Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/XGyuvUH-OP40aHSRE6ZknhvNXvs.roa
File:                     XGyuvUH-OP40aHSRE6ZknhvNXvs.roa (raw, json)
Hash identifier:          6zSCW/NYnf8LoV1lZFM+OEiWNMp20ibCDywjz3LpS/A=
Subject key identifier:   5C:6C:AE:BD:41:FE:38:FE:34:68:74:91:13:A6:64:9E:1B:CD:5E:FB
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       7683FA
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/XGyuvUH-OP40aHSRE6ZknhvNXvs.roa
Signing time:             Sat 01 Jan 2022 03:01:08 +0000
ROA not before:           Sat 01 Jan 2022 03:01:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397235
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7767034 (0x7683fa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 03:01:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c6caebd41fe38fe3468749113a6649e1bcd5efb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c1:66:5c:7b:03:f4:64:a6:db:f8:6b:54:18:
                    61:9e:d8:ca:3c:59:68:6d:bf:86:2b:24:96:00:13:
                    47:9a:9c:bc:88:07:72:b9:4a:5d:46:36:18:7f:f2:
                    11:5b:9b:5e:68:d7:af:5b:02:ce:58:21:91:81:f1:
                    ad:8b:d5:17:0f:95:a4:7f:11:71:05:92:3b:36:d6:
                    0b:8e:19:cb:aa:01:56:a3:93:a7:92:cf:13:aa:aa:
                    82:c3:84:6c:67:5e:9d:01:ff:32:32:f4:c9:78:aa:
                    72:f8:c6:66:5b:68:79:18:0a:f5:da:c3:0c:82:04:
                    d7:ae:79:df:c3:cf:c1:32:30:42:a1:7e:73:7d:47:
                    6c:0f:50:7d:9e:51:f1:62:dc:1e:a8:ba:1b:78:d0:
                    d0:b7:41:55:ce:2c:cb:97:cc:ac:3d:1f:64:f8:a3:
                    95:7f:24:13:74:be:a5:54:03:90:67:1f:a1:a2:cc:
                    47:e6:38:63:43:bc:28:e8:dd:c2:f1:72:40:09:1b:
                    a8:bf:0c:14:9d:62:a0:a0:f9:d9:7e:cb:e6:fd:9f:
                    29:4a:51:0a:a2:06:99:11:13:2e:38:9e:0d:b7:93:
                    66:2c:1a:75:c0:e6:74:5d:5d:e4:74:df:53:cc:41:
                    39:e3:f2:7e:9f:5d:e7:9f:c2:a6:6a:c7:22:78:65:
                    d9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:6C:AE:BD:41:FE:38:FE:34:68:74:91:13:A6:64:9E:1B:CD:5E:FB
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/XGyuvUH-OP40aHSRE6ZknhvNXvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:43:76:0b:91:ad:06:32:72:01:cd:6f:b9:19:b8:93:a3:b0:
         6a:12:d0:eb:6a:1a:a2:a4:55:10:f1:b5:35:95:2d:75:f5:13:
         53:28:dc:15:47:89:68:e7:c5:a7:9b:91:2f:5d:8b:a5:19:bf:
         75:95:03:03:f6:04:ab:40:1b:8b:15:9c:63:33:83:79:b4:45:
         50:c9:a5:9e:62:bc:b7:ab:79:46:57:66:7c:75:f0:80:63:61:
         01:7d:41:bd:83:81:97:f4:e7:20:43:d3:e4:f5:15:4c:ba:7d:
         dd:14:c5:39:7e:82:0d:9d:5e:a9:b9:01:52:37:79:a1:45:5d:
         9b:02:d9:9a:f6:41:83:2e:bd:7c:ff:8e:b6:14:af:83:8c:c1:
         f3:71:f5:95:1e:53:06:dc:db:d0:b2:25:bd:9f:2a:7c:a8:58:
         92:1e:68:cf:e6:5c:ba:08:f8:d0:ef:0a:70:3f:6f:18:f4:37:
         f8:53:a3:99:9b:ef:02:be:51:9a:bb:a1:92:da:e1:ed:03:dd:
         1f:3d:8d:0b:92:0f:a1:1e:87:32:42:65:ce:9d:e9:14:b1:82:
         ed:65:e1:ff:8b:a1:0f:b5:62:80:2b:e0:3a:5b:a9:1c:ef:88:
         24:32:91:5a:2e:7e:73:d5:45:c4:73:a3:c9:88:d3:68:6e:2a:
         13:93:c6:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDdoP6MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE1
YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjljOGJmMmMwHhcNMjIwMTAx
MDMwMTA4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg1YzZjYWViZDQxZmUz
OGZlMzQ2ODc0OTExM2E2NjQ5ZTFiY2Q1ZWZiMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAosFmXHsD9GSm2/hrVBhhntjKPFlobb+GKySWABNHmpy8iAdy
uUpdRjYYf/IRW5teaNevWwLOWCGRgfGti9UXD5WkfxFxBZI7NtYLjhnLqgFWo5On
ks8TqqqCw4RsZ16dAf8yMvTJeKpy+MZmW2h5GAr12sMMggTXrnnfw8/BMjBCoX5z
fUdsD1B9nlHxYtweqLobeNDQt0FVzizLl8ysPR9k+KOVfyQTdL6lVAOQZx+hosxH
5jhjQ7wo6N3C8XJACRuovwwUnWKgoPnZfsvm/Z8pSlEKogaZERMuOJ4Nt5NmLBp1
wOZ0XV3kdN9TzEE54/J+n13nn8KmascieGXZMwIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFFxsrr1B/jj+NGh0kROmZJ4bzV77MB8GA1UdIwQYMBaAFKWuij2L2qv0dl/a
edVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEv
WEd5dXZVSC1PUDQwYUhTUkU2WmtuaHZOWHZzLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8w
ZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEvcGE2S1BZdmFxX1Iy
WDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQAJdHCAwQAJdHEAwQAJdHG
MA0GCSqGSIb3DQEBCwUAA4IBAQA4Q3YLka0GMnIBzW+5GbiTo7BqEtDrahqipFUQ
8bU1lS119RNTKNwVR4lo58Wnm5EvXYulGb91lQMD9gSrQBuLFZxjM4N5tEVQyaWe
Yry3q3lGV2Z8dfCAY2EBfUG9g4GX9OcgQ9Pk9RVMun3dFMU5foINnV6puQFSN3mh
RV2bAtma9kGDLr18/462FK+DjMHzcfWVHlMG3NvQsiW9nyp8qFiSHmjP5ly6CPjQ
7wpwP28Y9Df4U6OZm+8CvlGau6GS2uHtA90fPY0Lkg+hHocyQmXOnekUsYLtZeH/
i6EPtWKAK+A6W6kc74gkMpFaLn5z1UXEc6PJiNNobioTk8aU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:24 2024 by rpki-client on console-fra.rpki-client.org