Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/cK5CjkX8QAlbG1-tio9F8-1WHVY.roa
File:                     cK5CjkX8QAlbG1-tio9F8-1WHVY.roa (raw, json)
Hash identifier:          1Frlg+vz/JnfhgL8Em0Yc+Kwdgfi8OrX+8WzcUPJep8=
Subject key identifier:   70:AE:42:8E:45:FC:40:09:5B:1B:5F:AD:8A:8F:45:F3:ED:56:1D:56
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       19F1A19E
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/cK5CjkX8QAlbG1-tio9F8-1WHVY.roa
Signing time:             Sat 30 Apr 2022 22:14:41 +0000
ROA not before:           Sat 30 Apr 2022 22:14:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     46261
IP address blocks:        5.183.204.0/23 maxlen: 32
                          193.187.153.0/24 maxlen: 32
                          45.12.232.0/24 maxlen: 32
                          45.14.46.0/24 maxlen: 32
                          45.138.210.0/23 maxlen: 24
                          193.160.212.0/24 maxlen: 32
                          213.232.104.0/24 maxlen: 32
                          5.181.148.0/23 maxlen: 32
                          185.226.75.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 435265950 (0x19f1a19e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Apr 30 22:14:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=70ae428e45fc40095b1b5fad8a8f45f3ed561d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8f:80:85:33:1c:04:92:1f:80:60:80:1e:33:
                    92:6d:e4:88:3a:94:40:7c:33:4a:5e:19:38:53:26:
                    a9:98:5a:e8:e9:b3:2c:4a:50:ee:19:88:ee:45:3e:
                    78:ad:79:8a:05:18:4a:4d:4a:f7:65:b0:31:66:1c:
                    93:85:5a:61:ca:9f:65:3d:38:ad:45:a4:d2:92:6a:
                    27:12:11:f7:d4:e9:5f:dc:fe:80:7a:a4:2d:0f:17:
                    44:06:8d:e8:36:69:6d:57:de:0a:b1:c8:f0:76:76:
                    bf:79:ab:b5:94:55:3e:a1:ee:99:76:eb:9c:29:88:
                    41:5c:06:8a:25:13:7e:d9:b2:16:f5:1e:ff:e5:f0:
                    eb:f4:48:c7:5f:0f:be:7e:73:b9:6f:01:7d:c6:33:
                    b9:b0:d4:f4:c7:df:c0:fe:cb:6e:bb:52:5d:e0:64:
                    45:08:32:17:57:ff:56:5f:b6:b7:21:1b:51:20:df:
                    3a:1d:99:3c:88:a0:89:9b:0e:39:fa:69:b8:d7:5f:
                    b4:42:82:00:2b:71:d9:d1:a4:38:77:1d:3c:a7:42:
                    1b:80:d0:2b:f4:c1:4e:e2:91:d5:cc:4c:97:0d:90:
                    af:59:a8:43:54:82:e4:12:51:ab:ea:1d:e1:af:3b:
                    d6:02:cc:30:ed:db:ba:02:f5:4c:0f:bc:9a:13:f5:
                    aa:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:AE:42:8E:45:FC:40:09:5B:1B:5F:AD:8A:8F:45:F3:ED:56:1D:56
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/cK5CjkX8QAlbG1-tio9F8-1WHVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.148.0/23
                  5.183.204.0/23
                  45.12.232.0/24
                  45.14.46.0/24
                  45.138.210.0/23
                  185.226.75.0/24
                  193.160.212.0/24
                  193.187.153.0/24
                  213.232.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:6a:63:67:92:de:f5:27:97:63:e9:3f:d4:2f:a6:5e:92:c5:
         0f:03:c1:dc:48:ae:84:59:f1:46:dd:f0:09:f0:2c:1a:8c:83:
         71:a7:a6:7c:ad:19:61:6c:d2:20:9c:ff:dc:63:04:35:b9:bf:
         c5:c9:eb:57:ec:7d:60:e0:76:c8:47:e8:be:2f:b4:8f:87:5b:
         14:db:29:64:36:a4:32:a8:d6:c0:80:d9:74:c2:58:6c:75:09:
         01:a6:1c:07:72:15:45:76:4e:db:10:d4:13:06:14:a8:05:aa:
         9d:a0:6d:4b:a8:2b:60:04:a3:5b:65:4e:ea:4d:bc:cf:fb:94:
         46:77:6f:1b:ee:6b:33:6c:90:2f:49:7f:25:14:8b:d3:95:aa:
         fd:13:46:1c:a7:cd:58:34:a9:2a:39:10:a0:e1:11:6e:96:cc:
         ff:27:02:20:06:90:18:89:7e:f3:b6:0a:7b:f5:cb:2f:c7:48:
         03:df:4c:18:80:d9:10:1e:57:e8:63:1a:46:6f:ac:41:29:35:
         34:c9:de:fa:c8:fb:4f:33:b6:bd:10:65:49:6f:c8:8e:e3:e0:
         d1:5a:a6:f4:fe:b5:eb:0a:20:52:8f:2c:5d:84:a5:93:4f:86:
         1b:7c:8f:94:91:ff:ea:e0:c9:07:28:00:c5:e4:3a:87:c5:bf:
         22:26:a6:b9
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEGfGhnjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDQz
MDIyMTQ0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzBhZTQyOGU0NWZj
NDAwOTViMWI1ZmFkOGE4ZjQ1ZjNlZDU2MWQ1NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKePgIUzHASSH4BggB4zkm3kiDqUQHwzSl4ZOFMmqZha6Omz
LEpQ7hmI7kU+eK15igUYSk1K92WwMWYck4VaYcqfZT04rUWk0pJqJxIR99TpX9z+
gHqkLQ8XRAaN6DZpbVfeCrHI8HZ2v3mrtZRVPqHumXbrnCmIQVwGiiUTftmyFvUe
/+Xw6/RIx18Pvn5zuW8BfcYzubDU9MffwP7LbrtSXeBkRQgyF1f/Vl+2tyEbUSDf
Oh2ZPIigiZsOOfppuNdftEKCACtx2dGkOHcdPKdCG4DQK/TBTuKR1cxMlw2Qr1mo
Q1SC5BJRq+od4a871gLMMO3bugL1TA+8mhP1qgMCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBRwrkKORfxACVsbX62Kj0Xz7VYdVjAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L2NLNUNqa1g4UUFsYkcxLXRpbzlGOC0xV0hWWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAQW1lAMEAQW3zAMEAC0M6AMEAC0O
LgMEAS2K0gMEALniSwMEAMGg1AMEAMG7mQMEANXoaDANBgkqhkiG9w0BAQsFAAOC
AQEAVGpjZ5Le9SeXY+k/1C+mXpLFDwPB3EiuhFnxRt3wCfAsGoyDcaemfK0ZYWzS
IJz/3GMENbm/xcnrV+x9YOB2yEfovi+0j4dbFNspZDakMqjWwIDZdMJYbHUJAaYc
B3IVRXZO2xDUEwYUqAWqnaBtS6grYASjW2VO6k28z/uURndvG+5rM2yQL0l/JRSL
05Wq/RNGHKfNWDSpKjkQoOERbpbM/ycCIAaQGIl+87YKe/XLL8dIA99MGIDZEB5X
6GMaRm+sQSk1NMne+sj7TzO2vRBlSW/IjuPg0Vqm9P616wogUo8sXYSlk0+GG3yP
lJH/6uDJBygAxeQ6h8W/IiamuQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org