Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/N5l9N7oKuoXuYfihqA7h6wViFuU.roa
File:                     N5l9N7oKuoXuYfihqA7h6wViFuU.roa (raw, json)
Hash identifier:          JC083V6At2UgmMf55NnW5vrwiC+6W0QrGip3C0adgug=
Subject key identifier:   37:99:7D:37:BA:0A:BA:85:EE:61:F8:A1:A8:0E:E1:EB:05:62:16:E5
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       07569A4F
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/N5l9N7oKuoXuYfihqA7h6wViFuU.roa
Signing time:             Wed 29 Jun 2022 13:40:03 +0000
ROA not before:           Wed 29 Jun 2022 13:40:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25211
IP address blocks:        94.26.79.0/24 maxlen: 24
                          94.26.90.0/24 maxlen: 24
                          94.26.28.0/24 maxlen: 24
                          94.26.29.0/24 maxlen: 24
                          185.96.253.0/24 maxlen: 24
                          185.96.252.0/24 maxlen: 24
                          185.96.255.0/24 maxlen: 24
                          94.26.76.0/24 maxlen: 24
                          94.26.78.0/24 maxlen: 24
                          94.26.77.0/24 maxlen: 24
                          91.92.33.0/24 maxlen: 24
                          78.159.130.0/24 maxlen: 24
                          78.159.131.0/24 maxlen: 24
                          78.159.128.0/24 maxlen: 24
                          91.92.35.0/24 maxlen: 24
                          78.159.129.0/24 maxlen: 24
                          78.159.137.0/24 maxlen: 24
                          91.92.40.0/24 maxlen: 24
                          91.92.43.0/24 maxlen: 24
                          78.159.138.0/24 maxlen: 24
                          91.92.44.0/24 maxlen: 24
                          93.152.205.0/24 maxlen: 24
                          91.92.41.0/24 maxlen: 24
                          91.92.42.0/24 maxlen: 24
                          78.159.136.0/24 maxlen: 24
                          78.159.139.0/24 maxlen: 24
                          91.92.46.0/24 maxlen: 24
                          93.152.213.0/24 maxlen: 24
                          93.152.209.0/24 maxlen: 24
                          91.92.47.0/24 maxlen: 24
                          91.92.45.0/24 maxlen: 24
                          91.92.50.0/24 maxlen: 24
                          91.92.49.0/24 maxlen: 24
                          91.92.51.0/24 maxlen: 24
                          93.152.212.0/24 maxlen: 24
                          93.152.210.0/24 maxlen: 24
                          93.152.215.0/24 maxlen: 24
                          91.92.53.0/24 maxlen: 24
                          93.152.214.0/24 maxlen: 24
                          91.92.52.0/24 maxlen: 24
                          78.159.152.0/22 maxlen: 22
                          78.159.149.0/24 maxlen: 24
                          78.159.150.0/24 maxlen: 24
                          93.152.220.0/24 maxlen: 24
                          93.152.221.0/24 maxlen: 24
                          78.159.158.0/24 maxlen: 24
                          93.152.225.0/24 maxlen: 24
                          93.152.226.0/24 maxlen: 24
                          78.159.156.0/24 maxlen: 24
                          93.152.224.0/24 maxlen: 24
                          78.159.157.0/24 maxlen: 24
                          93.152.230.0/24 maxlen: 24
                          45.141.234.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 123116111 (0x7569a4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jun 29 13:40:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=37997d37ba0aba85ee61f8a1a80ee1eb056216e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b4:f8:77:0e:40:2e:ca:24:b3:c6:98:11:4f:
                    19:40:44:ac:b7:bc:f0:92:07:f3:d9:79:2b:4a:ed:
                    6d:22:f9:38:3c:91:4e:dc:af:e0:d5:73:13:ad:4e:
                    f9:52:4b:98:08:c0:11:d3:af:25:6c:16:08:ff:cc:
                    51:b2:3f:8f:5c:73:f9:42:62:3f:e3:78:f6:4d:1d:
                    b2:63:db:a6:5d:be:aa:b2:b2:f2:1b:fe:4d:c9:30:
                    e3:0f:45:c1:0d:15:0c:34:fc:ed:5f:f2:60:fe:c5:
                    1b:d1:bf:3d:2e:bb:3d:97:6c:a1:33:9b:53:c6:45:
                    e2:e6:25:ce:77:83:ac:6f:fa:42:a6:68:4d:8b:09:
                    3c:3a:4e:d1:09:4e:12:f8:4b:0d:02:de:1c:be:a3:
