Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/4tHZkX4pMocpHRfQZH0515OF9Vg.roa
File:                     4tHZkX4pMocpHRfQZH0515OF9Vg.roa (raw, json)
Hash identifier:          4/IdIxIVwN6gLqWp3KgFwY6H4tXD9/TNP25D3BUoCOw=
Subject key identifier:   E2:D1:D9:91:7E:29:32:87:29:1D:17:D0:64:7D:39:D7:93:85:F5:58
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0432C405
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/4tHZkX4pMocpHRfQZH0515OF9Vg.roa
Signing time:             Fri 18 Mar 2022 12:19:10 +0000
ROA not before:           Fri 18 Mar 2022 12:19:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207569
IP address blocks:        5.180.136.0/24 maxlen: 24
                          5.180.137.0/24 maxlen: 24
                          5.180.138.0/24 maxlen: 24
                          5.180.139.0/24 maxlen: 24
                          185.94.164.0/24 maxlen: 24
                          185.94.167.0/24 maxlen: 24
                          45.133.245.0/24 maxlen: 24
                          185.188.181.0/24 maxlen: 24
                          95.214.8.0/24 maxlen: 24
                          185.17.2.0/24 maxlen: 24
                          85.209.0.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          45.89.64.0/24 maxlen: 24
                          46.17.106.0/24 maxlen: 24
                          2a0a:9300:1::/48 maxlen: 48
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70435845 (0x432c405)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar 18 12:19:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e2d1d9917e293287291d17d0647d39d79385f558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:eb:8f:ff:bc:3d:d7:38:e3:a6:87:72:23:c3:
                    23:e5:8c:5f:35:51:71:de:39:01:d0:cc:54:c5:a0:
                    b7:1d:27:4d:f8:8b:9b:ee:55:7b:bd:d6:ac:0f:ec:
                    80:d0:14:1e:37:70:1b:68:cc:c1:85:c5:82:d7:05:
                    41:3b:b4:99:c1:6b:36:c0:0e:b6:35:97:6c:09:44:
                    1e:08:e6:ec:3e:7f:85:30:cc:33:6c:29:8e:9f:13:
                    db:53:29:96:49:91:8e:4e:9c:f5:b6:9f:a1:7c:f4:
                    66:f7:75:17:0f:42:45:42:61:8c:b0:1b:d4:41:e4:
                    3b:4e:ef:6a:70:ec:99:dc:c3:20:d1:d3:5b:79:d8:
                    02:63:f3:68:3a:4e:f0:04:59:28:b5:96:35:d2:d6:
                    5e:23:ed:87:2a:d3:f5:51:e3:2b:fe:51:6f:05:64:
                    75:d6:49:6f:2d:22:66:50:e5:aa:5f:12:16:42:c1:
                    92:3a:ca:9d:fb:87:14:9f:b5:92:da:cc:d0:b3:36:
                    e0:e6:b2:40:3f:61:b5:e1:cd:22:9a:e6:12:0d:28:
                    95:5d:b5:2b:cb:86:d5:25:15:13:54:3a:d2:ab:f8:
                    4c:5e:ac:74:a4:fa:4c:b3:ea:60:d2:9d:10:f3:13:
                    2c:82:27:78:d8:15:9d:4c:87:78:4c:d0:b8:b5:88:
                    03:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D1:D9:91:7E:29:32:87:29:1D:17:D0:64:7D:39:D7:93:85:F5:58
