Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/p7yQ34Qv1buY9PPkwnKABgh-QaI.roa
File:                     p7yQ34Qv1buY9PPkwnKABgh-QaI.roa (raw, json)
Hash identifier:          P03USKjgOFFHZQJhxA51kcfIy1rCvaJFSb7wgL3cUkg=
Subject key identifier:   A7:BC:90:DF:84:2F:D5:BB:98:F4:F3:E4:C2:72:80:06:08:7E:41:A2
Certificate issuer:       /CN=9b986fc646fda0cf145e10d93fe1b10eb0dee625
Certificate serial:       095B28B8
Authority key identifier: 9B:98:6F:C6:46:FD:A0:CF:14:5E:10:D9:3F:E1:B1:0E:B0:DE:E6:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/p7yQ34Qv1buY9PPkwnKABgh-QaI.roa
Signing time:             Sat 01 Jan 2022 16:10:53 +0000
ROA not before:           Sat 01 Jan 2022 16:10:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57472
IP address blocks:        2a00:126f::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 156969144 (0x95b28b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b986fc646fda0cf145e10d93fe1b10eb0dee625
        Validity
            Not Before: Jan  1 16:10:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a7bc90df842fd5bb98f4f3e4c2728006087e41a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7d:1e:86:09:ba:af:49:af:1d:ec:23:f1:bd:
                    11:52:c1:e8:ee:5f:18:28:87:a4:6f:56:a4:76:09:
                    6d:67:80:5b:a4:7f:01:30:13:9c:68:3c:d5:0b:08:
                    5e:41:f5:37:4f:0f:a7:3a:ff:61:e3:d3:bd:3e:2c:
                    8c:f1:d3:3c:45:d8:97:24:e0:98:4b:d4:fa:0c:fa:
                    d3:3c:42:77:1b:21:76:10:26:c2:7d:67:78:5c:08:
                    b1:4d:ba:b7:44:37:15:ca:1b:9e:65:62:83:ca:73:
                    a2:37:65:45:5c:c6:94:17:2f:64:2e:72:ce:fc:45:
                    69:85:30:4b:41:d2:1d:b2:3e:b8:72:2f:54:3e:e5:
                    cb:f0:33:46:3f:79:42:3a:f1:da:81:ea:c5:46:fa:
                    08:b6:9e:ac:d0:39:ab:6d:41:15:00:6e:f4:c3:07:
                    a5:a0:2d:6e:5a:29:b0:e1:a4:45:d9:7e:be:49:dc:
                    f9:c0:0f:fa:11:68:d7:ff:dd:58:08:49:a4:83:7d:
                    fb:c7:45:b3:1b:68:8e:70:83:c8:5b:68:94:92:07:
                    ea:cf:1d:21:58:1b:e4:b1:90:a6:ac:fd:5c:09:d7:
                    5c:5b:10:6c:4b:44:e9:81:f2:9b:15:dc:a2:31:87:
                    ab:fc:d8:90:f8:eb:a5:30:f6:20:85:af:a9:09:40:
                    2a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:BC:90:DF:84:2F:D5:BB:98:F4:F3:E4:C2:72:80:06:08:7E:41:A2
            X509v3 Authority Key Identifier:
                keyid:9B:98:6F:C6:46:FD:A0:CF:14:5E:10:D9:3F:E1:B1:0E:B0:DE:E6:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/p7yQ34Qv1buY9PPkwnKABgh-QaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/m5hvxkb9oM8UXhDZP-GxDrDe5iU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:126f::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:0f:55:a2:fe:6f:39:cf:23:0e:6f:c9:03:22:ea:99:a8:73:
