Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/bNvg164v2v0V2hzfjYtvavrX_Ao.roa
File:                     bNvg164v2v0V2hzfjYtvavrX_Ao.roa (raw, json)
Hash identifier:          S2WGlI22OHIR7Pi7m+82WfxjdKb/2gohcKDNfdUlCEw=
Subject key identifier:   6C:DB:E0:D7:AE:2F:DA:FD:15:DA:1C:DF:8D:8B:6F:6A:FA:D7:FC:0A
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       435166D4
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/bNvg164v2v0V2hzfjYtvavrX_Ao.roa
Signing time:             Sat 01 Jan 2022 08:00:03 +0000
ROA not before:           Sat 01 Jan 2022 08:00:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61102
IP address blocks:        2a03:f80:972::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1129408212 (0x435166d4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 08:00:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6cdbe0d7ae2fdafd15da1cdf8d8b6f6afad7fc0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:21:86:40:c5:7c:0f:68:bb:19:d7:a5:f9:d0:
                    e8:3c:dd:94:9f:26:bd:5d:52:11:4f:aa:83:42:c5:
                    2f:32:b3:df:d0:80:e7:5c:14:1e:f1:17:18:3a:d2:
                    d5:b1:1c:12:bf:bb:bc:20:00:2a:51:c3:c3:9f:75:
                    7a:b8:94:21:c5:c4:2c:78:5c:ba:15:48:63:c5:1c:
                    23:91:a7:1b:0c:a2:e2:68:b5:87:6e:73:c7:5a:78:
                    e1:10:4f:06:7f:4c:9d:84:b7:cc:5e:dc:96:fb:0c:
                    bc:17:b8:ea:7c:e5:35:b4:ca:7f:3e:a9:cc:87:af:
                    16:a9:50:f1:b0:d6:f9:01:88:6a:22:6f:6e:b6:46:
                    25:ef:86:0d:9b:a1:c6:25:4a:45:f5:41:67:7c:24:
                    66:b9:b5:e0:6f:db:ae:4d:77:cc:a1:77:26:9e:cf:
                    83:2c:88:2a:16:02:5e:6d:6b:f4:49:c9:79:33:8e:
                    f9:34:77:30:c8:3e:6f:64:c4:e4:e7:f9:c6:54:30:
                    0f:fa:56:1a:d6:b7:b8:dc:b0:c7:49:34:5f:f9:5f:
                    7d:ca:11:46:b9:78:cc:65:b3:a4:c7:28:62:0d:6f:
                    28:8d:a5:4f:1d:69:61:cf:67:fb:0f:74:77:4a:01:
                    d1:82:71:f9:3f:3c:85:7a:b3:9f:e1:f6:fb:b4:c4:
                    e6:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DB:E0:D7:AE:2F:DA:FD:15:DA:1C:DF:8D:8B:6F:6A:FA:D7:FC:0A
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/bNvg164v2v0V2hzfjYtvavrX_Ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f80:972::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:af:5c:5b:53:47:9f:45:7c:34:20:4a:59:82:de:f4:46:85:
         b9:49:ef:d1:bf:25:ef:ea:24:35:4d:f4:ec:6a:02:f2:68:23:
         b0:b9:f9:68:f8:01:67:9f:f9:55:25:34:32:ee:ca:2e:eb:f9:
         d4:63:39:f2:82:0f:14:ca:dd:27:cf:b0:d0:3d:9c:af:1d:3f:
         9a:7d:1e:b6:fc:bd:9b:0d:33:f2:d1:ca:c1:dc:0a:da:be:16:
         07:d3:e6:1a:eb:a1:a4:1b:ba:fc:6c:1c:3c:cd:ec:73:e7:b4:
         e9:ec:aa:a1:8f:b9:fd:17:92:80:be:55:28:6c:3e:35:7d:49:
         9f:d1:4d:8c:82:d5:3e:67:50:0b:17:c1:0f:3f:d2:8b:d0:e1:
         1b:0c:8c:f4:f4:64:36:75:23:10:30:d5:09:42:04:d3:f8:63:
         9d:fd:ea:2c:e0:28:7b:40:aa:5a:2b:56:61:ec:23:82:d6:ee:
         dc:1c:7e:81:57:7d:f5:4e:6f:fb:a0:8c:4e:a3:40:b4:a7:8d:
         93:4e:9e:9a:e9:13:77:16:34:36:f1:66:0d:27:23:a5:38:33:
         5a:8b:44:35:fb:55:0f:7a:f3:26:1b:8c:28:92:d4:04:14:1d:
         8e:8b:29:1e:05:db:96:bf:00:ab:a2:5b:2d:95:fb:b4:09:7a:
         01:34:c0:d6
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEQ1Fm1DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MjE3YjQ3MmM4NDFjMWQ2ODU1MGEyNGYxOTM2ZDI5Y2M2YzI4ZjZhMB4XDTIyMDEw
MTA4MDAwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmNkYmUwZDdhZTJm
ZGFmZDE1ZGExY2RmOGQ4YjZmNmFmYWQ3ZmMwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJIhhkDFfA9ouxnXpfnQ6DzdlJ8mvV1SEU+qg0LFLzKz39CA
51wUHvEXGDrS1bEcEr+7vCAAKlHDw591eriUIcXELHhcuhVIY8UcI5GnGwyi4mi1
h25zx1p44RBPBn9MnYS3zF7clvsMvBe46nzlNbTKfz6pzIevFqlQ8bDW+QGIaiJv
brZGJe+GDZuhxiVKRfVBZ3wkZrm14G/brk13zKF3Jp7PgyyIKhYCXm1r9EnJeTOO
+TR3MMg+b2TE5Of5xlQwD/pWGta3uNywx0k0X/lffcoRRrl4zGWzpMcoYg1vKI2l
Tx1pYc9n+w90d0oB0YJx+T88hXqzn+H2+7TE5rkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRs2+DXri/a/RXaHN+Ni29q+tf8CjAfBgNVHSMEGDAWgBTSF7RyyEHB1oVQ
ok8ZNtKcxsKPajAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBoZTBjc2hCd2RhRlVLSlBHVGJTbk1iQ2oyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvMjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8x
L2JOdmcxNjR2MnYwVjJoemZqWXR2YXZyWF9Bby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
MjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8xLzBoZTBjc2hCd2Rh
RlVLSlBHVGJTbk1iQ2oyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoDD4AJcjANBgkqhkiG9w0BAQsF
AAOCAQEANK9cW1NHn0V8NCBKWYLe9EaFuUnv0b8l7+okNU307GoC8mgjsLn5aPgB
Z5/5VSU0Mu7KLuv51GM58oIPFMrdJ8+w0D2crx0/mn0etvy9mw0z8tHKwdwK2r4W
B9PmGuuhpBu6/GwcPM3sc+e06eyqoY+5/ReSgL5VKGw+NX1Jn9FNjILVPmdQCxfB
Dz/Si9DhGwyM9PRkNnUjEDDVCUIE0/hjnf3qLOAoe0CqWitWYewjgtbu3Bx+gVd9
9U5v+6CMTqNAtKeNk06emukTdxY0NvFmDScjpTgzWotENftVD3rzJhuMKJLUBBQd
jospHgXblr8Aq6JbLZX7tAl6ATTA1g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:28 2024 by rpki-client on console-fra.rpki-client.org