Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/BZXZMfieQmfoIRbwEU80cS4iQwk.roa
File:                     BZXZMfieQmfoIRbwEU80cS4iQwk.roa (raw, json)
Hash identifier:          wiJ+xBFvRXppX05ueaTGr+iIA0vy3FZhAH8A1D4AlCs=
Subject key identifier:   05:95:D9:31:F8:9E:42:67:E8:21:16:F0:11:4F:34:71:2E:22:43:09
Certificate issuer:       /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial:       01913AC6FB8D797D5B6A0BA19F9DACA9A40F
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/BZXZMfieQmfoIRbwEU80cS4iQwk.roa
Signing time:             Sat 10 Aug 2024 05:33:24 +0000
ROA not before:           Sat 10 Aug 2024 05:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6424
IP address blocks:        103.243.124.0/22 maxlen: 22
                          146.19.95.0/24 maxlen: 24
                          146.19.249.0/24 maxlen: 24
                          185.112.251.0/24 maxlen: 24
                          185.166.144.0/24 maxlen: 24
                          188.93.192.0/21 maxlen: 24
                          188.93.196.0/24 maxlen: 24
                          188.93.198.0/24 maxlen: 24
                          188.93.199.0/24 maxlen: 24
                          193.107.13.0/24 maxlen: 24
                          193.109.184.0/21 maxlen: 24
                          193.109.184.0/24 maxlen: 24
                          193.163.151.0/24 maxlen: 24
                          212.52.23.0/24 maxlen: 24
                          2001:b18::/32 maxlen: 48
                          2001:b18:a::/48 maxlen: 48
                          2001:b18:b::/48 maxlen: 48
                          2001:b18:1016::/48 maxlen: 48
                          2001:b18:1020::/48 maxlen: 48
                          2001:b18:1031::/48 maxlen: 48
                          2a0d:82c0::/29 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:3a:c6:fb:8d:79:7d:5b:6a:0b:a1:9f:9d:ac:a9:a4:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
        Validity
            Not Before: Aug 10 05:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0595d931f89e4267e82116f0114f34712e224309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:02:fd:4e:a6:ed:f5:59:55:eb:86:a1:83:87:
                    aa:07:32:18:b8:f9:ab:46:05:1f:e5:bc:27:35:02:
                    f3:15:00:bd:35:ad:e1:11:f0:c1:43:9e:77:f3:08:
                    a8:4e:19:71:0f:c5:9b:7c:cc:a1:12:2a:0b:06:e7:
                    5f:2d:71:15:51:11:29:0c:ad:ea:46:64:be:45:ee:
                    15:29:6a:d7:da:88:4e:c7:f2:20:f5:62:3a:73:df:
                    e1:4a:8c:04:ff:f9:d0:78:03:90:ce:b9:a4:34:e5:
                    38:7e:28:ea:43:82:a2:86:1c:76:45:0d:36:18:a4:
                    a2:75:a9:af:fd:9e:ab:b3:e1:7b:47:94:23:c6:60:
                    25:be:05:bb:d7:02:bc:b9:93:68:45:98:22:a8:35:
                    b9:5a:82:7f:56:4f:ff:b6:34:fd:be:e5:d8:9e:d7:
                    e0:80:b1:85:95:e8:4d:bb:cd:e2:0f:34:41:e6:9b:
                    58:c7:0a:d7:ed:a7:c2:17:72:18:2c:34:20:b7:f7:
                    fc:05:7f:eb:de:ea:78:56:7d:e3:5b:d8:e6:15:ec:
                    3d:02:c0:e0:39:43:61:0f:80:f2:42:7d:1a:96:1a:
                    38:37:5d:a0:50:38:4e:08:2a:01:cf:1b:f9:97:15:
