Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/XcsRPKhi50SFWLrU0cYFYNa90Pg.roa
File:                     XcsRPKhi50SFWLrU0cYFYNa90Pg.roa (raw, json)
Hash identifier:          kNiDhQq6quQMG5v39vCD0dIisJvYqrJGB9ocuSyGiw4=
Subject key identifier:   5D:CB:11:3C:A8:62:E7:44:85:58:BA:D4:D1:C6:05:60:D6:BD:D0:F8
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0183618AECDDC37A6354834D251FAC196437
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/XcsRPKhi50SFWLrU0cYFYNa90Pg.roa
Signing time:             Wed 21 Sep 2022 19:33:58 +0000
ROA not before:           Wed 21 Sep 2022 19:33:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        87.254.2.0/24 maxlen: 24
                          87.254.11.0/24 maxlen: 24
                          185.210.168.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:61:8a:ec:dd:c3:7a:63:54:83:4d:25:1f:ac:19:64:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Sep 21 19:33:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5dcb113ca862e7448558bad4d1c60560d6bdd0f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:91:e9:4c:57:df:93:41:78:05:fc:d1:a7:89:
                    af:56:cc:30:56:11:5d:f7:52:f9:fb:3b:26:a6:16:
                    1a:73:66:59:c4:fa:6a:21:76:b7:bd:db:39:ff:80:
                    ff:02:b4:d1:94:0b:c2:5c:fa:55:7d:b5:b7:ad:a6:
                    6d:5d:58:57:7c:89:dc:c2:05:48:04:b4:56:1b:09:
                    14:eb:f0:a5:59:ef:7c:96:41:2d:c6:87:0c:8c:6b:
                    ed:6e:40:f3:28:78:25:52:3a:89:1b:1b:b4:5b:07:
                    64:52:4e:07:05:57:4e:b6:e9:dc:ac:8f:79:79:9b:
                    3d:ba:ca:38:ff:dd:c8:1e:59:32:78:ff:3c:09:86:
                    b5:a5:b0:b2:6c:f4:c8:57:61:e3:90:87:20:db:df:
                    48:3b:97:be:e6:a0:75:b6:b7:cd:b8:76:32:7a:f0:
                    b2:9e:ae:f6:b5:de:57:40:46:05:1f:e2:11:e3:c0:
                    71:86:6e:b1:e8:6c:12:23:ab:fd:3a:01:ea:de:10:
                    44:68:e7:32:23:29:cc:87:59:18:5b:a9:3c:df:74:
                    70:56:f4:13:de:ac:20:f2:af:d4:93:af:83:4f:7c:
                    ab:bd:af:e5:a5:5e:9a:bb:17:7a:ee:87:58:77:7a:
                    3d:47:6d:e2:f4:dc:59:a3:02:b7:46:16:5a:32:01:
                    09:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:CB:11:3C:A8:62:E7:44:85:58:BA:D4:D1:C6:05:60:D6:BD:D0:F8
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/XcsRPKhi50SFWLrU0cYFYNa90Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.2.0/24
                  87.254.11.0/24
                  185.210.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:47:bf:78:e5:ae:35:0d:e5:b5:2c:38:e1:28:e0:b0:a7:ac:
         ca:01:b6:aa:b2:e8:6d:7e:ea:f6:53:5f:55:6c:9c:14:fb:1b:
         02:65:36:ea:28:74:aa:ff:2f:54:9a:0e:bb:54:94:7c:d1:e3:
         e7:8e:cb:d3:e0:78:d4:a9:91:5e:0d:33:a9:ab:86:dd:fb:56:
         88:67:7c:11:a4:ca:80:ce:4d:69:55:44:e7:1e:54:cf:26:53:
         38:77:d8:e5:5e:f7:f7:3a:78:d5:a5:fb:27:5f:79:6d:e9:b2:
         6c:c0:af:ec:d1:d9:d1:2a:f7:56:60:a8:b7:d0:31:38:df:85:
         4e:12:32:eb:d3:c9:6e:bd:27:4e:6e:7e:3e:04:31:93:4e:04:
         f3:3c:55:d7:af:d9:e9:74:08:81:bf:1a:7f:e1:d9:7a:91:0d:
         b1:a9:de:5d:4b:47:d4:46:45:21:be:ae:bd:96:4a:bd:bc:dd:
         79:6e:75:52:2f:85:ad:4b:98:1d:65:4c:66:41:ff:3c:58:f9:
         6d:eb:16:79:49:9d:0c:7b:9c:fc:bf:86:c9:67:86:51:5c:cd:
         65:10:a8:7f:28:f6:69:d6:c0:d2:94:7f:b4:fa:dd:39:cf:65:
         91:35:55:35:0a:02:44:a8:e1:64:29:08:0b:4b:69:71:ac:94:
         1c:65:6d:11
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYNhiuzdw3pjVINNJR+sGWQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjIwOTIxMTkzMzU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGNiMTEzY2E4NjJlNzQ0ODU1OGJhZDRkMWM2MDU2MGQ2YmRkMGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJHpTFffk0F4BfzRp4mvVswwVhFd
91L5+zsmphYac2ZZxPpqIXa3vds5/4D/ArTRlAvCXPpVfbW3raZtXVhXfIncwgVI
BLRWGwkU6/ClWe98lkEtxocMjGvtbkDzKHglUjqJGxu0WwdkUk4HBVdOtuncrI95
eZs9uso4/93IHlkyeP88CYa1pbCybPTIV2HjkIcg299IO5e+5qB1trfNuHYyevCy
nq72td5XQEYFH+IR48Bxhm6x6GwSI6v9OgHq3hBEaOcyIynMh1kYW6k833RwVvQT
3qwg8q/Uk6+DT3yrva/lpV6auxd67odYd3o9R23i9NxZowK3RhZaMgEJyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF3LETyoYudEhVi61NHGBWDWvdD4MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvWGNzUlBLaGk1MFNGV0xyVTBjWUZZTmE5MFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV/4CAwQA
V/4LAwQCudKoMA0GCSqGSIb3DQEBCwUAA4IBAQBFR7945a41DeW1LDjhKOCwp6zK
Abaqsuhtfur2U19VbJwU+xsCZTbqKHSq/y9Umg67VJR80ePnjsvT4HjUqZFeDTOp
q4bd+1aIZ3wRpMqAzk1pVUTnHlTPJlM4d9jlXvf3OnjVpfsnX3lt6bJswK/s0dnR
KvdWYKi30DE434VOEjLr08luvSdObn4+BDGTTgTzPFXXr9npdAiBvxp/4dl6kQ2x
qd5dS0fURkUhvq69lkq9vN15bnVSL4WtS5gdZUxmQf88WPlt6xZ5SZ0Me5z8v4bJ
Z4ZRXM1lEKh/KPZp1sDSlH+0+t05z2WRNVU1CgJEqOFkKQgLS2lxrJQcZW0R
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:22 2024 by rpki-client on console-ams.rpki-client.org