Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/02c254-36bf-4c8c-98d9-7e9837a9228c/1/XcUd7bNAzP3QOSqomGMMLT1vtAg.roa
File:                     XcUd7bNAzP3QOSqomGMMLT1vtAg.roa (raw, json)
Hash identifier:          ZpXjeP2cLag+D7/oeRZYMEHCvTyjAplHZzHJNnmDbCI=
Subject key identifier:   5D:C5:1D:ED:B3:40:CC:FD:D0:39:2A:A8:98:63:0C:2D:3D:6F:B4:08
Certificate issuer:       /CN=c76a265ca8ad7273a8a130a1763283d2ff1b4dda
Certificate serial:       049100D9
Authority key identifier: C7:6A:26:5C:A8:AD:72:73:A8:A1:30:A1:76:32:83:D2:FF:1B:4D:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2omXKitcnOooTChdjKD0v8bTdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/02c254-36bf-4c8c-98d9-7e9837a9228c/1/XcUd7bNAzP3QOSqomGMMLT1vtAg.roa
Signing time:             Sat 01 Jan 2022 12:01:03 +0000
ROA not before:           Sat 01 Jan 2022 12:01:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208016
IP address blocks:        45.85.48.0/22 maxlen: 22
                          2a0e:b680::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 76611801 (0x49100d9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76a265ca8ad7273a8a130a1763283d2ff1b4dda
        Validity
            Not Before: Jan  1 12:01:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5dc51dedb340ccfdd0392aa898630c2d3d6fb408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1c:56:4a:c5:90:09:3c:2c:79:3f:48:ac:57:
                    01:8e:d8:35:fe:dc:08:95:79:39:57:ee:9f:70:d9:
                    ee:ce:b2:44:73:4f:29:27:02:ee:ef:6f:cc:02:b2:
                    a9:02:b0:41:34:67:64:17:bf:29:3c:43:d1:05:c5:
                    55:88:db:2f:31:5d:2c:fd:8e:e2:14:af:e5:ab:d0:
                    7d:5a:be:a9:1e:7f:dd:fa:bf:12:79:7d:b6:84:3c:
                    fe:f5:5e:4c:47:54:22:1f:50:11:7f:a7:bc:56:97:
                    07:e8:7a:6c:43:18:86:c7:2c:ac:03:50:3d:4d:3f:
                    84:f7:9e:22:86:e3:2d:51:bb:2f:24:f5:25:1c:45:
                    82:ca:47:35:3f:7f:6f:0a:57:4e:1a:24:01:de:a5:
                    60:89:cc:40:a1:46:97:65:77:05:e3:a8:54:01:cc:
                    06:0c:ff:3d:50:3c:22:0e:62:0f:12:7b:82:97:a4:
                    80:5b:6f:ef:fe:59:a4:94:b3:17:09:b3:09:ac:33:
                    11:8e:e0:f6:3d:bd:73:e8:fe:ee:a4:13:96:44:d0:
                    10:31:d3:ea:8c:a5:76:70:38:cc:54:28:7f:66:eb:
                    19:fb:e4:01:20:ab:ec:05:30:0c:b9:68:7f:46:f4:
                    73:22:ae:07:a1:13:49:e4:bc:fd:7e:f8:94:9f:88:
                    77:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C5:1D:ED:B3:40:CC:FD:D0:39:2A:A8:98:63:0C:2D:3D:6F:B4:08
            X509v3 Authority Key Identifier:
                keyid:C7:6A:26:5C:A8:AD:72:73:A8:A1:30:A1:76:32:83:D2:FF:1B:4D:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2omXKitcnOooTChdjKD0v8bTdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/02c254-36bf-4c8c-98d9-7e9837a9228c/1/XcUd7bNAzP3QOSqomGMMLT1vtAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/02c254-36bf-4c8c-98d9-7e9837a9228c/1/x2omXKitcnOooTChdjKD0v8bTdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.48.0/22
