Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/XZXHJvZby3PTvy7nd2JCOhKrnjg.roa
File:                     XZXHJvZby3PTvy7nd2JCOhKrnjg.roa (raw, json)
Hash identifier:          mJZq+HT6EXDS5WmOGZbkg04vy76gO2+c8HovVmKyeLo=
Subject key identifier:   5D:95:C7:26:F6:5B:CB:73:D3:BF:2E:E7:77:62:42:3A:12:AB:9E:38
Certificate issuer:       /CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
Certificate serial:       17EE08E0
Authority key identifier: BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/XZXHJvZby3PTvy7nd2JCOhKrnjg.roa
Signing time:             Sat 01 Jan 2022 10:53:26 +0000
ROA not before:           Sat 01 Jan 2022 10:53:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48159
IP address blocks:        185.66.229.0/24 maxlen: 24
                          185.66.228.0/24 maxlen: 24
                          185.66.231.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 401475808 (0x17ee08e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5db811b5d5d05bec37ee9d09a4ec52eeed1ad5
        Validity
            Not Before: Jan  1 10:53:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d95c726f65bcb73d3bf2ee77762423a12ab9e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b3:35:4d:db:5a:73:36:08:29:02:88:08:d8:
                    44:be:af:ef:d9:7d:46:d6:1f:d3:1b:c3:e5:2f:9d:
                    c8:c5:2d:6b:4b:e7:92:71:29:f0:16:9e:0c:5d:75:
                    4c:cc:cc:c5:a0:1f:d7:ff:7a:00:19:b2:1a:6e:75:
                    35:5b:d7:73:e4:2b:e9:ef:01:9d:43:e8:ff:e0:6c:
                    77:22:0e:2d:4d:86:96:c6:18:c2:ce:d5:a9:2f:17:
                    d6:01:be:83:49:f2:77:ab:5f:47:08:d5:43:87:47:
                    47:a0:47:69:39:e6:53:83:b1:85:c2:11:00:1d:26:
                    9e:77:a6:d0:50:3f:52:e7:56:52:43:8e:cb:33:aa:
                    7f:a8:ba:9a:16:2f:e0:c4:3a:20:d8:eb:89:d5:e4:
                    d6:99:e6:45:22:2a:2e:3a:d3:41:63:d6:47:b7:e9:
                    f9:57:4e:9b:7e:ac:f7:3b:72:e8:d1:b1:8d:68:65:
                    ba:bb:f3:25:56:aa:6c:5c:01:84:8b:3a:4d:5d:bd:
                    39:2f:8b:1d:a1:67:34:ab:de:b8:29:16:32:ca:ce:
                    b4:c4:1b:8f:79:89:86:c0:5a:cc:c0:2c:a2:14:02:
                    d5:68:95:b8:3c:0f:e3:fe:3b:40:3f:82:40:49:0c:
                    f6:04:03:b8:c8:fe:2e:4d:9b:d4:e8:f6:52:96:7b:
                    72:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:95:C7:26:F6:5B:CB:73:D3:BF:2E:E7:77:62:42:3A:12:AB:9E:38
            X509v3 Authority Key Identifier:
                keyid:BF:5D:B8:11:B5:D5:D0:5B:EC:37:EE:9D:09:A4:EC:52:EE:ED:1A:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v124EbXV0FvsN-6dCaTsUu7tGtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/XZXHJvZby3PTvy7nd2JCOhKrnjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/30f5e0-a04f-4993-983c-715f09817341/1/v124EbXV0FvsN-6dCaTsUu7tGtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.228.0/23
