Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/4Xo8vz1awFaCDUFP-VJx8NGDzq8.roa
File:                     4Xo8vz1awFaCDUFP-VJx8NGDzq8.roa (raw, json)
Hash identifier:          DUMGWrTKsvEQYDkqzWylLFVOjzmkcwBqEt1b4HCFpAc=
Subject key identifier:   E1:7A:3C:BF:3D:5A:C0:56:82:0D:41:4F:F9:52:71:F0:D1:83:CE:AF
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018216759E90EACDA7EFFAD2EB449D73C3A4
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/4Xo8vz1awFaCDUFP-VJx8NGDzq8.roa
Signing time:             Tue 19 Jul 2022 12:36:23 +0000
ROA not before:           Tue 19 Jul 2022 12:36:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1901
IP address blocks:        194.152.160.0/19 maxlen: 19
                          193.154.0.0/16 maxlen: 16
                          193.80.0.0/15 maxlen: 15

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:16:75:9e:90:ea:cd:a7:ef:fa:d2:eb:44:9d:73:c3:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jul 19 12:36:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e17a3cbf3d5ac056820d414ff95271f0d183ceaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fc:c7:0e:5d:f7:c4:62:b7:bf:24:dd:dc:e0:
                    af:63:ae:9b:7e:51:17:7c:ef:99:4a:8d:1b:87:79:
                    8d:30:76:21:90:52:0a:3d:3b:2e:11:05:fc:9d:9b:
                    b7:ba:7c:e3:9b:1a:5d:33:36:42:bc:7f:d3:3e:d7:
                    1b:12:cf:2b:ea:79:57:c7:a4:18:48:0a:b3:30:08:
                    05:5a:4e:35:03:62:11:1f:e8:7d:80:32:89:84:fb:
                    b7:99:d1:e6:55:29:30:c3:c1:79:42:8e:42:9b:ce:
                    f2:e9:5b:0c:75:a6:91:9a:ce:dd:ce:54:d2:ec:ac:
                    9d:6a:2a:70:f7:39:cf:19:16:ba:7c:28:4d:c1:ac:
                    2c:33:08:85:71:3d:c6:bf:56:33:e7:c7:b6:c2:55:
                    79:62:32:68:90:22:39:18:92:3b:7a:34:f8:03:83:
                    ae:dd:39:e4:3c:9e:b8:24:40:2e:f3:69:82:e2:d9:
                    d5:ef:56:86:bd:e8:1e:a5:2c:43:88:d0:b4:4e:38:
                    39:a0:d4:96:19:68:62:4a:c9:4d:18:56:87:0d:11:
                    21:e9:a3:24:1c:76:71:d9:20:14:b9:7b:69:ad:bc:
                    06:17:9f:db:87:4a:ff:ae:92:2e:cd:b6:f0:de:98:
                    81:72:c9:c9:54:99:4a:d1:47:2f:db:a1:a9:6f:be:
                    db:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:7A:3C:BF:3D:5A:C0:56:82:0D:41:4F:F9:52:71:F0:D1:83:CE:AF
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/4Xo8vz1awFaCDUFP-VJx8NGDzq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.80.0.0/15
                  193.154.0.0/16
                  194.152.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         27:d1:0d:c6:d5:42:a9:d9:f0:fc:4b:d0:0f:c6:6c:b6:1b:dc:
         7e:1b:c1:94:65:07:b3:a7:06:45:1c:9f:f8:68:04:9c:a9:a6:
         05:27:e0:e4:fa:54:98:3d:7d:51:99:ca:b4:2d:3c:85:d0:d7:
         5e:fd:fd:c6:d5:0e:ac:a5:70:d4:73:37:03:88:ad:ff:9e:e5:
         21:48:b8:fe:35:87:49:8e:fd:66:dd:7a:dd:d3:eb:98:d6:89:
         17:c5:81:3d:9e:df:40:6c:46:10:ea:2b:0f:39:6b:16:54:64:
         de:2c:79:e7:d4:a1:4e:40:8c:37:c6:a1:75:82:cc:36:56:8d:
         62:9a:55:b0:4a:2e:e6:a0:29:4e:de:60:03:36:43:94:bf:30:
         07:55:1e:99:b7:69:05:cc:17:47:b0:55:38:66:d7:93:77:38:
         2f:b8:e1:b9:c5:07:68:73:26:42:a2:d0:df:a7:97:07:af:85:
         1d:3a:1d:aa:a0:07:9d:8d:4e:98:60:58:17:12:18:25:fb:5f:
         d9:a1:b9:96:75:19:f4:6f:8f:4c:a0:58:85:23:51:a9:7b:b1:
         57:84:c5:7a:5c:a1:ce:2e:b8:fe:fb:9f:5f:7c:98:5a:7c:5f:
         53:40:29:42:51:28:f3:3f:5e:28:91:24:3a:28:42:11:a3:10:
         48:ee:a9:fb
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYIWdZ6Q6s2n7/rS60Sdc8OkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjIwNzE5MTIzNjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTdhM2NiZjNkNWFjMDU2ODIwZDQxNGZmOTUyNzFmMGQxODNjZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfzHDl33xGK3vyTd3OCvY66bflEX
fO+ZSo0bh3mNMHYhkFIKPTsuEQX8nZu3unzjmxpdMzZCvH/TPtcbEs8r6nlXx6QY
SAqzMAgFWk41A2IRH+h9gDKJhPu3mdHmVSkww8F5Qo5Cm87y6VsMdaaRms7dzlTS
7Kydaipw9znPGRa6fChNwawsMwiFcT3Gv1Yz58e2wlV5YjJokCI5GJI7ejT4A4Ou
3TnkPJ64JEAu82mC4tnV71aGvegepSxDiNC0Tjg5oNSWGWhiSslNGFaHDREh6aMk
HHZx2SAUuXtprbwGF5/bh0r/rpIuzbbw3piBcsnJVJlK0Ucv26Gpb77bBwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFOF6PL89WsBWgg1BT/lScfDRg86vMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvNFhvOHZ6MWF3RmFDRFVGUC1WSng4TkdEenE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAATAQAwMBwVADAwDB
mgMEBcKYoDANBgkqhkiG9w0BAQsFAAOCAQEAJ9ENxtVCqdnw/EvQD8ZsthvcfhvB
lGUHs6cGRRyf+GgEnKmmBSfg5PpUmD19UZnKtC08hdDXXv39xtUOrKVw1HM3A4it
/57lIUi4/jWHSY79Zt163dPrmNaJF8WBPZ7fQGxGEOorDzlrFlRk3ix559ShTkCM
N8ahdYLMNlaNYppVsEou5qApTt5gAzZDlL8wB1UembdpBcwXR7BVOGbXk3c4L7jh
ucUHaHMmQqLQ36eXB6+FHTodqqAHnY1OmGBYFxIYJftf2aG5lnUZ9G+PTKBYhSNR
qXuxV4TFelyhzi64/vufX3yYWnxfU0ApQlEo8z9eKJEkOihCEaMQSO6p+w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:38 2024 by rpki-client on console-fra.rpki-client.org