Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/PXFMNxugKSM9MfSfzzcwaFx1M8U.roa
File:                     PXFMNxugKSM9MfSfzzcwaFx1M8U.roa (raw, json)
Hash identifier:          W2nw0n3p+SJh+wIF2uEn8hC7SRzBs/Oq/R1dxm3ZXqY=
Subject key identifier:   3D:71:4C:37:1B:A0:29:23:3D:31:F4:9F:CF:37:30:68:5C:75:33:C5
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0435C7F6
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/PXFMNxugKSM9MfSfzzcwaFx1M8U.roa
Signing time:             Sat 19 Mar 2022 08:40:02 +0000
ROA not before:           Sat 19 Mar 2022 08:40:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200740
IP address blocks:        185.117.116.0/24 maxlen: 24
                          185.103.252.0/24 maxlen: 24
                          185.103.253.0/24 maxlen: 24
                          185.103.252.0/23 maxlen: 23
                          45.9.72.0/24 maxlen: 24
                          91.217.76.0/24 maxlen: 24
                          185.103.254.0/24 maxlen: 24
                          185.117.119.0/24 maxlen: 24
                          185.103.255.0/24 maxlen: 24
                          185.103.254.0/23 maxlen: 23
                          194.36.178.0/23 maxlen: 23
                          46.17.105.0/24 maxlen: 24
                          2a04:5201:4::/48 maxlen: 48
                          2a04:5200:68::/48 maxlen: 48
                          2a04:5201:6::/48 maxlen: 48
                          2a04:5201:2::/48 maxlen: 48
                          2a04:5201:7::/48 maxlen: 48
                          2a04:5201:8018::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70633462 (0x435c7f6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Mar 19 08:40:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3d714c371ba029233d31f49fcf3730685c7533c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:df:09:13:6a:84:c2:25:ba:50:c4:bb:f6:48:
                    9c:94:d9:06:77:f2:ee:79:b2:1c:66:72:e6:1e:de:
                    24:6e:80:46:a3:af:a2:53:18:80:72:5e:3d:bc:90:
                    89:a8:9a:b0:45:37:5d:13:cb:88:b8:ab:ef:4d:a7:
                    34:56:69:51:95:95:93:f2:a1:f7:c4:1b:35:4e:5a:
                    2b:78:6c:90:f4:ad:bc:f0:fd:f2:95:70:2a:4d:55:
                    a8:c1:50:31:ed:40:20:b6:9a:07:7a:4a:5e:3e:d6:
                    13:98:cc:ce:92:af:bf:32:f5:e9:43:d9:be:cc:15:
                    c8:85:76:fa:2f:9f:4f:91:17:03:19:8c:1c:48:5c:
                    12:26:d0:1a:61:7e:ee:b8:fc:ff:47:37:89:e7:b9:
                    92:83:84:0a:a1:c0:69:16:c9:07:91:7a:e4:05:9a:
                    21:40:39:9a:e1:74:c2:ab:77:eb:28:39:ee:25:af:
                    75:73:02:41:d1:8a:4b:06:3a:78:2b:3d:d7:07:a0:
                    6d:7c:d5:7e:f4:42:04:c4:d3:bb:2e:a4:eb:bc:e9:
                    aa:02:ba:c1:78:f9:72:5d:7d:20:e1:1a:81:9a:ee:
                    82:70:47:0f:25:c7:65:c5:2b:fc:f1:c4:e6:17:11:
                    fe:7a:fc:ab:64:76:80:22:79:32:b5:01:97:02:46:
                    3f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:71:4C:37:1B:A0:29:23:3D:31:F4:9F:CF:37:30:68:5C:75:33:C5
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/PXFMNxugKSM9MfSfzzcwaFx1M8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.72.0/24
                  46.17.105.0/24
                  91.217.76.0/24
                  185.103.252.0/22
                  185.117.116.0/24
                  185.117.119.0/24
                  194.36.178.0/23
                IPv6:
                  2a04:5200:68::/48
                  2a04:5201:2::/48
                  2a04:5201:4::/48
                  2a04:5201:6::/47
                  2a04:5201:8018::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:6a:97:24:10:fa:f1:61:04:b8:57:37:e5:5a:32:3a:96:93:
         09:e3:eb:24:4b:77:d2:2f:3c:94:95:d8:bc:91:86:29:b9:c6:
         f5:d3:e2:22:66:f9:c6:88:b8:f7:2e:68:16:02:77:c5:ed:bb:
         3d:fd:bf:26:32:87:51:d0:d5:cd:68:3c:98:e3:1b:93:c3:13:
         57:3c:fe:45:fe:92:ae:6d:9a:ba:98:40:ce:e7:f3:4b:dd:36:
         d1:31:23:44:ef:6b:8d:00:2e:30:3d:d4:ba:5e:1b:f1:b2:08:
         68:dc:ab:a4:1b:15:f5:e6:e9:9e:69:de:7c:26:6d:ad:9f:10:
         c4:2f:0d:68:ce:12:2b:75:39:3f:64:98:40:4f:07:fb:b0:5b:
         6c:0f:b6:1f:20:0a:ca:14:84:89:87:d1:b3:12:bb:6f:57:79:
         13:82:b2:95:43:64:b1:49:f0:d1:31:71:4c:c6:28:c9:13:98:
         2c:21:01:4f:ae:60:55:4a:13:8d:29:e3:dc:59:03:2f:11:a9:
         a6:34:93:ca:7d:c9:ae:a2:eb:7d:aa:88:22:a6:cb:02:d9:8d:
         ba:2f:f7:31:9f:3e:3d:ec:30:96:46:3c:c2:3f:5a:aa:92:b9:
         b3:d7:28:b8:90:16:dc:99:c2:12:f4:99:03:5d:d8:3f:ae:5f:
         9a:b5:35:79
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgIEBDXH9jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDMx
OTA4NDAwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2Q3MTRjMzcxYmEw
MjkyMzNkMzFmNDlmY2YzNzMwNjg1Yzc1MzNjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK3fCRNqhMIlulDEu/ZInJTZBnfy7nmyHGZy5h7eJG6ARqOv
olMYgHJePbyQiaiasEU3XRPLiLir702nNFZpUZWVk/Kh98QbNU5aK3hskPStvPD9
8pVwKk1VqMFQMe1AILaaB3pKXj7WE5jMzpKvvzL16UPZvswVyIV2+i+fT5EXAxmM
HEhcEibQGmF+7rj8/0c3iee5koOECqHAaRbJB5F65AWaIUA5muF0wqt36yg57iWv
dXMCQdGKSwY6eCs91wegbXzVfvRCBMTTuy6k67zpqgK6wXj5cl19IOEagZrugnBH
DyXHZcUr/PHE5hcR/nr8q2R2gCJ5MrUBlwJGP60CAwEAAaOCAmIwggJeMB0GA1Ud
DgQWBBQ9cUw3G6ApIz0x9J/PNzBoXHUzxTAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L1BYRk1OeHVnS1NNOU1mU2Z6emN3YUZ4MU04VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB4
BggrBgEFBQcBBwEB/wRpMGcwMAQCAAEwKgMEAC0JSAMEAC4RaQMEAFvZTAMEArln
/AMEALl1dAMEALl1dwMEAcIksjAzBAIAAjAtAwcAKgRSAABoAwcAKgRSAQACAwcA
KgRSAQAEAwcBKgRSAQAGAwcAKgRSAYAYMA0GCSqGSIb3DQEBCwUAA4IBAQAcapck
EPrxYQS4VzflWjI6lpMJ4+skS3fSLzyUldi8kYYpucb10+IiZvnGiLj3LmgWAnfF
7bs9/b8mModR0NXNaDyY4xuTwxNXPP5F/pKubZq6mEDO5/NL3TbRMSNE72uNAC4w
PdS6Xhvxsgho3KukGxX15umead58Jm2tnxDELw1ozhIrdTk/ZJhATwf7sFtsD7Yf
IArKFISJh9GzErtvV3kTgrKVQ2SxSfDRMXFMxijJE5gsIQFPrmBVShONKePcWQMv
EammNJPKfcmuout9qogipssC2Y26L/cxnz497DCWRjzCP1qqkrmz1yi4kBbcmcIS
9JkDXdg/rl+atTV5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org