Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/XBd5TTs1JWhzzFxKyqDEFUvySdI.roa
File:                     XBd5TTs1JWhzzFxKyqDEFUvySdI.roa (raw, json)
Hash identifier:          xezqN3JwsZGmW5DNdxyQY432BRHyWJ9RljLfQm8oXuI=
Subject key identifier:   5C:17:79:4D:3B:35:25:68:73:CC:5C:4A:CA:A0:C4:15:4B:F2:49:D2
Certificate issuer:       /CN=0297a58998f0974347081c17f25eedd65fad9661
Certificate serial:       3000325C
Authority key identifier: 02:97:A5:89:98:F0:97:43:47:08:1C:17:F2:5E:ED:D6:5F:AD:96:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ApeliZjwl0NHCBwX8l7t1l-tlmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/XBd5TTs1JWhzzFxKyqDEFUvySdI.roa
Signing time:             Sat 01 Jan 2022 00:54:49 +0000
ROA not before:           Sat 01 Jan 2022 00:54:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198588
IP address blocks:        164.138.2.0/24 maxlen: 24
                          164.138.0.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 805319260 (0x3000325c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0297a58998f0974347081c17f25eedd65fad9661
        Validity
            Not Before: Jan  1 00:54:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c17794d3b35256873cc5c4acaa0c4154bf249d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:19:1b:23:62:56:57:3d:f7:69:2c:8b:69:10:
                    de:c5:93:49:89:b0:b1:d6:c9:76:04:57:b7:4e:8b:
                    3a:69:dd:1d:8c:35:73:3a:3f:42:91:7a:c5:b1:74:
                    b5:ca:40:ee:5a:61:7d:89:8e:ee:8c:ac:4d:8a:04:
                    3d:aa:dc:a2:16:a2:a3:ed:59:20:63:e3:67:95:b1:
                    cb:04:68:06:d9:9f:40:7b:43:10:17:0d:8b:35:ee:
                    1c:83:0d:e2:c6:c3:6b:51:b2:17:67:83:10:42:9b:
                    12:47:7d:f3:49:82:21:a5:3d:b1:17:6a:fd:c4:8c:
                    39:6e:ba:92:22:6b:0e:99:1e:f2:0e:83:00:20:12:
                    04:8c:bc:e1:81:6b:32:bc:36:fe:7d:5d:ed:3c:9c:
                    76:8f:0f:98:e7:7e:1e:20:12:59:d0:b5:2a:d3:e2:
                    06:25:c3:38:4b:30:b6:d8:70:99:22:43:db:3e:6c:
                    25:9e:a7:18:c5:cf:e7:7a:c9:1f:1f:74:1d:c3:40:
                    b3:00:25:a2:77:65:9b:64:6a:6a:de:88:f3:1c:b1:
                    3f:de:64:d2:20:b6:c0:bd:a7:8d:92:4e:29:0e:81:
                    6f:69:5f:95:ce:fd:a4:5e:05:8a:3b:69:bc:2d:1c:
                    36:3f:b4:b6:ce:08:72:58:b7:49:22:6a:cf:ba:a1:
                    31:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:17:79:4D:3B:35:25:68:73:CC:5C:4A:CA:A0:C4:15:4B:F2:49:D2
            X509v3 Authority Key Identifier:
                keyid:02:97:A5:89:98:F0:97:43:47:08:1C:17:F2:5E:ED:D6:5F:AD:96:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ApeliZjwl0NHCBwX8l7t1l-tlmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/XBd5TTs1JWhzzFxKyqDEFUvySdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/ApeliZjwl0NHCBwX8l7t1l-tlmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.0.0/24
