Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/m3IXdyMXfxJrCYArbp_8VbGGiUQ.roa
File:                     m3IXdyMXfxJrCYArbp_8VbGGiUQ.roa (raw, json)
Hash identifier:          nQVxG+lZu7ml8FGvaFSky/sT7+4atr24oRcbzaHvI9Y=
Subject key identifier:   9B:72:17:77:23:17:7F:12:6B:09:80:2B:6E:9F:FC:55:B1:86:89:44
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       02D13266
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/m3IXdyMXfxJrCYArbp_8VbGGiUQ.roa
Signing time:             Wed 11 May 2022 07:21:02 +0000
ROA not before:           Wed 11 May 2022 07:21:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        109.238.168.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 47264358 (0x2d13266)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: May 11 07:21:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9b72177723177f126b09802b6e9ffc55b1868944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:6d:83:50:00:38:2e:60:ce:2b:53:aa:51:f5:
                    1c:88:18:e9:d0:ba:d7:e6:30:75:45:97:e6:cd:7b:
                    d0:71:a7:9f:06:ad:cf:49:ca:e5:70:be:40:59:c9:
                    29:48:b2:0d:ea:6e:8f:10:e9:70:11:b7:f5:bb:9a:
                    31:42:70:bd:25:f2:b0:15:50:0f:00:bb:56:71:88:
                    a1:34:cc:8a:99:3b:79:54:4f:f6:43:a6:4d:60:51:
                    0d:17:25:1f:0a:aa:65:02:2b:47:97:06:5e:b1:97:
                    09:a0:29:db:b5:36:6e:de:4e:f1:48:be:46:f6:63:
                    23:8d:26:6f:9b:0a:23:52:64:eb:0a:2d:79:7a:9a:
                    3c:48:e8:30:04:35:89:1a:6d:b7:4a:32:ba:0f:29:
                    82:99:c4:e3:e1:cc:98:5d:1b:79:aa:3f:da:14:da:
                    ef:88:9e:04:05:a0:4c:ca:8d:06:16:6d:28:e0:37:
                    df:1b:39:cc:f6:21:45:ee:09:82:43:e0:8f:d2:77:
                    30:6d:3d:29:ae:be:fe:b6:ef:27:f7:e5:dd:83:66:
                    41:38:09:ad:c3:01:9f:ff:39:32:f2:c1:2d:0d:06:
                    f4:ea:52:4e:86:50:7b:15:16:7c:18:b6:1b:fc:d9:
                    5a:79:4c:ee:60:98:03:f1:7e:e8:37:99:82:63:f6:
                    1b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:72:17:77:23:17:7F:12:6B:09:80:2B:6E:9F:FC:55:B1:86:89:44
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/m3IXdyMXfxJrCYArbp_8VbGGiUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.238.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8f:bf:c2:ca:b7:fc:03:ae:40:07:c8:5c:43:b0:28:da:6c:29:
         ca:6d:1f:d2:5c:dd:e9:75:de:97:23:75:5e:09:d1:2a:d3:20:
         9c:8c:d9:35:ec:a0:ea:a4:9b:00:f5:2a:2a:51:c9:80:2a:5e:
         10:4f:35:37:53:90:cd:30:b6:d3:49:30:a1:cc:19:ff:b4:df:
         be:40:fc:a9:87:e0:75:c3:cd:12:d4:54:06:f6:dd:18:6b:fd:
         c6:41:1a:ba:22:b4:bd:64:a9:08:a7:37:da:42:51:43:46:e1:
         b2:da:89:55:99:4c:f3:63:f5:3a:67:25:d2:25:12:60:92:5c:
         f1:61:50:68:ff:db:18:4c:51:89:6e:ee:f2:cf:43:96:c0:ae:
         4d:00:08:d6:39:b2:38:8e:4f:6d:6e:16:01:ac:d2:83:fc:34:
         b2:c8:1a:3e:21:ba:4e:c9:9f:67:1a:a7:93:89:cb:52:a1:91:
         ff:2b:7e:05:bf:e6:30:52:f0:17:a6:f1:fd:21:47:b6:32:99:
         2b:c4:91:6b:54:30:fb:5b:4a:93:9c:84:c6:d6:ce:2e:5e:d0:
         09:6d:33:54:77:54:5e:df:5d:af:23:d0:eb:b0:8f:50:a1:0c:
         97:b7:e2:c7:2a:6b:25:5d:59:01:97:c3:2c:8e:90:cc:52:29:
         cd:be:48:f9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAtEyZjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
NzI1Mzc2MDFhMzE2OTc0MDQ5MjJkOTU3ZTc0NDUwZjVhOWNiZTczMB4XDTIyMDUx
MTA3MjEwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWI3MjE3NzcyMzE3
N2YxMjZiMDk4MDJiNmU5ZmZjNTViMTg2ODk0NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO9tg1AAOC5gzitTqlH1HIgY6dC61+YwdUWX5s170HGnnwat
z0nK5XC+QFnJKUiyDepujxDpcBG39buaMUJwvSXysBVQDwC7VnGIoTTMipk7eVRP
9kOmTWBRDRclHwqqZQIrR5cGXrGXCaAp27U2bt5O8Ui+RvZjI40mb5sKI1Jk6wot
eXqaPEjoMAQ1iRptt0oyug8pgpnE4+HMmF0beao/2hTa74ieBAWgTMqNBhZtKOA3
3xs5zPYhRe4JgkPgj9J3MG09Ka6+/rbvJ/fl3YNmQTgJrcMBn/85MvLBLQ0G9OpS
ToZQexUWfBi2G/zZWnlM7mCYA/F+6DeZgmP2G0cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSbchd3Ixd/EmsJgCtun/xVsYaJRDAfBgNVHSMEGDAWgBQXJTdgGjFpdASS
LZV+dEUPWpy+czAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0Z5VTNZQm94YVhRRWtpMlZmblJGRDFxY3ZuTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzcvMjE5Y2FlLTI2NGQtNDZhNy05ZTY0LWU2MDRiNjFiZTBlYS8x
L20zSVhkeU1YZnhKckNZQXJicF84VmJHR2lVUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcv
MjE5Y2FlLTI2NGQtNDZhNy05ZTY0LWU2MDRiNjFiZTBlYS8xL0Z5VTNZQm94YVhR
RWtpMlZmblJGRDFxY3ZuTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA23uqDANBgkqhkiG9w0BAQsFAAOC
AQEAj7/Cyrf8A65AB8hcQ7Ao2mwpym0f0lzd6XXelyN1XgnRKtMgnIzZNeyg6qSb
APUqKlHJgCpeEE81N1OQzTC200kwocwZ/7TfvkD8qYfgdcPNEtRUBvbdGGv9xkEa
uiK0vWSpCKc32kJRQ0bhstqJVZlM82P1Omcl0iUSYJJc8WFQaP/bGExRiW7u8s9D
lsCuTQAI1jmyOI5PbW4WAazSg/w0ssgaPiG6TsmfZxqnk4nLUqGR/yt+Bb/mMFLw
F6bx/SFHtjKZK8SRa1Qw+1tKk5yExtbOLl7QCW0zVHdUXt9dryPQ67CPUKEMl7fi
xyprJV1ZAZfDLI6QzFIpzb5I+Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:25 2024 by rpki-client on console-fra.rpki-client.org