Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ChuIT3HS_3Fa2_T6OQy_aEG0T4w.roa
File:                     ChuIT3HS_3Fa2_T6OQy_aEG0T4w.roa (raw, json)
Hash identifier:          3Sw8i9h7FpkwjPR8qBiuOD6bNrvjn/fooAZD2wyzJTM=
Subject key identifier:   0A:1B:88:4F:71:D2:FF:71:5A:DB:F4:FA:39:0C:BF:68:41:B4:4F:8C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       040541A0
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ChuIT3HS_3Fa2_T6OQy_aEG0T4w.roa
Signing time:             Tue 08 Mar 2022 10:25:41 +0000
ROA not before:           Tue 08 Mar 2022 10:25:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207569
IP address blocks:        5.180.136.0/24 maxlen: 24
                          5.180.137.0/24 maxlen: 24
                          5.180.138.0/24 maxlen: 24
                          5.180.139.0/24 maxlen: 24
                          45.133.245.0/24 maxlen: 24
                          185.188.181.0/24 maxlen: 24
                          95.214.8.0/24 maxlen: 24
                          185.17.2.0/24 maxlen: 24
                          85.209.0.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          45.89.64.0/24 maxlen: 24
                          46.17.106.0/24 maxlen: 24
                          2a0a:9300:1::/48 maxlen: 48
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 67453344 (0x40541a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar  8 10:25:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a1b884f71d2ff715adbf4fa390cbf6841b44f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a3:74:bf:25:69:0a:7b:ac:96:b5:98:5e:68:
                    98:b2:07:00:5d:74:70:af:11:44:8d:73:a0:df:dd:
                    bf:a3:e4:35:a3:61:28:86:3c:9a:14:fe:0e:fd:89:
                    3c:7f:3a:91:1c:3d:81:8f:33:eb:8e:54:dc:fa:fe:
                    ed:cf:f7:bd:1d:d4:04:fa:8a:e7:39:3d:50:88:bc:
                    70:f5:a6:23:23:25:6b:99:a7:3c:59:b8:49:66:66:
                    a3:7e:01:aa:56:91:71:1c:6b:d7:d5:02:ce:ff:b8:
                    b2:a3:7d:33:a7:d0:80:7e:94:70:77:59:e9:be:f7:
                    0f:f7:90:7c:3e:0c:07:e4:14:4f:6e:e5:49:1a:1a:
                    7c:9e:76:19:2b:47:5c:9f:91:c1:26:83:8b:1b:a5:
                    3b:de:5a:27:71:00:34:aa:15:4e:0f:8e:d5:94:be:
                    04:1b:2d:40:74:1b:bb:61:6d:f0:c0:5f:6f:88:a0:
                    9c:8c:f0:87:70:1c:67:5c:cf:a2:3b:9d:d1:5b:d9:
                    90:d2:cc:37:27:f4:41:e6:a6:cd:1a:0d:9d:1f:a3:
                    64:f5:4d:48:57:14:30:2b:0d:ea:13:bd:c4:65:6d:
                    76:dc:b0:24:7e:d6:e3:5d:14:d9:7b:61:d0:cb:34:
                    25:9e:b0:99:87:02:df:7f:05:b0:19:65:37:f4:13:
                    a8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:1B:88:4F:71:D2:FF:71:5A:DB:F4:FA:39:0C:BF:68:41:B4:4F:8C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ChuIT3HS_3Fa2_T6OQy_aEG0T4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/22
