00:f2:aa:25:ca:20:41:5e:5c:3c:16:4d:5d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42708df93954aac601aef1835bd5d69245fb02f
        Validity
            Not Before: Aug 17 13:03:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=668040cef6c7537a89b9ca0ea970c46de9070f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b2:74:fd:9b:4a:76:e1:39:e3:5c:79:8e:d1:
                    38:36:65:07:34:3b:be:68:b8:c5:53:3d:ce:f6:25:
                    15:f2:d1:e3:c9:42:2b:be:ea:7e:8b:c8:4f:f1:79:
                    93:ea:6e:e0:a4:6e:85:43:84:fc:58:e0:fa:b0:55:
                    e0:22:d2:fd:5e:f6:fa:4d:ce:0c:02:c5:82:49:7f:
                    32:0f:46:7a:2b:f5:dd:b6:40:1b:81:1d:90:67:e7:
                    78:55:0a:22:2c:4f:44:1f:62:a9:b1:e2:58:3b:5e:
                    e1:7d:75:a4:49:f2:70:1b:c6:aa:c0:82:90:c6:e1:
                    25:83:63:b8:bb:66:85:79:20:d4:db:a4:81:72:45:
                    ae:8b:09:a5:b1:34:b9:66:ce:ca:61:88:35:27:7f:
                    b6:73:cd:f7:1b:d7:ce:ff:a4:75:34:76:2d:ab:3c:
                    02:a1:57:37:e4:a2:b5:26:a1:ba:db:37:3c:39:18:
                    db:9c:9c:34:db:13:44:07:08:3c:ca:5a:90:a3:fa:
                    d9:8b:14:d2:38:99:be:87:2f:ae:5a:54:30:cd:70:
                    85:96:53:bf:d2:7e:df:06:c0:9b:e2:a1:54:84:21:
                    f4:0a:0f:01:ea:07:38:61:eb:9a:0b:7d:01:c8:71:
                    df:4a:45:8e:a6:bf:62:5f:31:96:7c:eb:25:55:cb:
                    c5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:80:40:CE:F6:C7:53:7A:89:B9:CA:0E:A9:70:C4:6D:E9:07:0F:81
            X509v3 Authority Key Identifier:
                keyid:C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/ZoBAzvbHU3qJucoOqXDEbekHD4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.100.0/23
                  5.44.104.0/21
                  31.47.240.0/20
                  37.218.248.0-37.218.252.255
                  37.218.254.0/24
                  81.88.16.0/24
                  89.22.100.0/22
                  89.22.108.0/24
                  89.22.110.0-89.22.119.255
                  89.22.122.0-89.22.127.255
                  91.203.108.0/22
                  91.220.49.0/24
                  93.90.178.0/24
                  128.127.65.0-128.127.66.255
                  178.20.96.0/21
                  178.250.170.0/24
                  178.250.174.0/24
                  185.80.92.0/22
                  185.137.168.0/22
                  185.207.228.0/22
                  192.162.87.0/24
                  193.22.255.0/24
                  194.145.226.0/24
                IPv6:
                  2a00:fa40:3000::-2a00:fa40:4fff:ffff:ffff:ffff:ffff:ffff
                  2a01:64c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:dd:63:75:6f:72:f2:8d:ef:30:17:c3:94:c4:63:44:5d:5e:
