Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/XYvFnla0Zl3yP5Y3drx91AWdzJ8.roa
File:                     XYvFnla0Zl3yP5Y3drx91AWdzJ8.roa (raw, json)
Hash identifier:          BYY50Cm4rmEfqXXGNktGsXFPYDqtrdJq1DVhtHCBbiM=
Subject key identifier:   5D:8B:C5:9E:56:B4:66:5D:F2:3F:96:37:76:BC:7D:D4:05:9D:CC:9F
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01852A0A4F58445918C80E5AEE6405821330
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/XYvFnla0Zl3yP5Y3drx91AWdzJ8.roa
Signing time:             Mon 19 Dec 2022 10:59:56 +0000
ROA not before:           Mon 19 Dec 2022 10:59:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8100
IP address blocks:        213.21.252.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2a:0a:4f:58:44:59:18:c8:0e:5a:ee:64:05:82:13:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Dec 19 10:59:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d8bc59e56b4665df23f963776bc7dd4059dcc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8b:9c:49:8c:62:b9:9d:e1:b4:32:b3:a3:34:
                    4c:56:da:d9:a7:c3:c5:d2:bc:8b:60:97:4b:e8:81:
                    13:cf:74:0e:7a:4b:6b:93:43:17:ee:56:8b:b8:3b:
                    03:3a:6b:ec:a2:b0:8e:67:fd:5a:74:f5:57:27:ec:
                    40:e9:06:b7:31:1c:55:2a:49:f3:3d:bb:80:2b:4e:
                    95:51:e9:65:09:3c:03:79:f4:a4:f3:20:ad:9c:66:
                    25:ae:f9:7e:a0:39:dd:1b:8a:18:29:94:22:db:de:
                    04:e8:92:e9:82:56:16:80:4d:8b:0f:f3:bb:5a:3b:
                    d3:1d:5d:02:51:02:28:f2:78:73:7a:51:89:e4:86:
                    98:f5:98:21:19:71:33:8d:d4:3d:fe:19:32:77:dd:
                    ae:00:b7:39:21:e0:59:cb:9b:d9:dd:8d:2f:f5:22:
                    b0:6b:14:49:cf:6c:35:cc:82:4c:e5:c0:c5:ef:0a:
                    de:e9:cb:64:50:c0:1b:c5:a5:06:e7:57:d1:cc:ed:
                    91:0c:9e:61:60:1b:c3:31:c6:91:a4:cc:37:ac:7f:
                    77:1d:66:ec:c8:cf:ce:26:20:e1:3a:5e:8e:cf:09:
                    d9:8f:fe:11:ff:d4:88:7f:90:92:ec:1c:1d:84:d1:
                    74:5c:0c:d2:3a:c7:f0:c5:9c:4e:34:1a:fa:cd:c5:
                    11:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:8B:C5:9E:56:B4:66:5D:F2:3F:96:37:76:BC:7D:D4:05:9D:CC:9F
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/XYvFnla0Zl3yP5Y3drx91AWdzJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7c:5a:7f:12:f5:c6:b7:22:84:fd:81:d2:34:79:e2:c4:25:
         03:52:52:b2:7a:01:96:29:99:47:49:3f:7d:3b:ad:df:a0:ac:
         9d:21:ea:1c:f8:7a:db:2a:e8:0d:ae:18:27:ee:28:4a:e6:6b:
         69:b9:4d:3d:a0:1c:b9:5f:73:54:ce:07:79:17:5f:2b:02:86:
         77:65:07:65:2e:40:a2:70:96:37:f6:cf:0c:2a:73:db:f8:f5:
         9e:68:04:b2:c4:1c:63:aa:11:57:9d:1a:89:c7:bb:c6:5a:f9:
         1f:d4:87:d6:0f:3d:16:9c:04:e7:02:a0:43:55:4e:23:87:8d:
         12:bc:ff:24:cd:80:f8:4e:6f:6a:62:30:6d:51:d9:50:fd:cf:
         36:49:9b:6f:d2:48:56:22:16:fd:79:8f:0f:96:cc:0a:dd:24:
         ab:99:24:b5:f7:13:4f:64:22:14:4b:0b:c7:a1:68:51:53:b7:
         c7:15:74:58:dc:03:8f:3a:4c:91:14:27:59:84:25:67:4d:bd:
         88:d3:ac:b9:bb:89:d9:4a:a9:a3:03:25:ae:d9:52:0f:d7:b6:
         88:a9:fd:8b:51:85:90:13:75:5c:a0:87:20:e1:b6:bc:92:89:
         1b:d6:43:fd:87:42:eb:ee:32:7c:c9:bd:94:cf:a1:aa:75:43:
         b9:a4:e9:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUqCk9YRFkYyA5a7mQFghMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjIxMjE5MTA1OTU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDhiYzU5ZTU2YjQ2NjVkZjIzZjk2Mzc3NmJjN2RkNDA1OWRjYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4ucSYxiuZ3htDKzozRMVtrZp8PF
0ryLYJdL6IETz3QOektrk0MX7laLuDsDOmvsorCOZ/1adPVXJ+xA6Qa3MRxVKknz
PbuAK06VUellCTwDefSk8yCtnGYlrvl+oDndG4oYKZQi294E6JLpglYWgE2LD/O7
WjvTHV0CUQIo8nhzelGJ5IaY9ZghGXEzjdQ9/hkyd92uALc5IeBZy5vZ3Y0v9SKw
axRJz2w1zIJM5cDF7wre6ctkUMAbxaUG51fRzO2RDJ5hYBvDMcaRpMw3rH93HWbs
yM/OJiDhOl6OzwnZj/4R/9SIf5CS7BwdhNF0XAzSOsfwxZxONBr6zcURxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2LxZ5WtGZd8j+WN3a8fdQFncyfMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvWFl2Rm5sYTBabDN5UDVZM2RyeDkxQVdkeko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RX8MA0G
CSqGSIb3DQEBCwUAA4IBAQAgfFp/EvXGtyKE/YHSNHnixCUDUlKyegGWKZlHST99
O63foKydIeoc+HrbKugNrhgn7ihK5mtpuU09oBy5X3NUzgd5F18rAoZ3ZQdlLkCi
cJY39s8MKnPb+PWeaASyxBxjqhFXnRqJx7vGWvkf1IfWDz0WnATnAqBDVU4jh40S
vP8kzYD4Tm9qYjBtUdlQ/c82SZtv0khWIhb9eY8PlswK3SSrmSS19xNPZCIUSwvH
oWhRU7fHFXRY3AOPOkyRFCdZhCVnTb2I06y5u4nZSqmjAyWu2VIP17aIqf2LUYWQ
E3VcoIcg4ba8kokb1kP9h0Lr7jJ8yb2Uz6GqdUO5pOkD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:49 2024 by rpki-client on console-fra.rpki-client.org