Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Zp5HPe6-5uk-KCyp3yHxN9MVLiA.roa
File:                     Zp5HPe6-5uk-KCyp3yHxN9MVLiA.roa (raw, json)
Hash identifier:          D2kLnJq1Wao6r7a0R6zOobjoLeWpSEYCTBo8HGBZJYs=
Subject key identifier:   66:9E:47:3D:EE:BE:E6:E9:3E:28:2C:A9:DF:21:F1:37:D3:15:2E:20
Certificate issuer:       /CN=0e2d420e661c86571089ff0b51965a86e0d7bc75
Certificate serial:       34A418A7
Authority key identifier: 0E:2D:42:0E:66:1C:86:57:10:89:FF:0B:51:96:5A:86:E0:D7:BC:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Di1CDmYchlcQif8LUZZahuDXvHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Zp5HPe6-5uk-KCyp3yHxN9MVLiA.roa
Signing time:             Sat 01 Jan 2022 03:56:44 +0000
ROA not before:           Sat 01 Jan 2022 03:56:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3223
IP address blocks:        37.221.174.0/23 maxlen: 23
                          37.221.160.0/21 maxlen: 24
                          37.221.164.0/24 maxlen: 24
                          37.221.167.0/24 maxlen: 24
                          37.221.168.0/23 maxlen: 24
                          37.221.170.0/23 maxlen: 23
                          37.221.172.0/23 maxlen: 23
                          195.60.76.0/23 maxlen: 24
                          185.5.175.0/24 maxlen: 24
                          185.5.174.0/24 maxlen: 24
                          185.5.173.0/24 maxlen: 24
                          109.163.224.0/24 maxlen: 24
                          109.163.225.0/24 maxlen: 24
                          109.163.226.0/23 maxlen: 23
                          109.163.229.0/24 maxlen: 24
                          109.163.228.0/24 maxlen: 24
                          109.163.230.0/23 maxlen: 24
                          109.163.232.0/24 maxlen: 24
                          109.163.233.0/24 maxlen: 24
                          109.163.234.0/23 maxlen: 24
                          109.163.236.0/22 maxlen: 24
                          109.163.239.0/24 maxlen: 24
                          185.5.172.0/24 maxlen: 24
                          2a03:5180:b::/48 maxlen: 64
                          2a03:5180:6::/48 maxlen: 48
                          2a03:5180:1::/48 maxlen: 48
                          2a03:5180:5::/48 maxlen: 48
                          2a03:5180::/32 maxlen: 48
                          2a03:5180:8::/48 maxlen: 48
                          2a03:5180:3::/48 maxlen: 48
                          2a03:5180:7::/48 maxlen: 48
                          2a03:5180:2::/48 maxlen: 48
                          2a03:5180:1:6::/64 maxlen: 64
                          2a03:5180::/48 maxlen: 48
                          2a03:5180:11::/48 maxlen: 48
                          2a03:5180:4::/48 maxlen: 48
                          2a03:5180:9::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 883169447 (0x34a418a7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2d420e661c86571089ff0b51965a86e0d7bc75
        Validity
            Not Before: Jan  1 03:56:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=669e473deebee6e93e282ca9df21f137d3152e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:36:25:3e:b6:6c:41:c6:54:a7:7e:9d:70:55:
                    f1:1f:0e:25:13:1a:67:13:57:fd:28:c1:6b:9b:49:
                    53:5d:e1:62:f7:ff:08:e1:96:e0:34:dc:e4:56:5a:
                    5f:dd:b1:ba:22:a3:a7:fe:4b:ba:fd:9e:ce:b1:e3:
                    53:54:81:e0:7a:4c:54:95:a0:f3:74:c1:0d:28:f4:
                    4f:93:96:55:5a:96:ac:b1:0f:56:ba:d1:f2:65:35:
                    da:b6:09:46:ec:dc:52:44:bd:3d:0a:7f:04:5e:df:
                    0f:01:01:18:4a:65:88:76:09:ad:2f:52:9a:90:3a:
                    27:9e:6b:9e:78:e3:cb:96:fd:9e:38:88:f6:25:41:
                    41:ce:5e:45:b0:fe:35:c1:29:15:3d:53:8c:26:d6:
                    8f:24:03:5a:b3:4f:58:07:82:7a:4e:74:93:78:dd:
