Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DpeFhD5bENwljIe92JQb69xusI0.roa
File:                     DpeFhD5bENwljIe92JQb69xusI0.roa (raw, json)
Hash identifier:          jbFEvq3MPgJbHc1dHNllTipl/OBlNUPcONbLSazMoBA=
Subject key identifier:   0E:97:85:84:3E:5B:10:DC:25:8C:87:BD:D8:94:1B:EB:DC:6E:B0:8D
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0457F1FD
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DpeFhD5bENwljIe92JQb69xusI0.roa
Signing time:             Fri 25 Mar 2022 09:27:14 +0000
ROA not before:           Fri 25 Mar 2022 09:27:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207569
IP address blocks:        185.174.137.0/24 maxlen: 24
                          139.28.221.0/24 maxlen: 24
                          5.180.136.0/24 maxlen: 24
                          5.180.137.0/24 maxlen: 24
                          5.180.138.0/24 maxlen: 24
                          5.180.139.0/24 maxlen: 24
                          185.94.167.0/24 maxlen: 24
                          45.133.245.0/24 maxlen: 24
                          185.188.181.0/24 maxlen: 24
                          95.214.8.0/24 maxlen: 24
                          185.17.2.0/24 maxlen: 24
                          194.53.54.0/24 maxlen: 24
                          85.209.0.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          45.89.64.0/24 maxlen: 24
                          46.17.106.0/24 maxlen: 24
                          2a0a:9300:1::/48 maxlen: 48
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72872445 (0x457f1fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar 25 09:27:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0e9785843e5b10dc258c87bdd8941bebdc6eb08d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9c:80:5f:c3:4c:a9:98:88:95:ec:5a:a3:5c:
                    6f:99:42:f6:d1:9b:bf:34:72:50:33:b0:bf:fb:4e:
                    c5:c7:18:10:8e:3f:f0:8e:bf:44:0b:2d:85:9c:91:
                    ba:73:6b:85:34:fa:06:d2:68:c9:e9:ad:48:ec:04:
                    dd:76:88:5b:a7:6d:cc:89:2d:93:d9:f7:30:d9:64:
                    6f:06:67:9a:02:cd:11:a0:11:bd:b7:aa:a2:2a:24:
                    86:ef:0a:71:0f:75:68:42:46:80:05:65:84:03:cf:
                    94:ca:87:17:71:a1:ec:65:91:13:29:e7:dd:86:61:
                    79:94:36:ba:df:30:e3:39:56:79:64:bd:e5:f7:d3:
                    52:9e:b9:46:6b:c0:1e:96:8e:d8:cc:80:05:9a:5a:
                    df:d5:2b:92:20:ec:82:46:28:9c:a0:12:38:37:d0:
                    cc:b1:cf:68:02:79:c1:46:3f:9f:c9:b7:35:5c:f2:
                    bb:40:25:15:c2:de:44:10:7d:15:dd:08:3f:c0:e2:
                    2a:8f:49:fe:66:c9:dc:90:cc:9b:3d:34:37:66:1f:
                    fc:1b:60:4e:4e:be:43:ac:04:1a:01:0f:77:de:9c:
                    29:d2:0d:2f:87:6f:2a:f7:7e:4b:41:91:66:48:bd:
                    52:fb:b9:a4:7a:be:2f:ed:09:e4:0d:90:d1:a6:44:
                    98:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:97:85:84:3E:5B:10:DC:25:8C:87:BD:D8:94:1B:EB:DC:6E:B0:8D
