Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/6agWRtufA_hytAE_5iKXkhSWKYE.roa
File:                     6agWRtufA_hytAE_5iKXkhSWKYE.roa (raw, json)
Hash identifier:          npTSkWeFzTPePyBdKpuTFwW52yYQeuzCHryKySIaROg=
Subject key identifier:   E9:A8:16:46:DB:9F:03:F8:72:B4:01:3F:E6:22:97:92:14:96:29:81
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0C3C4C38
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/6agWRtufA_hytAE_5iKXkhSWKYE.roa
Signing time:             Tue 01 Feb 2022 10:42:25 +0000
ROA not before:           Tue 01 Feb 2022 10:42:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202479
IP address blocks:        2a0c:9a40:1023::/48 maxlen: 48
                          2a0c:9a40:1013::/48 maxlen: 48
                          2a0c:9a40:1019::/48 maxlen: 48
                          2a0c:9a40:1014::/48 maxlen: 48
                          2a0c:9a40:1017::/48 maxlen: 48
                          2a0c:9a40:1002::/48 maxlen: 48
                          2a0c:9a40:1012::/48 maxlen: 48
                          2a0c:9a40:101d::/48 maxlen: 48
                          2a0c:9a40:1018::/48 maxlen: 48
                          2a0c:9a40:101b::/48 maxlen: 48
                          2a0c:9a40:1021::/48 maxlen: 48
                          2a0c:9a40:1011::/48 maxlen: 48
                          2a0c:9a40:100c::/48 maxlen: 48
                          2a0c:9a40:101c::/48 maxlen: 48
                          2a0c:9a40:101a::/48 maxlen: 48
                          2a0c:9a40:100a::/48 maxlen: 48
                          2a0c:9a40:1015::/48 maxlen: 48
                          2a0c:9a40:1010::/48 maxlen: 48
                          2a0c:9a40::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 205278264 (0xc3c4c38)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Feb  1 10:42:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e9a81646db9f03f872b4013fe622979214962981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5f:61:4f:97:f6:9b:8f:a3:9e:72:57:f4:7a:
                    c6:33:9b:b7:b2:c9:1b:51:a7:62:38:85:d0:1d:a4:
                    05:30:2c:ee:8b:7a:ca:26:31:8a:ea:80:c5:fe:9f:
                    98:bf:44:ef:d0:b1:a4:bf:d4:30:86:b6:51:9f:04:
                    d3:d5:92:45:9e:d2:13:fa:d5:18:cc:ad:55:c1:bc:
                    55:01:a1:df:a8:4f:b4:78:65:90:12:7d:42:08:fd:
                    f6:18:fe:c6:40:1b:d0:c7:7b:1f:a1:65:e0:f9:e4:
                    43:5d:b4:16:94:ce:26:7e:54:48:6d:8b:7d:97:85:
                    71:30:ea:b1:a6:ab:0e:e2:ab:84:fc:10:d5:d5:f1:
                    2a:a6:99:7f:74:e0:9b:08:ed:01:b7:df:8f:62:ae:
                    93:e7:86:ed:31:bc:02:36:97:be:31:95:77:46:48:
                    08:57:f5:f8:dc:77:09:ad:19:18:21:4e:06:ec:4d:
                    25:41:2f:e8:4c:de:cb:16:ce:32:d9:74:9b:63:7e:
                    e5:ea:7c:ec:eb:a3:7a:6b:03:68:80:23:77:e2:55:
                    e4:c4:95:a6:69:f1:86:b3:1f:46:98:8b:12:f4:62:
                    a3:8a:5f:f4:64:d6:4d:23:a4:a4:4f:1b:96:9b:b1:
                    e9:f7:e8:c0:c9:d5:12:07:91:47:26:69:2c:88:cd:
                    73:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A8:16:46:DB:9F:03:F8:72:B4:01:3F:E6:22:97:92:14:96:29:81