                    97:ae:b0:1a:26:91:5b:9b:40:ab:68:dc:58:e7:22:
                    46:5b:39:07:cc:5e:d4:9e:00:e0:21:3f:34:41:c1:
                    cf:01:cd:cf:29:90:18:1f:5c:48:b1:4a:da:8b:9c:
                    07:17:5d:8d:c8:4b:d7:d6:42:25:5a:d8:77:dc:8a:
                    be:f3:79:ab:db:3c:a6:9c:31:6b:d1:67:eb:b3:b0:
                    f8:7f:a6:ae:fe:9a:04:74:83:d1:0c:c4:5d:9a:55:
                    5a:af:ad:76:af:69:16:9c:bb:5b:11:af:0f:01:42:
                    2a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:99:7D:37:BA:0A:BA:85:EE:61:F8:A1:A8:0E:E1:EB:05:62:16:E5
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/N5l9N7oKuoXuYfihqA7h6wViFuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.234.0/24
                  78.159.128.0/22
                  78.159.136.0/22
                  78.159.149.0-78.159.150.255
                  78.159.152.0-78.159.158.255
                  91.92.33.0/24
                  91.92.35.0/24
                  91.92.40.0/21
                  91.92.49.0-91.92.53.255
                  93.152.205.0/24
                  93.152.209.0-93.152.210.255
                  93.152.212.0/22
                  93.152.220.0/23
                  93.152.224.0-93.152.226.255
                  93.152.230.0/24
                  94.26.28.0/23
                  94.26.76.0/22
                  94.26.90.0/24
                  185.96.252.0/23
                  185.96.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b6:7b:7d:46:75:fd:11:04:88:43:21:02:da:f2:68:09:47:
         ea:53:0a:5c:77:f2:a1:b3:b5:03:68:ae:43:8e:1a:9b:24:5a:
         d5:46:44:c7:d4:45:4e:f2:9b:82:87:16:b4:76:28:ea:e3:75:
         fd:6b:4b:02:6e:4e:77:99:c2:b0:a5:92:6a:d2:de:64:6f:e7:
         74:eb:2d:6e:08:f7:54:11:83:bb:43:de:70:54:19:4c:0d:4f:
         f2:c6:ec:68:bd:2e:c4:e9:e6:82:91:1d:da:fd:45:6c:51:b1:
         b4:ea:be:50:5b:03:05:f7:0a:54:f2:c6:fc:ee:52:d6:25:3d:
         47:cc:f2:02:12:96:49:e5:67:37:4a:bf:13:57:04:e1:07:41:
         89:5c:94:47:db:87:be:e1:a3:ea:50:73:71:8d:78:73:31:69:
         d3:ec:3d:a8:71:94:51:11:d7:66:cf:66:0a:08:8c:bd:35:b4:
         5e:74:8e:8a:f6:8c:39:b6:83:e8:2c:04:0f:12:06:34:67:16:
         df:39:27:42:67:3f:7d:ef:21:9d:69:38:3e:de:fb:d3:93:2f:
         56:b7:1a:7d:e4:5d:c6:e9:1b:46:7c:0d:c6:a3:d2:91:ee:ee:
         d6:60:0a:8f:d5:43:a3:98:3d:fa:13:b9:49:0e:4d:3b:c9:71:
         ff:2c:0c:3f
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIEB1aaTzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZDFjYWE2OTM1OGY4Yzk4ZjdhNzE5ZjI1OTdkNWRhZGRiZDAwMThjMB4XDTIyMDYy
OTEzNDAwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzc5OTdkMzdiYTBh
YmE4NWVlNjFmOGExYTgwZWUxZWIwNTYyMTZlNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMi0+HcOQC7KJLPGmBFPGUBErLe88JIH89l5K0rtbSL5ODyR
Ttyv4NVzE61O+VJLmAjAEdOvJWwWCP/MUbI/j1xz+UJiP+N49k0dsmPbpl2+qrKy
8hv+Tckw4w9FwQ0VDDT87V/yYP7FG9G/PS67PZdsoTObU8ZF4uYlzneDrG/6QqZo
TYsJPDpO0QlOEvhLDQLeHL6jl66wGiaRW5tAq2jcWOciRls5B8xe1J4A4CE/NEHB
zwHNzymQGB9cSLFK2oucBxddjchL19ZCJVrYd9yKvvN5q9s8ppwxa9Fn67Ow+H+m
rv6aBHSD0QzEXZpVWq+tdq9pFpy7WxGvDwFCKicCAwEAAaOCAqgwggKkMB0GA1Ud
DgQWBBQ3mX03ugq6he5h+KGoDuHrBWIW5TAfBgNVHSMEGDAWgBQtHKppNY+MmPen
GfJZfV2t29ABjDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xSeXFhVFdQakpqM3B4bnlXWDFkcmR2UUFZdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGYvYTkzNjk5LTE4OGItNDcwYS05NmI3LTI5YjA4NWRkMjNhZC8x
L041bDlON29LdW9YdVlmaWhxQTdoNndWaUZ1VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYv
YTkzNjk5LTE4OGItNDcwYS05NmI3LTI5YjA4NWRkMjNhZC8xL0xSeXFhVFdQakpq
M3B4bnlXWDFkcmR2UUFZdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
vQYIKwYBBQUHAQcBAf8Ega0wgaowgacEAgABMIGgAwQALY3qAwQCTp+AAwQCTp+I
MAwDBABOn5UDBABOn5YwDAMEA06fmAMEAE6fngMEAFtcIQMEAFtcIwMEA1tcKDAM
AwQAW1wxAwQBW1w0AwQAXZjNMAwDBABdmNEDBABdmNIDBAJdmNQDBAFdmNwwDAME
BV2Y4AMEAF2Y4gMEAF2Y5gMEAV4aHAMEAl4aTAMEAF4aWgMEAblg/AMEALlg/zAN
BgkqhkiG9w0BAQsFAAOCAQEAc7Z7fUZ1/REEiEMhAtryaAlH6lMKXHfyobO1A2iu
Q44amyRa1UZEx9RFTvKbgocWtHYo6uN1/WtLAm5Od5nCsKWSatLeZG/ndOstbgj3
VBGDu0PecFQZTA1P8sbsaL0uxOnmgpEd2v1FbFGxtOq+UFsDBfcKVPLG/O5S1iU9
R8zyAhKWSeVnN0q/E1cE4QdBiVyUR9uHvuGj6lBzcY14czFp0+w9qHGUURHXZs9m
CgiMvTW0XnSOivaMObaD6CwEDxIGNGcW3zknQmc/fe8hnWk4Pt7705MvVrcafeRd
xukbRnwNxqPSke7u1mAKj9VDo5g9+hO5SQ5NO8lx/ywMPw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:26 2024 by rpki-client on console-ams.rpki-client.org