Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/bG4r97zgw2aHIUcsM1spOHX_Xfw.roa
File:                     bG4r97zgw2aHIUcsM1spOHX_Xfw.roa (raw, json)
Hash identifier:          wEuAF/MXtGfFS6lP/qEu3ORf86bVusr0xMmOw8ZnR2g=
Subject key identifier:   6C:6E:2B:F7:BC:E0:C3:66:87:21:47:2C:33:5B:29:38:75:FF:5D:FC
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       128E81A3
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/bG4r97zgw2aHIUcsM1spOHX_Xfw.roa
Signing time:             Sat 01 Jan 2022 10:05:50 +0000
ROA not before:           Sat 01 Jan 2022 10:05:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200645
IP address blocks:        5.202.208.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 311329187 (0x128e81a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 10:05:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6c6e2bf7bce0c3668721472c335b293875ff5dfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:af:2e:50:62:f6:b4:16:94:c0:33:b2:49:74:
                    37:4e:65:e6:59:22:e9:cb:9f:fc:31:e5:76:c3:7f:
                    ef:ba:a0:01:f1:bd:31:c9:58:68:2f:ab:60:62:57:
                    20:82:72:b6:6a:76:d0:be:40:cc:db:20:c0:b3:fb:
                    ca:7b:31:6f:d1:db:60:4b:c0:d2:5f:62:c9:7e:cb:
                    97:e3:f3:bd:ce:49:bb:27:0a:b7:78:cf:15:31:7e:
                    4b:27:bf:7f:49:05:87:e7:00:de:da:44:d1:4c:50:
                    3e:39:5e:66:5c:ff:69:6e:ed:d4:d0:98:b2:75:ae:
                    25:a1:91:3d:de:46:29:53:30:44:40:af:7a:41:88:
                    e4:6f:e4:2c:76:60:7a:44:66:ad:9f:6f:a6:12:1e:
                    a4:c5:e0:52:a6:5b:23:19:be:7c:7b:de:37:01:a8:
                    23:24:0d:cb:50:4b:37:e5:ec:a7:a6:21:b9:d9:d1:
                    49:90:22:21:8f:2e:b4:7f:0a:ee:a9:19:78:3d:c9:
                    33:d7:6c:5a:8d:dd:14:5e:16:ad:94:3a:03:0d:c9:
                    a8:7d:00:45:72:ed:47:c5:50:1b:56:a3:ad:4c:19:
                    cc:44:a2:6b:a2:7b:1a:2e:04:ab:ed:dc:dc:9b:88:
                    d3:7d:2a:e1:e4:d8:09:d1:cf:65:f1:ee:78:44:63:
                    64:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:6E:2B:F7:BC:E0:C3:66:87:21:47:2C:33:5B:29:38:75:FF:5D:FC
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/bG4r97zgw2aHIUcsM1spOHX_Xfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         61:a0:32:73:1a:4d:b4:03:b2:c8:72:78:78:65:76:56:25:f7:
         d4:fa:6d:ae:68:55:8e:66:b5:dd:a7:d2:a4:a3:22:8b:b7:dd:
         25:97:3e:8c:a5:b2:9a:1e:e2:bd:ee:08:17:f2:06:6a:f9:c9:
         9b:89:c6:31:9e:a1:b2:4f:0e:82:89:e1:56:b6:db:4a:a2:30:
         e0:10:42:c8:48:07:32:74:c3:40:8c:15:7b:7e:c1:8c:4a:1c:
         fc:85:12:a8:33:8a:c5:58:93:b5:7a:ff:2d:ee:2c:e2:8b:93:
         56:d8:ba:fe:48:eb:8c:56:92:34:d7:e8:00:46:e2:f3:7b:8a:
         3f:a6:2d:82:d9:92:a6:ba:67:34:32:0f:97:b9:08:fc:2f:c3:
         43:59:0b:4b:63:54:a8:0e:60:85:e0:31:4e:17:bc:45:b4:ef:
         9d:73:a2:bb:87:11:8d:ad:fd:77:8b:25:2b:8d:bc:a1:ad:44:
         ea:66:55:07:b0:f0:23:f3:84:c9:ad:cc:a2:f3:96:ee:07:87:
         41:ea:4f:0d:6b:b2:14:57:9e:0c:33:0e:7f:f5:3b:f4:6b:56:
         84:5e:d6:a7:2c:13:d1:f4:b8:d7:f0:29:90:e1:b7:4b:32:05:
         93:67:2f:2a:b8:c9:7e:2b:3e:0f:53:6a:97:bf:a9:71:57:b4:
         71:f3:63:7f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEo6BozANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YTFlNjkzNjhhYmQzNDUzOGZlNzdkZGFhYmNkYzgzNWFmNTk1ZWJhMB4XDTIyMDEw
MTEwMDU1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmM2ZTJiZjdiY2Uw
YzM2Njg3MjE0NzJjMzM1YjI5Mzg3NWZmNWRmYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOevLlBi9rQWlMAzskl0N05l5lki6cuf/DHldsN/77qgAfG9
MclYaC+rYGJXIIJytmp20L5AzNsgwLP7ynsxb9HbYEvA0l9iyX7Ll+Pzvc5JuycK
t3jPFTF+Sye/f0kFh+cA3tpE0UxQPjleZlz/aW7t1NCYsnWuJaGRPd5GKVMwRECv
ekGI5G/kLHZgekRmrZ9vphIepMXgUqZbIxm+fHveNwGoIyQNy1BLN+Xsp6YhudnR
SZAiIY8utH8K7qkZeD3JM9dsWo3dFF4WrZQ6Aw3JqH0ARXLtR8VQG1ajrUwZzESi
a6J7Gi4Eq+3c3JuI030q4eTYCdHPZfHueERjZA8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRsbiv3vODDZochRywzWyk4df9d/DAfBgNVHSMEGDAWgBSaHmk2ir00U4/n
fdqrzcg1r1leujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21oNXBOb3E5TkZPUDUzM2FxODNJTmE5Wlhyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGIvNzg4NmY0LTVmY2MtNGQ0NC1iZDYyLTEwOTgyZTA0MGQ1My8x
L2JHNHI5N3pndzJhSElVY3NNMXNwT0hYX1hmdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIv
Nzg4NmY0LTVmY2MtNGQ0NC1iZDYyLTEwOTgyZTA0MGQ1My8xL21oNXBOb3E5TkZP
UDUzM2FxODNJTmE5Wlhyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBAXK0DANBgkqhkiG9w0BAQsFAAOC
AQEAYaAycxpNtAOyyHJ4eGV2ViX31PptrmhVjma13afSpKMii7fdJZc+jKWymh7i
ve4IF/IGavnJm4nGMZ6hsk8OgonhVrbbSqIw4BBCyEgHMnTDQIwVe37BjEoc/IUS
qDOKxViTtXr/Le4s4ouTVti6/kjrjFaSNNfoAEbi83uKP6YtgtmSprpnNDIPl7kI
/C/DQ1kLS2NUqA5gheAxThe8RbTvnXOiu4cRja39d4slK428oa1E6mZVB7DwI/OE
ya3MovOW7geHQepPDWuyFFeeDDMOf/U79GtWhF7WpywT0fS41/ApkOG3SzIFk2cv
KrjJfis+D1Nql7+pcVe0cfNjfw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:33 2024 by rpki-client on console-ams.rpki-client.org