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/6agWRtufA_hytAE_5iKXkhSWKYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40::/48
                  2a0c:9a40:1002::/48
                  2a0c:9a40:100a::/48
                  2a0c:9a40:100c::/48
                  2a0c:9a40:1010::-2a0c:9a40:1015:ffff:ffff:ffff:ffff:ffff
                  2a0c:9a40:1017::-2a0c:9a40:101d:ffff:ffff:ffff:ffff:ffff
                  2a0c:9a40:1021::/48
                  2a0c:9a40:1023::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:47:5e:df:6e:5d:00:d7:9f:b9:68:e2:f7:c9:29:f6:e1:a6:
         f3:3b:78:b5:f1:84:dd:9d:53:fe:bb:fe:c9:00:2c:ec:b1:85:
         77:4a:0e:80:9d:b5:82:fa:cc:15:71:c3:87:12:aa:cf:9f:e8:
         df:6e:5c:bc:05:60:20:ff:0e:30:82:8a:ce:2a:3f:54:f4:4d:
         c1:f9:fb:46:68:4f:74:94:fd:2e:1a:ed:a3:26:b3:bd:c6:c6:
         ab:e0:21:8b:0e:b0:bf:67:90:ee:79:e0:f2:a8:e9:b0:63:c6:
         dc:cc:87:13:c3:81:ab:de:1c:e6:bb:a4:8b:c8:d3:5e:3b:93:
         7b:50:09:7d:8c:98:5b:fb:dd:b9:c7:f0:58:5e:63:e7:00:f9:
         e8:6c:6c:fa:4a:0e:be:9a:ca:60:5b:76:54:f1:4f:e0:9a:06:
         5a:26:ce:59:e7:df:43:93:a3:52:5e:be:ff:73:d0:72:8b:38:
         22:42:18:a7:3e:75:2f:26:95:94:05:6c:24:bc:50:30:72:90:
         1e:96:24:1e:5a:c4:e9:0c:70:61:9e:1d:b9:35:6e:5e:6a:ad:
         c4:23:61:5f:a3:9d:31:8e:0f:7f:34:a8:6e:c8:b2:9a:89:5f:
         bd:30:a4:5e:e8:92:39:a9:d4:35:89:bd:b5:5a:05:fc:e7:f7:
         6f:63:5a:5f
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgIEDDxMODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZTk1YTM2MWZlMmIyYzUyOTI2MjZiYTRjNTZhNjVhODE0ZTQ4MDA4MB4XDTIyMDIw
MTEwNDIyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTlhODE2NDZkYjlm
MDNmODcyYjQwMTNmZTYyMjk3OTIxNDk2Mjk4MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALFfYU+X9puPo55yV/R6xjObt7LJG1GnYjiF0B2kBTAs7ot6
yiYxiuqAxf6fmL9E79CxpL/UMIa2UZ8E09WSRZ7SE/rVGMytVcG8VQGh36hPtHhl
kBJ9Qgj99hj+xkAb0Md7H6Fl4PnkQ120FpTOJn5USG2LfZeFcTDqsaarDuKrhPwQ
1dXxKqaZf3TgmwjtAbffj2Kuk+eG7TG8AjaXvjGVd0ZICFf1+Nx3Ca0ZGCFOBuxN
JUEv6EzeyxbOMtl0m2N+5ep87OujemsDaIAjd+JV5MSVpmnxhrMfRpiLEvRio4pf
9GTWTSOkpE8blpux6ffowMnVEgeRRyZpLIjNc6sCAwEAAaOCAmEwggJdMB0GA1Ud
DgQWBBTpqBZG258D+HK0AT/mIpeSFJYpgTAfBgNVHSMEGDAWgBSelaNh/issUpJi
a6TFamWoFOSACDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25wV2pZZjRyTEZLU1ltdWt4V3BscUJUa2dBZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDIvZjk2ZjczLTY2ODYtNDE2NC1iMjNmLWJmNGU1MjdiOWZhOC8x
LzZhZ1dSdHVmQV9oeXRBRV81aUtYa2hTV0tZRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIv
Zjk2ZjczLTY2ODYtNDE2NC1iMjNmLWJmNGU1MjdiOWZhOC8xL25wV2pZZjRyTEZL
U1ltdWt4V3BscUJUa2dBZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB3
BggrBgEFBQcBBwEB/wRoMGYwZAQCAAIwXgMHACoMmkAAAAMHACoMmkAQAgMHACoM
mkAQCgMHACoMmkAQDDASAwcEKgyaQBAQAwcBKgyaQBAUMBIDBwAqDJpAEBcDBwEq
DJpAEBwDBwAqDJpAECEDBwAqDJpAECMwDQYJKoZIhvcNAQELBQADggEBAEdHXt9u
XQDXn7lo4vfJKfbhpvM7eLXxhN2dU/67/skALOyxhXdKDoCdtYL6zBVxw4cSqs+f
6N9uXLwFYCD/DjCCis4qP1T0TcH5+0ZoT3SU/S4a7aMms73GxqvgIYsOsL9nkO55
4PKo6bBjxtzMhxPDgaveHOa7pIvI0147k3tQCX2MmFv73bnH8FheY+cA+ehsbPpK
Dr6aymBbdlTxT+CaBlomzlnn30OTo1Jevv9z0HKLOCJCGKc+dS8mlZQFbCS8UDBy
kB6WJB5axOkMcGGeHbk1bl5qrcQjYV+jnTGOD380qG7IspqJX70wpF7okjmp1DWJ
vbVaBfzn929jWl8=
-----END CERTIFICATE-----