Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/68VTnPqNo8Lw2iAs_y-VmvaJdRw.roa
File:                     68VTnPqNo8Lw2iAs_y-VmvaJdRw.roa (raw, json)
Hash identifier:          +pRfn6OqylUr5nWwGiLWk8fVaRfhJrCSA8+I0dK3Rbo=
Subject key identifier:   EB:C5:53:9C:FA:8D:A3:C2:F0:DA:20:2C:FF:2F:95:9A:F6:89:75:1C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01833B35852A2037CBA7E2D85AFF27033EF0
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/68VTnPqNo8Lw2iAs_y-VmvaJdRw.roa
Signing time:             Wed 14 Sep 2022 08:55:06 +0000
ROA not before:           Wed 14 Sep 2022 08:55:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60546
IP address blocks:        163.5.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3b:35:85:2a:20:37:cb:a7:e2:d8:5a:ff:27:03:3e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 14 08:55:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ebc5539cfa8da3c2f0da202cff2f959af689751c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:15:17:e3:05:53:12:c6:92:9c:17:cd:c3:24:
                    7f:51:f1:a5:df:98:e5:3b:95:0b:81:a8:1d:15:5c:
                    48:b0:d8:5b:27:f9:e6:d2:77:20:fb:4b:ac:ae:da:
                    c4:be:e6:6b:df:c6:38:2b:00:6a:4a:13:8c:a8:9a:
                    61:f5:35:cb:b0:89:42:be:04:4d:04:b2:02:2f:1e:
                    7a:ee:1b:77:b6:6b:93:66:73:49:a9:e7:1c:5a:ee:
                    31:27:77:ec:dd:9d:9e:8d:da:32:fe:6a:3f:68:b8:
                    ba:48:87:05:b9:66:73:85:cb:45:3d:ac:1c:ec:7e:
                    7f:8a:1c:70:29:c4:21:09:c9:97:27:5d:e3:7a:ce:
                    aa:5a:6d:21:b2:3b:0a:ea:6d:72:e4:f2:ac:b8:3b:
                    99:7b:cf:c9:eb:92:e9:a1:39:28:eb:a9:13:6b:9e:
                    19:50:f9:c5:b3:7c:08:4a:72:94:d9:bb:d9:cf:7d:
                    9f:71:8f:9b:f9:f0:85:c1:c0:f7:7e:cc:cc:79:b4:
                    09:32:b6:24:08:84:53:7b:68:3b:be:2f:6d:e4:2a:
                    09:a5:43:e4:d0:30:44:29:be:80:fc:0b:84:86:18:
                    a9:96:d8:39:03:3b:e7:7d:07:08:98:65:e1:75:d7:
                    d8:c1:01:62:ce:4a:60:e2:4b:2d:bd:e5:20:16:f6:
                    35:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C5:53:9C:FA:8D:A3:C2:F0:DA:20:2C:FF:2F:95:9A:F6:89:75:1C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/68VTnPqNo8Lw2iAs_y-VmvaJdRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:98:cb:44:d8:da:38:5e:2c:4e:72:08:c5:a8:4d:94:10:da:
         dd:d5:a1:18:98:ab:e9:ea:ad:bd:b6:7e:1f:3c:88:c2:a6:f7:
         f4:92:e3:10:34:d0:d7:3a:33:ef:7d:b2:63:e8:05:0c:34:83:
         36:a7:7d:e5:95:46:ad:e3:62:85:75:2b:fd:5c:eb:cd:60:8d:
         7a:a7:4f:0e:2a:51:37:8a:7f:9f:bf:9c:a7:3d:e6:14:48:a7:
         76:ce:ab:41:93:9c:1d:cf:24:78:e6:b0:9b:28:78:ec:10:82:
         b4:b5:c8:bf:a9:50:a7:a4:7d:7a:fe:bc:d2:fb:da:80:75:c8:
         09:59:10:bb:66:51:ab:a1:7e:c3:9d:95:e4:81:4a:df:95:92:
         04:28:89:29:d8:9a:4d:29:f8:67:cd:f6:01:2f:54:9f:25:d8:
         0d:72:30:a7:f8:54:ee:a8:01:af:ef:14:af:72:1f:38:7a:01:
         c2:2b:8a:83:50:c0:50:15:4c:9e:48:28:c9:5c:1a:83:d4:3a:
         0b:c6:e3:c3:03:b3:15:5c:f6:b1:fc:10:1c:81:ee:ee:af:40:
         12:6e:fd:04:e5:6e:17:89:93:21:c8:9a:ac:26:04:51:d2:9f:
         54:7e:2f:76:fe:9a:39:94:6b:74:31:f1:bf:21:2a:d9:6f:7d:
         e0:e1:70:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYM7NYUqIDfLp+LYWv8nAz7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIwOTE0MDg1NTA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM1NTM5Y2ZhOGRhM2MyZjBkYTIwMmNmZjJmOTU5YWY2ODk3NTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhUX4wVTEsaSnBfNwyR/UfGl35jl
O5ULgagdFVxIsNhbJ/nm0ncg+0usrtrEvuZr38Y4KwBqShOMqJph9TXLsIlCvgRN
BLICLx567ht3tmuTZnNJqeccWu4xJ3fs3Z2ejdoy/mo/aLi6SIcFuWZzhctFPawc
7H5/ihxwKcQhCcmXJ13jes6qWm0hsjsK6m1y5PKsuDuZe8/J65LpoTko66kTa54Z
UPnFs3wISnKU2bvZz32fcY+b+fCFwcD3fszMebQJMrYkCIRTe2g7vi9t5CoJpUPk
0DBEKb6A/AuEhhipltg5AzvnfQcImGXhddfYwQFizkpg4kstveUgFvY1CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvFU5z6jaPC8NogLP8vlZr2iXUcMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNjhWVG5QcU5vOEx3MmlBc195LVZtdmFKZFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowV4MA0G
CSqGSIb3DQEBCwUAA4IBAQAAmMtE2No4XixOcgjFqE2UENrd1aEYmKvp6q29tn4f
PIjCpvf0kuMQNNDXOjPvfbJj6AUMNIM2p33llUat42KFdSv9XOvNYI16p08OKlE3
in+fv5ynPeYUSKd2zqtBk5wdzyR45rCbKHjsEIK0tci/qVCnpH16/rzS+9qAdcgJ
WRC7ZlGroX7DnZXkgUrflZIEKIkp2JpNKfhnzfYBL1SfJdgNcjCn+FTuqAGv7xSv
ch84egHCK4qDUMBQFUyeSCjJXBqD1DoLxuPDA7MVXPax/BAcge7ur0ASbv0E5W4X
iZMhyJqsJgRR0p9Ufi92/po5lGt0MfG/ISrZb33g4XCo
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:28 2024 by rpki-client on console-ams.rpki-client.org