Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/fe6234-6437-4967-ba63-85c3fa79ebc1/1/XHrWwjHibe-pLITmtWuDmQD8y6g.roa
File:                     XHrWwjHibe-pLITmtWuDmQD8y6g.roa (raw, json)
Hash identifier:          38w6Q1PqIx4P8nqNUrfGpeoV6UEvkUNVSsdHRaTDpYg=
Subject key identifier:   5C:7A:D6:C2:31:E2:6D:EF:A9:2C:84:E6:B5:6B:83:99:00:FC:CB:A8
Certificate issuer:       /CN=34803a2cf290b0bdc69addc003d564a234aa4f76
Certificate serial:       01D4A553
Authority key identifier: 34:80:3A:2C:F2:90:B0:BD:C6:9A:DD:C0:03:D5:64:A2:34:AA:4F:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIA6LPKQsL3Gmt3AA9VkojSqT3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/fe6234-6437-4967-ba63-85c3fa79ebc1/1/XHrWwjHibe-pLITmtWuDmQD8y6g.roa
Signing time:             Sat 01 Jan 2022 09:58:48 +0000
ROA not before:           Sat 01 Jan 2022 09:58:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205341
IP address blocks:        45.140.160.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30713171 (0x1d4a553)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34803a2cf290b0bdc69addc003d564a234aa4f76
        Validity
            Not Before: Jan  1 09:58:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c7ad6c231e26defa92c84e6b56b839900fccba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4c:97:d2:29:b9:b8:1b:11:82:65:34:3c:97:
                    ec:ec:9d:4b:7b:1b:67:ee:95:cf:e5:fa:37:70:dc:
                    69:5f:8c:6d:8a:67:2e:38:c1:09:d1:85:4f:1d:31:
                    02:ea:06:2d:6f:15:57:91:ba:9c:e2:65:a8:7c:75:
                    cd:bf:f5:a6:3f:b1:8f:6c:a7:a2:6d:1f:c1:90:52:
                    8c:54:d1:aa:e3:2e:a4:0e:62:89:a3:50:e0:cf:9d:
                    7d:50:0a:90:cc:3d:ca:dc:5a:32:8e:f1:7b:ba:b2:
                    16:a4:95:87:8a:e6:48:7a:cb:33:ae:c4:0c:f9:eb:
                    0b:3b:20:80:c7:fa:33:e1:eb:2a:6a:45:a9:b3:5c:
                    05:8e:b5:3e:8d:6c:6f:7e:f9:6c:9d:49:10:39:0a:
                    ed:58:4b:88:ec:70:80:51:ac:e7:09:27:ad:c7:73:
                    99:3c:ea:b7:23:51:d7:20:b3:34:6a:ab:c8:b8:93:
                    8a:31:11:0b:df:8c:88:3c:06:d4:1a:a6:69:4f:2c:
                    c0:1e:bf:51:9d:02:27:cd:d2:e3:42:51:35:ad:c7:
                    22:d5:b2:6d:62:4b:08:ea:60:ad:f7:cf:e6:f2:de:
                    4f:23:2b:e2:05:7e:11:72:99:6b:c7:09:79:52:1e:
                    bb:64:f2:5b:65:bb:45:4a:73:54:79:4a:34:c7:17:
                    2c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7A:D6:C2:31:E2:6D:EF:A9:2C:84:E6:B5:6B:83:99:00:FC:CB:A8
            X509v3 Authority Key Identifier:
                keyid:34:80:3A:2C:F2:90:B0:BD:C6:9A:DD:C0:03:D5:64:A2:34:AA:4F:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIA6LPKQsL3Gmt3AA9VkojSqT3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/fe6234-6437-4967-ba63-85c3fa79ebc1/1/XHrWwjHibe-pLITmtWuDmQD8y6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/fe6234-6437-4967-ba63-85c3fa79ebc1/1/NIA6LPKQsL3Gmt3AA9VkojSqT3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:9e:8a:9c:95:58:6e:3a:9c:d6:a0:70:ce:30:be:6a:b0:4a:
