Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/xWj611dHBkiNI1J81tiEN0e8w14.roa
File:                     xWj611dHBkiNI1J81tiEN0e8w14.roa (raw, json)
Hash identifier:          hZdpMG0pNZFASPGpo8wrWpW5eSK8Xq6k+GaW4J7JWCM=
Subject key identifier:   C5:68:FA:D7:57:47:06:48:8D:23:52:7C:D6:D8:84:37:47:BC:C3:5E
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       38ED172E
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/xWj611dHBkiNI1J81tiEN0e8w14.roa
Signing time:             Sat 01 Jan 2022 12:56:53 +0000
ROA not before:           Sat 01 Jan 2022 12:56:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44889
IP address blocks:        212.16.64.0/19 maxlen: 24
                          46.38.140.0/24 maxlen: 24
                          212.16.72.0/24 maxlen: 25
                          212.80.0.0/19 maxlen: 24
                          212.80.20.0/23 maxlen: 24
                          185.24.148.0/24 maxlen: 24
                          46.38.129.0/24 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          2a00:7d80::/29 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 955062062 (0x38ed172e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 12:56:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c568fad7574706488d23527cd6d8843747bcc35e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4c:f2:04:64:99:46:b2:33:51:35:ba:9d:e1:
                    26:ab:17:d4:6e:08:5f:53:96:5f:1b:f7:d0:8c:28:
                    aa:6f:0c:b0:11:21:b5:56:b6:f2:4b:7c:b2:8e:c7:
                    21:cf:e0:69:ae:bb:8e:14:5f:eb:91:6b:2b:8b:62:
                    c5:7b:0f:87:de:60:f2:a6:b2:2a:e6:8f:62:e9:38:
                    3a:23:de:09:ac:05:ae:b9:b0:aa:ff:83:9b:87:d5:
                    8f:17:21:2e:43:34:62:14:92:a2:3a:5a:aa:6a:3c:
                    d5:c6:3e:e1:86:c3:da:54:03:39:87:d4:a8:3c:24:
                    ea:f6:e3:98:ff:d8:f7:4a:f7:b0:91:8d:6d:c4:cf:
                    65:98:de:a4:b9:80:f3:b4:2b:a1:12:81:e9:ab:2d:
                    03:65:6c:40:2c:a4:6f:6c:db:87:ed:76:fc:53:8e:
                    36:43:41:b7:58:eb:4a:69:ce:78:81:7c:ca:7c:54:
                    a2:cf:d5:4a:2f:06:57:33:70:ca:97:02:b7:9d:2b:
                    0a:21:31:49:84:d7:7a:99:e3:c8:f3:27:44:22:88:
                    62:02:dd:b0:d3:6e:a7:90:ee:1b:61:9e:e3:cf:cb:
                    81:f4:0a:7f:d9:7f:6f:30:20:4a:37:42:49:70:99:
                    ed:1b:8a:cf:91:ee:51:ff:e7:b0:7a:4d:f6:b8:d1:
                    7e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:68:FA:D7:57:47:06:48:8D:23:52:7C:D6:D8:84:37:47:BC:C3:5E
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/xWj611dHBkiNI1J81tiEN0e8w14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0/24
                  46.38.131.0/24
                  46.38.140.0/24
                  185.24.148.0/24
                  212.16.64.0/19
