Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/U32csC2Mbz7sKtH5I_HKNWO6uxQ.roa
File:                     U32csC2Mbz7sKtH5I_HKNWO6uxQ.roa (raw, json)
Hash identifier:          QiJTCCKIt52mqy0H9IYHly8rdqsaV02Qk8c+/vvUcUE=
Subject key identifier:   53:7D:9C:B0:2D:8C:6F:3E:EC:2A:D1:F9:23:F1:CA:35:63:BA:BB:14
Certificate issuer:       /CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
Certificate serial:       0B289751
Authority key identifier: 9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/U32csC2Mbz7sKtH5I_HKNWO6uxQ.roa
Signing time:             Sun 06 Mar 2022 16:19:07 +0000
ROA not before:           Sun 06 Mar 2022 16:19:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0b:8100::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 187209553 (0xb289751)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
        Validity
            Not Before: Mar  6 16:19:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=537d9cb02d8c6f3eec2ad1f923f1ca3563babb14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:72:a2:d2:dd:36:5d:c4:a5:8f:18:b4:ad:
                    3c:20:6b:d3:5b:00:54:a6:76:90:e1:13:69:f8:4a:
                    4b:d5:73:dc:b7:62:b0:44:9e:03:2a:8a:9e:25:09:
                    90:e1:f2:1a:e8:31:95:44:2c:81:ad:97:d6:1f:a2:
                    46:da:62:6d:ef:f0:81:f5:8f:6c:72:74:c3:5c:e5:
                    59:d7:7c:ba:17:e9:96:b6:d9:3c:a2:41:fc:e3:b9:
                    41:9b:b2:35:35:ab:b0:72:f0:bd:bf:08:9e:00:4a:
                    be:40:32:31:b3:98:dc:67:ba:9a:da:74:96:b4:9d:
                    03:d5:2b:08:e8:56:cb:e5:7e:99:26:1d:d3:fa:2a:
                    97:a6:92:6b:90:df:64:94:d0:31:49:d8:8e:8f:22:
                    c8:17:84:d7:f4:4d:55:b8:66:5f:f2:2e:a5:eb:34:
                    d4:49:99:ef:11:be:94:4b:02:99:98:cc:f6:95:34:
                    6a:e1:4e:73:34:2e:66:db:9d:9e:2f:4b:4b:89:44:
                    36:0d:ea:28:10:95:44:40:64:39:a6:19:46:9d:bd:
                    67:af:53:0f:c0:a1:31:c3:6f:4b:42:63:6d:f6:dd:
                    92:c6:e7:a3:43:b4:88:79:5d:2c:35:62:f6:92:14:
                    62:ed:45:b4:51:6f:dd:11:ec:23:fb:7e:74:a6:a7:
                    a8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:7D:9C:B0:2D:8C:6F:3E:EC:2A:D1:F9:23:F1:CA:35:63:BA:BB:14
            X509v3 Authority Key Identifier:
                keyid:9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/U32csC2Mbz7sKtH5I_HKNWO6uxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/nVE44frPe2XbtXX6fUckDCeLNN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8100::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:b1:6d:98:2d:96:38:70:45:34:98:a0:43:d8:3e:9d:97:f6:
