Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1-BU6SE8Y1-GELkuIgnA4qOd3JM0.roa
File:                     1-BU6SE8Y1-GELkuIgnA4qOd3JM0.roa (raw, json)
Hash identifier:          VHhTED1AIjfgx7Csi4Xe6Aen0pViqn1fFvdzB70RU6A=
Subject key identifier:   F8:15:3A:48:4F:18:D7:E1:84:2E:4B:88:82:70:38:A8:E7:77:24:CD
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0184C725E6DF9573B1E750D0A6EB038505A2
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1-BU6SE8Y1-GELkuIgnA4qOd3JM0.roa
Signing time:             Wed 30 Nov 2022 06:07:40 +0000
ROA not before:           Wed 30 Nov 2022 06:07:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        212.60.13.0/24 maxlen: 24
                          162.218.93.0/24 maxlen: 24
                          185.205.204.0/24 maxlen: 24
                          185.253.120.0/24 maxlen: 24
                          185.253.121.0/24 maxlen: 24
                          5.182.196.0/24 maxlen: 24
                          5.182.197.0/24 maxlen: 24
                          185.161.190.0/24 maxlen: 24
                          79.98.183.0/24 maxlen: 24
                          78.31.205.0/24 maxlen: 24
                          92.249.29.0/24 maxlen: 24
                          185.201.42.0/24 maxlen: 24
                          5.182.185.0/24 maxlen: 24
                          147.78.207.0/24 maxlen: 24
                          94.154.171.0/24 maxlen: 24
                          94.154.178.0/24 maxlen: 24
                          185.208.152.0/24 maxlen: 24
                          217.197.170.0/24 maxlen: 24
                          185.208.153.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c7:25:e6:df:95:73:b1:e7:50:d0:a6:eb:03:85:05:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Nov 30 06:07:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f8153a484f18d7e1842e4b88827038a8e77724cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e1:03:25:c9:6a:a0:b7:c0:57:60:dc:23:bd:
                    a4:f4:5e:fd:38:3c:d5:cb:4b:51:5a:85:3e:68:e4:
                    49:7a:e5:b4:04:77:8c:0c:f4:f7:a1:79:03:b1:4a:
                    fb:09:fd:e5:e9:3f:0c:6c:d4:90:61:4e:6b:a3:4f:
                    bd:d9:cd:fd:27:b5:70:44:42:7a:1c:8d:21:f8:d6:
                    3b:0a:12:20:f9:56:db:96:42:f2:7e:78:93:ee:2a:
                    07:02:7c:01:01:ee:e9:ea:db:00:74:2e:54:95:a4:
                    65:76:21:07:01:35:d2:dd:e7:0c:4a:02:0a:0b:02:
                    42:4d:61:be:68:4f:fa:1a:ad:06:ca:5e:51:43:d2:
                    48:05:08:12:b1:78:e2:69:3f:99:c1:15:b1:39:5f:
                    f7:9f:72:e8:4d:cf:e5:b2:59:9c:b4:9c:e2:4b:23:
                    bf:02:f7:4b:d0:f0:59:58:d7:45:22:9f:b0:d1:90:
                    3a:fa:72:c3:b3:d3:2e:2b:f9:fa:3c:70:ed:ed:68:
                    7a:96:6c:56:d0:7d:bd:ac:6d:bd:8d:83:bc:c1:fb:
                    42:ba:30:88:d3:11:fe:1d:3d:c7:70:d3:df:d6:89:
                    30:02:d8:75:8e:28:2b:1a:b0:43:ea:40:d4:30:fc:
                    06:d5:80:92:61:0a:f2:e3:11:6d:43:3d:b8:3a:a6:
                    c3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:15:3A:48:4F:18:D7:E1:84:2E:4B:88:82:70:38:A8:E7:77:24:CD
