Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/0-tnq5IY_YTM4gLO1KTYNOiM02U.roa
File:                     0-tnq5IY_YTM4gLO1KTYNOiM02U.roa (raw, json)
Hash identifier:          HwzphwLYpex0LRP18l4jCJWTE2Ca7WDYCiWqHwkr/yk=
Subject key identifier:   D3:EB:67:AB:92:18:FD:84:CC:E2:02:CE:D4:A4:D8:34:E8:8C:D3:65
Certificate issuer:       /CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
Certificate serial:       0550B3A6
Authority key identifier: 5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/0-tnq5IY_YTM4gLO1KTYNOiM02U.roa
Signing time:             Sat 01 Jan 2022 06:56:02 +0000
ROA not before:           Sat 01 Jan 2022 06:56:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6134
IP address blocks:        45.135.118.0/24 maxlen: 24
                          45.135.119.0/24 maxlen: 24
                          45.133.238.0/24 maxlen: 24
                          45.133.239.0/24 maxlen: 24
                          45.140.90.0/24 maxlen: 24
                          45.140.91.0/24 maxlen: 24
                          185.106.177.0/24 maxlen: 24
                          2a06:5040:3::/48 maxlen: 48
                          2a06:5040:20::/45 maxlen: 45
                          2a06:5040:30::/45 maxlen: 48
                          2a06:5040:5040::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89174950 (0x550b3a6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
        Validity
            Not Before: Jan  1 06:56:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d3eb67ab9218fd84cce202ced4a4d834e88cd365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:48:92:1a:ea:ed:39:43:b0:1a:6c:d0:83:27:
                    9d:90:fe:24:77:91:d3:a6:b9:77:40:e4:1c:6c:2f:
                    8c:ab:ec:5b:ed:51:09:59:b8:03:16:7c:7d:24:87:
                    8a:72:26:75:a3:cd:f3:55:44:7f:bf:dd:0d:05:f9:
                    76:1e:3f:8d:8d:4b:91:4e:b1:ff:3a:66:7a:bc:63:
                    da:c9:60:e7:39:f5:ab:34:54:e8:03:f6:5b:db:fb:
                    29:a3:ca:19:ec:48:d4:c8:9b:74:63:06:30:7c:31:
                    92:83:d2:df:d3:13:34:7c:8c:0f:8f:36:06:3d:4a:
                    91:29:7a:57:c5:8c:93:95:bd:c3:ee:49:10:8f:46:
                    cd:df:fd:b1:8d:6d:85:9b:fb:c7:79:5a:d3:c3:ef:
                    0a:5a:bb:90:ca:71:7c:c7:ff:32:74:8c:07:71:94:
                    58:61:4f:e2:9c:ed:79:a2:0e:d9:54:32:71:58:28:
                    64:53:20:75:d6:87:bd:68:24:c8:70:c5:00:f8:5e:
                    51:95:66:f9:ee:b1:59:82:9a:9a:2d:f7:59:43:5d:
                    f6:c4:96:9e:ae:7d:9f:82:8f:fe:71:7e:ca:26:e3:
                    3b:e7:a8:82:71:5a:0e:de:1b:ac:6c:19:75:ed:23:
                    32:70:72:91:f8:10:0a:2e:c7:3b:7d:7a:9d:7a:08:
                    53:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:EB:67:AB:92:18:FD:84:CC:E2:02:CE:D4:A4:D8:34:E8:8C:D3:65
            X509v3 Authority Key Identifier:
                keyid:5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/0-tnq5IY_YTM4gLO1KTYNOiM02U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.238.0/23
