Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/cE0KZawBzSBWqqgJyowTez8-tiU.roa
File:                     cE0KZawBzSBWqqgJyowTez8-tiU.roa (raw, json)
Hash identifier:          8vh7dUge0AU/TN5zdw2/fvEjZYZiNcV1UIeft2djkt0=
Subject key identifier:   70:4D:0A:65:AC:01:CD:20:56:AA:A8:09:CA:8C:13:7B:3F:3E:B6:25
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       018B612C9F637476FBDC2E1FF6F0014F4273
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/cE0KZawBzSBWqqgJyowTez8-tiU.roa
Signing time:             Tue 24 Oct 2023 10:13:16 +0000
ROA not before:           Tue 24 Oct 2023 10:13:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42337
IP address blocks:        95.38.240.0/21 maxlen: 21
                          95.38.136.0/22 maxlen: 22
                          95.38.248.0/22 maxlen: 22
                          95.38.140.0/22 maxlen: 22
                          95.38.152.0/21 maxlen: 21
                          95.38.168.0/22 maxlen: 22
                          95.38.104.0/22 maxlen: 22
                          95.38.132.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:61:2c:9f:63:74:76:fb:dc:2e:1f:f6:f0:01:4f:42:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Oct 24 10:13:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=704d0a65ac01cd2056aaa809ca8c137b3f3eb625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b4:ca:ac:fd:95:6e:69:b5:2c:e7:51:d9:41:
                    f9:38:17:5d:7a:d4:19:ae:2c:9c:a3:c4:08:89:1d:
                    ea:3a:de:46:3c:24:b3:2a:a9:a8:99:5f:d4:e4:ff:
                    04:4a:da:30:b2:8f:e5:b7:51:ed:ee:dc:8b:04:9a:
                    24:99:7f:85:f1:53:df:23:3f:b2:aa:70:6a:c4:28:
                    dd:e5:8e:28:dc:35:58:57:7d:19:06:e4:7a:5b:8a:
                    5d:43:7f:1b:fd:1d:89:fc:33:4a:ef:2e:8d:40:77:
                    5b:40:50:5d:3e:d3:15:12:5b:95:2e:c2:97:f9:3a:
                    d4:0e:91:bf:fc:a4:26:c0:92:91:37:6d:d8:c3:ef:
                    2b:25:ca:f1:be:cf:5f:6e:9e:d0:93:ac:1b:d8:5e:
                    50:3e:1b:c0:02:78:44:e3:65:bf:7b:ae:fe:88:5d:
                    4e:e2:48:0e:77:e6:a6:7d:3d:76:ca:b4:c4:4b:50:
                    76:05:b7:0d:32:5c:ef:67:45:05:53:fa:57:78:3f:
                    c1:4c:a6:cd:ca:0d:3c:c7:de:b5:8a:f8:42:07:34:
                    9f:c2:10:e1:32:1b:cb:ed:9b:21:78:4a:7b:94:9d:
                    a7:83:e5:10:31:06:99:fe:64:1f:4b:66:2b:9e:c3:
                    7b:0f:ab:ce:8f:32:db:c9:c9:15:7d:5b:0d:78:75:
                    32:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:4D:0A:65:AC:01:CD:20:56:AA:A8:09:CA:8C:13:7B:3F:3E:B6:25
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/cE0KZawBzSBWqqgJyowTez8-tiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.38.104.0/22
                  95.38.132.0-95.38.143.255
                  95.38.152.0/21
                  95.38.168.0/22
                  95.38.240.0-95.38.251.255

    Signature Algorithm: sha256WithRSAEncryption
         20:a5:97:13:a8:04:27:e3:9c:fb:b1:73:90:b0:a9:5e:9a:c8:
         f2:e1:ba:8e:c7:26:6d:ad:71:4a:22:05:0d:ba:1c:b1:03:e5:
         11:9f:9b:88:3e:52:65:45:72:ab:ba:78:19:a9:78:44:66:77:
         4b:37:17:e8:b2:9c:c3:5e:f3:75:16:7e:40:58:6e:70:b4:9c:
         ba:ea:b1:86:a4:d6:a7:68:03:43:b3:0d:13:1c:f1:8c:07:b2:
         1b:63:a2:8b:9e:46:15:2b:6c:ef:ea:9d:22:9f:46:7d:8e:bb:
         88:33:d4:2a:40:02:ff:fe:c0:4a:37:46:09:7a:b4:44:3e:9e:
         79:a8:7f:9e:2a:41:80:73:58:65:ca:19:bd:79:d5:47:5f:6a:
         64:ba:7a:ce:07:88:7e:2c:77:65:5f:b9:c7:29:ad:43:5b:11:
         bc:6a:34:94:0a:6d:10:1f:c7:3e:e7:9c:c2:16:f1:e4:df:e7:
         08:f5:5d:63:80:51:3c:e9:e8:f6:8f:aa:f0:17:43:23:80:0e:
         3a:ac:8f:1f:0a:32:d7:ca:f5:d2:de:dd:a4:d5:1d:8f:ce:05:
         cc:83:2c:25:c7:1d:18:f3:62:53:db:0e:4e:c9:63:51:05:64:
         42:5a:c3:2d:f2:fc:b9:bd:ae:20:f3:d6:e6:7d:6f:c4:6d:c7:
         69:d9:77:15
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYthLJ9jdHb73C4f9vABT0JzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjMxMDI0MTAxMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRkMGE2NWFjMDFjZDIwNTZhYWE4MDljYThjMTM3YjNmM2ViNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurTKrP2Vbmm1LOdR2UH5OBddetQZ
riyco8QIiR3qOt5GPCSzKqmomV/U5P8EStowso/lt1Ht7tyLBJokmX+F8VPfIz+y
qnBqxCjd5Y4o3DVYV30ZBuR6W4pdQ38b/R2J/DNK7y6NQHdbQFBdPtMVEluVLsKX
+TrUDpG//KQmwJKRN23Yw+8rJcrxvs9fbp7Qk6wb2F5QPhvAAnhE42W/e67+iF1O
4kgOd+amfT12yrTES1B2BbcNMlzvZ0UFU/pXeD/BTKbNyg08x961ivhCBzSfwhDh
MhvL7ZsheEp7lJ2ng+UQMQaZ/mQfS2YrnsN7D6vOjzLbyckVfVsNeHUySQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHBNCmWsAc0gVqqoCcqME3s/PrYlMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvY0UwS1phd0J6U0JXcXFnSnlvd1RlejgtdGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCXyZoMAwD
BAJfJoQDBARfJoADBANfJpgDBAJfJqgwDAMEBF8m8AMEAl8m+DANBgkqhkiG9w0B
AQsFAAOCAQEAIKWXE6gEJ+Oc+7FzkLCpXprI8uG6jscmba1xSiIFDbocsQPlEZ+b
iD5SZUVyq7p4Gal4RGZ3SzcX6LKcw17zdRZ+QFhucLScuuqxhqTWp2gDQ7MNExzx
jAeyG2Oii55GFSts7+qdIp9GfY67iDPUKkAC//7ASjdGCXq0RD6eeah/nipBgHNY
ZcoZvXnVR19qZLp6zgeIfix3ZV+5xymtQ1sRvGo0lAptEB/HPuecwhbx5N/nCPVd
Y4BRPOno9o+q8BdDI4AOOqyPHwoy18r10t7dpNUdj84FzIMsJccdGPNiU9sOTslj
UQVkQlrDLfL8ub2uIPPW5n1vxG3Hadl3FQ==
-----END CERTIFICATE-----
Generated at Tue Jun 10 18:26:44 2025 by rpki-client