Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/xBzGG7pT7nBvkDHeHdoZQODn5Oo.roa
File:                     xBzGG7pT7nBvkDHeHdoZQODn5Oo.roa (raw, json)
Hash identifier:          QX3ct024orYCOmwqUJ3/D6cCq2Gt1KKBIvW8XSdiw+A=
Subject key identifier:   C4:1C:C6:1B:BA:53:EE:70:6F:90:31:DE:1D:DA:19:40:E0:E7:E4:EA
Certificate issuer:       /CN=b16abdd9420f04ba9c1cd2c34dc7b352988af8d9
Certificate serial:       03AFF563
Authority key identifier: B1:6A:BD:D9:42:0F:04:BA:9C:1C:D2:C3:4D:C7:B3:52:98:8A:F8:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/xBzGG7pT7nBvkDHeHdoZQODn5Oo.roa
Signing time:             Sat 01 Jan 2022 09:53:21 +0000
ROA not before:           Sat 01 Jan 2022 09:53:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8315
IP address blocks:        2.56.171.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 61863267 (0x3aff563)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b16abdd9420f04ba9c1cd2c34dc7b352988af8d9
        Validity
            Not Before: Jan  1 09:53:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c41cc61bba53ee706f9031de1dda1940e0e7e4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a5:23:55:a8:e5:85:34:03:ad:34:7d:c0:5a:
                    26:e2:ff:c9:19:7b:ab:9a:15:b6:16:f7:0a:eb:d1:
                    b9:24:ee:59:0d:15:24:87:90:d2:84:14:1b:5e:99:
                    7a:36:bd:cf:a3:9a:41:39:02:14:ca:db:87:c5:23:
                    f6:3b:52:1f:7f:7a:7b:50:60:1d:4e:5e:01:3b:1c:
                    c0:ab:6e:e0:4e:86:03:ae:a1:d7:aa:ca:4c:4b:6f:
                    89:de:c5:7e:a0:cc:de:9d:8d:f8:a4:85:34:6c:dc:
                    a9:c6:d5:88:ad:da:91:38:a4:f8:5a:80:22:0d:6f:
                    95:f0:fa:17:b0:22:7c:69:58:18:39:14:05:93:b5:
                    1e:44:44:02:ad:ff:b5:fe:6d:60:25:a6:83:47:8d:
                    a8:04:bd:15:18:3a:25:54:6b:32:d0:e4:32:bf:da:
                    04:22:b5:05:e3:2c:20:62:02:c6:09:cb:84:c5:e8:
                    16:3b:d0:34:09:77:30:fc:a3:7b:be:6b:d3:02:30:
                    ca:74:21:76:05:55:98:92:cc:89:61:f2:1d:39:8c:
                    79:c3:5a:12:49:33:75:6d:c7:28:86:d6:4f:2e:bc:
                    1c:00:e9:e4:7b:7e:dd:f5:81:08:b1:bc:f6:f8:d3:
                    7a:f5:f6:ea:79:2b:fb:c3:c4:99:1a:1e:a0:48:fd:
                    c1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:1C:C6:1B:BA:53:EE:70:6F:90:31:DE:1D:DA:19:40:E0:E7:E4:EA
            X509v3 Authority Key Identifier:
                keyid:B1:6A:BD:D9:42:0F:04:BA:9C:1C:D2:C3:4D:C7:B3:52:98:8A:F8:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/xBzGG7pT7nBvkDHeHdoZQODn5Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/sWq92UIPBLqcHNLDTcezUpiK-Nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:af:b0:d5:6e:d3:76:07:6e:a9:96:a6:a3:ab:1e:ab:1a:84:
