Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8V3_TxDVKNPst8z4kDWCKeOCrOI.roa
File:                     8V3_TxDVKNPst8z4kDWCKeOCrOI.roa (raw, json)
Hash identifier:          c3uXoccw944QSYFbgckuoDvTBcHxDs3cncoz3Xb/Zys=
Subject key identifier:   F1:5D:FF:4F:10:D5:28:D3:EC:B7:CC:F8:90:35:82:29:E3:82:AC:E2
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0444E18F
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8V3_TxDVKNPst8z4kDWCKeOCrOI.roa
Signing time:             Mon 21 Mar 2022 14:48:31 +0000
ROA not before:           Mon 21 Mar 2022 14:48:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207569
IP address blocks:        139.28.221.0/24 maxlen: 24
                          5.180.136.0/24 maxlen: 24
                          5.180.137.0/24 maxlen: 24
                          5.180.138.0/24 maxlen: 24
                          5.180.139.0/24 maxlen: 24
                          185.94.164.0/24 maxlen: 24
                          185.94.167.0/24 maxlen: 24
                          45.133.245.0/24 maxlen: 24
                          185.188.181.0/24 maxlen: 24
                          95.214.8.0/24 maxlen: 24
                          185.17.2.0/24 maxlen: 24
                          194.53.54.0/24 maxlen: 24
                          85.209.0.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          45.89.64.0/24 maxlen: 24
                          46.17.106.0/24 maxlen: 24
                          2a0a:9300:1::/48 maxlen: 48
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71623055 (0x444e18f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar 21 14:48:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f15dff4f10d528d3ecb7ccf890358229e382ace2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:06:ce:56:78:38:55:3d:02:19:14:ea:7e:3f:
                    d9:1e:90:64:c5:39:2d:16:09:7d:6d:17:5a:79:2e:
                    7c:dd:43:f5:db:a7:84:af:af:22:78:bc:5a:47:9a:
                    d4:8e:3e:fe:37:c3:76:ea:92:b6:95:b4:71:12:df:
                    15:c3:73:3c:30:94:88:4c:ed:23:4b:79:f0:61:6c:
                    7d:d8:7e:64:0a:35:36:9a:d2:6d:ae:6f:0a:ea:c9:
                    d5:89:15:88:71:b6:71:c6:b9:fc:c1:c7:e7:7e:c4:
                    88:5e:fb:07:4c:28:47:41:f3:8d:a7:ac:fa:c1:b0:
                    86:de:02:b4:46:d2:fd:d2:7c:86:6b:54:18:e9:51:
                    31:81:95:f8:6b:23:1c:28:27:86:9a:d9:06:52:df:
                    d6:bd:13:ab:c2:b8:40:a2:e9:01:66:27:47:ab:2e:
                    e2:8e:01:5e:a7:02:e0:b3:a8:f5:f9:a2:c2:83:69:
                    db:c2:ff:2b:a4:24:f3:87:31:a8:ba:c5:48:e5:e4:
                    6f:5a:01:05:7e:3b:9b:34:9b:ef:12:98:bc:23:a4:
                    87:8a:01:67:cb:5f:05:2e:e3:b0:0e:2f:0e:0b:1a:
                    b3:2f:4d:0e:14:55:9f:83:c8:3b:08:69:0e:03:7d:
                    1a:62:bb:b3:c9:d2:0a:87:ad:4b:5a:28:a2:51:9c:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:5D:FF:4F:10:D5:28:D3:EC:B7:CC:F8:90:35:82:29:E3:82:AC:E2