                  45.135.118.0/23
                  45.140.90.0/23
                  185.106.177.0/24
                IPv6:
                  2a06:5040:3::/48
                  2a06:5040:20::/45
                  2a06:5040:30::/45
                  2a06:5040:5040::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:94:ef:10:77:8b:3c:6d:28:0c:6f:df:dd:ec:4b:3d:1a:61:
         5c:29:36:7b:bb:fd:ef:e4:76:77:c9:2e:77:be:c5:e4:6a:80:
         56:e4:9f:7a:e9:e3:7a:7a:ed:c1:88:5f:cc:de:48:d1:ec:83:
         ad:89:f0:5a:79:e1:1f:64:3f:66:c1:49:82:b1:a0:dc:8c:db:
         28:c5:5d:b5:5c:11:66:f2:4c:33:fe:27:de:4c:84:76:37:bd:
         bd:76:2a:4d:86:5d:c8:2c:12:dd:3c:30:50:35:40:31:b4:06:
         d7:19:ee:e9:e1:d8:4f:0b:30:64:3a:35:bf:2f:87:21:70:e6:
         95:21:ba:36:52:c8:f5:f5:59:fe:b7:09:ec:a1:29:74:85:ad:
         b7:74:c0:59:2e:b9:13:89:59:90:83:d2:93:0b:30:fb:9c:07:
         6b:94:69:90:50:88:e7:95:9e:8c:a3:01:c0:d6:58:4f:49:b8:
         9e:1d:21:73:87:29:de:bd:20:22:46:06:20:3f:c6:86:11:cd:
         02:00:94:c7:d4:d8:bf:50:33:c0:b8:eb:56:47:6f:20:4c:a3:
         76:ef:97:e9:32:ca:21:e0:35:f7:e1:e4:bb:cf:5f:cb:9f:22:
         6d:d6:bb:62:1c:65:f9:80:f4:13:f5:74:53:34:b6:8f:ca:55:
         c5:71:3a:50
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEBVCzpjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
YjJkZDlmZTYyOGI2YmMxMDE0MWRlMDI0MTc2NmExYjdhNjMxOTNmMB4XDTIyMDEw
MTA2NTYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDNlYjY3YWI5MjE4
ZmQ4NGNjZTIwMmNlZDRhNGQ4MzRlODhjZDM2NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAONIkhrq7TlDsBps0IMnnZD+JHeR06a5d0DkHGwvjKvsW+1R
CVm4AxZ8fSSHinImdaPN81VEf7/dDQX5dh4/jY1LkU6x/zpmerxj2slg5zn1qzRU
6AP2W9v7KaPKGexI1MibdGMGMHwxkoPS39MTNHyMD482Bj1KkSl6V8WMk5W9w+5J
EI9Gzd/9sY1thZv7x3la08PvClq7kMpxfMf/MnSMB3GUWGFP4pzteaIO2VQycVgo
ZFMgddaHvWgkyHDFAPheUZVm+e6xWYKami33WUNd9sSWnq59n4KP/nF+yibjO+eo
gnFaDt4brGwZde0jMnBykfgQCi7HO316nXoIU7ECAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBTT62erkhj9hMziAs7UpNg06IzTZTAfBgNVHSMEGDAWgBRbLdn+YotrwQFB
3gJBdmobemMZPzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1d5M1pfbUtMYThFQlFkNENRWFpxRzNwakdUOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGYvNGRlODg5LWRjOWQtNDFlNS1iM2FhLTBkN2I1NTFmODI4Yy8x
LzAtdG5xNUlZX1lUTTRnTE8xS1RZTk9pTTAyVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYv
NGRlODg5LWRjOWQtNDFlNS1iM2FhLTBkN2I1NTFmODI4Yy8xL1d5M1pfbUtMYThF
QlFkNENRWFpxRzNwakdUOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwHgQCAAEwGAMEAS2F7gMEAS2HdgMEAS2MWgMEALlq
sTAqBAIAAjAkAwcAKgZQQAADAwcDKgZQQAAgAwcDKgZQQAAwAwcAKgZQQFBAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFlO8Qd4s8bSgMb9/d7Es9GmFcKTZ7u/3v5HZ3yS53
vsXkaoBW5J966eN6eu3BiF/M3kjR7IOtifBaeeEfZD9mwUmCsaDcjNsoxV21XBFm
8kwz/ifeTIR2N729dipNhl3ILBLdPDBQNUAxtAbXGe7p4dhPCzBkOjW/L4chcOaV
Ibo2Usj19Vn+twnsoSl0ha23dMBZLrkTiVmQg9KTCzD7nAdrlGmQUIjnlZ6MowHA
1lhPSbieHSFzhynevSAiRgYgP8aGEc0CAJTH1Ni/UDPAuOtWR28gTKN275fpMsoh
4DX34eS7z1/LnyJt1rtiHGX5gPQT9XRTNLaPylXFcTpQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:14 2024 by rpki-client on console-ams.rpki-client.org