         94:91:cf:97:48:69:5b:ef:22:bd:d7:9c:77:9b:23:e7:05:3b:
         7e:10:ac:5c:d4:ce:43:ee:67:22:cf:9b:60:c7:e9:b7:fd:7d:
         bc:0a:20:e8:74:21:fc:5d:57:1b:91:8b:f4:d9:e8:63:2c:b8:
         7a:8a:85:67:e2:8e:ce:48:47:ee:f3:17:19:48:00:72:b8:eb:
         cd:b6:2b:d4:f4:0a:d3:ab:fa:e9:ef:44:1e:39:61:d1:ae:51:
         2d:69:2e:1b:4f:d0:35:7e:36:79:9c:0c:e1:4a:19:db:ff:b9:
         5f:a4:3c:86:09:cf:d0:6f:a5:27:a7:45:84:d8:3b:62:fc:d9:
         7d:6b:b9:7d:8d:5a:82:5d:06:10:86:68:12:91:5c:ea:98:61:
         28:d9:fc:a5:58:c8:9d:e1:eb:55:cd:0e:bc:7f:56:37:52:8d:
         e9:77:8a:05:4a:bd:82:0b:18:66:2b:8b:f6:87:d1:10:4b:12:
         e8:5f:2e:d7:72:e9:bd:95:6e:70:ec:d0:67:65:02:5d:d6:3d:
         88:5d:e8:8c:50:da:ad:32:94:06:08:a2:7c:7c:71:18:23:25:
         6a:50:b0:86:83:8c:7f:5d:6a:80:39:c0:33:62:0a:f9:de:f3:
         ce:6d:9c:b4
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA6/1YzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTZhYmRkOTQyMGYwNGJhOWMxY2QyYzM0ZGM3YjM1Mjk4OGFmOGQ5MB4XDTIyMDEw
MTA5NTMyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzQxY2M2MWJiYTUz
ZWU3MDZmOTAzMWRlMWRkYTE5NDBlMGU3ZTRlYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK2lI1Wo5YU0A600fcBaJuL/yRl7q5oVthb3CuvRuSTuWQ0V
JIeQ0oQUG16Zeja9z6OaQTkCFMrbh8Uj9jtSH396e1BgHU5eATscwKtu4E6GA66h
16rKTEtvid7FfqDM3p2N+KSFNGzcqcbViK3akTik+FqAIg1vlfD6F7AifGlYGDkU
BZO1HkREAq3/tf5tYCWmg0eNqAS9FRg6JVRrMtDkMr/aBCK1BeMsIGICxgnLhMXo
FjvQNAl3MPyje75r0wIwynQhdgVVmJLMiWHyHTmMecNaEkkzdW3HKIbWTy68HADp
5Ht+3fWBCLG89vjTevX26nkr+8PEmRoeoEj9wVkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTEHMYbulPucG+QMd4d2hlA4Ofk6jAfBgNVHSMEGDAWgBSxar3ZQg8Eupwc
0sNNx7NSmIr42TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NXcTkyVUlQQkxxY0hOTERUY2V6VXBpSy1Oay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTIvMmFkYzM5LTM2MzAtNDI1Zi1hZjI5LWZiYjBkM2MxMDQyMy8x
L3hCekdHN3BUN25CdmtESGVIZG9aUU9EbjVPby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIv
MmFkYzM5LTM2MzAtNDI1Zi1hZjI5LWZiYjBkM2MxMDQyMy8xL3NXcTkyVUlQQkxx
Y0hOTERUY2V6VXBpSy1Oay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4qzANBgkqhkiG9w0BAQsFAAOC
AQEAV6+w1W7TdgduqZamo6seqxqElJHPl0hpW+8ivdecd5sj5wU7fhCsXNTOQ+5n
Is+bYMfpt/19vAog6HQh/F1XG5GL9NnoYyy4eoqFZ+KOzkhH7vMXGUgAcrjrzbYr
1PQK06v66e9EHjlh0a5RLWkuG0/QNX42eZwM4UoZ2/+5X6Q8hgnP0G+lJ6dFhNg7
YvzZfWu5fY1agl0GEIZoEpFc6phhKNn8pVjIneHrVc0OvH9WN1KN6XeKBUq9ggsY
ZiuL9ofREEsS6F8u13LpvZVucOzQZ2UCXdY9iF3ojFDarTKUBgiifHxxGCMlalCw
hoOMf11qgDnAM2IK+d7zzm2ctA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:48 2024 by rpki-client on console-fra.rpki-client.org