Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NfUZ6MQsgX6R-HeT-285OSa6-GA.roa
File:                     NfUZ6MQsgX6R-HeT-285OSa6-GA.roa (raw, json)
Hash identifier:          SYT0QQxcX7TrSiN0VDz38Lqyl7h0ITA4skHU3mFaLUc=
Subject key identifier:   35:F5:19:E8:C4:2C:81:7E:91:F8:77:93:FB:6F:39:39:26:BA:F8:60
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01834568DA07D0145CB8BF1334D0C4D78522
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NfUZ6MQsgX6R-HeT-285OSa6-GA.roa
Signing time:             Fri 16 Sep 2022 08:27:22 +0000
ROA not before:           Fri 16 Sep 2022 08:27:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     40676
IP address blocks:        163.5.240.0/24 maxlen: 24
                          163.5.238.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.244.0/24 maxlen: 24
                          163.5.255.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:45:68:da:07:d0:14:5c:b8:bf:13:34:d0:c4:d7:85:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 16 08:27:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=35f519e8c42c817e91f87793fb6f393926baf860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:56:53:88:23:44:a7:44:28:51:f0:ab:b4:65:
                    23:80:03:4f:5a:11:6c:2b:0b:ff:d5:ff:bc:10:2e:
                    25:2b:20:5f:bc:2a:53:c2:1e:87:20:93:12:c7:a1:
                    7a:b2:80:83:db:6d:dd:93:bb:e8:ef:93:30:2f:51:
                    82:28:62:a3:58:fb:fc:18:d9:01:a3:d0:4f:f7:57:
                    f3:51:ab:77:58:cc:76:c0:fd:1d:1d:2b:94:48:b1:
                    8e:5f:96:5a:30:b8:86:c2:d4:37:37:64:d3:2a:83:
                    45:44:80:36:c8:6f:1d:85:83:0d:ff:91:8d:f4:f5:
                    c6:ed:cc:a8:51:44:3e:0e:fe:82:f8:d0:9f:fe:81:
                    ce:ba:2d:cd:2d:e0:c5:10:ae:9b:d8:56:36:ca:ac:
                    b4:14:00:05:d2:14:6a:64:6d:a3:32:79:c1:f8:3a:
                    b1:04:e9:52:b9:79:f1:ab:35:68:58:72:4c:5b:61:
                    2e:2b:ff:1e:66:a4:39:df:85:ac:c3:be:0f:23:9e:
                    43:4c:70:3b:c3:7b:a1:e2:83:61:d5:3d:2e:89:c3:
                    e3:f0:f2:1c:de:77:fe:56:cf:1d:9c:7d:83:3b:68:
                    67:32:b9:b3:9d:be:70:79:95:24:c8:ee:33:c8:6b:
                    03:04:a6:0d:06:f5:50:47:59:9d:2c:e4:96:ba:e0:
                    86:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F5:19:E8:C4:2C:81:7E:91:F8:77:93:FB:6F:39:39:26:BA:F8:60
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NfUZ6MQsgX6R-HeT-285OSa6-GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.139.0/24
                  163.5.238.0/24
                  163.5.240.0/24
                  163.5.244.0/24
                  163.5.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:45:a4:12:69:27:6c:42:7c:3f:a3:7a:fc:03:0e:17:7b:5c:
         c6:ca:f0:a9:f1:df:11:cc:08:a2:1e:66:1b:f7:f3:09:a9:bb:
         dd:82:08:9e:8b:75:8f:a4:60:69:e7:c2:43:6f:6f:c2:15:09:
         f1:ec:b2:9f:ff:67:04:66:71:82:00:3d:c6:85:68:cf:a9:e1:
         f9:48:34:a1:a0:6a:f3:ac:9f:8e:af:01:27:9c:ed:25:fa:ae:
         f9:95:c7:77:56:01:89:34:1a:a4:16:a1:a3:a5:38:de:57:48:
         64:85:2e:58:aa:38:eb:a1:0d:75:61:53:c6:bc:16:6b:de:51:
         fe:c5:fe:1e:61:55:ea:37:0e:a6:e7:8e:f6:a5:34:df:78:29:
         dc:fc:53:db:54:93:8f:d9:2a:98:a6:77:d6:14:75:26:10:2b:
         9c:db:2b:48:f3:f3:a5:14:e3:6b:d0:36:30:9c:b6:f3:3c:b4:
         32:a1:ac:ed:e0:47:25:0c:3f:50:95:de:97:58:24:1c:be:9c:
         4b:98:f8:c6:4b:3f:6c:5f:3d:6b:b4:55:8c:d8:fa:84:59:85:
         1c:d3:c2:9f:48:5f:dd:5f:ac:b8:b7:9f:aa:69:95:24:70:47:
         3f:0b:71:63:d5:59:9b:ad:28:e4:2c:f4:26:b2:63:03:a6:bc:
         d1:cd:ca:e4
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYNFaNoH0BRcuL8TNNDE14UiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIwOTE2MDgyNzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWY1MTllOGM0MmM4MTdlOTFmODc3OTNmYjZmMzkzOTI2YmFmODYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+VZTiCNEp0QoUfCrtGUjgANPWhFs
Kwv/1f+8EC4lKyBfvCpTwh6HIJMSx6F6soCD223dk7vo75MwL1GCKGKjWPv8GNkB
o9BP91fzUat3WMx2wP0dHSuUSLGOX5ZaMLiGwtQ3N2TTKoNFRIA2yG8dhYMN/5GN
9PXG7cyoUUQ+Dv6C+NCf/oHOui3NLeDFEK6b2FY2yqy0FAAF0hRqZG2jMnnB+Dqx
BOlSuXnxqzVoWHJMW2EuK/8eZqQ534Wsw74PI55DTHA7w3uh4oNh1T0uicPj8PIc
3nf+Vs8dnH2DO2hnMrmznb5weZUkyO4zyGsDBKYNBvVQR1mdLOSWuuCG5QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDX1GejELIF+kfh3k/tvOTkmuvhgMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTmZVWjZNUXNnWDZSLUhlVC0yODVPU2E2LUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAowWLAwQA
owXuAwQAowXwAwQAowX0AwQAowX/MA0GCSqGSIb3DQEBCwUAA4IBAQCzRaQSaSds
Qnw/o3r8Aw4Xe1zGyvCp8d8RzAiiHmYb9/MJqbvdggiei3WPpGBp58JDb2/CFQnx
7LKf/2cEZnGCAD3GhWjPqeH5SDShoGrzrJ+OrwEnnO0l+q75lcd3VgGJNBqkFqGj
pTjeV0hkhS5YqjjroQ11YVPGvBZr3lH+xf4eYVXqNw6m5472pTTfeCnc/FPbVJOP
2SqYpnfWFHUmECuc2ytI8/OlFONr0DYwnLbzPLQyoazt4EclDD9Qld6XWCQcvpxL
mPjGSz9sXz1rtFWM2PqEWYUc08KfSF/dX6y4t5+qaZUkcEc/C3Fj1VmbrSjkLPQm
smMDprzRzcrk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:05 2024 by rpki-client on console-fra.rpki-client.org