Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/W0eG1tuOfWfawFI-kuuVHQXJJXU.roa
File:                     W0eG1tuOfWfawFI-kuuVHQXJJXU.roa (raw, json)
Hash identifier:          rubjkWufpttZ69vIxoCNydcj1KswGCLuRvadhxrtIJ4=
Subject key identifier:   5B:47:86:D6:DB:8E:7D:67:DA:C0:52:3E:92:EB:95:1D:05:C9:25:75
Certificate issuer:       /CN=2672b9fb546b365e323230dcea9ba8c9fbedfeb8
Certificate serial:       018852D3FE1409B0FAE122A2DE625676ECE2
Authority key identifier: 26:72:B9:FB:54:6B:36:5E:32:32:30:DC:EA:9B:A8:C9:FB:ED:FE:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JnK5-1RrNl4yMjDc6puoyfvt_rg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/W0eG1tuOfWfawFI-kuuVHQXJJXU.roa
Signing time:             Thu 25 May 2023 12:13:24 +0000
ROA not before:           Thu 25 May 2023 12:13:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56971
IP address blocks:        45.156.20.0/24 maxlen: 32
                          45.156.21.0/24 maxlen: 32
                          45.156.22.0/24 maxlen: 32
                          45.156.23.0/24 maxlen: 32
                          45.156.24.0/24 maxlen: 32
                          45.156.27.0/24 maxlen: 32
                          45.156.25.0/24 maxlen: 32
                          45.156.26.0/24 maxlen: 32
                          194.120.116.0/24 maxlen: 32
                          194.116.214.0/24 maxlen: 32
                          194.116.215.0/24 maxlen: 32
                          194.116.216.0/24 maxlen: 32
                          194.116.217.0/24 maxlen: 32
                          193.176.179.0/24 maxlen: 32
                          194.36.170.0/24 maxlen: 32
                          194.36.171.0/24 maxlen: 32
                          193.176.158.0/24 maxlen: 32
                          193.176.153.0/24 maxlen: 32
                          194.36.208.0/24 maxlen: 32
                          194.36.209.0/24 maxlen: 32
                          2a13:7c00::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:52:d3:fe:14:09:b0:fa:e1:22:a2:de:62:56:76:ec:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2672b9fb546b365e323230dcea9ba8c9fbedfeb8
        Validity
            Not Before: May 25 12:13:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5b4786d6db8e7d67dac0523e92eb951d05c92575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ea:b0:4e:fa:88:2e:ae:ec:e0:04:db:e2:0f:
                    fe:bd:88:3c:83:4f:44:4e:3f:fc:18:13:93:ed:89:
                    81:e8:ef:f4:e7:91:78:52:80:08:34:cc:69:ca:e5:
                    2d:09:fc:c1:7d:20:54:5e:67:ae:bd:94:62:4e:44:
                    0b:70:cc:90:24:24:51:1c:25:8c:33:74:46:8e:38:
                    e9:14:fc:af:ac:e8:03:5b:b4:c3:c7:a6:71:7f:c6:
                    ee:c2:2b:90:d7:c6:d0:51:ad:7c:25:02:5b:5c:be:
                    69:0a:09:d2:c5:82:87:ec:78:f9:7c:bd:df:f4:6c:
                    26:9e:e0:6f:41:a1:9a:9e:3c:eb:79:b6:60:7c:f6:
                    c0:50:8c:f5:79:06:a0:dd:1f:0f:ae:5a:e6:ab:d5:
                    01:3c:15:4e:b2:7e:36:87:dc:e2:44:cd:04:a9:d1:
                    b4:c8:03:6b:bc:80:09:e8:1e:f1:bf:a8:0b:49:fc:
                    bf:cc:ad:02:7f:a8:04:dd:26:0a:f8:76:79:58:8c:
                    c5:c3:84:12:bf:fe:67:a3:7b:7f:8d:3b:20:49:f0:
                    a1:66:fa:55:03:f7:d1:66:fe:40:2a:2d:29:dd:75:
                    90:76:0a:1c:88:c4:34:69:d0:8d:52:db:e1:e0:9a:
                    b6:41:4a:fb:99:2a:3b:1b:90:78:13:3c:f4:4f:da:
                    9e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:47:86:D6:DB:8E:7D:67:DA:C0:52:3E:92:EB:95:1D:05:C9:25:75