                  5.252.116.0/24
                  45.89.64.0/24
                  45.133.245.0/24
                  46.17.106.0/24
                  85.209.0.0/24
                  95.214.8.0/24
                  185.17.2.0/24
                  185.188.181.0/24
                IPv6:
                  2a0a:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:80:5a:f2:a3:fb:88:d3:89:56:d6:e3:e6:28:92:cb:a9:51:
         47:96:ec:03:0e:57:d3:93:82:d5:29:12:1c:b2:42:1c:33:51:
         ea:d7:ae:5f:c9:80:5f:49:50:5e:75:c6:79:a5:d5:e3:82:9c:
         3f:4b:1f:4f:4d:42:b3:ab:21:65:2b:2c:34:ba:98:31:77:d6:
         e3:8b:5a:fc:02:f6:4f:db:20:b0:be:2f:32:34:fd:e7:9a:fd:
         bd:22:45:59:d8:18:95:5e:51:0b:4a:60:f8:0e:fd:11:5c:de:
         73:d6:51:79:85:33:48:b5:de:ff:95:66:b1:84:e1:34:b5:14:
         2b:1f:a1:23:d4:fd:48:6d:5a:d1:81:e2:fb:c2:b7:a6:dd:c6:
         cc:d4:9f:84:16:0b:7a:df:82:95:59:eb:3e:31:c2:77:ad:e2:
         55:b9:d6:51:9a:ae:4d:88:21:ca:06:8b:37:1e:20:fd:98:a9:
         f7:aa:3a:22:3c:e7:57:d6:d2:26:8f:d3:dc:fe:4b:31:eb:21:
         16:9c:3b:53:13:c3:60:51:6e:32:77:53:ae:f2:ac:47:f8:35:
         f2:ca:7b:d8:e3:1a:57:08:2c:6b:27:b0:45:66:98:7d:fc:3a:
         2b:91:8f:e0:c6:bd:9d:bc:ea:e0:0a:ad:e3:7a:15:44:99:38:
         9a:2e:af:6f
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIEBAVBoDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDMw
ODEwMjU0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGExYjg4NGY3MWQy
ZmY3MTVhZGJmNGZhMzkwY2JmNjg0MWI0NGY4YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALejdL8laQp7rJa1mF5omLIHAF10cK8RRI1zoN/dv6PkNaNh
KIY8mhT+Dv2JPH86kRw9gY8z645U3Pr+7c/3vR3UBPqK5zk9UIi8cPWmIyMla5mn
PFm4SWZmo34BqlaRcRxr19UCzv+4sqN9M6fQgH6UcHdZ6b73D/eQfD4MB+QUT27l
SRoafJ52GStHXJ+RwSaDixulO95aJ3EANKoVTg+O1ZS+BBstQHQbu2Ft8MBfb4ig
nIzwh3AcZ1zPojud0VvZkNLMNyf0QeamzRoNnR+jZPVNSFcUMCsN6hO9xGVtdtyw
JH7W410U2Xth0Ms0JZ6wmYcC338FsBllN/QTqFECAwEAAaOCAkgwggJEMB0GA1Ud
DgQWBBQKG4hPcdL/cVrb9Po5DL9oQbRPjDAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L0NodUlUM0hTXzNGYTJfVDZPUXlfYUVHMFQ0dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBe
BggrBgEFBQcBBwEB/wRPME0wPAQCAAEwNgMEAgW0iAMEAAX8dAMEAC1ZQAMEAC2F
9QMEAC4RagMEAFXRAAMEAF/WCAMEALkRAgMEALm8tTANBAIAAjAHAwUAKgqTADAN
BgkqhkiG9w0BAQsFAAOCAQEAkIBa8qP7iNOJVtbj5iiSy6lRR5bsAw5X05OC1SkS
HLJCHDNR6teuX8mAX0lQXnXGeaXV44KcP0sfT01Cs6shZSssNLqYMXfW44ta/AL2
T9sgsL4vMjT955r9vSJFWdgYlV5RC0pg+A79EVzec9ZReYUzSLXe/5VmsYThNLUU
Kx+hI9T9SG1a0YHi+8K3pt3GzNSfhBYLet+ClVnrPjHCd63iVbnWUZquTYghygaL
Nx4g/Zip96o6IjznV9bSJo/T3P5LMeshFpw7UxPDYFFuMndTrvKsR/g18sp72OMa
VwgsayewRWaYffw6K5GP4Ma9nbzq4Aqt43oVRJk4mi6vbw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org