Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jaXltxHeIRiPE-i1bQOwkrH_f6o.roa
File:                     jaXltxHeIRiPE-i1bQOwkrH_f6o.roa (raw, json)
Hash identifier:          Rlk9B8uM4IdtlYndXUopaJrPY56A9+ugegGaSBcHTRM=
Subject key identifier:   8D:A5:E5:B7:11:DE:21:18:8F:13:E8:B5:6D:03:B0:92:B1:FF:7F:AA
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0D06DD65
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jaXltxHeIRiPE-i1bQOwkrH_f6o.roa
Signing time:             Thu 20 Jan 2022 19:12:14 +0000
ROA not before:           Thu 20 Jan 2022 19:12:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211043
IP address blocks:        45.67.98.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 218553701 (0xd06dd65)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan 20 19:12:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8da5e5b711de21188f13e8b56d03b092b1ff7faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:60:f1:05:35:c8:e3:a7:08:3f:d7:01:92:fc:
                    6d:1b:5b:80:89:2b:0a:e5:c3:8b:fb:8c:b2:9a:4a:
                    7c:bc:c7:b9:3a:1d:90:59:21:89:1f:2f:0f:b7:60:
                    21:86:be:13:ff:a6:f7:dc:8f:cc:5d:e9:68:53:9e:
                    d0:69:6b:66:7a:e2:37:51:29:00:d0:2b:28:34:53:
                    12:e9:72:e7:d1:d7:ae:c8:c8:2b:f0:7f:22:a4:a4:
                    49:ee:67:68:93:57:48:ef:29:f3:d0:a5:b2:02:93:
                    7f:28:51:c2:2e:dc:7e:4d:73:99:ae:1e:27:a9:c4:
                    b9:a2:c6:72:80:ac:78:15:eb:1f:05:75:2d:09:70:
                    0d:1f:ff:97:f8:74:05:ef:c4:2d:b4:0d:fb:00:ef:
                    32:3c:33:84:af:18:8f:9c:7c:70:c2:15:66:d1:fd:
                    19:7c:2a:84:1b:76:e3:65:15:9d:21:6f:4d:36:01:
                    02:db:10:18:21:10:14:2d:2c:bb:bb:69:db:aa:44:
                    f3:13:e6:d0:57:d9:eb:33:e4:96:da:1d:1b:92:df:
                    94:7d:ff:bd:7b:4e:ae:f9:65:11:88:ea:45:ec:c2:
                    25:1e:93:85:97:5e:ec:6d:ea:84:c8:52:2d:95:9c:
                    d5:de:4f:f3:0d:6f:b6:36:6a:5f:35:d3:41:6d:70:
                    20:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A5:E5:B7:11:DE:21:18:8F:13:E8:B5:6D:03:B0:92:B1:FF:7F:AA
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jaXltxHeIRiPE-i1bQOwkrH_f6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:68:de:03:5c:70:31:67:05:a4:69:7a:5c:c5:e0:6a:43:cd:
         b0:31:d9:d3:27:eb:dd:5c:23:82:4f:06:08:00:b6:d7:25:3f:
         4d:5b:f0:b7:7b:41:73:b0:e2:1c:61:6a:e2:42:32:4f:ce:76:
         7f:93:a9:fb:43:20:77:0e:f0:38:5c:4f:28:d0:d0:d6:02:62:
         43:9d:33:15:85:4c:f4:29:34:54:c8:3b:4a:d2:94:64:b8:dc:
         b9:5c:05:35:d7:1f:2f:d3:b4:fc:9f:d2:ad:39:b9:a3:ad:3f:
         ff:e7:54:4f:2a:9c:5b:8c:49:15:2a:0b:96:62:d3:c8:6d:1b:
         5e:04:2b:00:bc:ef:a3:18:2f:5f:74:7b:60:54:75:d4:cb:37:
         22:4c:93:bb:0b:dd:ea:1a:fd:03:ae:d5:c5:cf:7d:64:bc:05:
         b6:97:51:55:9f:9e:61:f6:95:a7:b4:d5:00:f8:9b:9d:3b:3e:
         d8:4d:19:97:33:b1:6f:e3:c7:f5:f0:4d:b2:37:e9:3d:b6:1c:
         84:e8:77:bb:4d:9a:df:c7:16:90:1f:cf:ba:40:36:64:37:5f:
         bf:78:da:91:e2:67:c5:3c:5e:c6:7a:32:ec:90:6c:88:91:ad:
         3b:01:d2:d0:80:5d:08:1e:3c:2d:5a:4e:b6:2f:e6:b5:43:4c:
         b9:fb:6a:c4
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDQbdZTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEy
MDE5MTIxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGRhNWU1YjcxMWRl
MjExODhmMTNlOGI1NmQwM2IwOTJiMWZmN2ZhYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALxg8QU1yOOnCD/XAZL8bRtbgIkrCuXDi/uMsppKfLzHuTod
kFkhiR8vD7dgIYa+E/+m99yPzF3paFOe0GlrZnriN1EpANArKDRTEuly59HXrsjI
K/B/IqSkSe5naJNXSO8p89ClsgKTfyhRwi7cfk1zma4eJ6nEuaLGcoCseBXrHwV1
LQlwDR//l/h0Be/ELbQN+wDvMjwzhK8Yj5x8cMIVZtH9GXwqhBt242UVnSFvTTYB
AtsQGCEQFC0su7tp26pE8xPm0FfZ6zPkltodG5LflH3/vXtOrvllEYjqRezCJR6T
hZde7G3qhMhSLZWc1d5P8w1vtjZqXzXTQW1wIF0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSNpeW3Ed4hGI8T6LVtA7CSsf9/qjAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L2phWGx0eEhlSVJpUEUtaTFiUU93a3JIX2Y2by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1DYjANBgkqhkiG9w0BAQsFAAOC
AQEAC2jeA1xwMWcFpGl6XMXgakPNsDHZ0yfr3Vwjgk8GCAC21yU/TVvwt3tBc7Di
HGFq4kIyT852f5Op+0Mgdw7wOFxPKNDQ1gJiQ50zFYVM9Ck0VMg7StKUZLjcuVwF
NdcfL9O0/J/SrTm5o60//+dUTyqcW4xJFSoLlmLTyG0bXgQrALzvoxgvX3R7YFR1
1Ms3IkyTuwvd6hr9A67Vxc99ZLwFtpdRVZ+eYfaVp7TVAPibnTs+2E0ZlzOxb+PH
9fBNsjfpPbYchOh3u02a38cWkB/PukA2ZDdfv3jakeJnxTxexnoy7JBsiJGtOwHS
0IBdCB48LVpOti/mtUNMuftqxA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org