Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xvrM7wLeLQ-MANSs8tyBr22xj8Q.roa
File:                     xvrM7wLeLQ-MANSs8tyBr22xj8Q.roa (raw, json)
Hash identifier:          qur0xjf83Seiei7iPc/NWCRe37T9RzMucW1DXIsHLq0=
Subject key identifier:   C6:FA:CC:EF:02:DE:2D:0F:8C:00:D4:AC:F2:DC:81:AF:6D:B1:8F:C4
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0CB31198
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xvrM7wLeLQ-MANSs8tyBr22xj8Q.roa
Signing time:             Sat 01 Jan 2022 05:04:56 +0000
ROA not before:           Sat 01 Jan 2022 05:04:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     40676
IP address blocks:        45.8.68.0/24 maxlen: 24
                          45.67.97.0/24 maxlen: 24
                          45.67.99.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 213062040 (0xcb31198)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 05:04:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6faccef02de2d0f8c00d4acf2dc81af6db18fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:20:59:e9:ca:e0:24:9f:55:40:2d:e1:d6:3b:
                    5a:c8:da:b5:7f:75:19:70:81:8a:ad:c8:32:36:a0:
                    3c:58:87:dc:94:37:e3:eb:b3:d6:e9:4c:27:0a:a4:
                    f3:8a:32:3a:14:58:fa:81:be:eb:ad:5c:a2:f4:c8:
                    60:f6:d6:dc:8a:97:f6:56:a6:8b:fc:32:63:3b:80:
                    04:e9:e0:71:d7:fc:8f:99:93:35:0e:8a:90:da:42:
                    49:14:c1:e1:4e:61:e3:41:0c:31:41:d7:50:92:8c:
                    be:e4:38:6a:33:d3:d1:17:b5:10:07:7b:3a:82:44:
                    a5:a6:b3:65:b9:13:c9:cd:b5:85:de:3b:e2:5c:0b:
                    5a:51:ff:a5:70:99:83:9d:41:7b:ba:00:be:9c:fa:
                    f3:48:21:2d:f3:2c:e3:5d:13:99:25:82:ea:e6:b9:
                    0d:a7:b7:48:2b:04:9b:c7:5d:f1:05:ba:16:bb:58:
                    39:4c:8f:2f:6b:a3:5f:87:68:14:92:8e:0f:44:8b:
                    69:5f:07:27:36:0b:b5:52:67:15:c5:0c:b1:03:af:
                    49:64:95:3a:2e:59:5e:05:4f:63:49:eb:46:89:4e:
                    d7:e6:ac:a7:a0:59:c6:b4:51:93:3b:32:c0:ad:93:
                    24:e5:b6:b6:21:46:bb:69:9d:d4:f3:c2:8a:d1:26:
                    37:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:FA:CC:EF:02:DE:2D:0F:8C:00:D4:AC:F2:DC:81:AF:6D:B1:8F:C4
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xvrM7wLeLQ-MANSs8tyBr22xj8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.68.0/24
                  45.67.97.0/24
                  45.67.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:22:be:a2:1c:da:88:c1:e8:34:5c:72:20:63:7c:2d:44:6f:
         93:f4:7e:f9:55:5c:a1:61:08:3d:3b:82:58:5c:a3:50:43:c6:
         5e:99:bf:ba:b6:2c:dc:63:c9:42:2b:1f:33:3a:fa:1a:20:bf:
         aa:f3:4a:38:94:ff:09:27:48:03:0d:e3:19:53:cd:e8:5b:39:
         df:b2:58:d1:3b:a4:3d:eb:6d:94:d1:1c:c5:96:91:44:7e:d0:
         cd:33:2b:1a:02:d8:6d:3f:58:e1:33:f6:61:80:65:8a:66:a9:
         77:e2:8b:b8:ce:28:2d:62:80:c2:d7:fc:65:53:6e:88:f8:7d:
         53:23:56:1c:b2:14:b2:95:98:26:03:7f:9b:0b:a7:c9:41:b2:
         10:1d:9b:1f:56:1c:0e:2d:fe:84:b4:9c:ff:5b:e7:3c:87:73:
         da:5d:0c:e7:07:4e:9e:ee:ca:4c:ee:1f:0c:09:40:d5:84:30:
         9f:03:4c:1d:bf:93:2f:4d:7f:c9:74:5b:9a:61:04:57:26:06:
         e3:7e:36:6c:0a:b7:ba:47:e6:2f:fa:65:df:09:e1:cf:6d:7a:
         08:ff:e5:df:4e:b2:a5:76:ee:90:cb:2d:4b:22:47:69:c9:c9:
         02:1b:f1:1d:af:77:bd:ff:cb:81:67:56:c0:01:86:88:4b:1d:
         8a:ce:28:02
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEDLMRmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDQ1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzZmYWNjZWYwMmRl
MmQwZjhjMDBkNGFjZjJkYzgxYWY2ZGIxOGZjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALEgWenK4CSfVUAt4dY7WsjatX91GXCBiq3IMjagPFiH3JQ3
4+uz1ulMJwqk84oyOhRY+oG+661covTIYPbW3IqX9lami/wyYzuABOngcdf8j5mT
NQ6KkNpCSRTB4U5h40EMMUHXUJKMvuQ4ajPT0Re1EAd7OoJEpaazZbkTyc21hd47
4lwLWlH/pXCZg51Be7oAvpz680ghLfMs410TmSWC6ua5Dae3SCsEm8dd8QW6FrtY
OUyPL2ujX4doFJKOD0SLaV8HJzYLtVJnFcUMsQOvSWSVOi5ZXgVPY0nrRolO1+as
p6BZxrRRkzsywK2TJOW2tiFGu2md1PPCitEmN1UCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTG+szvAt4tD4wA1Kzy3IGvbbGPxDAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L3h2ck03d0xlTFEtTUFOU3M4dHlCcjIyeGo4US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAC0IRAMEAC1DYQMEAC1DYzANBgkq
hkiG9w0BAQsFAAOCAQEAgCK+ohzaiMHoNFxyIGN8LURvk/R++VVcoWEIPTuCWFyj
UEPGXpm/urYs3GPJQisfMzr6GiC/qvNKOJT/CSdIAw3jGVPN6Fs537JY0TukPett
lNEcxZaRRH7QzTMrGgLYbT9Y4TP2YYBlimapd+KLuM4oLWKAwtf8ZVNuiPh9UyNW
HLIUspWYJgN/mwunyUGyEB2bH1YcDi3+hLSc/1vnPIdz2l0M5wdOnu7KTO4fDAlA
1YQwnwNMHb+TL01/yXRbmmEEVyYG4342bAq3ukfmL/pl3wnhz216CP/l306ypXbu
kMstSyJHacnJAhvxHa93vf/LgWdWwAGGiEsdis4oAg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:49 2024 by rpki-client on console-fra.rpki-client.org