                  164.138.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:2a:96:40:cc:80:6c:1b:68:20:0c:1c:e9:63:a6:c2:df:3f:
         16:20:3e:3c:09:58:b1:57:13:bd:9d:77:96:7d:e7:33:3d:3f:
         be:08:49:e5:e6:92:81:3f:f4:54:20:ec:21:e8:be:20:fc:66:
         cf:e7:40:c4:de:6d:f6:30:77:fb:0d:10:42:8e:b4:2a:b4:5b:
         95:82:1a:12:b4:ba:47:43:46:08:c4:ab:00:0d:24:c4:9c:24:
         5c:e2:52:d5:0e:23:a9:b8:49:aa:18:70:9a:14:0e:e4:28:51:
         b4:8a:d7:d2:05:1b:3f:a0:97:4c:3c:2d:12:c0:bf:53:c0:e6:
         81:7f:9c:b8:6b:7d:87:f8:15:d2:db:95:ff:4b:3d:c7:bf:7e:
         21:03:f9:7a:71:e7:3c:0c:d1:34:8d:c9:8f:6c:db:7c:ac:e6:
         da:17:0a:bb:d3:e5:65:bf:49:6a:ad:7a:ae:ca:c3:8c:74:cc:
         16:fd:61:ec:d4:2d:e8:44:54:72:c1:dd:be:09:17:33:87:63:
         d2:20:ce:16:47:20:44:9d:50:b9:ca:04:00:d6:e5:c1:31:da:
         fd:d7:fd:75:28:04:7c:a1:45:72:6a:f9:86:bf:e2:ef:81:b8:
         cc:df:ef:86:28:ae:4e:75:77:e4:92:be:23:96:33:fa:d2:6f:
         15:2b:18:71
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEMAAyXDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
Mjk3YTU4OTk4ZjA5NzQzNDcwODFjMTdmMjVlZWRkNjVmYWQ5NjYxMB4XDTIyMDEw
MTAwNTQ0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWMxNzc5NGQzYjM1
MjU2ODczY2M1YzRhY2FhMGM0MTU0YmYyNDlkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMcZGyNiVlc992ksi2kQ3sWTSYmwsdbJdgRXt06LOmndHYw1
czo/QpF6xbF0tcpA7lphfYmO7oysTYoEParcohaio+1ZIGPjZ5WxywRoBtmfQHtD
EBcNizXuHIMN4sbDa1GyF2eDEEKbEkd980mCIaU9sRdq/cSMOW66kiJrDpke8g6D
ACASBIy84YFrMrw2/n1d7Tycdo8PmOd+HiASWdC1KtPiBiXDOEswtthwmSJD2z5s
JZ6nGMXP53rJHx90HcNAswAlondlm2Rqat6I8xyxP95k0iC2wL2njZJOKQ6Bb2lf
lc79pF4FijtpvC0cNj+0ts4Icli3SSJqz7qhMesCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRcF3lNOzUlaHPMXErKoMQVS/JJ0jAfBgNVHSMEGDAWgBQCl6WJmPCXQ0cI
HBfyXu3WX62WYTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FwZWxpWmp3bDBOSENCd1g4bDd0MWwtdGxtRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzIvMTI5M2RiLWM3NTItNGQwMy04NTdkLTU3OTUzMWU1YTAwZi8x
L1hCZDVUVHMxSldoenpGeEt5cURFRlV2eVNkSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIv
MTI5M2RiLWM3NTItNGQwMy04NTdkLTU3OTUzMWU1YTAwZi8xL0FwZWxpWmp3bDBO
SENCd1g4bDd0MWwtdGxtRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAKSKAAMEAKSKAjANBgkqhkiG9w0B
AQsFAAOCAQEAOyqWQMyAbBtoIAwc6WOmwt8/FiA+PAlYsVcTvZ13ln3nMz0/vghJ
5eaSgT/0VCDsIei+IPxmz+dAxN5t9jB3+w0QQo60KrRblYIaErS6R0NGCMSrAA0k
xJwkXOJS1Q4jqbhJqhhwmhQO5ChRtIrX0gUbP6CXTDwtEsC/U8DmgX+cuGt9h/gV
0tuV/0s9x79+IQP5enHnPAzRNI3Jj2zbfKzm2hcKu9PlZb9Jaq16rsrDjHTMFv1h
7NQt6ERUcsHdvgkXM4dj0iDOFkcgRJ1QucoEANblwTHa/df9dSgEfKFFcmr5hr/i
74G4zN/vhiiuTnV35JK+I5Yz+tJvFSsYcQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:39 2024 by rpki-client on console-fra.rpki-client.org