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DpeFhD5bENwljIe92JQb69xusI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/22
                  5.252.116.0/24
                  45.89.64.0/24
                  45.133.245.0/24
                  46.17.106.0/24
                  85.209.0.0/24
                  95.214.8.0/24
                  139.28.221.0/24
                  185.17.2.0/24
                  185.94.167.0/24
                  185.174.137.0/24
                  185.188.181.0/24
                  194.53.54.0/24
                IPv6:
                  2a0a:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:ac:23:9e:55:2b:08:f5:1e:b8:76:37:27:b6:ae:46:12:0a:
         77:27:7d:5b:5a:dc:25:84:8f:1a:1d:27:9b:e1:29:e8:30:96:
         fa:90:b4:4d:f3:d9:fe:2f:d4:f2:c9:85:96:85:0e:4b:50:2d:
         f3:93:22:81:7e:2a:a1:b5:e8:df:4a:f0:9f:2b:c9:8d:4c:40:
         eb:54:02:ad:41:46:5b:73:65:90:86:d3:74:56:87:ee:4c:f8:
         35:f6:57:43:b9:8f:bd:e0:f5:ba:88:fa:00:d4:d2:b0:1d:17:
         f5:61:0f:97:23:7f:40:0d:a9:cc:68:97:bf:e6:65:c4:30:4b:
         98:da:a7:0e:24:a9:c7:a8:59:86:dc:77:c2:07:e6:4f:9c:4b:
         5d:8d:a0:0d:2a:c1:3c:1d:9f:90:3b:73:79:c1:bf:4c:bd:14:
         8a:09:6c:9b:52:c7:14:6d:72:ad:4a:f1:1b:7b:d7:2a:99:d3:
         19:00:54:8b:67:48:06:a8:90:92:b2:0d:4b:73:c8:0e:03:82:
         29:ff:b6:f2:a2:e5:85:df:89:ac:b8:dc:a3:fa:9e:02:ed:92:
         b7:a0:0d:6f:6f:5e:b3:8f:88:3f:cd:0c:a4:77:a8:fa:99:41:
         89:8f:05:eb:96:d2:21:f1:51:0f:4c:8e:ea:65:4e:6e:35:da:
         4b:d2:01:e6
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIEBFfx/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDMy
NTA5MjcxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGU5Nzg1ODQzZTVi
MTBkYzI1OGM4N2JkZDg5NDFiZWJkYzZlYjA4ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALScgF/DTKmYiJXsWqNcb5lC9tGbvzRyUDOwv/tOxccYEI4/
8I6/RAsthZyRunNrhTT6BtJoyemtSOwE3XaIW6dtzIktk9n3MNlkbwZnmgLNEaAR
vbeqoiokhu8KcQ91aEJGgAVlhAPPlMqHF3Gh7GWREynn3YZheZQ2ut8w4zlWeWS9
5ffTUp65RmvAHpaO2MyABZpa39UrkiDsgkYonKASODfQzLHPaAJ5wUY/n8m3NVzy
u0AlFcLeRBB9Fd0IP8DiKo9J/mbJ3JDMmz00N2Yf/BtgTk6+Q6wEGgEPd96cKdIN
L4dvKvd+S0GRZki9Uvu5pHq+L+0J5A2Q0aZEmAECAwEAAaOCAmAwggJcMB0GA1Ud
DgQWBBQOl4WEPlsQ3CWMh73YlBvr3G6wjTAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L0RwZUZoRDViRU53bGpJZTkySlFiNjl4dXNJMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB2
BggrBgEFBQcBBwEB/wRnMGUwVAQCAAEwTgMEAgW0iAMEAAX8dAMEAC1ZQAMEAC2F
9QMEAC4RagMEAFXRAAMEAF/WCAMEAIsc3QMEALkRAgMEALlepwMEALmuiQMEALm8
tQMEAMI1NjANBAIAAjAHAwUAKgqTADANBgkqhkiG9w0BAQsFAAOCAQEALawjnlUr
CPUeuHY3J7auRhIKdyd9W1rcJYSPGh0nm+Ep6DCW+pC0TfPZ/i/U8smFloUOS1At
85MigX4qobXo30rwnyvJjUxA61QCrUFGW3NlkIbTdFaH7kz4NfZXQ7mPveD1uoj6
ANTSsB0X9WEPlyN/QA2pzGiXv+ZlxDBLmNqnDiSpx6hZhtx3wgfmT5xLXY2gDSrB
PB2fkDtzecG/TL0Uiglsm1LHFG1yrUrxG3vXKpnTGQBUi2dIBqiQkrINS3PIDgOC
Kf+28qLlhd+JrLjco/qeAu2St6ANb29es4+IP80MpHeo+plBiY8F65bSIfFRD0yO
6mVObjXaS9IB5g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org