Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/xfm-iyRlaECVvqatemua6OGqYf8.roa
File:                     xfm-iyRlaECVvqatemua6OGqYf8.roa (raw, json)
Hash identifier:          v9DTrIipBVH0Nnjt5DEehILaiAI2hTeuzNk6vvC2xQE=
Subject key identifier:   C5:F9:BE:8B:24:65:68:40:95:BE:A6:AD:7A:6B:9A:E8:E1:AA:61:FF
Certificate issuer:       /CN=4b20d5c78c107bcf9c715453d21444f696e44b11
Certificate serial:       067FF163
Authority key identifier: 4B:20:D5:C7:8C:10:7B:CF:9C:71:54:53:D2:14:44:F6:96:E4:4B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/xfm-iyRlaECVvqatemua6OGqYf8.roa
Signing time:             Wed 18 May 2022 07:05:18 +0000
ROA not before:           Wed 18 May 2022 07:05:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59767
IP address blocks:        185.19.64.0/22 maxlen: 22
                          2a04:1040::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 109048163 (0x67ff163)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b20d5c78c107bcf9c715453d21444f696e44b11
        Validity
            Not Before: May 18 07:05:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c5f9be8b2465684095bea6ad7a6b9ae8e1aa61ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:38:69:84:8c:61:ad:16:39:f3:c0:8c:bc:48:
                    17:71:14:fe:da:f5:f9:2e:fe:43:60:b5:18:05:b4:
                    bc:18:8e:c6:b3:83:9c:70:97:f2:ec:49:3a:b1:5f:
                    42:1f:47:5f:a0:90:75:71:a3:67:a7:3d:7a:7b:82:
                    c0:12:e0:f9:43:04:e8:fe:f5:ae:63:ae:58:c0:4d:
                    2b:96:e8:4a:93:c0:fd:1b:06:76:54:20:cf:87:b5:
                    2a:61:ad:56:13:a2:f1:07:c4:17:34:14:fa:97:39:
                    c4:84:40:a4:49:a9:0c:f6:c3:31:fe:30:06:22:52:
                    60:98:0b:1c:2a:82:f7:0b:66:ce:da:50:47:c5:d3:
                    96:64:26:77:91:63:06:1a:73:d5:35:b2:88:59:7d:
                    3a:2b:93:2d:9d:d5:f0:1b:13:b3:6c:44:44:94:d6:
                    bc:ef:cf:1d:fe:6a:30:ea:08:08:5d:95:d9:f5:f3:
                    3b:a9:29:eb:27:4f:6d:a2:77:2b:e6:02:aa:19:da:
                    61:d3:ee:de:d5:9a:fd:d1:9c:a6:df:c3:c9:e2:8b:
                    11:0d:52:9e:a9:f4:14:1f:da:d4:1d:97:76:33:48:
                    38:91:62:c3:74:f5:b0:94:36:8c:48:3a:a9:ae:45:
                    34:81:73:75:9a:4e:8e:e5:47:77:49:51:9d:7b:57:
                    95:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:F9:BE:8B:24:65:68:40:95:BE:A6:AD:7A:6B:9A:E8:E1:AA:61:FF
            X509v3 Authority Key Identifier:
                keyid:4B:20:D5:C7:8C:10:7B:CF:9C:71:54:53:D2:14:44:F6:96:E4:4B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/xfm-iyRlaECVvqatemua6OGqYf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/SyDVx4wQe8-ccVRT0hRE9pbkSxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.64.0/22
