Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/YXiNOQTJryUYA7vllDMaHSdn5-E.roa
File:                     YXiNOQTJryUYA7vllDMaHSdn5-E.roa (raw, json)
Hash identifier:          xaXwFtifSGCb5U7vUQ53GVrVU3ANngL3eIrcZw+DTv8=
Subject key identifier:   61:78:8D:39:04:C9:AF:25:18:03:BB:E5:94:33:1A:1D:27:67:E7:E1
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       12BB706C
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/YXiNOQTJryUYA7vllDMaHSdn5-E.roa
Signing time:             Sat 01 Jan 2022 12:59:27 +0000
ROA not before:           Sat 01 Jan 2022 12:59:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198912
IP address blocks:        57.191.0.0/21 maxlen: 24
                          57.191.224.0/19 maxlen: 19
                          57.191.192.0/19 maxlen: 19
                          2a0a:90c2::/36 maxlen: 36
                          2a0a:90c2:1000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 314273900 (0x12bb706c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  1 12:59:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=61788d3904c9af251803bbe594331a1d2767e7e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:42:e2:63:20:f5:e0:da:45:f8:c0:65:06:ca:
                    bb:94:8e:db:b8:91:ba:07:1f:f7:72:44:cf:7b:f2:
                    5c:65:a7:61:27:f7:23:8f:97:e4:cd:03:f9:9b:71:
                    a6:55:2e:08:a1:6f:0f:f5:c1:e6:66:9c:18:66:c7:
                    bc:d8:db:72:70:1a:cf:ff:2d:9a:1e:b3:98:81:32:
                    d1:62:19:42:e1:a2:84:0b:71:8f:9a:02:df:48:c3:
                    37:1b:4d:6e:8e:6e:f5:28:26:d4:6c:3d:5d:e1:5d:
                    95:6f:9a:a3:ad:f7:ed:c1:fd:d7:8c:f3:60:72:9b:
                    13:84:b1:a4:bd:d1:04:79:21:81:69:ff:e3:23:44:
                    d4:92:75:57:b3:6f:a7:52:26:68:26:2f:97:ce:9f:
                    b7:c2:68:75:91:e6:c1:65:c1:15:f7:da:a0:74:c4:
                    de:4a:03:37:40:44:cc:a0:7b:e0:1b:94:8b:17:bd:
                    49:a2:4f:11:fe:da:d0:6a:6c:74:88:26:6e:a0:ff:
                    ab:b1:3c:8e:e3:2e:95:91:87:f7:67:f0:3e:78:29:
                    8d:1a:30:8e:f1:2f:b3:54:ce:ff:01:3c:b1:f3:ce:
                    9a:49:75:55:6c:19:bb:fb:9a:38:14:5a:d2:08:17:
                    02:44:fe:fd:a8:4c:27:29:7a:87:28:e6:21:64:44:
                    26:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:78:8D:39:04:C9:AF:25:18:03:BB:E5:94:33:1A:1D:27:67:E7:E1
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/YXiNOQTJryUYA7vllDMaHSdn5-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.191.0.0/21
                  57.191.192.0/18
                IPv6:
                  2a0a:90c2::/35

    Signature Algorithm: sha256WithRSAEncryption
