Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/kEP_ERWxSOM6Vb38k4Qkg341yE8.roa
File:                     kEP_ERWxSOM6Vb38k4Qkg341yE8.roa (raw, json)
Hash identifier:          ta7zKJaAhB1w6cEHfWN8kteAgYpATwfpewRcObpggiM=
Subject key identifier:   90:43:FF:11:15:B1:48:E3:3A:55:BD:FC:93:84:24:83:7E:35:C8:4F
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       17970209
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/kEP_ERWxSOM6Vb38k4Qkg341yE8.roa
Signing time:             Sat 01 Jan 2022 13:03:23 +0000
ROA not before:           Sat 01 Jan 2022 13:03:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202010
IP address blocks:        5.1.74.0/24 maxlen: 32
                          5.1.81.139/32 maxlen: 32
                          5.1.81.0/24 maxlen: 32
                          178.251.228.0/24 maxlen: 32
                          178.251.229.0/24 maxlen: 32
                          5.1.81.140/32 maxlen: 32
                          2a01:367:dead::/48 maxlen: 48
                          2a01:367:beef::/48 maxlen: 48
                          2a01:367:ffa1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 395772425 (0x17970209)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 13:03:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9043ff1115b148e33a55bdfc938424837e35c84f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6f:f1:7d:8b:d3:e3:5a:b0:4d:ee:96:da:e2:
                    d9:9c:f8:03:d8:ec:85:a7:1e:5b:50:b9:f3:50:b6:
                    f8:e8:d2:8f:28:6a:68:4e:68:b8:e5:9f:a2:ae:46:
                    ca:ca:7a:d0:e5:d1:92:0e:76:af:0a:23:13:d7:0c:
                    f1:25:87:5f:8f:b1:da:ae:af:91:ac:4b:70:5d:4b:
                    8e:45:37:7c:93:b4:c7:b0:a9:81:11:80:cb:e6:58:
                    fc:f6:0a:ff:37:2b:e7:b1:cc:bc:53:31:1d:c6:8e:
                    d5:64:6d:27:8b:d5:8c:69:6b:0d:e9:7c:5f:ca:f7:
                    11:4d:61:d1:95:d9:d3:e9:d7:52:80:c0:44:3c:66:
                    cc:17:25:63:55:e2:f1:f9:63:74:79:ce:67:72:b1:
                    9b:bb:6e:5c:a0:10:d6:67:9b:e4:49:29:97:45:38:
                    e0:eb:41:cd:55:94:5c:32:5d:d4:67:06:e4:a1:b5:
                    28:2a:0e:24:2c:b3:59:3e:4b:1d:be:07:4a:15:52:
                    bb:41:bd:94:35:de:e6:18:d4:56:fc:76:3d:d6:44:
                    96:5e:1e:b0:6f:04:83:be:2e:25:9d:ba:02:80:a1:
                    c7:80:b8:6c:4f:24:65:bb:75:93:f2:e2:39:75:44:
                    11:7c:35:2b:8b:24:64:fe:ca:62:ba:d3:ab:8b:ea:
                    ab:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:43:FF:11:15:B1:48:E3:3A:55:BD:FC:93:84:24:83:7E:35:C8:4F
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/kEP_ERWxSOM6Vb38k4Qkg341yE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.74.0/24
                  5.1.81.0/24
                  178.251.228.0/23
                IPv6:
