Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/dxRBBMQ8XSd8IKFT90THWKzKVTU.roa
File:                     dxRBBMQ8XSd8IKFT90THWKzKVTU.roa (raw, json)
Hash identifier:          ygySqyKPPnmq4vCgMxHlFhBd3/JG4AAc8d4aTnWyMho=
Subject key identifier:   77:14:41:04:C4:3C:5D:27:7C:20:A1:53:F7:44:C7:58:AC:CA:55:35
Certificate issuer:       /CN=c4b21c89bc7e2b214067f30707a4a03dc346ee05
Certificate serial:       018412E2A042B75C4241DC4EC0F47AB6F39B
Authority key identifier: C4:B2:1C:89:BC:7E:2B:21:40:67:F3:07:07:A4:A0:3D:C3:46:EE:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/dxRBBMQ8XSd8IKFT90THWKzKVTU.roa
Signing time:             Wed 26 Oct 2022 06:02:32 +0000
ROA not before:           Wed 26 Oct 2022 06:02:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205893
IP address blocks:        45.11.40.0/24 maxlen: 24
                          185.202.242.0/24 maxlen: 24
                          185.202.243.0/24 maxlen: 24
                          185.202.241.0/24 maxlen: 24
                          185.202.240.0/24 maxlen: 24
                          2a0a:e246::/32 maxlen: 32
                          2a0a:e245::/32 maxlen: 32
                          2a0a:e242::/32 maxlen: 32
                          2a0a:e241::/32 maxlen: 32
                          2a0a:e244::/32 maxlen: 32
                          2a0a:e247::/32 maxlen: 32
                          2a0a:e240::/32 maxlen: 32
                          2a0a:e243::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:12:e2:a0:42:b7:5c:42:41:dc:4e:c0:f4:7a:b6:f3:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b21c89bc7e2b214067f30707a4a03dc346ee05
        Validity
            Not Before: Oct 26 06:02:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=77144104c43c5d277c20a153f744c758acca5535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:48:c4:48:62:65:22:8d:02:7e:49:c3:0a:9b:
                    a1:7f:ce:87:9f:a7:05:d6:3c:2c:3f:f8:84:e3:69:
                    49:33:df:96:ec:60:8e:a4:a1:36:c7:9b:66:d4:86:
                    7a:40:9c:8f:65:db:c7:4c:0e:ed:3c:cd:a7:88:a7:
                    d2:5b:58:9b:35:bf:4a:61:6d:e3:32:4f:de:94:cd:
                    b3:6e:4c:f7:29:a8:9e:a2:0b:11:cc:ea:d1:f5:ad:
                    07:8f:81:91:2e:54:c9:3a:18:42:c9:71:9f:90:bf:
                    ee:c4:dd:a8:b5:9e:c6:c3:51:ea:0c:83:0c:5f:ef:
                    26:1b:85:25:84:27:29:2d:d9:46:1b:91:06:f5:86:
                    27:8f:8d:84:8f:ef:56:b7:a3:36:f5:66:ee:a5:63:
                    d9:8f:b0:71:93:38:88:fa:b7:31:87:13:28:db:51:
                    38:33:04:6a:3e:a6:a0:be:fc:35:ee:25:29:c5:f0:
                    48:ee:f7:ec:e0:1d:e3:e2:2d:59:02:c5:3a:e8:94:
                    a7:7d:a6:89:1a:80:ed:d2:dc:e6:f1:e6:fc:72:6d:
                    8a:1d:92:86:04:3a:73:95:97:10:77:5a:01:0a:02:
                    59:f0:f1:d0:9a:5d:12:a2:07:30:c8:f7:d2:d6:eb:
                    da:ee:31:cd:52:74:08:c1:ee:cb:a4:12:0e:36:b0:
                    d2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:14:41:04:C4:3C:5D:27:7C:20:A1:53:F7:44:C7:58:AC:CA:55:35
            X509v3 Authority Key Identifier:
                keyid:C4:B2:1C:89:BC:7E:2B:21:40:67:F3:07:07:A4:A0:3D:C3:46:EE:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/dxRBBMQ8XSd8IKFT90THWKzKVTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/xLIcibx-KyFAZ_MHB6SgPcNG7gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.40.0/24
                  185.202.240.0/22
                IPv6:
                  2a0a:e240::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:52:eb:ea:ce:b2:e1:d1:62:d0:4f:46:d3:45:ba:56:e5:3e:
         c6:45:71:21:9a:91:61:9c:21:65:3d:1d:16:61:30:99:c2:5d:
         f6:6a:c3:98:50:96:2c:9d:57:ba:33:99:51:4a:b8:c2:59:4d:
         01:c5:9f:bc:04:a9:bc:5b:b4:f4:36:c6:a7:02:95:46:b8:67:
         de:b7:d2:1e:5f:e7:39:21:c7:57:a8:24:de:ae:f3:fd:88:39:
         a1:18:e6:fd:b5:70:c4:0c:1d:e4:2c:68:ea:e4:f5:6a:39:0b:
         98:85:f3:3c:3d:55:b5:92:f0:72:87:ec:1f:3c:9a:e3:45:4f:
         5f:24:c0:f6:ed:bf:27:a0:c3:7e:a5:02:b6:f8:bd:d1:68:48:
         c4:b6:2c:4c:1b:5d:e7:de:91:b0:7f:b9:78:d2:ad:11:e4:c9:
         5d:3d:b3:d4:ab:eb:25:18:2a:90:33:5f:a6:79:fb:9c:6e:21:
         82:15:31:a6:7d:21:94:63:3b:25:87:9f:4a:63:a8:77:82:72:
         e5:f3:9b:ab:a9:3f:ca:9c:86:c8:20:b8:3a:53:c6:4c:17:fd:
         fc:82:eb:62:fb:15:3c:f0:53:b3:28:e7:75:b8:7a:69:41:43:
         73:61:c6:fe:fa:d7:14:2a:99:b0:9b:02:05:05:fb:cb:c8:a0:
         0e:c6:0e:29
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYQS4qBCt1xCQdxOwPR6tvObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjIxYzg5YmM3ZTJiMjE0MDY3ZjMwNzA3YTRhMDNkYzM0
NmVlMDUwHhcNMjIxMDI2MDYwMjMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzE0NDEwNGM0M2M1ZDI3N2MyMGExNTNmNzQ0Yzc1OGFjY2E1NTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkjESGJlIo0CfknDCpuhf86Hn6cF
1jwsP/iE42lJM9+W7GCOpKE2x5tm1IZ6QJyPZdvHTA7tPM2niKfSW1ibNb9KYW3j
Mk/elM2zbkz3KaieogsRzOrR9a0Hj4GRLlTJOhhCyXGfkL/uxN2otZ7Gw1HqDIMM
X+8mG4UlhCcpLdlGG5EG9YYnj42Ej+9Wt6M29WbupWPZj7BxkziI+rcxhxMo21E4
MwRqPqagvvw17iUpxfBI7vfs4B3j4i1ZAsU66JSnfaaJGoDt0tzm8eb8cm2KHZKG
BDpzlZcQd1oBCgJZ8PHQml0SogcwyPfS1uva7jHNUnQIwe7LpBIONrDSVwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHcUQQTEPF0nfCChU/dEx1isylU1MB8GA1UdIwQY
MBaAFMSyHIm8fishQGfzBwekoD3DRu4FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExJY2lieC1LeUZBWl9NSEI2U2dQY05HN2dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82MTM3YjgtMTM4My00YjcxLWExODkt
MDYzYjQwMTc0NTk3LzEvZHhSQkJNUThYU2Q4SUtGVDkwVEhXS3pLVlRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82MTM3YjgtMTM4My00YjcxLWExODktMDYzYjQwMTc0NTk3
LzEveExJY2lieC1LeUZBWl9NSEI2U2dQY05HN2dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALQsoAwQC
ucrwMA0EAgACMAcDBQMqCuJAMA0GCSqGSIb3DQEBCwUAA4IBAQBZUuvqzrLh0WLQ
T0bTRbpW5T7GRXEhmpFhnCFlPR0WYTCZwl32asOYUJYsnVe6M5lRSrjCWU0BxZ+8
BKm8W7T0NsanApVGuGfet9IeX+c5IcdXqCTervP9iDmhGOb9tXDEDB3kLGjq5PVq
OQuYhfM8PVW1kvByh+wfPJrjRU9fJMD27b8noMN+pQK2+L3RaEjEtixMG13n3pGw
f7l40q0R5MldPbPUq+slGCqQM1+mefucbiGCFTGmfSGUYzslh59KY6h3gnLl85ur
qT/KnIbIILg6U8ZMF/38guti+xU88FOzKOd1uHppQUNzYcb++tcUKpmwmwIFBfvL
yKAOxg4p
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:49 2024 by rpki-client on console-fra.rpki-client.org