Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/XtKNJf9o7Yvk_5ez20FTYJl8G_E.roa
File:                     XtKNJf9o7Yvk_5ez20FTYJl8G_E.roa (raw, json)
Hash identifier:          q7IZGwVMkUtIT+JuZYmEgmrr/O5/HDGnm2YtREZ6rZs=
Subject key identifier:   5E:D2:8D:25:FF:68:ED:8B:E4:FF:97:B3:DB:41:53:60:99:7C:1B:F1
Certificate issuer:       /CN=3993d54e639080a46c3fe3d58aa87e305db69ad1
Certificate serial:       036E5D9B
Authority key identifier: 39:93:D5:4E:63:90:80:A4:6C:3F:E3:D5:8A:A8:7E:30:5D:B6:9A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/XtKNJf9o7Yvk_5ez20FTYJl8G_E.roa
Signing time:             Sat 01 Jan 2022 08:56:02 +0000
ROA not before:           Sat 01 Jan 2022 08:56:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212424
IP address blocks:        192.159.121.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57564571 (0x36e5d9b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3993d54e639080a46c3fe3d58aa87e305db69ad1
        Validity
            Not Before: Jan  1 08:56:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5ed28d25ff68ed8be4ff97b3db415360997c1bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:71:6b:7c:b7:30:84:57:49:67:89:aa:a8:79:
                    c9:96:17:5f:94:a0:af:c6:c8:6f:c9:0a:d2:20:c7:
                    a4:ab:1f:b5:7e:70:4a:b2:24:f1:cb:94:6a:19:e4:
                    a3:c9:aa:8b:fd:bc:ef:8e:a6:ca:bc:82:66:66:95:
                    b4:e3:e5:98:f2:74:8c:4c:5c:66:5b:bf:18:f0:fb:
                    05:e5:3a:e3:5d:ea:9b:6c:d9:44:ec:f5:0f:39:0f:
                    73:00:25:07:6c:e0:9d:c2:b7:2d:6a:09:6a:67:42:
                    12:6d:52:74:a2:0c:5b:91:0d:bd:23:47:05:b4:06:
                    82:41:9a:e9:c8:cb:a6:9e:09:e4:3c:fb:fb:6d:21:
                    e4:a4:8c:04:a3:bc:76:c2:f6:a8:90:c6:a4:5d:5e:
                    cc:5e:f5:f0:93:bc:27:37:de:f6:1a:40:4f:08:e3:
                    d2:66:ee:2a:10:2e:64:8f:50:e0:14:52:f2:fd:f7:
                    83:23:89:eb:65:14:77:4e:01:cd:af:d8:94:aa:cf:
                    39:f0:8b:4e:8a:fb:fb:8c:b2:a3:f0:f2:30:08:a2:
                    33:f0:e4:dd:6a:b7:48:ef:6f:2c:79:50:f7:81:f5:
                    3d:9b:b7:72:9f:f9:0e:7e:be:9d:cf:0f:18:1d:64:
                    e9:15:5b:8c:25:f9:3d:4e:b0:1c:c0:da:38:99:0f:
                    11:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D2:8D:25:FF:68:ED:8B:E4:FF:97:B3:DB:41:53:60:99:7C:1B:F1
            X509v3 Authority Key Identifier:
                keyid:39:93:D5:4E:63:90:80:A4:6C:3F:E3:D5:8A:A8:7E:30:5D:B6:9A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/XtKNJf9o7Yvk_5ez20FTYJl8G_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/OZPVTmOQgKRsP-PViqh-MF22mtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.159.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:4c:bd:89:97:19:c1:2a:9f:d5:28:a2:12:18:da:46:8c:05:
         29:2a:31:c5:3e:d5:02:57:41:52:f8:6f:47:e0:62:58:85:0f:
         b9:5a:33:3a:69:b4:c5:90:f8:f1:f3:1c:89:9c:c4:ba:42:ff:
         91:11:cf:9a:59:15:8b:31:9c:b2:01:23:d1:bc:5f:b5:16:45:
         13:7c:bf:86:d0:11:53:64:91:7f:ef:fc:63:00:a6:d4:a1:6b:
         05:44:78:51:21:32:35:1c:6c:05:e2:6f:8e:17:0d:94:39:2d:
         da:52:8e:a9:fe:25:5d:66:81:2b:ec:0f:4b:17:34:d6:63:52:
         f4:6f:5b:20:d4:f2:6a:4c:58:d7:10:fb:99:c0:84:8a:07:0b:
         ab:c1:50:01:b2:a1:3c:a5:8a:e6:fa:4d:0c:30:06:a3:26:12:
         5f:e9:34:3f:d1:e5:72:29:57:7a:7b:a1:6f:43:1f:93:64:fa:
         82:7d:40:51:7b:a3:28:46:b1:33:3b:cd:f8:ff:80:6e:75:5f:
         6e:97:b7:68:3e:d3:a6:90:1c:95:39:a1:ed:40:3c:c6:9a:54:
         d1:8a:54:c0:40:0e:a8:ac:61:a4:52:2b:93:84:8a:a2:f3:a5:
         04:73:2f:a6:18:a0:f6:72:d7:89:c5:0d:ad:b3:c4:59:c9:2e:
         9e:e1:bf:10
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA25dmzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OTkzZDU0ZTYzOTA4MGE0NmMzZmUzZDU4YWE4N2UzMDVkYjY5YWQxMB4XDTIyMDEw
MTA4NTYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWVkMjhkMjVmZjY4
ZWQ4YmU0ZmY5N2IzZGI0MTUzNjA5OTdjMWJmMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKNxa3y3MIRXSWeJqqh5yZYXX5Sgr8bIb8kK0iDHpKsftX5w
SrIk8cuUahnko8mqi/28746myryCZmaVtOPlmPJ0jExcZlu/GPD7BeU6413qm2zZ
ROz1DzkPcwAlB2zgncK3LWoJamdCEm1SdKIMW5ENvSNHBbQGgkGa6cjLpp4J5Dz7
+20h5KSMBKO8dsL2qJDGpF1ezF718JO8Jzfe9hpATwjj0mbuKhAuZI9Q4BRS8v33
gyOJ62UUd04Bza/YlKrPOfCLTor7+4yyo/DyMAiiM/Dk3Wq3SO9vLHlQ94H1PZu3
cp/5Dn6+nc8PGB1k6RVbjCX5PU6wHMDaOJkPET0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRe0o0l/2jti+T/l7PbQVNgmXwb8TAfBgNVHSMEGDAWgBQ5k9VOY5CApGw/
49WKqH4wXbaa0TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09aUFZUbU9RZ0tSc1AtUFZpcWgtTUYyMm10RS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWUvODA5NTlkLWY1YzQtNGFjOS1hZDEzLWQ0OGZiYzFhMjQzYi8x
L1h0S05KZjlvN1l2a181ZXoyMEZUWUpsOEdfRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUv
ODA5NTlkLWY1YzQtNGFjOS1hZDEzLWQ0OGZiYzFhMjQzYi8xL09aUFZUbU9RZ0tS
c1AtUFZpcWgtTUYyMm10RS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMCfeTANBgkqhkiG9w0BAQsFAAOC
AQEABky9iZcZwSqf1SiiEhjaRowFKSoxxT7VAldBUvhvR+BiWIUPuVozOmm0xZD4
8fMciZzEukL/kRHPmlkVizGcsgEj0bxftRZFE3y/htARU2SRf+/8YwCm1KFrBUR4
USEyNRxsBeJvjhcNlDkt2lKOqf4lXWaBK+wPSxc01mNS9G9bINTyakxY1xD7mcCE
igcLq8FQAbKhPKWK5vpNDDAGoyYSX+k0P9HlcilXenuhb0Mfk2T6gn1AUXujKEax
MzvN+P+AbnVfbpe3aD7TppAclTmh7UA8xppU0YpUwEAOqKxhpFIrk4SKovOlBHMv
phig9nLXicUNrbPEWckunuG/EA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:13:24 2024 by rpki-client on console-ams.rpki-client.org