         ae:d3:5e:5f:93:81:eb:16:da:6e:cd:8d:08:cf:f4:c6:ff:aa:
         94:54:04:41:e2:ae:ce:26:f4:b2:48:e0:47:68:88:31:df:5c:
         41:ad:d6:88:d7:c0:37:1e:ae:72:2d:14:57:20:42:72:60:0a:
         c3:4c:1a:8c:99:8d:23:47:d9:38:c7:31:22:ac:2a:91:c0:ee:
         58:4a:15:44:90:fc:09:f7:5d:c7:e8:a2:e7:d4:9f:15:6a:6f:
         19:0e:1e:ff:6c:aa:69:24:f2:cf:39:99:a6:14:d3:db:26:46:
         18:ef:3f:ef:59:90:b6:e9:df:4d:1d:5a:4f:ba:f9:e2:b6:b9:
         00:ff:bb:7c:e0:31:d6:83:c6:d6:64:00:1b:57:25:d0:b6:1d:
         a5:50:43:b0:5f:4e:93:83:ac:48:f5:3a:6d:cf:e4:66:fc:54:
         fa:1c:eb:ea:9b:0c:6f:17:46:f9:f7:4c:a1:3a:a7:3c:97:0a:
         b4:ed:d8:d1:e5:67:5a:36:47:bc:de:b6:f1:a5:4e:ed:93:c1:
         c2:41:5d:27:2a:16:e3:35:12:9a:f5:dc:57:f4:66:7c:6a:30:
         47:09:a9:98:8e:b0:23:ac:ee:5e:06:9d:a3:71:95:a1:bc:6b:
         8a:40:6a:5d
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIECVsouDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
Yjk4NmZjNjQ2ZmRhMGNmMTQ1ZTEwZDkzZmUxYjEwZWIwZGVlNjI1MB4XDTIyMDEw
MTE2MTA1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTdiYzkwZGY4NDJm
ZDViYjk4ZjRmM2U0YzI3MjgwMDYwODdlNDFhMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJh9HoYJuq9Jrx3sI/G9EVLB6O5fGCiHpG9WpHYJbWeAW6R/
ATATnGg81QsIXkH1N08Ppzr/YePTvT4sjPHTPEXYlyTgmEvU+gz60zxCdxshdhAm
wn1neFwIsU26t0Q3FcobnmVig8pzojdlRVzGlBcvZC5yzvxFaYUwS0HSHbI+uHIv
VD7ly/AzRj95Qjrx2oHqxUb6CLaerNA5q21BFQBu9MMHpaAtblopsOGkRdl+vknc
+cAP+hFo1//dWAhJpIN9+8dFsxtojnCDyFtolJIH6s8dIVgb5LGQpqz9XAnXXFsQ
bEtE6YHymxXcojGHq/zYkPjrpTD2IIWvqQlAKpsCAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBSnvJDfhC/Vu5j08+TCcoAGCH5BojAfBgNVHSMEGDAWgBSbmG/GRv2gzxRe
ENk/4bEOsN7mJTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L201aHZ4a2I5b004VVhoRFpQLUd4RHJEZTVpVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGEvMzRiYjc3LWM4NDctNDExMS05NmYzLWJkZDVjYzQ0MDM5Ni8x
L3A3eVEzNFF2MWJ1WTlQUGt3bktBQmdoLVFhSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGEv
MzRiYjc3LWM4NDctNDExMS05NmYzLWJkZDVjYzQ0MDM5Ni8xL201aHZ4a2I5b004
VVhoRFpQLUd4RHJEZTVpVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoAEm8wDQYJKoZIhvcNAQELBQAD
ggEBAMcPVaL+bznPIw5vyQMi6pmoc67TXl+TgesW2m7NjQjP9Mb/qpRUBEHirs4m
9LJI4EdoiDHfXEGt1ojXwDcernItFFcgQnJgCsNMGoyZjSNH2TjHMSKsKpHA7lhK
FUSQ/An3XcfooufUnxVqbxkOHv9sqmkk8s85maYU09smRhjvP+9ZkLbp300dWk+6
+eK2uQD/u3zgMdaDxtZkABtXJdC2HaVQQ7BfTpODrEj1Om3P5Gb8VPoc6+qbDG8X
Rvn3TKE6pzyXCrTt2NHlZ1o2R7zetvGlTu2TwcJBXScqFuM1Epr13Ff0ZnxqMEcJ
qZiOsCOs7l4GnaNxlaG8a4pAal0=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:56:43 2025 by rpki-client