         5e:92:9b:a1:af:43:47:aa:57:08:65:c5:71:ec:f6:09:80:3a:
         0f:e3:f7:9d:f8:9c:17:ba:5a:5f:02:c7:41:24:74:6d:b8:97:
         21:4d:61:ed:9f:7a:8b:db:d0:ba:30:8c:fd:60:21:45:b4:05:
         64:aa:b0:b6:68:2c:a9:cc:b0:0a:1b:88:e1:68:24:70:21:a1:
         db:28:25:fe:6a:3d:15:19:18:b2:59:5a:8f:05:5a:5e:02:e8:
         7c:4d:87:31:93:98:9f:17:6c:e2:96:2c:3f:82:5c:88:12:33:
         ae:02:4f:87:f6:fc:80:7f:21:97:32:1b:f0:80:c4:48:d1:b4:
         81:2e:32:7c:b8:94:b7:f2:92:2a:60:61:98:ec:ae:7e:e3:53:
         da:83:2b:ac:ba:70:eb:21:aa:42:c4:5f:2f:78:df:da:8b:99:
         1c:ac:e4:0e:9f:89:87:d5:f7:dd:02:3f:9e:b9:d2:30:1c:1f:
         f6:a3:10:87:a9:9c:15:38:41:03:79:83:ad:6a:78:03:2f:9f:
         0f:92:38:49:02:27:37:b7:e9:99:62:da:d3:a3:2d:d2:b8:ae:
         85:15:18:fd:b5:4c:d8:db:d1:ef:5f:91:06:bc:56:1b:6c:8f:
         30:86:8a:b4
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgISAYKr5wDyqiXKIEFeXDwWTV1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MjcwOGRmOTM5NTRhYWM2MDFhZWYxODM1YmQ1ZDY5MjQ1
ZmIwMmYwHhcNMjIwODE3MTMwMzM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjgwNDBjZWY2Yzc1MzdhODliOWNhMGVhOTcwYzQ2ZGU5MDcwZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbJ0/ZtKduE541x5jtE4NmUHNDu+
aLjFUz3O9iUV8tHjyUIrvup+i8hP8XmT6m7gpG6FQ4T8WOD6sFXgItL9Xvb6Tc4M
AsWCSX8yD0Z6K/XdtkAbgR2QZ+d4VQoiLE9EH2KpseJYO17hfXWkSfJwG8aqwIKQ
xuElg2O4u2aFeSDU26SBckWuiwmlsTS5Zs7KYYg1J3+2c833G9fO/6R1NHYtqzwC
oVc35KK1JqG62zc8ORjbnJw02xNEBwg8ylqQo/rZixTSOJm+hy+uWlQwzXCFllO/
0n7fBsCb4qFUhCH0Cg8B6gc4YeuaC30ByHHfSkWOpr9iXzGWfOslVcvFkwIDAQAB
o4IC0zCCAs8wHQYDVR0OBBYEFGaAQM72x1N6ibnKDqlwxG3pBw+BMB8GA1UdIwQY
MBaAFMQnCN+TlUqsYBrvGDW9XWkkX7AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYt
NzQxYzFkOGRlYTJiLzEvWm9CQXp2YkhVM3FKdWNvT3FYREViZWtIRDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYtNzQxYzFkOGRlYTJi
LzEveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHoBggrBgEFBQcBBwEB/wSB2DCB1TCBsQQCAAEwgaoDBAEF
LGQDBAMFLGgDBAQfL/AwDAMEAyXa+AMEACXa/AMEACXa/gMEAFFYEAMEAlkWZAME
AFkWbDAMAwQBWRZuAwQDWRZwMAwDBAFZFnoDBAdZFgADBAJby2wDBABb3DEDBABd
WrIwDAMEAIB/QQMEAIB/QgMEA7IUYAMEALL6qgMEALL6rgMEArlQXAMEArmJqAME
ArnP5AMEAMCiVwMEAMEW/wMEAMKR4jAfBAIAAjAZMBADBgQqAPpAMAMGBCoA+kBA
AwUAKgFkwDANBgkqhkiG9w0BAQsFAAOCAQEAa91jdW9y8o3vMBfDlMRjRF1eXpKb
oa9DR6pXCGXFcez2CYA6D+P3nficF7paXwLHQSR0bbiXIU1h7Z96i9vQujCM/WAh
RbQFZKqwtmgsqcywChuI4WgkcCGh2ygl/mo9FRkYsllajwVaXgLofE2HMZOYnxds
4pYsP4JciBIzrgJPh/b8gH8hlzIb8IDESNG0gS4yfLiUt/KSKmBhmOyufuNT2oMr
rLpw6yGqQsRfL3jf2ouZHKzkDp+Jh9X33QI/nrnSMBwf9qMQh6mcFThBA3mDrWp4
Ay+fD5I4SQInN7fpmWLa06Mt0riuhRUY/bVM2NvR71+RBrxWG2yPMIaKtA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:44 2024 by rpki-client on console-fra.rpki-client.org