Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/oo5IOSGzgakuNp4Zpl_5qsgAWa8.roa
File:                     oo5IOSGzgakuNp4Zpl_5qsgAWa8.roa (raw, json)
Hash identifier:          s1xT/H+LpoMdnlYYSu7OrHmLjzjJ4vTZBUpNyHfBWNw=
Subject key identifier:   A2:8E:48:39:21:B3:81:A9:2E:36:9E:19:A6:5F:F9:AA:C8:00:59:AF
Certificate issuer:       /CN=a57089c45c55088fe90eb61002f07f0f95862672
Certificate serial:       065D120C
Authority key identifier: A5:70:89:C4:5C:55:08:8F:E9:0E:B6:10:02:F0:7F:0F:95:86:26:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXCJxFxVCI_pDrYQAvB_D5WGJnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/oo5IOSGzgakuNp4Zpl_5qsgAWa8.roa
Signing time:             Sat 01 Jan 2022 00:52:12 +0000
ROA not before:           Sat 01 Jan 2022 00:52:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59987
IP address blocks:        176.119.196.0/24 maxlen: 24
                          2a06:6840::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 106762764 (0x65d120c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a57089c45c55088fe90eb61002f07f0f95862672
        Validity
            Not Before: Jan  1 00:52:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a28e483921b381a92e369e19a65ff9aac80059af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4b:3e:85:85:2f:7d:14:60:78:05:22:28:6c:
                    dd:6c:f6:f5:68:d1:75:21:5e:b3:13:3a:8e:95:53:
                    37:af:5f:fb:51:f1:19:80:f0:48:45:4a:79:a1:09:
                    87:fe:94:9c:1f:85:8b:ce:93:07:a5:40:cc:4d:dc:
                    83:c9:8c:5b:61:9e:80:61:a2:b7:7a:f4:3f:bf:31:
                    fa:81:e9:41:10:13:19:14:9a:d6:89:24:c3:03:8b:
                    e3:3d:27:df:5d:59:67:4a:5d:cb:bb:23:2f:ba:69:
                    7c:a4:a5:24:c5:53:2b:df:3f:f2:9c:63:e6:c0:7e:
                    c8:0e:0e:d7:1c:23:ad:32:15:04:4f:c7:f8:cf:b5:
                    4f:e4:51:80:15:ba:1f:fc:53:e7:1b:74:b2:d8:b4:
                    19:f9:4e:b4:78:65:f8:c0:7f:6e:46:2b:5f:d4:ee:
                    be:8d:c4:9d:0f:81:bd:82:5e:26:3c:b2:a1:29:c5:
                    f9:1e:6a:8c:46:fb:f4:c8:4c:56:63:f6:b2:5d:eb:
                    bc:15:42:dc:e4:27:02:48:18:c4:f2:7b:31:0a:da:
                    16:3c:fe:2b:92:49:dc:ff:ba:4f:7e:9e:a8:37:68:
                    bf:71:c8:5d:72:51:14:09:93:87:71:9e:03:cf:ec:
                    db:96:be:17:3a:17:d4:00:ed:bd:62:48:95:7e:fe:
                    46:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:8E:48:39:21:B3:81:A9:2E:36:9E:19:A6:5F:F9:AA:C8:00:59:AF
            X509v3 Authority Key Identifier:
                keyid:A5:70:89:C4:5C:55:08:8F:E9:0E:B6:10:02:F0:7F:0F:95:86:26:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXCJxFxVCI_pDrYQAvB_D5WGJnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/oo5IOSGzgakuNp4Zpl_5qsgAWa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/pXCJxFxVCI_pDrYQAvB_D5WGJnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.196.0/24
