Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/XTLr8RnYULRdW_PRK1j0Y5OoMkc.roa
File:                     XTLr8RnYULRdW_PRK1j0Y5OoMkc.roa (raw, json)
Hash identifier:          i+i1FTW4rv7PQuS24Rtvs85002amMxhd8rWgef3rs+Q=
Subject key identifier:   5D:32:EB:F1:19:D8:50:B4:5D:5B:F3:D1:2B:58:F4:63:93:A8:32:47
Certificate issuer:       /CN=10a5985cba32a877d3215bbc228cb07d0400917b
Certificate serial:       03A82AB3
Authority key identifier: 10:A5:98:5C:BA:32:A8:77:D3:21:5B:BC:22:8C:B0:7D:04:00:91:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKWYXLoyqHfTIVu8IoywfQQAkXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/XTLr8RnYULRdW_PRK1j0Y5OoMkc.roa
Signing time:             Tue 21 Jun 2022 08:36:44 +0000
ROA not before:           Tue 21 Jun 2022 08:36:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21660
IP address blocks:        185.89.151.0/24 maxlen: 24
                          185.89.148.0/23 maxlen: 23
                          185.89.150.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 61352627 (0x3a82ab3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10a5985cba32a877d3215bbc228cb07d0400917b
        Validity
            Not Before: Jun 21 08:36:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d32ebf119d850b45d5bf3d12b58f46393a83247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8d:c3:b1:34:2e:8a:64:37:52:cd:8b:14:ab:
                    75:49:44:db:a1:7f:92:cd:25:bd:ed:0e:0a:7c:16:
                    55:36:a2:b5:ee:dd:fc:e0:a2:e3:ee:32:b2:00:a1:
                    45:ef:75:ab:17:ff:ad:6e:69:26:fb:95:d6:49:95:
                    94:0c:84:06:ee:f5:52:aa:3f:5d:a3:19:cd:a8:e2:
                    64:03:04:8f:98:05:36:7a:c2:51:5d:79:2b:53:ee:
                    64:ae:e2:b5:60:cc:9f:65:19:8a:7a:2a:f3:64:cd:
                    d1:cb:a5:e4:66:fb:9b:9d:0f:8e:bd:24:5f:c2:db:
                    8f:de:06:af:bd:5d:ef:84:cd:7c:69:e7:b2:21:93:
                    a4:eb:8e:70:06:f5:ec:52:a4:7e:5b:6e:60:3e:d6:
                    99:a0:b8:6d:4a:d2:46:c7:a4:b1:eb:26:6d:22:9e:
                    b2:88:d3:d7:15:a8:9d:b3:14:7b:01:6e:52:57:d9:
                    17:4b:93:6a:04:0c:da:7d:f3:77:f2:c5:02:f6:ca:
                    5b:b2:03:f7:0b:06:31:b1:5d:1d:1f:6e:a5:29:f4:
                    d9:8e:8a:30:b3:aa:83:51:7a:c7:ae:6e:2a:92:b6:
                    41:de:c2:c8:d9:22:34:11:48:39:2f:09:94:43:de:
                    3e:71:a6:86:86:59:ed:7c:97:cd:5c:c0:27:d2:0d:
                    a9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:32:EB:F1:19:D8:50:B4:5D:5B:F3:D1:2B:58:F4:63:93:A8:32:47
            X509v3 Authority Key Identifier:
                keyid:10:A5:98:5C:BA:32:A8:77:D3:21:5B:BC:22:8C:B0:7D:04:00:91:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKWYXLoyqHfTIVu8IoywfQQAkXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/XTLr8RnYULRdW_PRK1j0Y5OoMkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/041d0f-be8d-4148-bcba-d70f28515fbd/1/EKWYXLoyqHfTIVu8IoywfQQAkXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:7f:4c:01:08:e8:b7:92:a8:e9:59:2c:6a:87:37:ac:bd:36:
         ba:f4:49:99:28:80:82:e2:be:9e:a0:7c:06:7d:37:d4:f9:bb:
         97:48:81:40:76:6b:f5:fc:2f:90:c1:cd:5f:10:9f:3a:15:a1:
         b5:43:22:c9:a7:85:82:58:7a:43:60:70:bf:13:74:8d:fe:cb:
         e1:71:37:d8:3c:fe:b1:02:03:aa:91:d8:6e:a6:7d:8f:3b:b1:
         d8:68:09:2a:04:8f:b3:89:ac:48:22:70:88:c1:7f:73:3a:b0:
         6a:98:7b:95:88:7c:02:a7:d6:54:78:3c:5c:31:7d:af:cd:5b:
         32:15:9f:13:7e:e7:be:88:71:0f:c3:7c:43:fd:0b:db:a5:82:
         f1:ca:7a:13:87:c9:f8:8a:46:38:04:eb:b9:83:8d:33:47:cb:
         0c:b1:1d:5c:d7:7d:01:91:58:da:e4:d5:44:dd:5b:80:62:59:
         b9:60:ab:9b:0c:31:ec:d4:db:79:a9:1c:3c:4c:bb:a5:85:59:
         fc:13:3b:f7:a8:d8:b9:12:6b:c1:74:93:7f:de:3d:ca:2f:61:
         87:9e:35:29:8f:d8:90:29:f8:41:52:0b:66:83:59:95:9b:bf:
         a4:46:19:97:d1:23:50:67:01:9c:a9:21:02:ff:52:17:d3:b8:
         0d:2c:0a:98
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA6gqszANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MGE1OTg1Y2JhMzJhODc3ZDMyMTViYmMyMjhjYjA3ZDA0MDA5MTdiMB4XDTIyMDYy
MTA4MzY0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWQzMmViZjExOWQ4
NTBiNDVkNWJmM2QxMmI1OGY0NjM5M2E4MzI0NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOyNw7E0LopkN1LNixSrdUlE26F/ks0lve0OCnwWVTaite7d
/OCi4+4ysgChRe91qxf/rW5pJvuV1kmVlAyEBu71Uqo/XaMZzajiZAMEj5gFNnrC
UV15K1PuZK7itWDMn2UZinoq82TN0cul5Gb7m50Pjr0kX8Lbj94Gr71d74TNfGnn
siGTpOuOcAb17FKkfltuYD7WmaC4bUrSRseksesmbSKesojT1xWonbMUewFuUlfZ
F0uTagQM2n3zd/LFAvbKW7ID9wsGMbFdHR9upSn02Y6KMLOqg1F6x65uKpK2Qd7C
yNkiNBFIOS8JlEPePnGmhoZZ7XyXzVzAJ9INqYUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRdMuvxGdhQtF1b89ErWPRjk6gyRzAfBgNVHSMEGDAWgBQQpZhcujKod9Mh
W7wijLB9BACRezAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VLV1lYTG95cUhmVElWdThJb3l3ZlFRQWtYcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjEvMDQxZDBmLWJlOGQtNDE0OC1iY2JhLWQ3MGYyODUxNWZiZC8x
L1hUTHI4Um5ZVUxSZFdfUFJLMWowWTVPb01rYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEv
MDQxZDBmLWJlOGQtNDE0OC1iY2JhLWQ3MGYyODUxNWZiZC8xL0VLV1lYTG95cUhm
VElWdThJb3l3ZlFRQWtYcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlZlDANBgkqhkiG9w0BAQsFAAOC
AQEAK39MAQjot5Ko6Vksaoc3rL02uvRJmSiAguK+nqB8Bn031Pm7l0iBQHZr9fwv
kMHNXxCfOhWhtUMiyaeFglh6Q2BwvxN0jf7L4XE32Dz+sQIDqpHYbqZ9jzux2GgJ
KgSPs4msSCJwiMF/czqwaph7lYh8AqfWVHg8XDF9r81bMhWfE37nvohxD8N8Q/0L
26WC8cp6E4fJ+IpGOATruYONM0fLDLEdXNd9AZFY2uTVRN1bgGJZuWCrmwwx7NTb
eakcPEy7pYVZ/BM796jYuRJrwXSTf949yi9hh541KY/YkCn4QVILZoNZlZu/pEYZ
l9EjUGcBnKkhAv9SF9O4DSwKmA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:03 2024 by rpki-client on console-ams.rpki-client.org