Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/0T1y0E9UlbaJ2KJibzb-gT4TaXQ.roa
File:                     0T1y0E9UlbaJ2KJibzb-gT4TaXQ.roa (raw, json)
Hash identifier:          UfQPgP6Qy5TfYgbGEXgn6vadWQc2an5JU+hl2V+cRpE=
Subject key identifier:   D1:3D:72:D0:4F:54:95:B6:89:D8:A2:62:6F:36:FE:81:3E:13:69:74
Certificate issuer:       /CN=c5bfa71a5113fed82464776c14371514c9218ef5
Certificate serial:       01851A77C599939FF6F603F6A2C326935E0D
Authority key identifier: C5:BF:A7:1A:51:13:FE:D8:24:64:77:6C:14:37:15:14:C9:21:8E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xb-nGlET_tgkZHdsFDcVFMkhjvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/0T1y0E9UlbaJ2KJibzb-gT4TaXQ.roa
Signing time:             Fri 16 Dec 2022 10:25:35 +0000
ROA not before:           Fri 16 Dec 2022 10:25:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16347
IP address blocks:        194.0.153.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:1a:77:c5:99:93:9f:f6:f6:03:f6:a2:c3:26:93:5e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5bfa71a5113fed82464776c14371514c9218ef5
        Validity
            Not Before: Dec 16 10:25:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d13d72d04f5495b689d8a2626f36fe813e136974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:33:e5:46:e0:b8:36:42:f4:08:57:3b:6b:34:
                    f0:74:79:f6:c9:83:23:85:15:b1:fb:35:61:89:98:
                    00:b9:61:98:c4:4c:ed:b6:a1:b5:a9:16:c4:74:69:
                    08:68:0b:cf:c9:4d:26:fe:ab:a1:63:c7:15:36:63:
                    e8:63:eb:6a:c1:66:43:76:27:37:48:c4:b5:ac:a5:
                    c0:bb:65:59:9f:16:a7:c2:bd:be:c9:28:93:c8:d6:
                    d4:e8:8f:eb:79:36:32:04:1e:fb:08:f5:08:91:4b:
                    26:f0:01:f2:80:9b:b7:f6:7a:fe:ce:17:3a:60:44:
                    22:ca:e2:9a:fb:1c:e1:14:fb:ef:1e:8b:db:1d:81:
                    ca:0c:91:15:64:a6:08:a3:aa:36:10:5d:00:5e:43:
                    fc:14:fe:61:c3:65:59:49:97:33:ba:3f:2f:ff:50:
                    7a:eb:2a:45:82:ff:4c:24:20:23:5a:92:1a:ac:fc:
                    f0:17:dd:b1:da:3d:07:be:78:14:56:6c:f3:66:ce:
                    04:68:0c:72:db:bc:d4:2f:e5:ac:4b:17:ac:cd:ed:
                    ed:11:5a:c9:e6:ca:ed:13:d1:45:98:0a:c6:14:01:
                    8f:d6:6f:7b:d4:52:dd:35:2b:cf:c9:1a:a5:30:e2:
                    5a:40:09:53:d3:64:a7:0e:67:5b:25:21:60:3f:8f:
                    a9:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:3D:72:D0:4F:54:95:B6:89:D8:A2:62:6F:36:FE:81:3E:13:69:74
            X509v3 Authority Key Identifier:
                keyid:C5:BF:A7:1A:51:13:FE:D8:24:64:77:6C:14:37:15:14:C9:21:8E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xb-nGlET_tgkZHdsFDcVFMkhjvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/0T1y0E9UlbaJ2KJibzb-gT4TaXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/xb-nGlET_tgkZHdsFDcVFMkhjvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:89:65:6e:f2:8a:2f:63:be:e5:2f:ed:58:45:13:c9:91:0f:
         63:ba:5e:9b:cf:3c:4f:e7:4a:76:10:61:6a:7d:2a:71:e8:b8:
         a0:ef:71:72:03:40:f1:4e:0b:8a:35:7b:03:d1:7b:42:3e:81:
         52:7b:7a:30:67:ac:65:5e:2d:da:01:ed:4d:1f:fa:97:e0:a7:
         ac:1a:52:32:6a:80:d7:8a:4b:bb:65:87:0d:a3:a0:7a:e4:66:
         af:8f:89:5d:f9:81:0a:06:8c:2e:a7:47:49:e3:a6:fe:7d:10:
         99:07:39:d9:36:3a:84:e8:ea:4d:67:5f:b4:0a:e8:1a:ac:41:
         ac:2e:96:10:d9:03:1d:54:96:9b:38:7a:59:5c:4d:44:7a:03:
         59:5f:69:cf:08:d3:54:de:15:ed:32:52:69:1e:4b:97:b8:24:
         29:31:6f:ad:af:26:3e:ee:c7:59:17:16:66:d5:22:07:45:25:
         18:55:b1:dd:36:31:66:c8:22:1f:1e:bc:5c:b4:00:2b:85:de:
         01:f6:1e:6b:65:22:7c:68:76:80:ae:65:d4:f9:3a:b6:62:5a:
         f4:37:cb:6c:79:81:18:df:6d:d5:2c:0a:80:12:ae:b0:6f:0d:
         40:e3:36:76:2d:0c:45:98:0a:5e:a2:01:c2:d1:fa:7b:05:f2:
         43:f7:cd:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUad8WZk5/29gP2osMmk14NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YmZhNzFhNTExM2ZlZDgyNDY0Nzc2YzE0MzcxNTE0Yzky
MThlZjUwHhcNMjIxMjE2MTAyNTM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTNkNzJkMDRmNTQ5NWI2ODlkOGEyNjI2ZjM2ZmU4MTNlMTM2OTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDPlRuC4NkL0CFc7azTwdHn2yYMj
hRWx+zVhiZgAuWGYxEzttqG1qRbEdGkIaAvPyU0m/quhY8cVNmPoY+tqwWZDdic3
SMS1rKXAu2VZnxanwr2+ySiTyNbU6I/reTYyBB77CPUIkUsm8AHygJu39nr+zhc6
YEQiyuKa+xzhFPvvHovbHYHKDJEVZKYIo6o2EF0AXkP8FP5hw2VZSZczuj8v/1B6
6ypFgv9MJCAjWpIarPzwF92x2j0HvngUVmzzZs4EaAxy27zUL+WsSxesze3tEVrJ
5srtE9FFmArGFAGP1m971FLdNSvPyRqlMOJaQAlT02SnDmdbJSFgP4+pvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNE9ctBPVJW2idiiYm82/oE+E2l0MB8GA1UdIwQY
MBaAFMW/pxpRE/7YJGR3bBQ3FRTJIY71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGItbkdsRVRfdGdrWkhkc0ZEY1ZGTWtoanZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82N2M4ZmItMDI1Ny00ZDYwLWEwZGYt
NmZjZTAzMzI1YjNmLzEvMFQxeTBFOVVsYmFKMktKaWJ6Yi1nVDRUYVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82N2M4ZmItMDI1Ny00ZDYwLWEwZGYtNmZjZTAzMzI1YjNm
LzEveGItbkdsRVRfdGdrWkhkc0ZEY1ZGTWtoanZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCZMA0G
CSqGSIb3DQEBCwUAA4IBAQDCiWVu8oovY77lL+1YRRPJkQ9jul6bzzxP50p2EGFq
fSpx6Lig73FyA0DxTguKNXsD0XtCPoFSe3owZ6xlXi3aAe1NH/qX4KesGlIyaoDX
iku7ZYcNo6B65Gavj4ld+YEKBowup0dJ46b+fRCZBznZNjqE6OpNZ1+0CugarEGs
LpYQ2QMdVJabOHpZXE1EegNZX2nPCNNU3hXtMlJpHkuXuCQpMW+tryY+7sdZFxZm
1SIHRSUYVbHdNjFmyCIfHrxctAArhd4B9h5rZSJ8aHaArmXU+Tq2Ylr0N8tseYEY
323VLAqAEq6wbw1A4zZ2LQxFmApeogHC0fp7BfJD9821
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:52 2024 by rpki-client on console-fra.rpki-client.org