Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/XRqUdqs4k7qTs76mS6ulx4U8aRQ.roa
File:                     XRqUdqs4k7qTs76mS6ulx4U8aRQ.roa (raw, json)
Hash identifier:          Y//XqpY4c5AA9a5O58kCpqEqHbtMFDFtXHydBQsg2dA=
Subject key identifier:   5D:1A:94:76:AB:38:93:BA:93:B3:BE:A6:4B:AB:A5:C7:85:3C:69:14
Certificate issuer:       /CN=2283711bd7ab13da3d11f25bb57a4f483c1f99ac
Certificate serial:       12C9D87C
Authority key identifier: 22:83:71:1B:D7:AB:13:DA:3D:11:F2:5B:B5:7A:4F:48:3C:1F:99:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IoNxG9erE9o9EfJbtXpPSDwfmaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/XRqUdqs4k7qTs76mS6ulx4U8aRQ.roa
Signing time:             Sat 01 Jan 2022 14:04:27 +0000
ROA not before:           Sat 01 Jan 2022 14:04:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47947
IP address blocks:        185.139.244.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 315218044 (0x12c9d87c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2283711bd7ab13da3d11f25bb57a4f483c1f99ac
        Validity
            Not Before: Jan  1 14:04:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d1a9476ab3893ba93b3bea64baba5c7853c6914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3f:06:64:c8:ce:70:c4:e7:e1:5e:d0:8b:ac:
                    a3:bf:5a:1b:03:91:07:03:f6:d3:df:98:9c:e0:b6:
                    80:88:55:d3:d5:6c:5b:18:8e:21:fc:3e:3c:42:36:
                    fb:9a:85:cc:e9:4f:cd:bd:df:23:b4:1d:45:77:13:
                    d7:0f:85:a3:10:0c:50:be:eb:2e:64:e5:6b:99:0c:
                    fc:6d:01:27:ea:0e:b5:b2:0b:f2:64:17:ca:8f:3e:
                    65:d6:ec:41:c5:29:d0:22:60:16:ab:3e:99:34:ad:
                    07:2e:3b:b6:85:af:93:85:90:dc:af:43:01:a5:e9:
                    83:7e:44:c1:49:6d:83:2f:c3:70:b4:d8:1d:f1:ba:
                    17:13:e4:07:e4:5e:9d:6d:68:32:e3:77:a2:79:e6:
                    6e:d9:27:35:76:2a:1d:81:9a:89:d1:e3:bd:7a:60:
                    38:92:d4:09:e9:de:ba:c4:1c:4b:84:fd:5d:ff:5a:
                    a9:46:a5:79:8c:fb:05:9b:ee:d9:4f:8d:f5:43:bb:
                    64:3f:0d:ca:98:2e:fb:a7:42:3e:96:9d:60:b4:b8:
                    fd:fc:c5:71:d2:49:52:52:6b:61:7a:40:e8:97:26:
                    99:4d:56:34:44:6c:fe:bc:c3:87:f3:55:95:d4:54:
                    53:99:73:57:14:11:0d:17:1c:42:60:1c:d1:d3:d7:
                    0d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:1A:94:76:AB:38:93:BA:93:B3:BE:A6:4B:AB:A5:C7:85:3C:69:14
            X509v3 Authority Key Identifier:
                keyid:22:83:71:1B:D7:AB:13:DA:3D:11:F2:5B:B5:7A:4F:48:3C:1F:99:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IoNxG9erE9o9EfJbtXpPSDwfmaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/XRqUdqs4k7qTs76mS6ulx4U8aRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/IoNxG9erE9o9EfJbtXpPSDwfmaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:ba:51:e2:0b:96:5c:6a:1a:92:70:35:25:82:12:d6:63:e5:
         f3:56:b9:bd:08:b6:f6:fa:df:5a:d3:d5:03:2d:b0:ba:64:eb:
         1e:a8:30:61:88:77:08:54:ac:a1:b9:2c:67:0f:81:29:15:3d:
         f7:b5:c7:a2:83:f5:aa:dd:19:ec:99:8e:b0:f0:66:75:26:11:
         b1:f6:19:bc:89:00:9d:78:37:da:10:01:fe:0e:13:64:58:44:
         50:3d:0c:9c:e7:51:7a:3b:ed:54:19:56:5b:1d:84:1a:77:48:
         bc:59:81:ec:35:a7:e6:4f:4d:fd:32:4b:45:9a:5d:79:6f:34:
         ea:04:6f:81:7d:69:4d:b5:aa:7f:0e:e2:08:ae:27:96:94:69:
         db:63:a0:ca:e6:0b:a5:ae:41:d9:de:d9:5d:65:bb:5a:d5:76:
         c6:a0:d0:ce:ee:35:e5:f9:19:5f:41:d0:39:d9:cb:2e:2d:21:
         e7:04:a6:f2:fd:34:e4:eb:63:5f:ff:c5:f7:a2:99:17:c9:2a:
         47:e1:a1:3f:25:ad:5b:47:6f:43:33:af:2c:29:db:db:20:d7:
         97:f6:04:5e:f5:4f:a5:1f:22:a1:4a:3e:b1:4b:fe:23:92:43:
         82:e6:bf:a1:96:1d:97:94:a2:00:0f:d9:ea:bf:04:15:c7:9c:
         e4:1d:91:73
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEsnYfDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MjgzNzExYmQ3YWIxM2RhM2QxMWYyNWJiNTdhNGY0ODNjMWY5OWFjMB4XDTIyMDEw
MTE0MDQyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWQxYTk0NzZhYjM4
OTNiYTkzYjNiZWE2NGJhYmE1Yzc4NTNjNjkxNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMM/BmTIznDE5+Fe0Iuso79aGwORBwP209+YnOC2gIhV09Vs
WxiOIfw+PEI2+5qFzOlPzb3fI7QdRXcT1w+FoxAMUL7rLmTla5kM/G0BJ+oOtbIL
8mQXyo8+ZdbsQcUp0CJgFqs+mTStBy47toWvk4WQ3K9DAaXpg35EwUltgy/DcLTY
HfG6FxPkB+RenW1oMuN3onnmbtknNXYqHYGaidHjvXpgOJLUCeneusQcS4T9Xf9a
qUaleYz7BZvu2U+N9UO7ZD8Nypgu+6dCPpadYLS4/fzFcdJJUlJrYXpA6JcmmU1W
NERs/rzDh/NVldRUU5lzVxQRDRccQmAc0dPXDY0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRdGpR2qziTupOzvqZLq6XHhTxpFDAfBgNVHSMEGDAWgBQig3Eb16sT2j0R
8lu1ek9IPB+ZrDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lvTnhHOWVyRTlvOUVmSmJ0WHBQU0R3Zm1hdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvOWNiZTg4LTNlNzUtNDJlZi1iODcxLTVlZTc2ZjBmNjRlMi8x
L1hScVVkcXM0azdxVHM3Nm1TNnVseDRVOGFSUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
OWNiZTg4LTNlNzUtNDJlZi1iODcxLTVlZTc2ZjBmNjRlMi8xL0lvTnhHOWVyRTlv
OUVmSmJ0WHBQU0R3Zm1hdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmL9DANBgkqhkiG9w0BAQsFAAOC
AQEAY7pR4guWXGoaknA1JYIS1mPl81a5vQi29vrfWtPVAy2wumTrHqgwYYh3CFSs
obksZw+BKRU997XHooP1qt0Z7JmOsPBmdSYRsfYZvIkAnXg32hAB/g4TZFhEUD0M
nOdRejvtVBlWWx2EGndIvFmB7DWn5k9N/TJLRZpdeW806gRvgX1pTbWqfw7iCK4n
lpRp22OgyuYLpa5B2d7ZXWW7WtV2xqDQzu415fkZX0HQOdnLLi0h5wSm8v005Otj
X//F96KZF8kqR+GhPyWtW0dvQzOvLCnb2yDXl/YEXvVPpR8ioUo+sUv+I5JDgua/
oZYdl5SiAA/Z6r8EFcec5B2Rcw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:38 2024 by rpki-client on console-ams.rpki-client.org