Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Lb5tIyHBKETJJ6_n742KuUCDVOA.roa
File:                     Lb5tIyHBKETJJ6_n742KuUCDVOA.roa (raw, json)
Hash identifier:          QeCZqjjGWWTvGysZa2uP/E/EBuxTZWxZD9T39V9dxnc=
Subject key identifier:   2D:BE:6D:23:21:C1:28:44:C9:27:AF:E7:EF:8D:8A:B9:40:83:54:E0
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018516899C0FDC33E1BC5C492C61CF8D705F
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Lb5tIyHBKETJJ6_n742KuUCDVOA.roa
Signing time:             Thu 15 Dec 2022 16:06:35 +0000
ROA not before:           Thu 15 Dec 2022 16:06:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200462
IP address blocks:        31.47.238.0/24 maxlen: 32
                          94.247.43.0/24 maxlen: 32
                          5.180.192.0/23 maxlen: 24
                          2.58.52.0/23 maxlen: 32
                          45.86.124.0/23 maxlen: 24
                          2a09:e1c0::/32 maxlen: 128
                          2a07:6fc0:10::/44 maxlen: 48
                          2a0e:de80::/29 maxlen: 48
                          2a00:f826:8::/48 maxlen: 48
                          2a0c:8900::/29 maxlen: 128

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:16:89:9c:0f:dc:33:e1:bc:5c:49:2c:61:cf:8d:70:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Dec 15 16:06:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2dbe6d2321c12844c927afe7ef8d8ab9408354e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c8:4a:14:8a:6a:d9:5b:47:d3:d8:ff:29:4f:
                    2a:fc:c1:63:27:14:ea:61:71:ee:36:88:c0:ca:bd:
                    e0:c5:6a:93:a8:c9:d8:5f:52:bc:4a:c9:f4:6f:13:
                    83:88:83:9d:9f:2f:75:61:c6:cb:e7:b7:41:59:31:
                    43:b0:eb:cd:f0:60:b2:78:df:76:aa:ad:7f:cf:16:
                    7e:a8:35:24:39:a7:13:e8:93:a0:b8:d3:84:81:78:
                    fe:82:d4:99:d3:f7:f0:4f:df:6b:12:c6:dc:42:7c:
                    41:65:9f:4c:7c:03:2a:ef:3c:16:8b:7f:d7:be:10:
                    93:0c:9b:97:34:09:1e:1f:6d:c6:dd:ca:d9:ce:4c:
                    08:40:30:06:e8:50:df:d7:0a:af:de:55:05:60:43:
                    07:88:33:54:00:20:1c:8a:41:e5:d3:e2:19:bf:2c:
                    7a:9d:39:fe:f0:55:6b:0b:99:98:cc:df:17:08:df:
                    93:6d:33:cc:f3:b8:70:93:ff:fb:1d:85:fe:ca:f6:
                    54:43:b2:ac:1c:fc:65:fc:49:eb:da:df:c3:4d:a9:
                    85:ae:2b:da:66:76:e5:7f:01:ff:8b:e7:15:94:83:
                    89:02:c2:c7:46:a4:67:e5:e8:5b:0f:62:df:90:ac:
                    6e:cf:7f:5a:b3:94:6b:99:7c:fc:9c:4a:d2:4f:7c:
                    4e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:BE:6D:23:21:C1:28:44:C9:27:AF:E7:EF:8D:8A:B9:40:83:54:E0