         a7:68:6c:32:69:13:82:a2:66:27:87:0a:46:2f:44:18:f7:ca:
         37:3d:9f:67:44:ae:3d:4c:1f:79:2c:04:0b:95:b9:84:fd:a5:
         54:f6:3d:fe:38:45:25:87:fa:a4:ce:e4:60:66:e9:79:06:5f:
         94:c5:1a:3d:c3:0f:c5:05:d3:ac:88:5e:d2:52:8b:33:85:cc:
         46:12:3d:24:11:3e:59:58:7a:a6:09:a3:41:04:de:06:12:d3:
         c7:fd:d6:3d:7c:78:94:8a:49:89:55:e2:4f:91:84:51:e8:e6:
         b1:14:85:70:67:c4:f1:89:53:08:a8:89:82:66:22:21:f9:ef:
         3c:26:7e:50:84:2a:3d:e7:33:1f:da:70:03:f0:fe:18:1a:13:
         cd:3d:3a:78:5d:93:07:a0:af:00:c8:54:60:e8:38:17:ab:f4:
         c5:66:7b:64:7a:d7:c6:19:8c:45:23:6a:b2:0c:65:03:b9:c0:
         7e:78:aa:a4:d8:93:77:00:89:8c:17:29:a1:7f:4f:08:f3:29:
         8c:3d:43:65:3e:65:5b:48:d1:b3:94:02:1a:cd:a5:cc:ae:63:
         d8:b8:7c:d8:c9:0b:b0:09:92:88:6a:40:3a:47:5e:cb:12:b3:
         3b:1e:69:90
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAdSlUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NDgwM2EyY2YyOTBiMGJkYzY5YWRkYzAwM2Q1NjRhMjM0YWE0Zjc2MB4XDTIyMDEw
MTA5NTg0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWM3YWQ2YzIzMWUy
NmRlZmE5MmM4NGU2YjU2YjgzOTkwMGZjY2JhODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALpMl9IpubgbEYJlNDyX7OydS3sbZ+6Vz+X6N3DcaV+MbYpn
LjjBCdGFTx0xAuoGLW8VV5G6nOJlqHx1zb/1pj+xj2ynom0fwZBSjFTRquMupA5i
iaNQ4M+dfVAKkMw9ytxaMo7xe7qyFqSVh4rmSHrLM67EDPnrCzsggMf6M+HrKmpF
qbNcBY61Po1sb375bJ1JEDkK7VhLiOxwgFGs5wknrcdzmTzqtyNR1yCzNGqryLiT
ijERC9+MiDwG1BqmaU8swB6/UZ0CJ83S40JRNa3HItWybWJLCOpgrffP5vLeTyMr
4gV+EXKZa8cJeVIeu2TyW2W7RUpzVHlKNMcXLA8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRcetbCMeJt76kshOa1a4OZAPzLqDAfBgNVHSMEGDAWgBQ0gDos8pCwvcaa
3cAD1WSiNKpPdjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05JQTZMUEtRc0wzR210M0FBOVZrb2pTcVQzWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2IvZmU2MjM0LTY0MzctNDk2Ny1iYTYzLTg1YzNmYTc5ZWJjMS8x
L1hIcld3akhpYmUtcExJVG10V3VEbVFEOHk2Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Iv
ZmU2MjM0LTY0MzctNDk2Ny1iYTYzLTg1YzNmYTc5ZWJjMS8xL05JQTZMUEtRc0wz
R210M0FBOVZrb2pTcVQzWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2MoDANBgkqhkiG9w0BAQsFAAOC
AQEAfJ6KnJVYbjqc1qBwzjC+arBKp2hsMmkTgqJmJ4cKRi9EGPfKNz2fZ0SuPUwf
eSwEC5W5hP2lVPY9/jhFJYf6pM7kYGbpeQZflMUaPcMPxQXTrIhe0lKLM4XMRhI9
JBE+WVh6pgmjQQTeBhLTx/3WPXx4lIpJiVXiT5GEUejmsRSFcGfE8YlTCKiJgmYi
IfnvPCZ+UIQqPeczH9pwA/D+GBoTzT06eF2TB6CvAMhUYOg4F6v0xWZ7ZHrXxhmM
RSNqsgxlA7nAfniqpNiTdwCJjBcpoX9PCPMpjD1DZT5lW0jRs5QCGs2lzK5j2Lh8
2MkLsAmSiGpAOkdeyxKzOx5pkA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:05 2024 by rpki-client on console-fra.rpki-client.org