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/1-BU6SE8Y1-GELkuIgnA4qOd3JM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.185.0/24
                  5.182.196.0/23
                  78.31.205.0/24
                  79.98.183.0/24
                  92.249.29.0/24
                  94.154.171.0/24
                  94.154.178.0/24
                  147.78.207.0/24
                  162.218.93.0/24
                  185.161.190.0/24
                  185.201.42.0/24
                  185.205.204.0/24
                  185.208.152.0/23
                  185.253.120.0/23
                  212.60.13.0/24
                  217.197.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:34:89:5b:b7:24:43:6c:9b:8f:0c:43:05:8e:9d:78:17:00:
         59:07:b2:57:21:ac:a7:82:b9:50:16:fe:8e:57:a1:ab:dd:d5:
         76:15:32:07:14:1f:d2:c2:ec:43:35:83:63:b0:d2:0e:c0:1f:
         88:2c:8b:c9:c6:20:7f:28:1f:d3:bf:59:fc:9a:d2:ca:60:d3:
         1c:b4:e7:d7:6b:21:70:73:7f:a4:c1:41:8b:c6:3b:b8:cb:c3:
         5a:6b:9d:e5:ae:90:e2:64:e7:1a:42:25:8e:0a:17:d3:bb:11:
         bf:d1:86:c4:b6:7d:c6:ac:23:fc:41:25:c9:4a:54:7b:99:a1:
         49:ae:6a:3d:35:e2:1a:f9:d8:16:84:4f:7c:3c:cc:b4:7e:1a:
         ad:58:1e:fd:fb:c5:1b:fd:76:d0:d2:32:3f:58:74:c5:1c:13:
         3a:3a:1e:a2:25:e3:d8:cb:cf:d8:ab:6d:97:4f:70:dd:79:85:
         db:a9:12:ef:5b:3b:7a:56:7b:03:5d:98:b4:39:d4:22:84:80:
         9f:c5:87:a2:7c:02:62:fc:09:b4:78:36:80:15:c7:4f:6b:a3:
         eb:51:d5:9a:0d:23:61:3b:51:f9:e2:e5:0c:3b:91:9b:ec:c5:
         98:01:e2:98:27:95:e0:70:74:22:23:cc:92:23:ca:12:ed:ae:
         f5:26:78:e6
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYTHJebflXOx51DQpusDhQWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjIxMTMwMDYwNzQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODE1M2E0ODRmMThkN2UxODQyZTRiODg4MjcwMzhhOGU3NzcyNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+EDJclqoLfAV2DcI72k9F79ODzV
y0tRWoU+aORJeuW0BHeMDPT3oXkDsUr7Cf3l6T8MbNSQYU5ro0+92c39J7VwREJ6
HI0h+NY7ChIg+VbblkLyfniT7ioHAnwBAe7p6tsAdC5UlaRldiEHATXS3ecMSgIK
CwJCTWG+aE/6Gq0Gyl5RQ9JIBQgSsXjiaT+ZwRWxOV/3n3LoTc/lslmctJziSyO/
AvdL0PBZWNdFIp+w0ZA6+nLDs9MuK/n6PHDt7Wh6lmxW0H29rG29jYO8wftCujCI
0xH+HT3HcNPf1okwAth1jigrGrBD6kDUMPwG1YCSYQry4xFtQz24OqbDiwIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFPgVOkhPGNfhhC5LiIJwOKjndyTNMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvMS1CVTZTRThZMS1HRUxrdUlnbkE0cU9kM0pNMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2EvM2M0YjhhLWJmYzctNDFlOS05OWUxLWYzZTUwNmFlYWEw
MS8xL2NyZVBab0w4T2NWYlFkU1BnTGlEalYwdHZ3Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB5BggrBgEFBQcBBwEB/wRqMGgwZgQCAAEwYAMEAAW2uQME
AQW2xAMEAE4fzQMEAE9itwMEAFz5HQMEAF6aqwMEAF6asgMEAJNOzwMEAKLaXQME
ALmhvgMEALnJKgMEALnNzAMEAbnQmAMEAbn9eAMEANQ8DQMEANnFqjANBgkqhkiG
9w0BAQsFAAOCAQEADTSJW7ckQ2ybjwxDBY6deBcAWQeyVyGsp4K5UBb+jlehq93V
dhUyBxQf0sLsQzWDY7DSDsAfiCyLycYgfygf079Z/JrSymDTHLTn12shcHN/pMFB
i8Y7uMvDWmud5a6Q4mTnGkIljgoX07sRv9GGxLZ9xqwj/EElyUpUe5mhSa5qPTXi
GvnYFoRPfDzMtH4arVge/fvFG/120NIyP1h0xRwTOjoeoiXj2MvP2Kttl09w3XmF
26kS71s7elZ7A12YtDnUIoSAn8WHonwCYvwJtHg2gBXHT2uj61HVmg0jYTtR+eLl
DDuRm+zFmAHimCeV4HB0IiPMkiPKEu2u9SZ45g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:54 2024 by rpki-client on console-fra.rpki-client.org