                  2a01:367:beef::/48
                  2a01:367:dead::/48
                  2a01:367:ffa1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:73:13:27:d4:80:4e:dc:2c:74:70:45:f4:06:4a:56:ad:ad:
         24:e8:a6:bb:b5:9d:58:90:f0:3a:3f:f0:b0:61:81:aa:87:22:
         31:cc:7b:2d:27:50:e0:b8:83:ba:fd:0c:91:ce:b9:39:36:49:
         07:42:ac:e2:8c:df:a5:e2:2c:33:a8:96:26:f8:76:a8:43:5d:
         dd:16:e4:07:d2:d5:9b:95:42:5c:78:9a:35:24:fb:82:91:37:
         42:3e:83:ec:a7:80:0c:60:29:0e:25:e4:ec:e1:72:a1:d6:eb:
         3b:65:96:e7:89:03:60:fb:5e:b8:90:47:3e:ff:e3:61:1f:f1:
         fd:22:f0:3f:65:9f:99:aa:9a:91:41:13:c5:d9:95:fb:dd:55:
         02:7c:27:b9:e4:82:1f:a7:ec:bf:05:b6:8e:24:62:30:03:a3:
         aa:87:85:80:9c:b5:dd:a3:b8:da:f5:bb:a8:f3:2a:46:a9:3f:
         55:4f:54:1d:46:b5:1d:09:b3:7b:da:09:10:ac:f4:98:1d:bd:
         18:bb:42:ca:06:29:a4:d9:e9:9a:86:19:42:6c:b5:e2:8c:bb:
         0f:ae:c6:f6:5c:a5:77:ef:3c:d8:53:5e:b0:74:3e:69:ce:5d:
         c7:56:8e:c9:0a:f7:c1:88:c0:11:31:ed:c6:62:d7:f6:7e:da:
         77:13:79:14
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIEF5cCCTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NDI1M2M0ZjIzM2NlOTg0NzY5OWFlNjhlY2JmNWQ3NTE0YjBmYWRiMB4XDTIyMDEw
MTEzMDMyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTA0M2ZmMTExNWIx
NDhlMzNhNTViZGZjOTM4NDI0ODM3ZTM1Yzg0ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMdv8X2L0+NasE3ultri2Zz4A9jshaceW1C581C2+OjSjyhq
aE5ouOWfoq5Gysp60OXRkg52rwojE9cM8SWHX4+x2q6vkaxLcF1LjkU3fJO0x7Cp
gRGAy+ZY/PYK/zcr57HMvFMxHcaO1WRtJ4vVjGlrDel8X8r3EU1h0ZXZ0+nXUoDA
RDxmzBclY1Xi8fljdHnOZ3Kxm7tuXKAQ1meb5Ekpl0U44OtBzVWUXDJd1GcG5KG1
KCoOJCyzWT5LHb4HShVSu0G9lDXe5hjUVvx2PdZEll4esG8Eg74uJZ26AoChx4C4
bE8kZbt1k/LiOXVEEXw1K4skZP7KYrrTq4vqq30CAwEAAaOCAjgwggI0MB0GA1Ud
DgQWBBSQQ/8RFbFI4zpVvfyThCSDfjXITzAfBgNVHSMEGDAWgBS0JTxPIzzphHaZ
rmjsv111FLD62zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RDVThUeU04NllSMm1hNW83TDlkZFJTdy10cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDFkNmUxLTVjYWQtNDBkYi05NzczLTU4YjM4ZjVhYzgwYi8x
L2tFUF9FUld4U09NNlZiMzhrNFFrZzM0MXlFOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDFkNmUxLTVjYWQtNDBkYi05NzczLTU4YjM4ZjVhYzgwYi8xL3RDVThUeU04NllS
Mm1hNW83TDlkZFJTdy10cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBO
BggrBgEFBQcBBwEB/wQ/MD0wGAQCAAEwEgMEAAUBSgMEAAUBUQMEAbL75DAhBAIA
AjAbAwcAKgEDZ77vAwcAKgEDZ96tAwcAKgEDZ/+hMA0GCSqGSIb3DQEBCwUAA4IB
AQBtcxMn1IBO3Cx0cEX0BkpWra0k6Ka7tZ1YkPA6P/CwYYGqhyIxzHstJ1DguIO6
/QyRzrk5NkkHQqzijN+l4iwzqJYm+HaoQ13dFuQH0tWblUJceJo1JPuCkTdCPoPs
p4AMYCkOJeTs4XKh1us7ZZbniQNg+164kEc+/+NhH/H9IvA/ZZ+ZqpqRQRPF2ZX7
3VUCfCe55IIfp+y/BbaOJGIwA6Oqh4WAnLXdo7ja9buo8ypGqT9VT1QdRrUdCbN7
2gkQrPSYHb0Yu0LKBimk2emahhlCbLXijLsPrsb2XKV37zzYU16wdD5pzl3HVo7J
CvfBiMARMe3GYtf2ftp3E3kU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org