         89:c9:f3:07:c4:06:57:4d:bb:71:74:8f:50:3f:b0:12:c6:66:
         b1:25:7a:08:3e:e1:7c:bc:41:58:62:75:0c:e7:4c:83:a8:fc:
         3a:8b:62:dc:90:36:2c:fa:2c:57:eb:2a:b0:33:3d:0b:d3:7a:
         78:3b:ee:e5:af:d0:6c:1e:57:58:9b:e9:b4:b0:25:de:3e:dd:
         17:50:03:38:7b:cd:17:61:89:36:44:69:ce:09:41:a8:3b:18:
         af:22:01:d3:e1:82:9e:bc:50:d3:62:25:e0:f6:9e:f7:55:04:
         7e:8d:23:d3:42:86:c2:e2:24:30:95:0b:00:ce:6b:c7:ce:5e:
         e0:a8:84:7b:3c:31:10:75:75:46:8f:42:89:6a:6d:55:2d:18:
         31:1c:4e:55:da:4d:5b:69:24:18:b4:52:cc:13:63:39:79:04:
         a6:8c:9b:40:4c:0c:5b:78:e9:92:a8:e3:44:93:08:bb:04:36:
         89:89:c5:33:b6:3e:50:74:ba:48:18:96:40:08:6c:f8:e8:9a:
         e2:07:df:e8:07:7e:57:18:1b:49:4e:1f:4e:2b:28:9e:df:df:
         69:65:df:7f:aa:d3:b5:de:fa:4e:d9:90:77:29:fe:db:a5:5e:
         d2:f5:13:32:7a:ef:39:3a:bf:22:05:ce:23:37:45:26:32:a3:
         b2:76:3b:53
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIEErtwbDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
M2Q1YmEwODE1YzlmNTE5M2Y4MDk4OWVlODkzYWNhY2M0YmE4ODQ5MB4XDTIyMDEw
MTEyNTkyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjE3ODhkMzkwNGM5
YWYyNTE4MDNiYmU1OTQzMzFhMWQyNzY3ZTdlMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVC4mMg9eDaRfjAZQbKu5SO27iRugcf93JEz3vyXGWnYSf3
I4+X5M0D+ZtxplUuCKFvD/XB5macGGbHvNjbcnAaz/8tmh6zmIEy0WIZQuGihAtx
j5oC30jDNxtNbo5u9Sgm1Gw9XeFdlW+ao6337cH914zzYHKbE4SxpL3RBHkhgWn/
4yNE1JJ1V7Nvp1ImaCYvl86ft8JodZHmwWXBFffaoHTE3koDN0BEzKB74BuUixe9
SaJPEf7a0GpsdIgmbqD/q7E8juMulZGH92fwPngpjRowjvEvs1TO/wE8sfPOmkl1
VWwZu/uaOBRa0ggXAkT+/ahMJyl6hyjmIWREJh0CAwEAAaOCAh8wggIbMB0GA1Ud
DgQWBBRheI05BMmvJRgDu+WUMxodJ2fn4TAfBgNVHSMEGDAWgBRD1boIFcn1GT+A
mJ7ok6ysxLqISTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1E5VzZDQlhKOVJrX2dKaWU2Sk9zck1TNmlFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWIvNzI4MmI0LTdmMTEtNGVlMC1hYmVhLWUxM2U1NTc5YzVkYy8x
L1lYaU5PUVRKcnlVWUE3dmxsRE1hSFNkbjUtRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIv
NzI4MmI0LTdmMTEtNGVlMC1hYmVhLWUxM2U1NTc5YzVkYy8xL1E5VzZDQlhKOVJr
X2dKaWU2Sk9zck1TNmlFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1
BggrBgEFBQcBBwEB/wQmMCQwEgQCAAEwDAMEAzm/AAMEBjm/wDAOBAIAAjAIAwYF
KgqQwgAwDQYJKoZIhvcNAQELBQADggEBAInJ8wfEBldNu3F0j1A/sBLGZrElegg+
4Xy8QVhidQznTIOo/DqLYtyQNiz6LFfrKrAzPQvTeng77uWv0GweV1ib6bSwJd4+
3RdQAzh7zRdhiTZEac4JQag7GK8iAdPhgp68UNNiJeD2nvdVBH6NI9NChsLiJDCV
CwDOa8fOXuCohHs8MRB1dUaPQolqbVUtGDEcTlXaTVtpJBi0UswTYzl5BKaMm0BM
DFt46ZKo40STCLsENomJxTO2PlB0ukgYlkAIbPjomuIH3+gHflcYG0lOH04rKJ7f
32ll33+q07Xe+k7ZkHcp/tulXtL1EzJ67zk6vyIFziM3RSYyo7J2O1M=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:48 2024 by rpki-client on console-ams.rpki-client.org