                IPv6:
                  2a06:6840::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:7e:3b:a8:4f:32:9d:8a:51:38:a5:d3:4a:d8:cf:54:c0:bc:
         ab:4a:b8:b9:58:72:ee:0f:8e:a0:5d:48:40:4b:77:c8:77:20:
         dc:59:5c:ef:8e:c8:e5:8b:96:d1:e8:fb:75:16:e6:23:7c:b2:
         b8:cd:90:c2:bd:b6:bd:85:05:33:bd:b8:9c:41:aa:f6:e4:96:
         80:81:e9:cf:c5:73:f4:c2:a3:47:37:9b:37:74:9f:21:84:d5:
         59:56:9c:3a:1a:8e:33:d8:a1:3b:4f:ac:24:5a:41:ad:0e:2c:
         b9:d0:a9:ad:08:38:be:9a:f5:8b:80:ee:24:f9:3a:ad:01:dd:
         09:01:e4:c4:6a:d1:9d:da:95:fe:72:45:a9:03:18:61:14:01:
         6a:e8:e7:50:12:e9:13:d1:6c:c5:05:96:6a:fa:45:dc:71:ec:
         3e:5d:ec:56:dd:75:a0:9f:b2:42:ee:0c:47:8a:69:31:94:91:
         32:72:1b:38:3b:f3:a3:be:6f:fb:35:83:29:73:c7:e9:cf:00:
         f6:4b:09:4c:a7:11:01:b4:d5:81:ac:ff:74:50:de:99:f8:3f:
         42:18:84:93:38:87:c9:b5:82:69:c8:53:a4:09:3a:d5:ef:d7:
         10:39:b9:9f:f7:8a:85:90:37:18:1e:04:3a:54:0b:f0:b6:01:
         c0:7e:09:47
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBl0SDDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NTcwODljNDVjNTUwODhmZTkwZWI2MTAwMmYwN2YwZjk1ODYyNjcyMB4XDTIyMDEw
MTAwNTIxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTI4ZTQ4MzkyMWIz
ODFhOTJlMzY5ZTE5YTY1ZmY5YWFjODAwNTlhZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKxLPoWFL30UYHgFIihs3Wz29WjRdSFesxM6jpVTN69f+1Hx
GYDwSEVKeaEJh/6UnB+Fi86TB6VAzE3cg8mMW2GegGGit3r0P78x+oHpQRATGRSa
1okkwwOL4z0n311ZZ0pdy7sjL7ppfKSlJMVTK98/8pxj5sB+yA4O1xwjrTIVBE/H
+M+1T+RRgBW6H/xT5xt0sti0GflOtHhl+MB/bkYrX9Tuvo3EnQ+BvYJeJjyyoSnF
+R5qjEb79MhMVmP2sl3rvBVC3OQnAkgYxPJ7MQraFjz+K5JJ3P+6T36eqDdov3HI
XXJRFAmTh3GeA8/s25a+FzoX1ADtvWJIlX7+RrsCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSijkg5IbOBqS42nhmmX/mqyABZrzAfBgNVHSMEGDAWgBSlcInEXFUIj+kO
thAC8H8PlYYmcjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BYQ0p4RnhWQ0lfcERyWVFBdkJfRDVXR0puSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGEvYzNmNGEyLThiOGUtNDlhMy1hYTlmLWQ5MmQ2NGI5ZjgwMS8x
L29vNUlPU0d6Z2FrdU5wNFpwbF81cXNnQVdhOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEv
YzNmNGEyLThiOGUtNDlhMy1hYTlmLWQ5MmQ2NGI5ZjgwMS8xL3BYQ0p4RnhWQ0lf
cERyWVFBdkJfRDVXR0puSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALB3xDANBAIAAjAHAwUDKgZoQDAN
BgkqhkiG9w0BAQsFAAOCAQEADH47qE8ynYpROKXTStjPVMC8q0q4uVhy7g+OoF1I
QEt3yHcg3Flc747I5YuW0ej7dRbmI3yyuM2Qwr22vYUFM724nEGq9uSWgIHpz8Vz
9MKjRzebN3SfIYTVWVacOhqOM9ihO0+sJFpBrQ4sudCprQg4vpr1i4DuJPk6rQHd
CQHkxGrRndqV/nJFqQMYYRQBaujnUBLpE9FsxQWWavpF3HHsPl3sVt11oJ+yQu4M
R4ppMZSRMnIbODvzo75v+zWDKXPH6c8A9ksJTKcRAbTVgaz/dFDemfg/QhiEkziH
ybWCachTpAk61e/XEDm5n/eKhZA3GB4EOlQL8LYBwH4JRw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:37 2024 by rpki-client on console-ams.rpki-client.org