                  212.80.0.0/19
                IPv6:
                  2a00:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:a3:33:eb:f2:98:fc:de:8f:99:e8:32:b3:df:a1:13:cc:7b:
         cc:46:d4:d2:a3:9d:d3:70:10:ab:64:33:c7:ce:d8:69:0a:07:
         ce:6a:9d:53:ce:85:d8:f8:85:a4:5b:db:34:62:c2:5f:12:06:
         22:f8:80:77:ef:c4:78:b2:78:ca:9e:68:80:f0:97:6e:6d:99:
         ef:93:a8:ba:3f:fd:5d:16:8e:92:b8:3c:35:70:18:e4:89:93:
         5f:2d:af:ac:8d:37:ef:a3:cd:fa:dc:db:63:23:c4:6f:d3:e7:
         46:f7:c8:00:e9:27:85:e7:6f:23:36:bc:2d:08:2f:66:f2:84:
         d8:4d:b5:b3:c9:e2:30:06:a4:1a:03:7c:84:fc:99:74:21:5f:
         20:5d:54:38:bc:99:50:dd:23:fb:85:cc:20:b8:23:7f:8b:37:
         69:5d:0a:80:bf:93:b3:81:61:4d:a8:47:78:3e:22:b6:51:cc:
         4d:6b:60:1c:cf:5a:6c:bc:df:48:bb:9a:13:b9:fd:09:2d:56:
         ff:4b:93:49:51:e8:b9:4a:05:30:cd:2e:10:c4:d9:83:ac:c5:
         39:cb:cd:7f:05:31:fc:db:ca:15:ab:68:18:26:ba:72:c8:05:
         67:2f:47:5c:c6:02:3d:bc:3a:1c:03:a2:a9:7c:9e:8a:6e:ea:
         b9:9a:6a:e7
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEOO0XLjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NzI5NDVmNTcxMDMxNTNhMDc4NTRlNzRlMjI3ZjJhZWMxYzVmNDMwMB4XDTIyMDEw
MTEyNTY1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzU2OGZhZDc1NzQ3
MDY0ODhkMjM1MjdjZDZkODg0Mzc0N2JjYzM1ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMFM8gRkmUayM1E1up3hJqsX1G4IX1OWXxv30Iwoqm8MsBEh
tVa28kt8so7HIc/gaa67jhRf65FrK4tixXsPh95g8qayKuaPYuk4OiPeCawFrrmw
qv+Dm4fVjxchLkM0YhSSojpaqmo81cY+4YbD2lQDOYfUqDwk6vbjmP/Y90r3sJGN
bcTPZZjepLmA87QroRKB6astA2VsQCykb2zbh+12/FOONkNBt1jrSmnOeIF8ynxU
os/VSi8GVzNwypcCt50rCiExSYTXepnjyPMnRCKIYgLdsNNup5DuG2Ge48/LgfQK
f9l/bzAgSjdCSXCZ7RuKz5HuUf/nsHpN9rjRfu8CAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBTFaPrXV0cGSI0jUnzW2IQ3R7zDXjAfBgNVHSMEGDAWgBS3KUX1cQMVOgeF
TnTiJ/KuwcX0MDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3R5bEY5WEVERlRvSGhVNTA0aWZ5cnNIRjlEQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjEvNWY2OTA2LTNmYjAtNGRmZi04ZDAxLTJhMDljYzUzYTgwNS8x
L3hXajYxMWRIQmtpTkkxSjgxdGlFTjBlOHcxNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEv
NWY2OTA2LTNmYjAtNGRmZi04ZDAxLTJhMDljYzUzYTgwNS8xL3R5bEY5WEVERlRv
SGhVNTA0aWZ5cnNIRjlEQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAC4mgQMEAC4mgwMEAC4mjAMEALkY
lAMEBdQQQAMEBdRQADANBAIAAjAHAwUDKgB9gDANBgkqhkiG9w0BAQsFAAOCAQEA
C6Mz6/KY/N6Pmegys9+hE8x7zEbU0qOd03AQq2Qzx87YaQoHzmqdU86F2PiFpFvb
NGLCXxIGIviAd+/EeLJ4yp5ogPCXbm2Z75Oouj/9XRaOkrg8NXAY5ImTXy2vrI03
76PN+tzbYyPEb9PnRvfIAOknhedvIza8LQgvZvKE2E21s8niMAakGgN8hPyZdCFf
IF1UOLyZUN0j+4XMILgjf4s3aV0KgL+Ts4FhTahHeD4itlHMTWtgHM9abLzfSLua
E7n9CS1W/0uTSVHouUoFMM0uEMTZg6zFOcvNfwUx/NvKFatoGCa6csgFZy9HXMYC
Pbw6HAOiqXyeim7quZpq5w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:07 2024 by rpki-client on console-ams.rpki-client.org