Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/aBQPDJ4B9ggJDKNDTsLfhUQNMLs.roa
File:                     aBQPDJ4B9ggJDKNDTsLfhUQNMLs.roa (raw, json)
Hash identifier:          mrdmKEsMY0j7PAKcf6VQYRV+K+OsL+xAhzOeElCyQFA=
Subject key identifier:   68:14:0F:0C:9E:01:F6:08:09:0C:A3:43:4E:C2:DF:85:44:0D:30:BB
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0184707D2F991FDCA4D105AA0A7170A60AEE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/aBQPDJ4B9ggJDKNDTsLfhUQNMLs.roa
Signing time:             Sun 13 Nov 2022 10:16:03 +0000
ROA not before:           Sun 13 Nov 2022 10:16:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204843
IP address blocks:        163.5.100.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:70:7d:2f:99:1f:dc:a4:d1:05:aa:0a:71:70:a6:0a:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov 13 10:16:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=68140f0c9e01f608090ca3434ec2df85440d30bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:62:49:8c:88:93:14:64:93:5a:f0:e1:f1:c4:
                    8d:cc:25:a8:96:bd:90:d5:d7:95:5f:68:e5:7c:c5:
                    70:31:2d:f2:5d:77:e0:0b:84:d2:29:de:a0:16:7a:
                    df:34:df:6e:a2:d5:40:02:31:4c:8b:8a:6d:d1:9c:
                    ea:a9:c7:95:4e:f5:b0:a8:8a:74:f5:2e:72:ab:ec:
                    ec:89:69:0c:b0:78:87:95:9d:53:02:1e:de:46:c1:
                    56:54:52:ab:07:21:87:20:29:b9:d1:79:e8:7a:3b:
                    3e:d1:e7:45:d9:ab:2f:46:4b:c6:b9:34:7b:b3:57:
                    11:e7:32:4c:1d:3b:f1:6a:8f:b1:0d:39:9e:32:84:
                    d9:91:c5:2b:70:32:64:3c:19:91:84:11:5c:49:7d:
                    7d:2c:1f:04:ec:5b:de:30:3f:0f:72:a6:fb:27:f2:
                    7f:c4:40:a7:8c:d2:9a:9a:3f:10:59:92:4d:bb:c5:
                    ec:bd:b2:53:65:68:c6:2d:a0:c6:4a:38:9a:d6:63:
                    58:8a:7a:7a:de:06:24:f0:0b:24:ef:9e:db:f8:e9:
                    82:2e:5a:6c:ac:a9:1f:5b:b6:43:8d:e5:9c:7f:75:
                    2a:54:41:9c:1f:6c:8f:0d:ba:c7:aa:24:01:1b:66:
                    bb:f7:12:17:6f:f2:1b:59:20:af:0c:57:14:33:9a:
                    50:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:14:0F:0C:9E:01:F6:08:09:0C:A3:43:4E:C2:DF:85:44:0D:30:BB
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/aBQPDJ4B9ggJDKNDTsLfhUQNMLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.100.0/24
                  163.5.159.0/24
                  163.5.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:f2:87:12:30:96:c2:81:80:54:fe:34:ba:af:5a:72:a3:87:
         3d:73:de:ec:e2:01:2e:22:2c:58:8a:84:6c:a3:12:f6:d9:54:
         44:0f:92:04:d0:03:8a:4d:65:9a:02:e2:aa:cb:02:c7:96:fb:
         e3:6e:21:31:c7:6d:e7:01:d3:da:a6:42:a4:b1:7e:f5:6a:b0:
         5b:bc:ff:39:cd:3b:8b:f8:2a:a9:42:f5:e0:35:24:2e:c8:53:
         41:c6:b8:64:28:85:aa:20:c7:86:ab:4a:8d:c3:a2:cc:d1:63:
         10:b7:13:43:9e:85:c0:ce:40:97:a6:8e:07:cb:c3:50:00:88:
         b1:13:e9:fe:82:99:05:ef:46:39:98:e6:c2:62:2a:a2:b2:0d:
         36:86:a0:6c:1a:9d:06:e0:95:94:25:c0:5e:a8:11:f9:68:e8:
         01:e8:54:a2:6f:7f:96:4c:80:79:e6:18:63:86:b5:7c:82:2c:
         7b:2e:a2:f4:4f:a8:d5:3c:06:6c:84:79:3e:ad:5b:a8:90:b7:
         19:cf:8b:be:59:39:d7:de:5f:a0:9e:97:a1:f2:78:1b:20:1a:
         ef:86:84:64:fd:e3:3d:84:71:1d:1d:a0:53:ae:bb:2f:d5:49:
         63:dc:95:c0:a6:d0:60:d4:8f:52:ae:ea:26:b1:a4:ce:36:58:
         d9:9f:af:a4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYRwfS+ZH9yk0QWqCnFwpgruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMTEzMTAxNjAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODE0MGYwYzllMDFmNjA4MDkwY2EzNDM0ZWMyZGY4NTQ0MGQzMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGJJjIiTFGSTWvDh8cSNzCWolr2Q
1deVX2jlfMVwMS3yXXfgC4TSKd6gFnrfNN9uotVAAjFMi4pt0ZzqqceVTvWwqIp0
9S5yq+zsiWkMsHiHlZ1TAh7eRsFWVFKrByGHICm50Xnoejs+0edF2asvRkvGuTR7
s1cR5zJMHTvxao+xDTmeMoTZkcUrcDJkPBmRhBFcSX19LB8E7FveMD8Pcqb7J/J/
xECnjNKamj8QWZJNu8XsvbJTZWjGLaDGSjia1mNYinp63gYk8Ask757b+OmCLlps
rKkfW7ZDjeWcf3UqVEGcH2yPDbrHqiQBG2a79xIXb/IbWSCvDFcUM5pQxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGgUDwyeAfYICQyjQ07C34VEDTC7MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvYUJRUERKNEI5Z2dKREtORFRzTGZoVVFOTUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVkAwQA
owWfAwQAowXlMA0GCSqGSIb3DQEBCwUAA4IBAQB78ocSMJbCgYBU/jS6r1pyo4c9
c97s4gEuIixYioRsoxL22VRED5IE0AOKTWWaAuKqywLHlvvjbiExx23nAdPapkKk
sX71arBbvP85zTuL+CqpQvXgNSQuyFNBxrhkKIWqIMeGq0qNw6LM0WMQtxNDnoXA
zkCXpo4Hy8NQAIixE+n+gpkF70Y5mObCYiqisg02hqBsGp0G4JWUJcBeqBH5aOgB
6FSib3+WTIB55hhjhrV8gix7LqL0T6jVPAZshHk+rVuokLcZz4u+WTnX3l+gnpeh
8ngbIBrvhoRk/eM9hHEdHaBTrrsv1Ulj3JXAptBg1I9SruomsaTONljZn6+k
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:33 2024 by rpki-client on console-ams.rpki-client.org