         ff:8b:27:94:62:9f:00:fd:92:c6:aa:dd:2c:a3:38:a5:a9:ef:
         e4:01:08:86:fc:c6:ac:1b:2b:53:d7:66:c7:cb:e5:08:f8:36:
         6b:c3:22:17:0f:98:55:7f:36:2b:32:8a:d0:bb:50:4d:ab:da:
         e2:70:0f:1c:fb:a5:3c:01:c2:8b:5d:8f:87:7a:45:d3:11:b5:
         3f:48:d8:5c:5c:ba:67:eb:bd:78:b1:4d:1e:1d:35:8f:a9:2c:
         c3:b7:61:c9:4c:af:dd:9b:c8:51:2e:1e:27:6e:bb:81:f8:57:
         9b:3a:0d:11:05:2d:eb:0b:3c:f6:ce:43:18:cb:e6:9f:5c:e1:
         f9:a0:3a:c1:a0:39:37:c2:ab:8c:eb:3d:83:ef:5d:e1:66:67:
         c6:88:61:04:a6:c3:12:dc:82:0e:02:76:31:a8:e2:65:ca:05:
         88:16:77:11:61:97:73:63:d8:42:c6:76:fb:af:3d:af:5f:13:
         5f:36:0a:00:78:2b:23:54:8c:e0:df:ca:8b:a1:c0:52:03:b8:
         63:77:75:ba:a6:ec:e0:bb:0b:20:4b:5a:2c:9a:71:2c:dc:e8:
         97:d3:37:a5:db:c1:72:49:d4:af:a2:f0:ee:3f:0d:cc:32:7f:
         d3:c6:93:55
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIECyiXUTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZDUxMzhlMWZhY2Y3YjY1ZGJiNTc1ZmE3ZDQ3MjQwYzI3OGIzNGRmMB4XDTIyMDMw
NjE2MTkwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTM3ZDljYjAyZDhj
NmYzZWVjMmFkMWY5MjNmMWNhMzU2M2JhYmIxNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKtncqLS3TZdxKWPGLStPCBr01sAVKZ2kOETafhKS9Vz3Ldi
sESeAyqKniUJkOHyGugxlUQsga2X1h+iRtpibe/wgfWPbHJ0w1zlWdd8uhfplrbZ
PKJB/OO5QZuyNTWrsHLwvb8IngBKvkAyMbOY3Ge6mtp0lrSdA9UrCOhWy+V+mSYd
0/oql6aSa5DfZJTQMUnYjo8iyBeE1/RNVbhmX/Iupes01EmZ7xG+lEsCmZjM9pU0
auFOczQuZtudni9LS4lENg3qKBCVREBkOaYZRp29Z69TD8ChMcNvS0Jjbfbdksbn
o0O0iHldLDVi9pIUYu1FtFFv3RHsI/t+dKanqJ8CAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBRTfZywLYxvPuwq0fkj8co1Y7q7FDAfBgNVHSMEGDAWgBSdUTjh+s97Zdu1
dfp9RyQMJ4s03zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25WRTQ0ZnJQZTJYYnRYWDZmVWNrRENlTE5OOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTMvZDAwMWZmLTgzMjMtNGI4OS1iZTNkLWMyZWZlYjNiMzJhNS8x
L1UzMmNzQzJNYno3c0t0SDVJX0hLTldPNnV4US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMv
ZDAwMWZmLTgzMjMtNGI4OS1iZTNkLWMyZWZlYjNiMzJhNS8xL25WRTQ0ZnJQZTJY
YnRYWDZmVWNrRENlTE5OOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoLgQAwDQYJKoZIhvcNAQELBQAD
ggEBABqxbZgtljhwRTSYoEPYPp2X9v+LJ5RinwD9ksaq3SyjOKWp7+QBCIb8xqwb
K1PXZsfL5Qj4NmvDIhcPmFV/NisyitC7UE2r2uJwDxz7pTwBwotdj4d6RdMRtT9I
2FxcumfrvXixTR4dNY+pLMO3YclMr92byFEuHiduu4H4V5s6DREFLesLPPbOQxjL
5p9c4fmgOsGgOTfCq4zrPYPvXeFmZ8aIYQSmwxLcgg4CdjGo4mXKBYgWdxFhl3Nj
2ELGdvuvPa9fE182CgB4KyNUjODfyouhwFIDuGN3dbqm7OC7CyBLWiyacSzc6JfT
N6XbwXJJ1K+i8O4/Dcwyf9PGk1U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:27 2024 by rpki-client on console-ams.rpki-client.org