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Lb5tIyHBKETJJ6_n742KuUCDVOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.52.0/23
                  5.180.192.0/23
                  31.47.238.0/24
                  45.86.124.0/23
                  94.247.43.0/24
                IPv6:
                  2a00:f826:8::/48
                  2a07:6fc0:10::/44
                  2a09:e1c0::/32
                  2a0c:8900::/29
                  2a0e:de80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:d5:43:77:47:9b:7e:e4:fa:ce:fa:37:6b:ff:e1:d7:f8:81:
         28:a8:a2:d6:b9:7b:3f:53:05:ba:84:2d:97:42:69:a3:34:ce:
         f3:24:18:a2:1a:94:3d:84:43:d3:71:ae:1a:c0:31:e4:4f:d7:
         2f:d9:4f:29:cb:04:fc:bd:cc:12:57:86:7a:85:50:7d:f2:5f:
         28:12:1d:09:3a:b9:2a:2f:cd:34:76:f1:58:23:c8:5f:8d:a0:
         74:f5:08:a3:71:13:f2:6b:74:55:f3:cf:32:fd:5c:b7:41:72:
         36:e5:f4:6b:bd:11:0c:15:70:1d:25:1b:a5:75:b3:5a:07:e7:
         3d:63:7c:64:a2:a1:c5:ba:e6:ce:4b:a7:95:f0:a8:c7:bb:e6:
         2d:76:c5:b9:01:bb:c2:b1:c9:db:0e:7c:fa:9d:6e:77:71:e6:
         31:e1:17:ed:ea:bc:3f:df:86:ea:87:81:ff:47:6c:56:f9:d5:
         bf:5a:f0:f8:d5:32:4f:6d:0c:9f:53:a6:30:cf:a6:18:1e:bd:
         12:bb:56:1f:7c:a7:59:af:0c:1c:d2:48:34:5d:58:57:b1:62:
         88:ad:cb:11:01:42:91:f1:7e:4a:82:7f:6a:4e:2c:a7:8a:03:
         1b:fd:1c:ac:48:57:8f:0f:42:78:6e:dd:b4:53:5f:b7:c4:98:
         b0:0b:02:84
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYUWiZwP3DPhvFxJLGHPjXBfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjIxMjE1MTYwNjM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGJlNmQyMzIxYzEyODQ0YzkyN2FmZTdlZjhkOGFiOTQwODM1NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8hKFIpq2VtH09j/KU8q/MFjJxTq
YXHuNojAyr3gxWqTqMnYX1K8Ssn0bxODiIOdny91YcbL57dBWTFDsOvN8GCyeN92
qq1/zxZ+qDUkOacT6JOguNOEgXj+gtSZ0/fwT99rEsbcQnxBZZ9MfAMq7zwWi3/X
vhCTDJuXNAkeH23G3crZzkwIQDAG6FDf1wqv3lUFYEMHiDNUACAcikHl0+IZvyx6
nTn+8FVrC5mYzN8XCN+TbTPM87hwk//7HYX+yvZUQ7KsHPxl/Enr2t/DTamFriva
ZnblfwH/i+cVlIOJAsLHRqRn5ehbD2LfkKxuz39as5RrmXz8nErST3xOMQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFC2+bSMhwShEySev5++NirlAg1TgMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvTGI1dEl5SEJLRVRKSjZfbjc0Mkt1VUNEVk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAkBAIAATAeAwQBAjo0AwQB
BbTAAwQAHy/uAwQBLVZ8AwQAXvcrMC0EAgACMCcDBwAqAPgmAAgDBwQqB2/AABAD
BQAqCeHAAwUDKgyJAAMFAyoO3oAwDQYJKoZIhvcNAQELBQADggEBALHVQ3dHm37k
+s76N2v/4df4gSioota5ez9TBbqELZdCaaM0zvMkGKIalD2EQ9NxrhrAMeRP1y/Z
TynLBPy9zBJXhnqFUH3yXygSHQk6uSovzTR28VgjyF+NoHT1CKNxE/JrdFXzzzL9
XLdBcjbl9Gu9EQwVcB0lG6V1s1oH5z1jfGSiocW65s5Lp5XwqMe75i12xbkBu8Kx
ydsOfPqdbndx5jHhF+3qvD/fhuqHgf9HbFb51b9a8PjVMk9tDJ9TpjDPphgevRK7
Vh98p1mvDBzSSDRdWFexYoityxEBQpHxfkqCf2pOLKeKAxv9HKxIV48PQnhu3bRT
X7fEmLALAoQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org