Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/GzbgpX-TDXc1Iv1mNBBC2chv6tk.roa
File:                     GzbgpX-TDXc1Iv1mNBBC2chv6tk.roa (raw, json)
Hash identifier:          BuXKcVjkTxoOSCAbUtSdODSjnigmanTFgsNxiYDxZfs=
Subject key identifier:   1B:36:E0:A5:7F:93:0D:77:35:22:FD:66:34:10:42:D9:C8:6F:EA:D9
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       0605AA4F
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/GzbgpX-TDXc1Iv1mNBBC2chv6tk.roa
Signing time:             Sat 01 Jan 2022 16:01:23 +0000
ROA not before:           Sat 01 Jan 2022 16:01:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211030
IP address blocks:        195.5.115.0/24 maxlen: 24
                          2a0d:f407:1030::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 101034575 (0x605aa4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 16:01:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1b36e0a57f930d773522fd66341042d9c86fead9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8a:ae:46:33:dd:13:10:d2:55:01:a2:13:de:
                    1d:4f:3c:00:6d:00:1e:73:6c:13:ce:c8:86:86:c3:
                    0e:8f:e2:1a:0e:ac:f1:c9:93:4b:f2:e7:cb:f9:d3:
                    7a:d0:ea:7f:ee:7e:a2:4c:7e:69:66:b3:99:e5:9e:
                    34:9a:68:28:09:40:b2:ed:ac:93:44:1c:6d:4a:0b:
                    b2:27:57:42:5a:ba:d8:c6:13:1c:8c:69:09:8d:85:
                    66:be:18:4a:cb:52:e1:3b:92:7c:32:46:ca:2f:28:
                    05:e9:db:f3:5f:0f:6e:38:45:e5:3f:1e:19:cd:ac:
                    86:49:af:a9:17:01:26:3e:81:6d:82:e0:8d:05:4c:
                    55:df:74:16:8e:af:75:82:42:0d:c8:a4:af:5e:da:
                    18:94:be:fd:32:9e:95:f7:55:c5:93:61:7c:a1:b8:
                    95:a3:20:70:4d:00:42:15:1e:61:a0:db:c7:f5:db:
                    9e:b3:bd:c2:37:ce:45:e6:93:b3:71:de:43:d5:e9:
                    ee:38:2c:40:90:a6:43:13:51:75:31:dc:a9:ee:cc:
                    b8:86:1f:14:2d:cc:67:87:79:b3:88:cb:9f:07:b8:
                    2a:4b:d4:b2:9f:52:a3:12:47:1b:ee:01:4d:32:51:
                    b8:82:b7:a0:85:87:40:cf:d4:de:78:48:a1:0c:69:
                    2b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:36:E0:A5:7F:93:0D:77:35:22:FD:66:34:10:42:D9:C8:6F:EA:D9
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/GzbgpX-TDXc1Iv1mNBBC2chv6tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.115.0/24
                IPv6:
                  2a0d:f407:1030::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:a2:1b:70:74:b8:60:c1:d0:9f:b6:08:83:73:d6:ec:e0:77:
         a6:e2:ab:90:76:4a:ac:a8:e5:4b:e1:d0:5c:a9:ec:d5:7d:40:
         82:24:ca:87:14:ee:a4:32:f7:2a:63:20:44:50:20:8f:a0:d9:
         81:3f:85:7c:70:e9:58:06:78:4a:63:49:6e:56:24:d9:6e:3f:
         f6:4c:c7:b1:42:7e:43:55:75:eb:38:a1:ab:8c:e4:ba:ae:47:
         3b:d2:25:4c:ae:2a:a9:3b:e2:e2:80:b9:9a:b7:cc:71:20:9b:
         d1:f4:2e:5f:d5:8a:4c:e0:92:f7:32:07:75:67:65:b2:2e:dd:
         c2:4c:8f:fb:cb:8e:f0:e3:d9:b6:71:23:19:e3:cf:66:36:e3:
         da:6a:43:8b:55:7f:de:dd:45:1b:89:ab:a9:ab:d0:9f:23:24:
         e3:d8:e5:55:03:46:98:f4:39:6f:f1:8f:8d:96:18:ad:8f:27:
         e3:10:e0:aa:df:6e:3e:65:ea:b0:a1:8f:18:97:d0:81:3f:a2:
         48:88:d3:ec:3a:7a:52:b7:bc:54:87:f3:ad:12:41:2c:93:2b:
         7e:e7:14:e2:b1:98:3b:9e:f2:5c:15:54:ae:5b:d3:58:08:b5:
         96:46:8b:1b:20:d2:78:d4:08:70:5c:f8:a1:f8:0d:5e:64:95:
         52:1a:23:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIEBgWqTzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NjZkOWQ1MGIzYjg5ZDUxYzhhYTI0OTNlN2VmNDcwMWQ2MjUxZGFkMB4XDTIyMDEw
MTE2MDEyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWIzNmUwYTU3Zjkz
MGQ3NzM1MjJmZDY2MzQxMDQyZDljODZmZWFkOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKKKrkYz3RMQ0lUBohPeHU88AG0AHnNsE87IhobDDo/iGg6s
8cmTS/Lny/nTetDqf+5+okx+aWazmeWeNJpoKAlAsu2sk0QcbUoLsidXQlq62MYT
HIxpCY2FZr4YSstS4TuSfDJGyi8oBenb818PbjhF5T8eGc2shkmvqRcBJj6BbYLg
jQVMVd90Fo6vdYJCDcikr17aGJS+/TKelfdVxZNhfKG4laMgcE0AQhUeYaDbx/Xb
nrO9wjfOReaTs3HeQ9Xp7jgsQJCmQxNRdTHcqe7MuIYfFC3MZ4d5s4jLnwe4KkvU
sp9SoxJHG+4BTTJRuIK3oIWHQM/U3nhIoQxpKy8CAwEAAaOCAhowggIWMB0GA1Ud
DgQWBBQbNuClf5MNdzUi/WY0EELZyG/q2TAfBgNVHSMEGDAWgBTGbZ1Qs7idUciq
JJPn70cB1iUdrTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3htMmRVTE80blZISXFpU1Q1LTlIQWRZbEhhMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTUvNGJiNzRiLThkNmQtNDUxNC1hMzljLWI3YzU3OGI3NGUzNS8x
L0d6YmdwWC1URFhjMUl2MW1OQkJDMmNodjZ0ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUv
NGJiNzRiLThkNmQtNDUxNC1hMzljLWI3YzU3OGI3NGUzNS8xL3htMmRVTE80blZI
SXFpU1Q1LTlIQWRZbEhhMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAw
BggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMMFczAPBAIAAjAJAwcAKg30BxAw
MA0GCSqGSIb3DQEBCwUAA4IBAQBIohtwdLhgwdCftgiDc9bs4Hem4quQdkqsqOVL
4dBcqezVfUCCJMqHFO6kMvcqYyBEUCCPoNmBP4V8cOlYBnhKY0luViTZbj/2TMex
Qn5DVXXrOKGrjOS6rkc70iVMriqpO+LigLmat8xxIJvR9C5f1YpM4JL3Mgd1Z2Wy
Lt3CTI/7y47w49m2cSMZ489mNuPaakOLVX/e3UUbiaupq9CfIyTj2OVVA0aY9Dlv
8Y+NlhitjyfjEOCq324+ZeqwoY8Yl9CBP6JIiNPsOnpSt7xUh/OtEkEskyt+5xTi
sZg7nvJcFVSuW9NYCLWWRosbINJ41AhwXPih+A1eZJVSGiP7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:25 2024 by rpki-client on console-fra.rpki-client.org