                    44:4f:b0:6b:34:36:4d:03:a2:8a:e3:cb:84:96:36:
                    73:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:95:D9:31:F8:9E:42:67:E8:21:16:F0:11:4F:34:71:2E:22:43:09
            X509v3 Authority Key Identifier:
                keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/BZXZMfieQmfoIRbwEU80cS4iQwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.243.124.0/22
                  146.19.95.0/24
                  146.19.249.0/24
                  185.112.251.0/24
                  185.166.144.0/24
                  188.93.192.0/21
                  193.107.13.0/24
                  193.109.184.0/21
                  193.163.151.0/24
                  212.52.23.0/24
                IPv6:
                  2001:b18::/32
                  2a0d:82c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:f7:20:d0:aa:bc:6b:95:42:85:c3:26:07:04:42:7a:c8:21:
         dd:b6:58:51:1d:2f:31:29:49:1d:92:7c:40:8f:a2:4b:1d:cd:
         c4:32:90:37:47:65:c3:01:a8:f9:13:20:f9:cd:bf:81:1c:8d:
         87:52:34:0e:4d:3f:59:39:b3:08:dc:e3:4e:28:bf:50:73:99:
         fa:11:35:7c:d8:0f:ce:7e:81:9e:dc:cf:49:bf:5c:0c:6d:50:
         47:ab:ed:1a:39:94:2a:0f:6d:08:f3:44:b4:92:ba:3b:d8:8f:
         61:f9:d9:8f:b9:1e:c7:2e:dd:cb:df:bd:48:f7:d2:a6:8b:50:
         43:a5:fa:20:0c:c1:92:6d:b7:1e:f1:61:e7:27:da:ca:65:ba:
         9e:55:20:c6:a3:16:de:8b:0c:ee:fb:c9:4d:9c:6e:5a:97:08:
         5d:bf:6f:c5:ff:f5:e3:e0:8b:dd:70:c9:fc:6d:dd:1c:94:9b:
         6c:f9:df:21:a4:d7:10:ce:d5:6d:2b:6d:14:1c:96:02:01:f3:
         84:af:f3:4e:97:6e:c6:f0:7c:7c:d1:00:0f:1a:b7:91:7b:7c:
         53:66:41:98:4a:7a:02:ad:ad:fb:e8:31:e3:5e:c9:1c:27:0a:
         b1:cc:26:36:18:cf:64:ea:5f:b9:d3:c5:73:58:78:35:e6:1c:
         d2:12:82:3c
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZE6xvuNeX1baguhn52sqaQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjQwODEwMDUzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk1ZDkzMWY4OWU0MjY3ZTgyMTE2ZjAxMTRmMzQ3MTJlMjI0MzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQL9Tqbt9VlV64ahg4eqBzIYuPmr
RgUf5bwnNQLzFQC9Na3hEfDBQ5538wioThlxD8WbfMyhEioLBudfLXEVUREpDK3q
RmS+Re4VKWrX2ohOx/Ig9WI6c9/hSowE//nQeAOQzrmkNOU4fijqQ4Kihhx2RQ02
GKSidamv/Z6rs+F7R5QjxmAlvgW71wK8uZNoRZgiqDW5WoJ/Vk//tjT9vuXYntfg
gLGFlehNu83iDzRB5ptYxwrX7afCF3IYLDQgt/f8BX/r3up4Vn3jW9jmFew9AsDg
OUNhD4DyQn0alho4N12gUDhOCCoBzxv5lxVET7BrNDZNA6KK48uEljZzFwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFAWV2TH4nkJn6CEW8BFPNHEuIkMJMB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvQlpYWk1maWVRbWZvSVJid0VVODBjUzRpUXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQCZ/N8AwQA
khNfAwQAkhP5AwQAuXD7AwQAuaaQAwQDvF3AAwQAwWsNAwQDwW24AwQAwaOXAwQA
1DQXMBQEAgACMA4DBQAgAQsYAwUDKg2CwDANBgkqhkiG9w0BAQsFAAOCAQEAj/cg
0Kq8a5VChcMmBwRCesgh3bZYUR0vMSlJHZJ8QI+iSx3NxDKQN0dlwwGo+RMg+c2/
gRyNh1I0Dk0/WTmzCNzjTii/UHOZ+hE1fNgPzn6BntzPSb9cDG1QR6vtGjmUKg9t
CPNEtJK6O9iPYfnZj7kexy7dy9+9SPfSpotQQ6X6IAzBkm23HvFh5yfaymW6nlUg
xqMW3osM7vvJTZxuWpcIXb9vxf/14+CL3XDJ/G3dHJSbbPnfIaTXEM7VbSttFByW
AgHzhK/zTpduxvB8fNEADxq3kXt8U2ZBmEp6Aq2t++gx417JHCcKscwmNhjPZOpf
udPFc1h4NeYc0hKCPA==
-----END CERTIFICATE-----
Generated at Fri Jul 25 11:05:07 2025 by rpki-client