                IPv6:
                  2a0e:b680::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:cd:16:dc:d8:d0:b8:41:ef:02:26:e3:ce:3a:89:d5:fc:5e:
         11:b3:37:5c:28:17:5a:34:fe:d2:c9:fd:95:9d:7e:d4:8f:5d:
         81:da:2c:4a:2c:27:76:60:94:5a:2b:34:e5:1b:2f:de:fb:32:
         6b:d5:de:d0:db:d6:5b:1c:e6:21:dd:cd:c8:6b:5e:05:f2:9f:
         81:5a:41:d5:cb:bd:84:7a:05:eb:2b:e4:c2:0e:20:bd:08:d0:
         52:11:5b:8e:f8:f3:37:00:4c:ab:b8:70:0d:f9:5c:94:91:0a:
         a6:83:92:d2:00:9e:30:ab:d5:e2:b2:da:f9:61:93:ff:ee:bc:
         d5:75:74:fc:f6:46:56:d7:df:ca:b2:91:33:cb:e5:60:4a:91:
         d1:1a:57:0f:f9:38:62:53:01:23:e3:bb:60:1d:3c:96:4d:c8:
         e1:3e:eb:65:10:be:f3:97:b8:75:5c:ee:b9:0b:c6:db:ab:88:
         1d:14:ce:b7:e4:c7:97:5c:38:48:2c:15:23:64:e9:e6:22:84:
         42:92:c6:f5:26:99:2a:37:1e:65:24:83:7b:39:25:5f:3b:ea:
         55:a2:d1:7b:c1:65:67:0b:6e:04:3c:8c:77:07:c1:40:5a:ef:
         36:33:f0:d2:59:84:07:70:dd:37:51:0a:97:5f:a0:ce:96:4b:
         cd:20:6b:7d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBJEA2TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NzZhMjY1Y2E4YWQ3MjczYThhMTMwYTE3NjMyODNkMmZmMWI0ZGRhMB4XDTIyMDEw
MTEyMDEwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWRjNTFkZWRiMzQw
Y2NmZGQwMzkyYWE4OTg2MzBjMmQzZDZmYjQwODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKccVkrFkAk8LHk/SKxXAY7YNf7cCJV5OVfun3DZ7s6yRHNP
KScC7u9vzAKyqQKwQTRnZBe/KTxD0QXFVYjbLzFdLP2O4hSv5avQfVq+qR5/3fq/
Enl9toQ8/vVeTEdUIh9QEX+nvFaXB+h6bEMYhscsrANQPU0/hPeeIobjLVG7LyT1
JRxFgspHNT9/bwpXThokAd6lYInMQKFGl2V3BeOoVAHMBgz/PVA8Ig5iDxJ7gpek
gFtv7/5ZpJSzFwmzCawzEY7g9j29c+j+7qQTlkTQEDHT6oyldnA4zFQof2brGfvk
ASCr7AUwDLlof0b0cyKuB6ETSeS8/X74lJ+Id7ECAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRdxR3ts0DM/dA5KqiYYwwtPW+0CDAfBgNVHSMEGDAWgBTHaiZcqK1yc6ih
MKF2MoPS/xtN2jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3gyb21YS2l0Y25Pb29UQ2hkaktEMHY4YlRkby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTEvMDJjMjU0LTM2YmYtNGM4Yy05OGQ5LTdlOTgzN2E5MjI4Yy8x
L1hjVWQ3Yk5BelAzUU9TcW9tR01NTFQxdnRBZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEv
MDJjMjU0LTM2YmYtNGM4Yy05OGQ5LTdlOTgzN2E5MjI4Yy8xL3gyb21YS2l0Y25P
b29UQ2hkaktEMHY4YlRkby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi1VMDANBAIAAjAHAwUDKg62gDAN
BgkqhkiG9w0BAQsFAAOCAQEAcc0W3NjQuEHvAibjzjqJ1fxeEbM3XCgXWjT+0sn9
lZ1+1I9dgdosSiwndmCUWis05Rsv3vsya9Xe0NvWWxzmId3NyGteBfKfgVpB1cu9
hHoF6yvkwg4gvQjQUhFbjvjzNwBMq7hwDflclJEKpoOS0gCeMKvV4rLa+WGT/+68
1XV0/PZGVtffyrKRM8vlYEqR0RpXD/k4YlMBI+O7YB08lk3I4T7rZRC+85e4dVzu
uQvG26uIHRTOt+THl1w4SCwVI2Tp5iKEQpLG9SaZKjceZSSDezklXzvqVaLRe8Fl
ZwtuBDyMdwfBQFrvNjPw0lmEB3DdN1EKl1+gzpZLzSBrfQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:55 2024 by rpki-client on console-ams.rpki-client.org