Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/R72hEy33BvkxfrkwWkVA-29V9pQ.roa
File:                     R72hEy33BvkxfrkwWkVA-29V9pQ.roa (raw, json)
Hash identifier:          mXtvC9+GTbvAbnUkT495CnaltetOLqWCU5Z0UkYDFVM=
Subject key identifier:   47:BD:A1:13:2D:F7:06:F9:31:7E:B9:30:5A:45:40:FB:6F:55:F6:94
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018494F5057E6DBA20F7B1D2545D04C67DA4
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/R72hEy33BvkxfrkwWkVA-29V9pQ.roa
Signing time:             Sun 20 Nov 2022 12:13:16 +0000
ROA not before:           Sun 20 Nov 2022 12:13:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58212
IP address blocks:        37.114.43.0/24 maxlen: 24
                          37.114.44.0/23 maxlen: 24
                          103.252.89.0/24 maxlen: 24
                          103.252.90.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:94:f5:05:7e:6d:ba:20:f7:b1:d2:54:5d:04:c6:7d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Nov 20 12:13:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=47bda1132df706f9317eb9305a4540fb6f55f694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:da:ce:81:e3:87:05:28:05:b0:bd:d8:7c:17:
                    03:9a:ec:e6:e6:a3:9a:59:c7:b1:bc:54:8e:04:4c:
                    11:60:6e:de:04:cb:c8:34:53:2d:d5:4a:86:19:1e:
                    49:ed:f7:67:61:9d:c0:bf:b6:85:ed:1c:ac:28:9a:
                    82:17:3e:9b:43:db:a2:c6:1e:e1:81:4a:00:1a:c7:
                    2f:6a:77:b4:f1:79:c1:a3:a2:10:3b:62:67:d5:cb:
                    47:51:de:a6:05:d9:ca:38:46:1f:9d:05:c9:46:16:
                    27:69:09:a6:9e:c7:6c:49:22:83:3b:17:09:7e:fd:
                    af:e3:cb:5d:72:61:5b:ae:ad:1f:c7:ae:d4:e8:06:
                    ec:31:5a:41:0d:3b:e2:da:49:44:50:4e:ba:a7:09:
                    92:fe:bc:c7:c7:f3:14:c2:4b:69:76:19:e2:27:64:
                    04:b9:02:f6:41:74:ad:33:77:e2:c4:b4:3b:90:ff:
                    e7:01:e0:6e:47:18:e0:b1:5e:da:d3:16:53:03:c6:
                    6e:3c:9e:d5:67:d3:9f:94:df:b5:88:90:8a:0c:09:
                    86:62:10:d3:f1:65:ce:f0:bc:95:6d:53:de:97:d7:
                    1a:f0:e3:32:d6:c1:86:dc:61:31:0c:af:ef:ff:d3:
                    43:fe:78:91:f2:18:cf:ac:0c:17:64:ff:ba:b5:65:
                    7c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BD:A1:13:2D:F7:06:F9:31:7E:B9:30:5A:45:40:FB:6F:55:F6:94
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/R72hEy33BvkxfrkwWkVA-29V9pQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.43.0-37.114.45.255
                  103.252.89.0-103.252.90.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:0e:76:0d:d1:f7:b2:4a:8f:67:e9:f0:31:ee:02:9e:90:e0:
         f3:c8:2c:a4:8e:0b:1c:be:7c:37:ff:9d:e2:5c:7d:d2:bf:74:
         a5:1f:c9:fe:9f:c7:b9:a0:11:e3:e1:bf:f9:ad:2b:75:33:8e:
         63:04:90:4a:20:1f:04:74:51:03:e6:4a:ec:08:93:6d:d3:c6:
         5f:9c:76:72:2e:9e:9f:a4:39:c8:a9:90:26:3f:b6:c4:dc:00:
         23:26:42:a8:c2:ac:4b:79:43:01:d0:a4:96:b1:7b:88:9e:8f:
         c7:8a:26:02:3f:b7:1c:c9:03:5d:2a:5d:2a:ac:a5:f2:9f:d0:
         09:a4:40:60:aa:6c:a2:1d:99:bc:ad:47:d6:c3:8a:28:a1:ae:
         f5:57:5a:02:42:7c:e1:64:82:a7:1a:d2:33:91:fc:eb:c9:90:
         f5:17:0f:c7:31:ae:95:ae:03:b6:2f:fb:8d:d2:b5:71:64:18:
         3e:7c:ee:42:f9:74:01:5c:c2:1d:c2:8a:df:c8:e9:91:ab:35:
         82:37:d4:ac:c7:b6:4c:cf:46:be:8f:2d:64:59:9f:26:be:8f:
         d5:fe:6c:6f:ad:9b:91:82:c0:50:b2:88:d6:ae:33:d7:2c:e0:
         8c:98:2b:2a:d0:41:b2:40:81:b9:a5:1c:76:e2:c0:c3:6e:c0:
         22:e3:f3:54
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYSU9QV+bbog97HSVF0Exn2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjIxMTIwMTIxMzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JkYTExMzJkZjcwNmY5MzE3ZWI5MzA1YTQ1NDBmYjZmNTVmNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5drOgeOHBSgFsL3YfBcDmuzm5qOa
WcexvFSOBEwRYG7eBMvINFMt1UqGGR5J7fdnYZ3Av7aF7RysKJqCFz6bQ9uixh7h
gUoAGscvane08XnBo6IQO2Jn1ctHUd6mBdnKOEYfnQXJRhYnaQmmnsdsSSKDOxcJ
fv2v48tdcmFbrq0fx67U6AbsMVpBDTvi2klEUE66pwmS/rzHx/MUwktpdhniJ2QE
uQL2QXStM3fixLQ7kP/nAeBuRxjgsV7a0xZTA8ZuPJ7VZ9OflN+1iJCKDAmGYhDT
8WXO8LyVbVPel9ca8OMy1sGG3GExDK/v/9ND/niR8hjPrAwXZP+6tWV89QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFEe9oRMt9wb5MX65MFpFQPtvVfaUMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvUjcyaEV5MzNCdmt4ZnJrd1drVkEtMjlWOXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAAlcisD
BAElciwwDAMEAGf8WQMEAGf8WjANBgkqhkiG9w0BAQsFAAOCAQEAjA52DdH3skqP
Z+nwMe4CnpDg88gspI4LHL58N/+d4lx90r90pR/J/p/HuaAR4+G/+a0rdTOOYwSQ
SiAfBHRRA+ZK7AiTbdPGX5x2ci6en6Q5yKmQJj+2xNwAIyZCqMKsS3lDAdCklrF7
iJ6Px4omAj+3HMkDXSpdKqyl8p/QCaRAYKpsoh2ZvK1H1sOKKKGu9VdaAkJ84WSC
pxrSM5H868mQ9RcPxzGula4Dti/7jdK1cWQYPnzuQvl0AVzCHcKK38jpkas1gjfU
rMe2TM9Gvo8tZFmfJr6P1f5sb62bkYLAULKI1q4z1yzgjJgrKtBBskCBuaUcduLA
w27AIuPzVA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:18 2024 by rpki-client on console-ams.rpki-client.org