Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/n8HLJ9qYpnipAxttroWWbjnd20I.roa
File:                     n8HLJ9qYpnipAxttroWWbjnd20I.roa (raw, json)
Hash identifier:          8EUXwPRGRNw+H6eYz/Jg+lxk49FFtXtlpYsFZoofPhU=
Subject key identifier:   9F:C1:CB:27:DA:98:A6:78:A9:03:1B:6D:AE:85:96:6E:39:DD:DB:42
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01849FB518DF447B0B937426851CB4BB6B43
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/n8HLJ9qYpnipAxttroWWbjnd20I.roa
Signing time:             Tue 22 Nov 2022 14:19:16 +0000
ROA not before:           Tue 22 Nov 2022 14:19:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209641
IP address blocks:        185.5.248.0/23 maxlen: 23
                          185.5.248.0/22 maxlen: 22
                          185.87.48.0/22 maxlen: 22
                          185.87.48.0/24 maxlen: 24
                          185.117.152.0/22 maxlen: 22
                          139.28.220.0/24 maxlen: 24
                          45.89.66.0/24 maxlen: 24
                          91.217.80.0/24 maxlen: 24
                          95.214.10.0/24 maxlen: 24
                          95.214.11.0/24 maxlen: 24
                          95.214.9.0/24 maxlen: 24
                          195.66.87.0/24 maxlen: 24
                          94.142.136.0/21 maxlen: 21
                          185.105.119.0/24 maxlen: 24
                          94.142.139.0/24 maxlen: 24
                          94.142.143.0/24 maxlen: 24
                          94.142.141.0/24 maxlen: 24
                          94.142.140.0/24 maxlen: 24
                          94.142.142.0/24 maxlen: 24
                          185.125.216.0/22 maxlen: 22
                          185.105.118.0/24 maxlen: 24
                          185.105.116.0/24 maxlen: 24
                          185.105.117.0/24 maxlen: 24
                          185.58.205.0/24 maxlen: 24
                          185.58.206.0/24 maxlen: 24
                          185.58.204.0/24 maxlen: 24
                          185.58.204.0/22 maxlen: 22
                          185.58.207.0/24 maxlen: 24
                          185.125.231.0/24 maxlen: 24
                          185.125.229.0/24 maxlen: 24
                          185.125.228.0/22 maxlen: 22
                          185.125.228.0/24 maxlen: 24
                          194.67.192.0/19 maxlen: 19
                          194.67.196.0/22 maxlen: 22
                          194.67.194.0/23 maxlen: 23
                          194.67.193.0/24 maxlen: 24
                          193.124.176.0/21 maxlen: 21
                          193.124.176.0/20 maxlen: 20
                          193.124.184.0/21 maxlen: 21
                          45.128.176.0/24 maxlen: 24
                          45.128.178.0/24 maxlen: 24
                          45.128.176.0/22 maxlen: 22
                          45.128.177.0/24 maxlen: 24
                          45.128.179.0/24 maxlen: 24
                          195.47.250.0/24 maxlen: 24
                          194.67.203.0/24 maxlen: 24
                          194.67.202.0/24 maxlen: 24
                          194.67.200.0/23 maxlen: 23
                          194.67.204.0/22 maxlen: 22
                          194.67.208.0/20 maxlen: 20
                          2a0a:9300:d1::/48 maxlen: 48
                          2a0a:9300::/48 maxlen: 48
                          2a0a:9301:1::/48 maxlen: 48
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9300:d2::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0a:9300:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
                          2a0a:9300:d0::/48 maxlen: 48
                          2a0a:9302:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:b5:18:df:44:7b:0b:93:74:26:85:1c:b4:bb:6b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Nov 22 14:19:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9fc1cb27da98a678a9031b6dae85966e39dddb42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:49:de:8a:c7:2f:71:49:c9:a7:70:d5:6e:bc:
                    f9:f4:d7:a4:4c:39:60:e0:e1:47:47:0b:ae:e2:e5:
                    53:ef:e9:30:d6:2a:a2:c9:2a:96:21:da:72:e7:e2:
                    ec:f2:e2:9b:f8:2e:e7:cc:cd:60:6b:17:9a:5a:ac:
