Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/xRqfM-QJkXamJ58AiW0bMhhVMJw.roa
File:                     xRqfM-QJkXamJ58AiW0bMhhVMJw.roa (raw, json)
Hash identifier:          gR/LpJIZmjlroKJ8zhMl45LZLi09viQNvKjMEvqZCt0=
Subject key identifier:   C5:1A:9F:33:E4:09:91:76:A6:27:9F:00:89:6D:1B:32:18:55:30:9C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0184D240A06587569A2F01292E6C230636C3
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/xRqfM-QJkXamJ58AiW0bMhhVMJw.roa
Signing time:             Fri 02 Dec 2022 09:52:41 +0000
ROA not before:           Fri 02 Dec 2022 09:52:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     149428
IP address blocks:        64.137.17.0/24 maxlen: 24
                          104.239.96.0/23 maxlen: 23
                          64.137.28.0/24 maxlen: 24
                          104.238.14.0/24 maxlen: 24
                          104.239.84.0/23 maxlen: 23
                          104.238.19.0/24 maxlen: 24
                          104.238.20.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d2:40:a0:65:87:56:9a:2f:01:29:2e:6c:23:06:36:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Dec  2 09:52:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c51a9f33e4099176a6279f00896d1b321855309c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c3:cf:a4:59:a1:0d:1f:dc:cb:25:e7:e7:1f:
                    76:71:a4:d9:35:de:3c:20:83:6b:04:bf:48:c5:ed:
                    34:52:83:bb:2c:3b:25:94:2a:ad:8c:f5:04:f3:93:
                    77:d9:52:80:65:7a:bc:94:ef:3c:36:88:6a:90:3a:
                    cd:f4:e4:58:fb:2a:1a:c4:88:6f:51:95:cf:24:0e:
                    ff:69:08:c3:4c:26:3d:41:14:69:01:52:5d:3d:ae:
                    92:4f:c3:5c:5f:ce:ae:82:68:fe:55:57:21:14:8f:
                    3c:82:53:74:47:9d:a7:48:93:f1:a2:a8:ba:af:27:
                    b0:37:c8:9d:7c:56:cc:86:b1:f3:0a:7c:82:fe:61:
                    05:1f:b6:12:9b:22:4c:cc:84:f6:d1:d1:fc:03:4c:
                    fd:23:c0:45:89:41:15:22:ab:e9:6b:3e:7a:a0:32:
                    db:d3:3b:90:30:b5:55:7f:73:a1:1e:02:a2:3f:44:
                    05:b0:c9:0a:ba:80:2e:d2:20:35:41:e8:37:17:78:
                    12:29:c5:1b:59:d1:88:8d:3c:3a:4f:72:b8:ec:9c:
                    68:1f:08:df:40:c1:54:d6:e9:13:ad:a9:1f:f6:ae:
                    11:5e:3d:0f:12:b1:ac:9d:bc:4f:8a:a2:6d:08:f5:
                    bb:ee:34:65:a8:8b:34:cd:f3:37:e2:2e:d3:37:ef:
                    80:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:1A:9F:33:E4:09:91:76:A6:27:9F:00:89:6D:1B:32:18:55:30:9C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/xRqfM-QJkXamJ58AiW0bMhhVMJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.17.0/24
                  64.137.28.0/24
                  104.238.14.0/24
                  104.238.19.0-104.238.20.255
                  104.239.84.0/23
                  104.239.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:2c:dc:ea:0f:e0:d5:45:19:04:64:28:02:cf:43:e7:d5:07:
         03:57:0f:8a:ff:90:88:e6:2d:c5:02:81:67:79:39:9f:81:05:
         73:86:01:d4:1a:cd:03:bd:f0:df:ec:3b:e1:3b:cb:88:a1:38:
         5e:88:8d:94:01:1d:48:e1:13:66:4d:57:0c:5f:91:3e:e6:87:
         c4:44:53:e0:70:de:b4:34:70:5f:bd:7e:37:bf:81:60:4d:80:
         30:51:3a:10:7e:a0:9c:6d:2e:6f:33:83:37:14:59:2d:91:d0:
         d2:b0:e3:69:a9:36:e2:b3:96:1a:cd:46:78:99:f2:48:3c:22:
         7a:f2:81:9b:cc:81:95:fc:fd:1f:5b:fe:85:b4:32:09:83:d7:
         08:33:7a:ff:af:e4:e7:1e:02:6f:d6:6c:4d:50:8a:53:67:1f:
         d4:f1:d9:4a:d1:bd:7c:20:ac:77:8d:57:33:e8:e5:9b:c8:83:
         69:6d:17:c2:75:58:e0:9d:df:e8:a1:a2:06:53:39:34:37:f5:
         58:1a:33:23:e4:0b:29:a7:b7:62:40:b5:fd:d6:9e:6f:b1:56:
         f6:2c:32:02:41:10:d2:17:ad:a7:c6:54:a3:2b:19:5f:6f:29:
         8f:f6:25:a9:a0:8f:82:1f:1d:3f:63:57:4b:c8:d3:8a:85:f8:
         45:b7:67:df
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYTSQKBlh1aaLwEpLmwjBjbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMjAyMDk1MjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTFhOWYzM2U0MDk5MTc2YTYyNzlmMDA4OTZkMWIzMjE4NTUzMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisPPpFmhDR/cyyXn5x92caTZNd48
IINrBL9Ixe00UoO7LDsllCqtjPUE85N32VKAZXq8lO88NohqkDrN9ORY+yoaxIhv
UZXPJA7/aQjDTCY9QRRpAVJdPa6ST8NcX86ugmj+VVchFI88glN0R52nSJPxoqi6
ryewN8idfFbMhrHzCnyC/mEFH7YSmyJMzIT20dH8A0z9I8BFiUEVIqvpaz56oDLb
0zuQMLVVf3OhHgKiP0QFsMkKuoAu0iA1Qeg3F3gSKcUbWdGIjTw6T3K47JxoHwjf
QMFU1ukTrakf9q4RXj0PErGsnbxPiqJtCPW77jRlqIs0zfM34i7TN++AQwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFMUanzPkCZF2piefAIltGzIYVTCcMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEveFJxZk0tUUprWGFtSjU4QWlXMGJNaGhWTUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAQIkRAwQA
QIkcAwQAaO4OMAwDBABo7hMDBABo7hQDBAFo71QDBAFo72AwDQYJKoZIhvcNAQEL
BQADggEBAEgs3OoP4NVFGQRkKALPQ+fVBwNXD4r/kIjmLcUCgWd5OZ+BBXOGAdQa
zQO98N/sO+E7y4ihOF6IjZQBHUjhE2ZNVwxfkT7mh8REU+Bw3rQ0cF+9fje/gWBN
gDBROhB+oJxtLm8zgzcUWS2R0NKw42mpNuKzlhrNRniZ8kg8InrygZvMgZX8/R9b
/oW0MgmD1wgzev+v5OceAm/WbE1QilNnH9Tx2UrRvXwgrHeNVzPo5ZvIg2ltF8J1
WOCd3+ihogZTOTQ39VgaMyPkCymnt2JAtf3Wnm+xVvYsMgJBENIXrafGVKMrGV9v
KY/2Jamgj4IfHT9jV0vI04qF+EW3Z98=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org