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/4tHZkX4pMocpHRfQZH0515OF9Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/22
                  5.252.116.0/24
                  45.89.64.0/24
                  45.133.245.0/24
                  46.17.106.0/24
                  85.209.0.0/24
                  95.214.8.0/24
                  185.17.2.0/24
                  185.94.164.0/24
                  185.94.167.0/24
                  185.188.181.0/24
                IPv6:
                  2a0a:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:48:fa:4c:b6:f6:db:f6:92:75:f9:d5:47:67:07:33:af:93:
         04:20:00:df:ca:50:51:07:c0:f1:e6:08:97:14:82:5b:6a:31:
         03:89:ef:5b:61:a3:81:a3:09:4c:75:d2:1d:de:57:b6:60:36:
         58:38:c8:13:a8:a3:5e:f6:f0:c1:98:28:37:87:dc:c3:35:b9:
         9f:1a:56:ed:00:7c:8d:40:e5:95:4b:28:50:a0:8c:35:ae:fb:
         e1:09:07:b3:cd:73:5a:b6:fc:5c:8b:9b:e5:3e:40:d0:9d:e6:
         e6:d6:74:9d:e3:6f:d0:e4:9e:fb:28:9f:57:cd:01:0a:b5:13:
         de:c1:8c:6d:b3:4d:d6:44:a3:f9:7a:f4:e3:89:5f:40:74:15:
         a3:0f:6b:16:6e:39:87:01:45:f9:55:40:1e:f6:09:3f:ff:99:
         0c:78:7b:77:53:b0:3c:2b:d0:d4:a4:ce:ba:27:6a:d4:f2:6e:
         43:cd:ae:25:04:60:2a:59:bc:cb:10:54:11:66:70:06:18:0f:
         2a:84:e5:ed:ae:f5:0c:8e:7d:8d:b2:5a:f5:48:bc:89:e4:11:
         59:01:08:5d:98:35:0d:81:64:cc:09:2e:68:fc:7f:80:bf:45:
         6f:97:f4:b6:10:3d:c2:0e:e6:d8:b6:e1:dc:bf:5a:2c:c0:85:
         08:b1:d3:07
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIEBDLEBTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDMx
ODEyMTkxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTJkMWQ5OTE3ZTI5
MzI4NzI5MWQxN2QwNjQ3ZDM5ZDc5Mzg1ZjU1ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANfrj/+8Pdc446aHciPDI+WMXzVRcd45AdDMVMWgtx0nTfiL
m+5Ve73WrA/sgNAUHjdwG2jMwYXFgtcFQTu0mcFrNsAOtjWXbAlEHgjm7D5/hTDM
M2wpjp8T21MplkmRjk6c9bafoXz0Zvd1Fw9CRUJhjLAb1EHkO07vanDsmdzDINHT
W3nYAmPzaDpO8ARZKLWWNdLWXiPthyrT9VHjK/5RbwVkddZJby0iZlDlql8SFkLB
kjrKnfuHFJ+1ktrM0LM24OayQD9hteHNIprmEg0olV21K8uG1SUVE1Q60qv4TF6s
dKT6TLPqYNKdEPMTLIIneNgVnUyHeEzQuLWIAw0CAwEAAaOCAlQwggJQMB0GA1Ud
DgQWBBTi0dmRfikyhykdF9BkfTnXk4X1WDAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
LzR0SFprWDRwTW9jcEhSZlFaSDA1MTVPRjlWZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBq
BggrBgEFBQcBBwEB/wRbMFkwSAQCAAEwQgMEAgW0iAMEAAX8dAMEAC1ZQAMEAC2F
9QMEAC4RagMEAFXRAAMEAF/WCAMEALkRAgMEALlepAMEALlepwMEALm8tTANBAIA
AjAHAwUAKgqTADANBgkqhkiG9w0BAQsFAAOCAQEASEj6TLb22/aSdfnVR2cHM6+T
BCAA38pQUQfA8eYIlxSCW2oxA4nvW2GjgaMJTHXSHd5XtmA2WDjIE6ijXvbwwZgo
N4fcwzW5nxpW7QB8jUDllUsoUKCMNa774QkHs81zWrb8XIub5T5A0J3m5tZ0neNv
0OSe+yifV80BCrUT3sGMbbNN1kSj+Xr044lfQHQVow9rFm45hwFF+VVAHvYJP/+Z
DHh7d1OwPCvQ1KTOuidq1PJuQ82uJQRgKlm8yxBUEWZwBhgPKoTl7a71DI59jbJa
9Ui8ieQRWQEIXZg1DYFkzAkuaPx/gL9Fb5f0thA9wg7m2Lbh3L9aLMCFCLHTBw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org