            X509v3 Authority Key Identifier:
                keyid:26:72:B9:FB:54:6B:36:5E:32:32:30:DC:EA:9B:A8:C9:FB:ED:FE:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JnK5-1RrNl4yMjDc6puoyfvt_rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/W0eG1tuOfWfawFI-kuuVHQXJJXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/b13b55-1288-45e6-8876-a70db58280fc/1/JnK5-1RrNl4yMjDc6puoyfvt_rg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.20.0-45.156.27.255
                  193.176.153.0/24
                  193.176.158.0/24
                  193.176.179.0/24
                  194.36.170.0/23
                  194.36.208.0/23
                  194.116.214.0-194.116.217.255
                  194.120.116.0/24
                IPv6:
                  2a13:7c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:d0:38:80:1a:43:f2:27:e6:f2:1e:f7:0c:7a:19:b3:28:3d:
         cf:8a:ee:1c:fb:19:67:8b:42:c0:2b:b0:74:d5:03:9d:d7:7d:
         94:3f:be:6a:52:40:2f:51:56:51:88:56:c9:30:15:97:47:50:
         e1:38:c0:a2:36:98:26:2d:a5:ea:05:6b:89:d7:14:e4:2d:df:
         32:d1:cc:95:8b:5b:b5:74:6e:fc:be:1d:20:13:f2:c0:3a:d6:
         19:1b:ec:90:b9:2d:ee:ad:8a:2b:3c:3b:a7:d7:a8:74:fa:ef:
         24:b4:0c:eb:bb:92:64:54:55:ed:9e:59:c8:7d:c3:7f:6b:59:
         ca:e2:df:35:cf:a9:ae:5e:8d:3e:b1:35:3b:c4:1f:db:05:61:
         bd:4a:ad:24:68:af:03:72:4e:bf:19:01:17:e1:a9:9c:ff:68:
         c3:65:96:1d:49:89:7e:34:6d:56:58:0e:32:40:39:54:94:3a:
         d1:77:3e:27:7d:ec:59:cf:03:64:66:3b:c3:94:7b:af:a4:0d:
         93:ef:4d:4e:d4:50:36:e4:f0:e9:58:a8:3d:b8:40:54:64:0e:
         ae:fd:74:76:fc:39:41:7a:dc:f6:17:31:e4:c6:53:89:0f:a4:
         f6:1d:2e:34:f7:07:71:c8:10:8c:30:a1:4d:43:a5:94:ae:8b:
         28:ab:a9:40
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYhS0/4UCbD64SKi3mJWduziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NzJiOWZiNTQ2YjM2NWUzMjMyMzBkY2VhOWJhOGM5ZmJl
ZGZlYjgwHhcNMjMwNTI1MTIxMzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjQ3ODZkNmRiOGU3ZDY3ZGFjMDUyM2U5MmViOTUxZDA1YzkyNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+qwTvqILq7s4ATb4g/+vYg8g09E
Tj/8GBOT7YmB6O/055F4UoAINMxpyuUtCfzBfSBUXmeuvZRiTkQLcMyQJCRRHCWM
M3RGjjjpFPyvrOgDW7TDx6Zxf8buwiuQ18bQUa18JQJbXL5pCgnSxYKH7Hj5fL3f
9GwmnuBvQaGanjzrebZgfPbAUIz1eQag3R8Prlrmq9UBPBVOsn42h9ziRM0EqdG0
yANrvIAJ6B7xv6gLSfy/zK0Cf6gE3SYK+HZ5WIzFw4QSv/5no3t/jTsgSfChZvpV
A/fRZv5AKi0p3XWQdgociMQ0adCNUtvh4Jq2QUr7mSo7G5B4Ezz0T9qe1QIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFFtHhtbbjn1n2sBSPpLrlR0FySV1MB8GA1UdIwQY
MBaAFCZyuftUazZeMjIw3OqbqMn77f64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm5LNS0xUnJObDR5TWpEYzZwdW95ZnZ0X3JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9iMTNiNTUtMTI4OC00NWU2LTg4NzYt
YTcwZGI1ODI4MGZjLzEvVzBlRzF0dU9mV2Zhd0ZJLWt1dVZIUVhKSlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9iMTNiNTUtMTI4OC00NWU2LTg4NzYtYTcwZGI1ODI4MGZj
LzEvSm5LNS0xUnJObDR5TWpEYzZwdW95ZnZ0X3JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAMAwDBAItnBQD
BAItnBgDBADBsJkDBADBsJ4DBADBsLMDBAHCJKoDBAHCJNAwDAMEAcJ01gMEAcJ0
2AMEAMJ4dDANBAIAAjAHAwUAKhN8ADANBgkqhkiG9w0BAQsFAAOCAQEAHdA4gBpD
8ifm8h73DHoZsyg9z4ruHPsZZ4tCwCuwdNUDndd9lD++alJAL1FWUYhWyTAVl0dQ
4TjAojaYJi2l6gVridcU5C3fMtHMlYtbtXRu/L4dIBPywDrWGRvskLkt7q2KKzw7
p9eodPrvJLQM67uSZFRV7Z5ZyH3Df2tZyuLfNc+prl6NPrE1O8Qf2wVhvUqtJGiv
A3JOvxkBF+GpnP9ow2WWHUmJfjRtVlgOMkA5VJQ60Xc+J33sWc8DZGY7w5R7r6QN
k+9NTtRQNuTw6VioPbhAVGQOrv10dvw5QXrc9hcx5MZTiQ+k9h0uNPcHccgQjDCh
TUOllK6LKKupQA==
-----END CERTIFICATE-----
Generated at Fri May 2 07:11:31 2025 by rpki-client