                    9e:f8:bb:29:1f:06:39:76:a2:23:a5:fa:4e:20:70:
                    8f:7d:e2:c1:65:19:69:49:d3:0a:bf:08:c4:68:cb:
                    60:d4:e6:8d:c8:62:12:58:cd:86:05:30:a5:e2:f2:
                    b6:b2:5b:c6:b2:75:5f:ad:56:ef:6b:0f:2d:44:90:
                    19:fb:b8:ec:eb:b2:bd:86:77:9b:fe:34:91:0b:8d:
                    68:b3:6c:7a:ad:67:cc:c6:1f:2c:a2:92:48:07:9d:
                    b3:dc:fb:7a:12:1b:62:7c:74:b4:76:08:eb:12:16:
                    5b:52:89:f4:38:06:ca:38:fb:66:7e:5c:16:83:43:
                    ea:c0:d8:9e:d2:ee:67:33:25:53:3a:57:c2:d1:b0:
                    e8:02:e5:16:81:a0:8c:3c:90:27:3c:8d:85:af:b0:
                    e4:b2:6c:ce:d3:de:91:50:3d:26:c9:a5:f7:f2:0a:
                    d1:19:c8:ec:f2:54:33:97:6a:42:38:7d:e1:2a:0c:
                    d6:f0:12:1e:90:74:4e:38:d0:16:dd:2a:9f:23:e8:
                    9e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:C1:CB:27:DA:98:A6:78:A9:03:1B:6D:AE:85:96:6E:39:DD:DB:42
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/n8HLJ9qYpnipAxttroWWbjnd20I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.66.0/24
                  45.128.176.0/22
                  91.217.80.0/24
                  94.142.136.0/21
                  95.214.9.0-95.214.11.255
                  139.28.220.0/24
                  185.5.248.0/22
                  185.58.204.0/22
                  185.87.48.0/22
                  185.105.116.0/22
                  185.117.152.0/22
                  185.125.216.0/22
                  185.125.228.0/22
                  193.124.176.0/20
                  194.67.192.0/19
                  195.47.250.0/24
                  195.66.87.0/24
                IPv6:
                  2a0a:9300::/48
                  2a0a:9300:2::/48
                  2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:34:9b:02:ce:b8:2b:2d:31:c4:4e:f9:74:eb:6d:2d:62:6d:
         ad:b6:40:51:d0:ac:c0:ef:75:4c:28:83:b3:19:21:01:12:fc:
         a8:8c:59:a3:c8:55:42:0e:bd:f0:df:b1:96:c2:65:fe:1b:2e:
         0f:43:df:32:d3:37:3d:79:51:ab:95:80:18:81:c4:81:ac:8c:
         70:ce:8d:a0:47:90:bf:bb:d1:0e:c5:76:ff:f1:63:c4:10:42:
         07:da:7a:c6:8b:52:a9:f4:73:4d:45:34:6d:e8:28:64:92:ec:
         b5:37:a2:2b:97:76:6d:5e:76:3e:5c:92:76:f6:4d:55:df:69:
         1c:d4:6d:8f:04:a7:ba:f8:7c:12:b4:cc:42:57:16:9a:23:f0:
         88:0e:40:b7:7b:bc:fe:de:c2:2a:d3:ae:36:05:aa:16:0a:3d:
         a5:fe:33:61:ba:04:13:24:97:46:bf:8a:e9:2f:c9:a0:fb:14:
         4a:5e:11:ec:21:41:31:53:f4:f7:8b:9d:9d:f2:e4:df:d7:af:
         8f:3e:44:bb:af:98:04:81:83:c4:04:b4:a4:6d:d6:20:b9:f9:
         8d:c3:3d:86:0a:bb:92:0d:18:5b:08:35:aa:29:8e:ee:f9:7c:
         1f:21:0e:af:34:b1:f4:43:8d:26:4d:03:22:00:d2:aa:51:43:
         11:0f:99:d4
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAYSftRjfRHsLk3QmhRy0u2tDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIxMTIyMTQxOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmMxY2IyN2RhOThhNjc4YTkwMzFiNmRhZTg1OTY2ZTM5ZGRkYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0neiscvcUnJp3DVbrz59NekTDlg
4OFHRwuu4uVT7+kw1iqiySqWIdpy5+Ls8uKb+C7nzM1gaxeaWqye+LspHwY5dqIj
pfpOIHCPfeLBZRlpSdMKvwjEaMtg1OaNyGISWM2GBTCl4vK2slvGsnVfrVbvaw8t
RJAZ+7js67K9hneb/jSRC41os2x6rWfMxh8sopJIB52z3Pt6EhtifHS0dgjrEhZb
Uon0OAbKOPtmflwWg0PqwNie0u5nMyVTOlfC0bDoAuUWgaCMPJAnPI2Fr7DksmzO
096RUD0myaX38grRGcjs8lQzl2pCOH3hKgzW8BIekHROONAW3SqfI+ieNQIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFJ/ByyfamKZ4qQMbba6Flm453dtCMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbjhITEo5cVlwbmlwQXh0dHJvV1diam5kMjBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHQBggrBgEFBQcBBwEB/wSBwDCBvTB0BAIAATBuAwQALVlC
AwQCLYCwAwQAW9lQAwQDXo6IMAwDBABf1gkDBAJf1ggDBACLHNwDBAK5BfgDBAK5
OswDBAK5VzADBAK5aXQDBAK5dZgDBAK5fdgDBAK5feQDBATBfLADBAXCQ8ADBADD
L/oDBADDQlcwRQQCAAIwPwMHACoKkwAAAAMHACoKkwAAAjASAwcEKgqTAADQAwcA
KgqTAADSMBADBQAqCpMBAwcAKgqTAQACAwUAKgqTAjANBgkqhkiG9w0BAQsFAAOC
AQEAsTSbAs64Ky0xxE75dOttLWJtrbZAUdCswO91TCiDsxkhARL8qIxZo8hVQg69
8N+xlsJl/hsuD0PfMtM3PXlRq5WAGIHEgayMcM6NoEeQv7vRDsV2//FjxBBCB9p6
xotSqfRzTUU0begoZJLstTeiK5d2bV52PlySdvZNVd9pHNRtjwSnuvh8ErTMQlcW
miPwiA5At3u8/t7CKtOuNgWqFgo9pf4zYboEEySXRr+K6S/JoPsUSl4R7CFBMVP0
94udnfLk39evjz5Eu6+YBIGDxAS0pG3WILn5jcM9hgq7kg0YWwg1qimO7vl8HyEO
rzSx9EONJk0DIgDSqlFDEQ+Z1A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org