                  185.66.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:22:b7:0d:cc:cd:7e:d0:99:57:cc:06:a7:57:df:7a:65:e3:
         07:3a:e7:27:a0:fd:a4:2d:dc:37:37:3c:d1:d8:10:73:48:5e:
         22:69:eb:4c:36:39:2f:c8:a6:a1:78:99:b7:69:dc:83:5a:0e:
         36:2f:1d:fb:9c:61:52:6c:27:33:c6:7b:22:d6:8f:56:8c:46:
         6f:96:c0:d5:1d:f0:ef:c2:1c:9e:e8:3b:9c:07:88:06:4f:99:
         e0:7f:6d:eb:7f:72:ba:a8:22:eb:fb:68:f4:7b:c7:a9:3b:aa:
         d3:87:2b:09:0e:bb:22:2c:9f:30:65:66:be:10:63:16:b1:31:
         9d:15:e8:eb:84:b4:03:8a:46:99:5a:30:b3:5c:58:ee:23:23:
         f3:d2:da:88:86:af:1a:6b:75:61:eb:02:95:49:7a:eb:c1:88:
         ab:17:21:8e:6e:fb:a2:97:01:1e:ef:b2:e8:9f:16:50:ec:fe:
         14:48:e1:80:32:73:9e:2a:7e:23:e9:4f:2e:71:d6:08:49:09:
         b4:73:33:08:8d:0f:20:23:1e:41:80:ae:f4:de:6c:8f:9a:df:
         e1:0b:09:9a:75:f5:21:ea:7a:e4:f5:f8:94:27:4f:41:93:7e:
         f7:b2:74:8b:29:66:3c:bc:01:c6:a6:bc:d5:3c:80:47:2b:b8:
         02:42:b0:41
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEF+4I4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZjVkYjgxMWI1ZDVkMDViZWMzN2VlOWQwOWE0ZWM1MmVlZWQxYWQ1MB4XDTIyMDEw
MTEwNTMyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWQ5NWM3MjZmNjVi
Y2I3M2QzYmYyZWU3Nzc2MjQyM2ExMmFiOWUzODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALKzNU3bWnM2CCkCiAjYRL6v79l9RtYf0xvD5S+dyMUta0vn
knEp8BaeDF11TMzMxaAf1/96ABmyGm51NVvXc+Qr6e8BnUPo/+BsdyIOLU2GlsYY
ws7VqS8X1gG+g0nyd6tfRwjVQ4dHR6BHaTnmU4OxhcIRAB0mnnem0FA/UudWUkOO
yzOqf6i6mhYv4MQ6INjridXk1pnmRSIqLjrTQWPWR7fp+VdOm36s9zty6NGxjWhl
urvzJVaqbFwBhIs6TV29OS+LHaFnNKveuCkWMsrOtMQbj3mJhsBazMAsohQC1WiV
uDwP4/47QD+CQEkM9gQDuMj+Lk2b1Oj2UpZ7cuECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRdlccm9lvLc9O/Lud3YkI6EqueODAfBgNVHSMEGDAWgBS/XbgRtdXQW+w3
7p0JpOxS7u0a1TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3YxMjRFYlhWMEZ2c04tNmRDYVRzVXU3dEd0VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzgvMzBmNWUwLWEwNGYtNDk5My05ODNjLTcxNWYwOTgxNzM0MS8x
L1haWEhKdlpieTNQVHZ5N25kMkpDT2hLcm5qZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgv
MzBmNWUwLWEwNGYtNDk5My05ODNjLTcxNWYwOTgxNzM0MS8xL3YxMjRFYlhWMEZ2
c04tNmRDYVRzVXU3dEd0VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAblC5AMEALlC5zANBgkqhkiG9w0B
AQsFAAOCAQEAgiK3DczNftCZV8wGp1ffemXjBzrnJ6D9pC3cNzc80dgQc0heImnr
TDY5L8imoXiZt2ncg1oONi8d+5xhUmwnM8Z7ItaPVoxGb5bA1R3w78Icnug7nAeI
Bk+Z4H9t639yuqgi6/to9HvHqTuq04crCQ67IiyfMGVmvhBjFrExnRXo64S0A4pG
mVows1xY7iMj89LaiIavGmt1YesClUl668GIqxchjm77opcBHu+y6J8WUOz+FEjh
gDJznip+I+lPLnHWCEkJtHMzCI0PICMeQYCu9N5sj5rf4QsJmnX1Iep65PX4lCdP
QZN+97J0iylmPLwBxqa81TyARyu4AkKwQQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:31 2024 by rpki-client on console-fra.rpki-client.org