Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/BLxZkNJxRAhkw1hoTvzvpeMd53g.roa
File:                     BLxZkNJxRAhkw1hoTvzvpeMd53g.roa (raw, json)
Hash identifier:          vCsNsvo6bAM5QCvLTU+gM+rDvr/LdExjz4FiDqSqQLs=
Subject key identifier:   04:BC:59:90:D2:71:44:08:64:C3:58:68:4E:FC:EF:A5:E3:1D:E7:78
Certificate issuer:       /CN=a3c963d1a11d00d384adedf9bb86e53849a9b18c
Certificate serial:       12CC44C0
Authority key identifier: A3:C9:63:D1:A1:1D:00:D3:84:AD:ED:F9:BB:86:E5:38:49:A9:B1:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8lj0aEdANOEre35u4blOEmpsYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/BLxZkNJxRAhkw1hoTvzvpeMd53g.roa
Signing time:             Sat 01 Jan 2022 11:03:48 +0000
ROA not before:           Sat 01 Jan 2022 11:03:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39232
IP address blocks:        217.25.16.0/21 maxlen: 21
                          217.25.16.0/20 maxlen: 20
                          217.25.24.0/21 maxlen: 21
                          185.80.172.0/23 maxlen: 23
                          185.80.172.0/22 maxlen: 22
                          185.80.174.0/23 maxlen: 23
                          109.239.16.0/20 maxlen: 20
                          109.239.16.0/21 maxlen: 21
                          37.26.0.0/19 maxlen: 19
                          37.26.0.0/18 maxlen: 18
                          109.239.24.0/21 maxlen: 21
                          37.26.32.0/19 maxlen: 19

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 315376832 (0x12cc44c0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3c963d1a11d00d384adedf9bb86e53849a9b18c
        Validity
            Not Before: Jan  1 11:03:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=04bc5990d271440864c358684efcefa5e31de778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ae:f2:20:ea:ff:a5:b5:05:b1:38:b4:0b:d5:
                    f5:81:e1:1a:43:53:38:7f:f8:0e:38:9e:6e:26:9f:
                    fb:68:21:37:b9:3d:96:51:a8:60:ed:7f:d3:40:c5:
                    5e:d0:85:5d:e3:28:05:8b:94:7c:09:36:b4:b5:b2:
                    52:8a:b5:f9:4a:87:dc:a9:5e:2a:95:77:28:91:bf:
                    d3:55:a1:49:b8:65:bb:98:78:05:ed:32:5b:d5:80:
                    71:22:0f:cf:08:26:cb:a3:0e:d6:e2:39:76:5a:f2:
                    1d:5f:ad:6f:67:47:10:b3:62:65:24:31:5a:9d:70:
                    0a:eb:97:cb:b0:b9:34:88:d9:83:cd:00:e7:3b:d9:
                    00:83:5b:da:e2:cf:72:26:5a:f5:dd:fe:dd:56:9f:
                    6a:c4:a8:6a:42:34:59:5e:6a:96:9d:72:e4:0e:9c:
                    9d:3d:02:a1:a5:be:45:5d:37:d5:3b:f6:46:5f:87:
                    1d:20:f7:32:4d:a4:29:84:bf:49:0c:f1:dc:09:b1:
                    ef:ca:3d:2f:27:23:9c:2d:ff:7e:8d:4f:03:4e:e6:
                    c0:32:af:de:48:8d:02:33:60:b3:f8:9b:44:60:cb:
                    c2:de:ac:71:f6:b8:08:e5:57:78:59:5f:be:87:e1:
                    91:e8:0b:93:e8:e9:21:f8:68:d2:19:a0:f9:d5:2a:
                    3d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:BC:59:90:D2:71:44:08:64:C3:58:68:4E:FC:EF:A5:E3:1D:E7:78
            X509v3 Authority Key Identifier:
                keyid:A3:C9:63:D1:A1:1D:00:D3:84:AD:ED:F9:BB:86:E5:38:49:A9:B1:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8lj0aEdANOEre35u4blOEmpsYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/BLxZkNJxRAhkw1hoTvzvpeMd53g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/o8lj0aEdANOEre35u4blOEmpsYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.0.0/18
                  109.239.16.0/20
                  185.80.172.0/22
                  217.25.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         71:9e:51:b5:25:85:a4:78:09:7d:cf:29:bf:f2:a3:7f:76:c2:
         20:d2:1e:20:03:66:0c:a7:f7:f3:99:1a:78:ac:48:44:6f:e5:
         80:c5:37:90:35:bb:4c:c2:41:90:5b:a7:53:3b:88:f9:5b:4b:
         bd:18:5d:6c:91:c7:98:06:62:59:43:fa:68:27:53:2d:08:f1:
         3c:c0:70:cc:97:c7:5c:67:5c:00:d4:1a:9c:e7:be:76:90:99:
         03:bf:56:7b:7f:b4:7f:3d:9a:1a:f6:9e:f0:4f:bb:7f:e8:be:
         d6:d6:a2:c5:ee:00:a1:80:6a:64:b8:35:44:98:63:a9:7b:95:
         69:af:25:fa:63:91:3f:1a:67:72:b6:50:2d:1d:41:08:c8:2b:
         cf:19:5d:3d:ba:93:7e:70:a9:67:4d:f8:4e:e4:95:f1:8c:6a:
         bc:c2:98:a4:76:35:dd:df:00:ef:07:01:8f:ef:ac:8b:de:0d:
         8a:a7:e4:99:9c:a3:09:03:16:0f:48:02:07:4a:ec:3e:25:6a:
         b5:97:15:ee:88:0c:1b:31:63:b9:27:30:91:ba:3a:50:9d:12:
         ec:2b:5e:74:95:95:f5:0b:3e:2f:69:02:b5:1c:53:a6:9e:22:
         69:98:09:8e:2e:41:09:ff:17:62:3c:cf:19:e1:96:3f:56:3d:
         ec:24:5a:24
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEEsxEwDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
M2M5NjNkMWExMWQwMGQzODRhZGVkZjliYjg2ZTUzODQ5YTliMThjMB4XDTIyMDEw
MTExMDM0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDRiYzU5OTBkMjcx
NDQwODY0YzM1ODY4NGVmY2VmYTVlMzFkZTc3ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOSu8iDq/6W1BbE4tAvV9YHhGkNTOH/4Djiebiaf+2ghN7k9
llGoYO1/00DFXtCFXeMoBYuUfAk2tLWyUoq1+UqH3KleKpV3KJG/01WhSbhlu5h4
Be0yW9WAcSIPzwgmy6MO1uI5dlryHV+tb2dHELNiZSQxWp1wCuuXy7C5NIjZg80A
5zvZAINb2uLPciZa9d3+3VafasSoakI0WV5qlp1y5A6cnT0CoaW+RV031Tv2Rl+H
HSD3Mk2kKYS/SQzx3Amx78o9LycjnC3/fo1PA07mwDKv3kiNAjNgs/ibRGDLwt6s
cfa4COVXeFlfvofhkegLk+jpIfho0hmg+dUqPaUCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBQEvFmQ0nFECGTDWGhO/O+l4x3neDAfBgNVHSMEGDAWgBSjyWPRoR0A04St
7fm7huU4SamxjDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L284bGowYUVkQU5PRXJlMzV1NGJsT0VtcHNZdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvZmM1MmEwLWUwZjctNDgwYi1iYTdkLTEwNDJlYThlM2JmYi8x
L0JMeFprTkp4UkFoa3cxaG9Udnp2cGVNZDUzZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
ZmM1MmEwLWUwZjctNDgwYi1iYTdkLTEwNDJlYThlM2JmYi8xL284bGowYUVkQU5P
RXJlMzV1NGJsT0VtcHNZdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEBiUaAAMEBG3vEAMEArlQrAMEBNkZ
EDANBgkqhkiG9w0BAQsFAAOCAQEAcZ5RtSWFpHgJfc8pv/Kjf3bCINIeIANmDKf3
85kaeKxIRG/lgMU3kDW7TMJBkFunUzuI+VtLvRhdbJHHmAZiWUP6aCdTLQjxPMBw
zJfHXGdcANQanOe+dpCZA79We3+0fz2aGvae8E+7f+i+1taixe4AoYBqZLg1RJhj
qXuVaa8l+mORPxpncrZQLR1BCMgrzxldPbqTfnCpZ034TuSV8YxqvMKYpHY13d8A
7wcBj++si94NiqfkmZyjCQMWD0gCB0rsPiVqtZcV7ogMGzFjuScwkbo6UJ0S7Cte
dJWV9Qs+L2kCtRxTpp4iaZgJji5BCf8XYjzPGeGWP1Y97CRaJA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:49 2024 by rpki-client on console-ams.rpki-client.org