                IPv6:
                  2a04:1040::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:96:de:a4:6f:68:3d:8d:ae:43:3e:eb:2e:b8:d9:8c:f2:8a:
         18:2c:5d:db:4d:94:92:91:2d:93:83:59:07:8d:e3:7d:ad:c0:
         be:a1:69:d1:5c:fe:9f:5d:a7:1a:9a:51:60:dd:8c:75:35:44:
         34:d4:04:5e:94:96:9d:63:c4:d7:8c:09:bb:b2:47:f0:19:13:
         30:64:bd:33:d4:2c:9b:c1:48:38:4a:ce:7b:80:86:f4:18:34:
         dc:eb:d7:b5:87:b9:58:78:26:bc:d2:a4:51:b4:28:b2:95:4f:
         c0:70:26:94:ee:18:ea:0d:69:d0:fa:c7:cb:8e:30:74:6f:9e:
         fa:91:b9:29:08:b0:26:a6:1b:e3:2c:a0:7b:d2:51:88:92:2c:
         87:50:6c:29:3c:08:1f:13:cf:ad:db:2b:39:8d:ed:e3:bb:51:
         04:f5:b7:e8:96:13:c0:65:a2:aa:58:e3:66:ba:b5:2a:26:7f:
         a9:3e:88:e7:a8:0f:02:1a:0a:cb:65:03:97:c5:c5:44:1b:9a:
         cd:24:b4:28:e3:70:5d:48:0e:8f:e9:9d:0c:e9:30:b5:6d:a5:
         23:17:74:00:2e:35:4b:c9:61:84:15:f7:d9:27:f4:6d:b1:30:
         0a:54:a7:5b:f9:2a:00:a6:f6:53:3c:75:28:ea:7a:05:65:b5:
         0b:9b:58:52
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBn/xYzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
YjIwZDVjNzhjMTA3YmNmOWM3MTU0NTNkMjE0NDRmNjk2ZTQ0YjExMB4XDTIyMDUx
ODA3MDUxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzVmOWJlOGIyNDY1
Njg0MDk1YmVhNmFkN2E2YjlhZThlMWFhNjFmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALw4aYSMYa0WOfPAjLxIF3EU/tr1+S7+Q2C1GAW0vBiOxrOD
nHCX8uxJOrFfQh9HX6CQdXGjZ6c9enuCwBLg+UME6P71rmOuWMBNK5boSpPA/RsG
dlQgz4e1KmGtVhOi8QfEFzQU+pc5xIRApEmpDPbDMf4wBiJSYJgLHCqC9wtmztpQ
R8XTlmQmd5FjBhpz1TWyiFl9OiuTLZ3V8BsTs2xERJTWvO/PHf5qMOoICF2V2fXz
O6kp6ydPbaJ3K+YCqhnaYdPu3tWa/dGcpt/DyeKLEQ1Snqn0FB/a1B2XdjNIOJFi
w3T1sJQ2jEg6qa5FNIFzdZpOjuVHd0lRnXtXlfMCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTF+b6LJGVoQJW+pq16a5ro4aph/zAfBgNVHSMEGDAWgBRLINXHjBB7z5xx
VFPSFET2luRLETAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1N5RFZ4NHdRZTgtY2NWUlQwaFJFOXBia1N4RS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGIvMWU0OGI2LTdmYjAtNGExMi1iM2U3LTRiOWE2MDU4YjQyMy8x
L3hmbS1peVJsYUVDVnZxYXRlbXVhNk9HcVlmOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIv
MWU0OGI2LTdmYjAtNGExMi1iM2U3LTRiOWE2MDU4YjQyMy8xL1N5RFZ4NHdRZTgt
Y2NWUlQwaFJFOXBia1N4RS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArkTQDANBAIAAjAHAwUDKgQQQDAN
BgkqhkiG9w0BAQsFAAOCAQEAVZbepG9oPY2uQz7rLrjZjPKKGCxd202UkpEtk4NZ
B43jfa3AvqFp0Vz+n12nGppRYN2MdTVENNQEXpSWnWPE14wJu7JH8BkTMGS9M9Qs
m8FIOErOe4CG9Bg03OvXtYe5WHgmvNKkUbQospVPwHAmlO4Y6g1p0PrHy44wdG+e
+pG5KQiwJqYb4yyge9JRiJIsh1BsKTwIHxPPrdsrOY3t47tRBPW36JYTwGWiqljj
Zrq1KiZ/qT6I56gPAhoKy2UDl8XFRBuazSS0KONwXUgOj+mdDOkwtW2lIxd0AC41
S8lhhBX32Sf0bbEwClSnW/kqAKb2Uzx1KOp6BWW1C5tYUg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:31 2024 by rpki-client on console-ams.rpki-client.org