Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/UxEhKw7P0D8azGEfjiAjtDbQ6rg.roa
File:                     UxEhKw7P0D8azGEfjiAjtDbQ6rg.roa (raw, json)
Hash identifier:          1vzhHVgDGi6d8DQxKy0Hh1Xc3WqD0jUSTgrJC8WExeM=
Subject key identifier:   53:11:21:2B:0E:CF:D0:3F:1A:CC:61:1F:8E:20:23:B4:36:D0:EA:B8
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01852B8B110C3A1FEE0BBF323D9F3C452AD8
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/UxEhKw7P0D8azGEfjiAjtDbQ6rg.roa
Signing time:             Mon 19 Dec 2022 18:00:12 +0000
ROA not before:           Mon 19 Dec 2022 18:00:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        85.133.227.0/24 maxlen: 24
                          85.133.228.0/24 maxlen: 24
                          85.133.233.0/24 maxlen: 24
                          85.133.234.0/24 maxlen: 24
                          85.133.237.0/24 maxlen: 24
                          85.133.238.0/24 maxlen: 24
                          85.133.241.0/24 maxlen: 24
                          85.133.242.0/24 maxlen: 24
                          85.133.250.0/24 maxlen: 24
                          85.133.253.0/24 maxlen: 24
                          85.133.174.0/24 maxlen: 24
                          85.133.178.0/24 maxlen: 24
                          85.133.179.0/24 maxlen: 24
                          85.133.194.0/24 maxlen: 24
                          85.133.199.0/24 maxlen: 24
                          85.133.205.0/24 maxlen: 24
                          85.133.208.0/24 maxlen: 24
                          85.133.216.0/24 maxlen: 24
                          85.133.217.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
                          85.133.219.0/24 maxlen: 24
                          85.133.221.0/24 maxlen: 24
                          85.133.132.0/24 maxlen: 24
                          85.133.137.0/24 maxlen: 24
                          85.133.135.0/24 maxlen: 24
                          85.133.143.0/24 maxlen: 24
                          85.133.146.0/24 maxlen: 24
                          85.133.151.0/24 maxlen: 24
                          85.133.153.0/24 maxlen: 24
                          85.133.166.0/24 maxlen: 24
                          85.133.160.0/24 maxlen: 24
                          85.133.161.0/24 maxlen: 24
                          85.133.165.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2b:8b:11:0c:3a:1f:ee:0b:bf:32:3d:9f:3c:45:2a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Dec 19 18:00:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5311212b0ecfd03f1acc611f8e2023b436d0eab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4d:b3:6b:a7:e6:b4:03:a3:7b:ed:df:ef:17:
                    3d:fb:83:14:c7:cf:d5:f3:28:21:64:c5:83:6c:cd:
                    ea:55:87:5b:92:dc:aa:09:c4:95:66:78:c5:cf:ef:
                    a0:bf:fd:b2:0d:65:e7:9c:dd:9d:02:ce:41:7e:e3:
                    6e:56:aa:46:45:af:2b:74:f0:b9:c4:23:fa:6b:eb:
                    01:de:b4:00:37:d6:f9:3b:6a:c7:d6:63:59:6d:06:
                    ae:ac:cf:3f:9a:16:41:9a:7a:c1:77:a2:db:7e:fa:
                    d0:f8:ff:bc:e8:10:5f:9c:e6:e2:bb:8b:cc:08:57:
                    e9:8a:0c:22:80:4a:77:5c:b4:94:1d:38:99:d8:e9:
                    72:9d:53:2c:e2:a1:10:39:af:b3:e7:ad:8d:8a:85:
                    6c:76:be:0f:99:f9:47:c4:4b:12:c0:10:56:36:b1:
                    2c:47:61:4d:88:a2:d4:4c:2c:21:82:90:ab:46:11:
                    da:47:2d:d8:0c:ab:7b:09:44:7d:bf:d1:df:a6:50:
                    97:71:e5:7e:cd:87:57:9c:05:07:06:e1:1c:96:ac:
                    06:57:83:75:d9:06:36:d5:e0:38:b9:86:e0:33:18:
                    50:2a:7c:e7:1c:42:d5:ad:0a:1e:b2:1b:df:de:3e:
                    f8:3b:f6:31:09:13:95:bb:f8:78:9d:87:1d:46:bb:
                    40:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:11:21:2B:0E:CF:D0:3F:1A:CC:61:1F:8E:20:23:B4:36:D0:EA:B8
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/UxEhKw7P0D8azGEfjiAjtDbQ6rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.132.0/24
                  85.133.135.0/24
                  85.133.137.0/24
                  85.133.143.0/24
                  85.133.146.0/24
                  85.133.151.0/24
                  85.133.153.0/24
                  85.133.160.0/23
                  85.133.165.0-85.133.166.255
                  85.133.174.0/24
                  85.133.178.0/23
                  85.133.194.0/24
                  85.133.199.0/24
                  85.133.205.0/24
                  85.133.208.0/24
                  85.133.215.0-85.133.217.255
                  85.133.219.0/24
                  85.133.221.0/24
                  85.133.227.0-85.133.228.255
                  85.133.233.0-85.133.234.255
                  85.133.237.0-85.133.238.255
                  85.133.241.0-85.133.242.255
                  85.133.250.0/24
                  85.133.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:0d:48:27:a8:d0:dc:ea:5f:ef:18:d6:47:91:91:2c:77:62:
         df:1d:a2:e5:e7:28:f1:ff:14:ad:d7:9c:5c:20:fe:75:83:55:
         4b:23:08:62:6f:4a:22:a4:dd:b5:68:3a:e3:7f:66:88:f5:59:
         c5:aa:38:60:62:81:f0:54:6e:e5:40:e0:0f:4f:7b:42:12:0c:
         d6:ce:bb:74:07:44:25:4f:d4:c2:ae:ed:dd:08:7c:4e:64:7f:
         f4:2e:70:a5:a6:84:84:84:fb:ec:f7:4c:15:dd:15:47:dc:da:
         2d:aa:ed:01:23:2e:98:5f:41:7b:a2:34:9c:4a:15:d5:5c:dd:
         5c:90:ad:4f:3e:b8:0f:06:f9:0f:1a:fe:1c:12:72:7c:a9:d1:
         2d:ab:38:a1:09:5c:8a:63:ba:7f:66:4f:1d:10:59:35:79:90:
         d4:3c:35:44:d5:42:a3:8e:50:e0:e4:85:fd:32:10:83:8f:0b:
         60:a0:77:32:01:d4:03:02:a4:67:bd:6d:c0:c5:84:36:c6:15:
         38:81:15:2b:7e:da:1e:5b:33:2f:bb:3f:4a:b4:9c:32:27:f1:
         4c:03:dc:1a:3c:cf:54:67:82:26:b6:2e:b6:11:92:86:99:88:
         ad:f9:b4:46:98:1b:98:c5:2a:30:94:bd:2d:97:07:be:74:6e:
         73:91:ec:09
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAYUrixEMOh/uC78yPZ88RSrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjIxMjE5MTgwMDEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzExMjEyYjBlY2ZkMDNmMWFjYzYxMWY4ZTIwMjNiNDM2ZDBlYWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh02za6fmtAOje+3f7xc9+4MUx8/V
8yghZMWDbM3qVYdbktyqCcSVZnjFz++gv/2yDWXnnN2dAs5BfuNuVqpGRa8rdPC5
xCP6a+sB3rQAN9b5O2rH1mNZbQaurM8/mhZBmnrBd6LbfvrQ+P+86BBfnObiu4vM
CFfpigwigEp3XLSUHTiZ2OlynVMs4qEQOa+z562NioVsdr4PmflHxEsSwBBWNrEs
R2FNiKLUTCwhgpCrRhHaRy3YDKt7CUR9v9HfplCXceV+zYdXnAUHBuEclqwGV4N1
2QY21eA4uYbgMxhQKnznHELVrQoeshvf3j74O/YxCROVu/h4nYcdRrtApQIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFFMRISsOz9A/GsxhH44gI7Q20Oq4MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvVXhFaEt3N1AwRDhhekdFZmppQWp0RGJRNnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBxwQCAAEwgcADBABV
hYQDBABVhYcDBABVhYkDBABVhY8DBABVhZIDBABVhZcDBABVhZkDBAFVhaAwDAME
AFWFpQMEAFWFpgMEAFWFrgMEAVWFsgMEAFWFwgMEAFWFxwMEAFWFzQMEAFWF0DAM
AwQAVYXXAwQBVYXYAwQAVYXbAwQAVYXdMAwDBABVheMDBABVheQwDAMEAFWF6QME
AFWF6jAMAwQAVYXtAwQAVYXuMAwDBABVhfEDBABVhfIDBABVhfoDBABVhf0wDQYJ
KoZIhvcNAQELBQADggEBAEINSCeo0NzqX+8Y1keRkSx3Yt8douXnKPH/FK3XnFwg
/nWDVUsjCGJvSiKk3bVoOuN/Zoj1WcWqOGBigfBUbuVA4A9Pe0ISDNbOu3QHRCVP
1MKu7d0IfE5kf/QucKWmhISE++z3TBXdFUfc2i2q7QEjLphfQXuiNJxKFdVc3VyQ
rU8+uA8G+Q8a/hwScnyp0S2rOKEJXIpjun9mTx0QWTV5kNQ8NUTVQqOOUODkhf0y
EIOPC2CgdzIB1AMCpGe9bcDFhDbGFTiBFSt+2h5bMy+7P0q0nDIn8UwD3Bo8z1Rn
gia2LrYRkoaZiK35tEaYG5jFKjCUvS2XB750bnOR7Ak=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org