                    cb:57:05:4d:00:af:3f:b9:2b:2e:be:5b:f6:57:65:
                    ad:79:ad:af:90:82:09:da:ad:f3:ba:fe:af:8a:ad:
                    2f:8e:8a:ca:89:24:48:7a:8e:55:77:da:e1:2e:26:
                    30:0e:75:34:48:dd:2e:2b:59:3e:3f:93:ae:b2:6d:
                    84:56:fd:47:15:f3:6e:77:5c:b5:39:a3:4f:2d:bc:
                    8c:c6:f4:ba:1e:e7:bb:b8:dc:c7:c4:fb:1d:55:fc:
                    cc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:9E:47:3D:EE:BE:E6:E9:3E:28:2C:A9:DF:21:F1:37:D3:15:2E:20
            X509v3 Authority Key Identifier:
                keyid:0E:2D:42:0E:66:1C:86:57:10:89:FF:0B:51:96:5A:86:E0:D7:BC:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Di1CDmYchlcQif8LUZZahuDXvHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Zp5HPe6-5uk-KCyp3yHxN9MVLiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Di1CDmYchlcQif8LUZZahuDXvHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.160.0/20
                  109.163.224.0/20
                  185.5.172.0/22
                  195.60.76.0/23
                IPv6:
                  2a03:5180::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:4b:2a:8d:2c:d0:dd:0b:c8:36:20:1e:64:21:2b:3f:0d:97:
         76:a7:13:00:76:b0:eb:3e:19:70:ee:e4:cb:3d:bf:3c:70:fa:
         da:c3:e4:7f:ac:3b:8c:1b:4d:25:b2:39:4b:25:f1:23:1c:70:
         96:53:8a:87:76:b4:89:52:c7:ce:7f:91:49:6f:a5:00:65:9e:
         94:50:99:86:b6:4c:0e:06:14:64:14:89:47:4c:d4:10:c2:56:
         d4:20:3e:9d:ac:e3:55:23:22:6b:87:39:bc:3c:54:cb:c8:0b:
         4e:61:4d:91:50:e8:9a:46:1d:b4:7b:e0:59:39:de:07:ee:18:
         60:97:55:be:5a:9a:13:52:c3:8e:a8:57:9b:67:66:d9:ed:03:
         b5:ec:95:ea:6a:ca:f5:bf:c1:d0:40:aa:54:ff:47:ec:c9:7d:
         11:75:97:27:0e:d5:55:a7:37:c6:6e:92:3a:28:08:1d:e1:d8:
         d0:38:ca:d2:cd:3c:c1:1d:cf:0a:67:cb:6e:a3:d9:95:60:90:
         ff:79:30:39:bf:aa:b9:65:54:08:45:58:f9:0f:8a:38:cd:99:
         ec:14:c6:99:2d:85:7a:e3:a5:96:c5:ce:63:7a:61:58:13:33:
         08:01:f1:fa:e3:da:2e:98:46:c7:94:e5:18:84:ef:80:de:8e:
         29:81:70:9f
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIENKQYpzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZTJkNDIwZTY2MWM4NjU3MTA4OWZmMGI1MTk2NWE4NmUwZDdiYzc1MB4XDTIyMDEw
MTAzNTY0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjY5ZTQ3M2RlZWJl
ZTZlOTNlMjgyY2E5ZGYyMWYxMzdkMzE1MmUyMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANg2JT62bEHGVKd+nXBV8R8OJRMaZxNX/SjBa5tJU13hYvf/
COGW4DTc5FZaX92xuiKjp/5Luv2ezrHjU1SB4HpMVJWg83TBDSj0T5OWVVqWrLEP
VrrR8mU12rYJRuzcUkS9PQp/BF7fDwEBGEpliHYJrS9SmpA6J55rnnjjy5b9njiI
9iVBQc5eRbD+NcEpFT1TjCbWjyQDWrNPWAeCek50k3jdy1cFTQCvP7krLr5b9ldl
rXmtr5CCCdqt87r+r4qtL46KyokkSHqOVXfa4S4mMA51NEjdLitZPj+TrrJthFb9
RxXzbndctTmjTy28jMb0uh7nu7jcx8T7HVX8zI8CAwEAAaOCAiowggImMB0GA1Ud
DgQWBBRmnkc97r7m6T4oLKnfIfE30xUuIDAfBgNVHSMEGDAWgBQOLUIOZhyGVxCJ
/wtRllqG4Ne8dTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RpMUNEbVljaGxjUWlmOExVWlphaHVEWHZIVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmYvNzUwMDA5LTZmYTEtNGVmMS04MzJhLTc1MTg4YjNjMTEyZS8x
L1pwNUhQZTYtNXVrLUtDeXAzeUh4TjlNVkxpQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYv
NzUwMDA5LTZmYTEtNGVmMS04MzJhLTc1MTg4YjNjMTEyZS8xL0RpMUNEbVljaGxj
UWlmOExVWlphaHVEWHZIVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEBCXdoAMEBG2j4AMEArkFrAMEAcM8
TDANBAIAAjAHAwUAKgNRgDANBgkqhkiG9w0BAQsFAAOCAQEAZEsqjSzQ3QvINiAe
ZCErPw2XdqcTAHaw6z4ZcO7kyz2/PHD62sPkf6w7jBtNJbI5SyXxIxxwllOKh3a0
iVLHzn+RSW+lAGWelFCZhrZMDgYUZBSJR0zUEMJW1CA+nazjVSMia4c5vDxUy8gL
TmFNkVDomkYdtHvgWTneB+4YYJdVvlqaE1LDjqhXm2dm2e0DteyV6mrK9b/B0ECq
VP9H7Ml9EXWXJw7VVac3xm6SOigIHeHY0DjK0s08wR3PCmfLbqPZlWCQ/3kwOb+q
uWVUCEVY+Q+KOM2Z7BTGmS2FeuOllsXOY3phWBMzCAHx+uPaLphGx5TlGITvgN6O
KYFwnw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:12 2024 by rpki-client on console-fra.rpki-client.org