Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/xHQXZoOscYXDIhEpWwXaNpn4drg.roa
File:                     xHQXZoOscYXDIhEpWwXaNpn4drg.roa (raw, json)
Hash identifier:          6Rc/RPAF+q00HgBwupmxhwWCuDsgztMHstfwz8N2ue0=
Subject key identifier:   C4:74:17:66:83:AC:71:85:C3:22:11:29:5B:05:DA:36:99:F8:76:B8
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       38C2A1FD
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/xHQXZoOscYXDIhEpWwXaNpn4drg.roa
Signing time:             Tue 17 May 2022 05:30:32 +0000
ROA not before:           Tue 17 May 2022 05:30:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203723
IP address blocks:        212.36.18.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 952279549 (0x38c2a1fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: May 17 05:30:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c474176683ac7185c32211295b05da3699f876b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e1:0f:ba:12:3c:67:f9:e2:19:68:73:c3:e5:
                    f7:ed:8b:ea:94:4b:52:5d:bc:dc:e1:70:a1:b0:0a:
                    12:0b:b9:99:44:ea:ac:b0:f1:e8:a9:21:6c:97:00:
                    49:8e:38:1f:79:51:82:49:02:78:a2:fe:05:b8:01:
                    35:11:32:eb:ea:21:e3:f2:c9:20:da:a6:21:a0:5c:
                    7e:0b:04:fa:68:88:c3:b7:b8:02:12:55:d3:dd:74:
                    9c:9a:77:4b:aa:19:75:b7:14:46:e2:50:d9:03:42:
                    86:10:74:f4:db:c2:80:fa:ad:60:91:c6:a5:38:e3:
                    e3:d1:3f:c6:26:e6:59:8a:5b:0a:aa:06:8f:cb:e6:
                    af:13:a5:65:f7:f3:47:4b:41:32:8e:e7:fd:11:bd:
                    07:2b:57:aa:b4:aa:a6:d1:72:33:6b:7c:49:46:07:
                    09:c1:8a:3e:91:17:e8:a5:f0:65:56:25:4e:79:c4:
                    24:be:05:75:c3:05:5c:5b:bd:8b:dd:16:71:00:8e:
                    f5:23:cd:bb:27:34:cf:f4:88:07:f5:7c:33:07:fe:
                    ca:ae:0f:8c:a5:1c:b6:e3:f6:a2:f8:0f:b1:79:a8:
                    d5:29:f4:eb:5b:23:bd:23:74:bc:c0:e7:e0:95:ce:
                    0c:4d:67:03:cd:e8:bc:5b:5e:65:80:b8:52:22:84:
                    02:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:74:17:66:83:AC:71:85:C3:22:11:29:5B:05:DA:36:99:F8:76:B8
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/xHQXZoOscYXDIhEpWwXaNpn4drg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.36.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:89:12:04:a0:ce:63:a7:94:9a:52:98:7f:9e:78:36:53:e7:
         ea:19:3e:36:2f:49:d6:4c:ea:cd:4d:f9:97:c3:05:81:9e:df:
         a5:6e:48:46:b3:e4:da:6c:4a:31:80:e5:32:da:34:bf:c2:b7:
         b3:b7:24:18:23:25:48:99:38:40:e3:1e:ad:a5:05:91:b8:81:
         e2:80:25:27:a4:15:eb:a8:ee:bd:90:4d:51:5c:a3:57:b9:37:
         28:5e:28:7e:e4:ce:1f:c1:b3:e9:50:61:18:70:e7:13:62:32:
         0d:36:0f:6f:a0:9a:36:dc:4f:c5:a2:e2:4b:23:3c:b2:81:7a:
         9c:c2:38:91:e4:5f:76:48:37:d4:a3:26:c5:d3:bd:3b:32:03:
         83:db:c0:31:48:0f:c7:a4:3e:7b:df:72:3f:34:cc:81:8e:e1:
         73:a6:b6:72:c4:e9:44:cd:b0:a3:94:71:48:0d:cc:54:0e:38:
         fb:cc:7c:d4:0d:5f:83:9b:c0:62:cc:bf:34:14:83:97:2b:c8:
         e4:ae:e1:f1:1b:6d:81:15:bf:ad:e0:bc:ab:68:19:2f:b5:24:
         11:ca:42:b2:d5:33:19:07:d8:00:11:e6:b0:41:a9:f2:a0:0e:
         15:f8:f0:b9:e8:fe:c7:06:e1:72:45:e4:b4:c1:f8:1b:c1:f1:
         a9:da:f1:47
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOMKh/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTQ4Y2VkZjE3MDI5ZWQ5OGExMDgxMTNjNmMxMDllY2FjY2Q4MmVjMB4XDTIyMDUx
NzA1MzAzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzQ3NDE3NjY4M2Fj
NzE4NWMzMjIxMTI5NWIwNWRhMzY5OWY4NzZiODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJHhD7oSPGf54hloc8Pl9+2L6pRLUl283OFwobAKEgu5mUTq
rLDx6KkhbJcASY44H3lRgkkCeKL+BbgBNREy6+oh4/LJINqmIaBcfgsE+miIw7e4
AhJV0910nJp3S6oZdbcURuJQ2QNChhB09NvCgPqtYJHGpTjj49E/xibmWYpbCqoG
j8vmrxOlZffzR0tBMo7n/RG9BytXqrSqptFyM2t8SUYHCcGKPpEX6KXwZVYlTnnE
JL4FdcMFXFu9i90WcQCO9SPNuyc0z/SIB/V8Mwf+yq4PjKUctuP2ovgPsXmo1Sn0
61sjvSN0vMDn4JXODE1nA83ovFteZYC4UiKEAuECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTEdBdmg6xxhcMiESlbBdo2mfh2uDAfBgNVHSMEGDAWgBQFSM7fFwKe2YoQ
gRPGwQnsrM2C7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JVak8zeGNDbnRtS0VJRVR4c0VKN0t6Tmd1dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDkvNTQxYzA1LThkN2QtNDJiOC1hYjAwLTdmYmJhZTZmOTQzNy8x
L3hIUVhab09zY1lYREloRXBXd1hhTnBuNGRyZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDkv
NTQxYzA1LThkN2QtNDJiOC1hYjAwLTdmYmJhZTZmOTQzNy8xL0JVak8zeGNDbnRt
S0VJRVR4c0VKN0t6Tmd1dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQkEjANBgkqhkiG9w0BAQsFAAOC
AQEAJYkSBKDOY6eUmlKYf554NlPn6hk+Ni9J1kzqzU35l8MFgZ7fpW5IRrPk2mxK
MYDlMto0v8K3s7ckGCMlSJk4QOMeraUFkbiB4oAlJ6QV66juvZBNUVyjV7k3KF4o
fuTOH8Gz6VBhGHDnE2IyDTYPb6CaNtxPxaLiSyM8soF6nMI4keRfdkg31KMmxdO9
OzIDg9vAMUgPx6Q+e99yPzTMgY7hc6a2csTpRM2wo5RxSA3MVA44+8x81A1fg5vA
Ysy/NBSDlyvI5K7h8RttgRW/reC8q2gZL7UkEcpCstUzGQfYABHmsEGp8qAOFfjw
uej+xwbhckXktMH4G8HxqdrxRw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:07 2024 by rpki-client on console-fra.rpki-client.org