Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/r852UmN1gIW7uto436nH8_EXXOY.roa
File:                     r852UmN1gIW7uto436nH8_EXXOY.roa (raw, json)
Hash identifier:          JLUibSWRdcZg2mTCXbuP0e4LFbTA4bzMDM2FA4iiSpk=
Subject key identifier:   AF:CE:76:52:63:75:80:85:BB:BA:DA:38:DF:A9:C7:F3:F1:17:5C:E6
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01839F0BFBFB70B9D92F2E17F5BE9B07F6F9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/r852UmN1gIW7uto436nH8_EXXOY.roa
Signing time:             Mon 03 Oct 2022 18:11:46 +0000
ROA not before:           Mon 03 Oct 2022 18:11:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210703
IP address blocks:        163.5.121.0/24 maxlen: 24
                          163.5.145.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:9f:0b:fb:fb:70:b9:d9:2f:2e:17:f5:be:9b:07:f6:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct  3 18:11:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=afce765263758085bbbada38dfa9c7f3f1175ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:54:b4:5a:c5:59:15:53:5a:b1:3c:17:02:21:
                    af:99:48:e7:5c:b9:64:c7:27:60:dd:72:cb:37:64:
                    e5:e0:c0:6d:ae:61:64:cf:e8:52:ac:cb:ae:11:b6:
                    22:63:e6:1d:a3:a1:ec:a7:aa:40:cb:3f:f3:f2:a0:
                    5f:d0:31:3b:0b:a1:1c:e8:29:af:78:cd:1a:a7:f9:
                    f4:a7:e3:71:8d:75:cf:c9:6f:de:76:4d:cf:bc:49:
                    62:a9:f5:69:46:ff:89:59:37:2c:3d:29:e4:66:22:
                    14:85:91:51:ff:69:35:ed:d6:80:e4:ed:f6:9e:98:
                    8c:fb:ea:ef:a4:07:43:30:c4:e7:d7:cd:a9:34:90:
                    14:95:07:b7:7b:61:86:3e:f6:23:3e:af:e1:cc:77:
                    41:9d:22:d2:68:a8:17:d2:ad:77:2e:a9:94:c1:cb:
                    8a:52:b2:4b:7e:be:74:0d:5a:9d:dd:dc:e1:1c:c6:
                    e8:6c:c3:16:62:ac:5a:e2:0c:19:c4:03:81:d2:fd:
                    b7:17:2d:4f:c1:b6:26:6f:aa:7a:b8:03:e7:37:93:
                    8c:ca:62:e7:7a:1b:0e:7b:ac:6b:cd:28:1f:07:0f:
                    1d:da:0e:01:f6:9e:2c:23:da:64:70:19:c9:c9:97:
                    8e:53:14:6f:ec:9c:3d:ab:82:5d:6e:ae:0b:a5:46:
                    5d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:CE:76:52:63:75:80:85:BB:BA:DA:38:DF:A9:C7:F3:F1:17:5C:E6
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/r852UmN1gIW7uto436nH8_EXXOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.121.0/24
                  163.5.144.0/23
                  163.5.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:20:88:94:18:78:a3:36:a5:b7:15:56:9e:33:2f:2f:9c:ce:
         3e:56:d1:47:f9:9e:a8:67:89:49:69:4b:13:7e:18:a7:e6:e3:
         31:19:fd:49:d8:e0:7e:78:1c:11:a4:99:38:2e:64:01:e8:2e:
         52:c3:ad:82:ed:40:64:39:f2:70:22:3c:02:41:23:3a:75:9c:
         f5:5a:e9:b4:e1:f2:34:e9:c0:43:92:04:79:a2:36:bc:fc:9c:
         55:e6:1b:64:06:3a:0b:3a:6f:e2:05:40:76:08:f1:0c:a3:57:
         96:ce:c6:3b:cb:d5:7a:8e:bf:ff:1c:44:8c:b0:36:70:5c:bd:
         ed:8d:4b:3c:52:a2:f7:fc:a1:ba:33:a6:a9:f5:cb:06:c0:d1:
         a5:3c:77:5a:48:2d:24:b5:1a:16:4a:9a:da:c8:f0:6b:98:80:
         9c:9a:86:5d:36:bf:e0:69:79:50:45:71:11:98:6b:74:97:45:
         37:e5:e4:a5:df:b2:f8:39:a0:f3:b4:fb:d6:1d:b1:da:0a:34:
         78:e9:ae:ae:9e:39:bb:c6:bc:d9:f2:4e:e4:cc:b2:2e:0f:3e:
         a3:76:32:49:68:a2:90:7b:c6:d1:de:76:48:3b:e8:35:61:d2:
         70:6a:c0:7b:1e:42:b4:cb:e0:78:46:a2:ef:83:17:12:cf:84:
         cf:7c:a5:84
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYOfC/v7cLnZLy4X9b6bB/b5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMDAzMTgxMTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNlNzY1MjYzNzU4MDg1YmJiYWRhMzhkZmE5YzdmM2YxMTc1Y2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFS0WsVZFVNasTwXAiGvmUjnXLlk
xydg3XLLN2Tl4MBtrmFkz+hSrMuuEbYiY+Ydo6Hsp6pAyz/z8qBf0DE7C6Ec6Cmv
eM0ap/n0p+NxjXXPyW/edk3PvEliqfVpRv+JWTcsPSnkZiIUhZFR/2k17daA5O32
npiM++rvpAdDMMTn182pNJAUlQe3e2GGPvYjPq/hzHdBnSLSaKgX0q13LqmUwcuK
UrJLfr50DVqd3dzhHMbobMMWYqxa4gwZxAOB0v23Fy1PwbYmb6p6uAPnN5OMymLn
ehsOe6xrzSgfBw8d2g4B9p4sI9pkcBnJyZeOUxRv7Jw9q4Jdbq4LpUZdPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK/OdlJjdYCFu7raON+px/PxF1zmMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcjg1MlVtTjFnSVc3dXRvNDM2bkg4X0VYWE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowV5AwQB
owWQAwQAowWoMA0GCSqGSIb3DQEBCwUAA4IBAQCYIIiUGHijNqW3FVaeMy8vnM4+
VtFH+Z6oZ4lJaUsTfhin5uMxGf1J2OB+eBwRpJk4LmQB6C5Sw62C7UBkOfJwIjwC
QSM6dZz1Wum04fI06cBDkgR5oja8/JxV5htkBjoLOm/iBUB2CPEMo1eWzsY7y9V6
jr//HESMsDZwXL3tjUs8UqL3/KG6M6ap9csGwNGlPHdaSC0ktRoWSprayPBrmICc
moZdNr/gaXlQRXERmGt0l0U35eSl37L4OaDztPvWHbHaCjR46a6unjm7xrzZ8k7k
zLIuDz6jdjJJaKKQe8bR3nZIO+g1YdJwasB7HkK0y+B4RqLvgxcSz4TPfKWE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:08 2024 by rpki-client on console-fra.rpki-client.org