Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XvKVn0lhg06O2IALXQxwvDrQNXY.roa
File:                     XvKVn0lhg06O2IALXQxwvDrQNXY.roa (raw, json)
Hash identifier:          Ae70A74iL3x8gbeukEAJRpvlyk1C5HuymwB0ImiuyVY=
Subject key identifier:   5E:F2:95:9F:49:61:83:4E:8E:D8:80:0B:5D:0C:70:BC:3A:D0:35:76
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018400D5566918D2C80B5A6AFF75EFCBBA25
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XvKVn0lhg06O2IALXQxwvDrQNXY.roa
Signing time:             Sat 22 Oct 2022 17:54:52 +0000
ROA not before:           Sat 22 Oct 2022 17:54:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14445
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.10.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:00:d5:56:69:18:d2:c8:0b:5a:6a:ff:75:ef:cb:ba:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 22 17:54:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5ef2959f4961834e8ed8800b5d0c70bc3ad03576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5c:51:44:f6:6e:cc:b7:43:a6:3e:33:4e:18:
                    bc:66:22:69:2c:8c:f8:ec:02:98:79:e4:85:5e:7c:
                    39:5a:8c:b1:d1:01:fb:39:89:f6:c9:10:f3:ef:10:
                    bf:22:56:8f:a6:2f:4c:d5:67:b2:b3:ac:38:d7:e0:
                    89:32:df:9c:53:e1:e6:a9:8b:54:85:15:a2:e2:b1:
                    d2:8f:d9:ee:f2:13:41:2f:67:0d:8f:d7:79:d4:29:
                    6b:49:39:1d:ea:b8:9e:1d:d2:ba:42:68:e6:5f:b4:
                    09:22:5b:bc:85:22:39:0c:6e:6e:80:16:75:b9:6c:
                    b1:e1:47:5a:af:e7:f9:86:fb:a0:a5:10:8b:e2:e1:
                    0d:f6:3d:eb:5c:90:97:dd:19:51:1b:99:67:91:33:
                    65:79:2f:55:7a:7e:fe:fe:b8:b5:e2:81:6b:58:9f:
                    99:1b:a7:12:c9:f4:f4:d5:4a:ce:b2:c8:d2:a8:b7:
                    f6:78:92:63:99:86:97:bc:78:21:d8:85:66:08:d2:
                    15:2e:e0:c7:25:de:32:8e:03:d5:e6:de:68:b6:22:
                    dd:26:43:a1:cb:04:07:07:ba:1c:70:fa:e0:94:d3:
                    91:f0:78:08:e8:06:2e:95:12:72:3b:cb:6b:a3:3c:
                    7a:1f:27:9c:f4:f5:44:a0:6f:df:f3:ed:75:ea:25:
                    5a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F2:95:9F:49:61:83:4E:8E:D8:80:0B:5D:0C:70:BC:3A:D0:35:76
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XvKVn0lhg06O2IALXQxwvDrQNXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.4.0/24
                  82.153.10.0/24
                  82.153.132.0/24
                  82.153.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:af:fd:9f:ad:8c:1b:fd:b7:7a:6c:9e:4e:e9:49:c1:55:0e:
         6d:0a:3f:0a:e0:71:77:ac:c3:9c:a0:5d:3e:09:d8:32:da:39:
         ef:ae:f9:e6:9f:0c:60:05:05:99:7b:27:b5:08:ca:74:64:fd:
         29:dd:7b:b2:1e:c2:4f:9a:b0:d6:90:c5:ef:af:4d:42:d9:d4:
         67:1b:fc:87:b2:bb:ca:60:05:50:4b:1d:e8:3a:02:72:c4:d6:
         bb:79:f3:2d:55:70:7a:1b:f2:99:89:01:d5:d2:53:fb:c6:86:
         8f:5e:57:5c:18:f6:ae:89:1b:19:ed:ed:12:a4:00:8b:27:c1:
         7b:40:c0:b7:b7:fa:3c:a5:b8:6f:5e:fc:e0:11:90:41:c0:f4:
         01:43:b1:4d:16:50:4a:0d:19:09:39:96:b5:29:46:86:31:f2:
         08:02:be:fb:96:4f:be:e0:95:db:52:64:56:79:0e:76:f2:a6:
         9d:06:d3:1b:39:bc:08:96:3c:76:fa:2e:fc:45:3c:96:0a:ac:
         f0:f3:e2:64:8d:31:b8:bc:85:68:55:10:e3:d3:57:e5:51:83:
         64:d4:6a:4c:d2:90:d9:2f:ae:cc:56:ce:84:f0:bb:e4:ae:9d:
         90:27:2f:ce:93:aa:1f:55:07:a5:2d:84:29:16:ba:47:b3:ec:
         48:1b:32:8e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYQA1VZpGNLIC1pq/3Xvy7olMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMDIyMTc1NDUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWYyOTU5ZjQ5NjE4MzRlOGVkODgwMGI1ZDBjNzBiYzNhZDAzNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVxRRPZuzLdDpj4zThi8ZiJpLIz4
7AKYeeSFXnw5Woyx0QH7OYn2yRDz7xC/IlaPpi9M1Weys6w41+CJMt+cU+HmqYtU
hRWi4rHSj9nu8hNBL2cNj9d51ClrSTkd6rieHdK6QmjmX7QJIlu8hSI5DG5ugBZ1
uWyx4Udar+f5hvugpRCL4uEN9j3rXJCX3RlRG5lnkTNleS9Ven7+/ri14oFrWJ+Z
G6cSyfT01UrOssjSqLf2eJJjmYaXvHgh2IVmCNIVLuDHJd4yjgPV5t5otiLdJkOh
ywQHB7occPrglNOR8HgI6AYulRJyO8trozx6Hyec9PVEoG/f8+116iVaTwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF7ylZ9JYYNOjtiAC10McLw60DV2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHZLVm4wbGhnMDZPMklBTFhReHd2RHJRTlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUpkEAwQA
UpkKAwQAUpmEAwQAUpn1MA0GCSqGSIb3DQEBCwUAA4IBAQAwr/2frYwb/bd6bJ5O
6UnBVQ5tCj8K4HF3rMOcoF0+Cdgy2jnvrvnmnwxgBQWZeye1CMp0ZP0p3XuyHsJP
mrDWkMXvr01C2dRnG/yHsrvKYAVQSx3oOgJyxNa7efMtVXB6G/KZiQHV0lP7xoaP
XldcGPauiRsZ7e0SpACLJ8F7QMC3t/o8pbhvXvzgEZBBwPQBQ7FNFlBKDRkJOZa1
KUaGMfIIAr77lk++4JXbUmRWeQ528qadBtMbObwIljx2+i78RTyWCqzw8+JkjTG4
vIVoVRDj01flUYNk1GpM0pDZL67MVs6E8Lvkrp2QJy/Ok6ofVQelLYQpFrpHs+xI
GzKO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org