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8V3_TxDVKNPst8z4kDWCKeOCrOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/22
                  5.252.116.0/24
                  45.89.64.0/24
                  45.133.245.0/24
                  46.17.106.0/24
                  85.209.0.0/24
                  95.214.8.0/24
                  139.28.221.0/24
                  185.17.2.0/24
                  185.94.164.0/24
                  185.94.167.0/24
                  185.188.181.0/24
                  194.53.54.0/24
                IPv6:
                  2a0a:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:a6:8a:3d:75:b6:9a:74:bf:cf:63:e8:33:da:44:2a:c2:d1:
         9e:aa:41:af:74:cf:92:cc:83:10:2f:64:1d:ba:92:52:14:c5:
         54:0e:66:c9:7b:ca:93:82:48:a4:d0:17:dd:9b:2a:2a:39:94:
         18:c8:5d:dd:ec:c7:d1:96:32:2c:0d:4c:22:1e:0f:a2:9c:df:
         23:79:b7:f9:8b:8d:f2:02:b8:8f:70:0e:06:36:ca:21:89:7f:
         c6:8e:a5:b3:35:8f:cc:35:49:ab:40:5b:80:bb:63:44:10:35:
         3c:b4:5a:b7:d0:9a:b5:21:17:8c:42:62:8c:43:bb:cd:c6:53:
         80:95:c5:f8:04:fb:77:8e:85:ce:dc:bf:46:93:1c:8f:c1:89:
         34:b4:f8:77:e8:13:6a:41:0c:c7:a0:d5:d2:e9:d9:c7:61:12:
         55:e1:d8:e0:db:6e:cb:4d:12:e9:2e:d9:89:19:a7:23:e6:90:
         63:6b:3a:1b:21:40:d8:b7:18:0c:39:de:f3:b6:e6:6c:ce:d0:
         b7:d3:1a:5e:db:0f:76:44:9d:5e:3e:0e:f9:18:f1:ab:94:f0:
         0a:1b:5c:6e:5e:8b:1b:fd:ca:19:dc:cb:e3:92:0d:02:54:94:
         90:7b:f9:c7:59:9f:a1:3e:c6:cc:09:30:05:a3:60:16:2e:0d:
         fa:1e:8b:e6
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIEBEThjzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDMy
MTE0NDgzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjE1ZGZmNGYxMGQ1
MjhkM2VjYjdjY2Y4OTAzNTgyMjllMzgyYWNlMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM8GzlZ4OFU9AhkU6n4/2R6QZMU5LRYJfW0XWnkufN1D9dun
hK+vIni8Wkea1I4+/jfDduqStpW0cRLfFcNzPDCUiEztI0t58GFsfdh+ZAo1NprS
ba5vCurJ1YkViHG2cca5/MHH537EiF77B0woR0Hzjaes+sGwht4CtEbS/dJ8hmtU
GOlRMYGV+GsjHCgnhprZBlLf1r0Tq8K4QKLpAWYnR6su4o4BXqcC4LOo9fmiwoNp
28L/K6Qk84cxqLrFSOXkb1oBBX47mzSb7xKYvCOkh4oBZ8tfBS7jsA4vDgsasy9N
DhRVn4PIOwhpDgN9GmK7s8nSCoetS1ooolGciTkCAwEAAaOCAmAwggJcMB0GA1Ud
DgQWBBTxXf9PENUo0+y3zPiQNYIp44Ks4jAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
LzhWM19UeERWS05Qc3Q4ejRrRFdDS2VPQ3JPSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB2
BggrBgEFBQcBBwEB/wRnMGUwVAQCAAEwTgMEAgW0iAMEAAX8dAMEAC1ZQAMEAC2F
9QMEAC4RagMEAFXRAAMEAF/WCAMEAIsc3QMEALkRAgMEALlepAMEALlepwMEALm8
tQMEAMI1NjANBAIAAjAHAwUAKgqTADANBgkqhkiG9w0BAQsFAAOCAQEAgKaKPXW2
mnS/z2PoM9pEKsLRnqpBr3TPksyDEC9kHbqSUhTFVA5myXvKk4JIpNAX3ZsqKjmU
GMhd3ezH0ZYyLA1MIh4PopzfI3m3+YuN8gK4j3AOBjbKIYl/xo6lszWPzDVJq0Bb
gLtjRBA1PLRat9CatSEXjEJijEO7zcZTgJXF+AT7d46Fzty/RpMcj8GJNLT4d+gT
akEMx6DV0unZx2ESVeHY4Ntuy00S6S7ZiRmnI+aQY2s6GyFA2LcYDDne87bmbM7Q
t9MaXtsPdkSdXj4O+Rjxq5TwChtcbl6LG/3KGdzL45INAlSUkHv5x1mfoT7GzAkw
BaNgFi4N+h6L5g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org