Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/3KN5rG6DDNiLuF3ozqhtMU8AnKs.roa
File:                     3KN5rG6DDNiLuF3ozqhtMU8AnKs.roa (raw, json)
Hash identifier:          F7fCLD5jWfwZT3zvpYzqEJ030y+m3pzlo7NCNOQqMjw=
Subject key identifier:   DC:A3:79:AC:6E:83:0C:D8:8B:B8:5D:E8:CE:A8:6D:31:4F:00:9C:AB
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       09302B25
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/3KN5rG6DDNiLuF3ozqhtMU8AnKs.roa
Signing time:             Sat 01 Jan 2022 16:00:55 +0000
ROA not before:           Sat 01 Jan 2022 16:00:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211571
IP address blocks:        2a0b:b87:ffb5::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154151717 (0x9302b25)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 16:00:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dca379ac6e830cd88bb85de8cea86d314f009cab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e5:ae:52:a8:c7:3b:70:0e:db:31:7b:e2:12:
                    2a:f1:63:32:f7:9b:bf:22:98:e6:cf:3a:af:59:25:
                    40:d9:9a:95:c6:59:c9:fd:53:b8:81:32:a2:36:34:
                    01:16:6a:d7:22:8e:17:55:2c:b8:4f:1a:e2:03:3b:
                    a1:59:5f:16:ed:43:e1:17:65:1c:bf:f8:f9:ce:a0:
                    d1:b3:38:6f:57:f6:dd:16:5f:c4:d6:e9:30:fb:6c:
                    b2:ae:8c:8d:2a:53:b1:d4:30:dc:f4:57:e5:20:55:
                    87:d4:26:de:29:01:49:d6:f1:ab:ab:4c:51:9d:40:
                    45:b9:45:33:97:a8:13:7b:71:c8:66:9b:a7:48:16:
                    77:75:b1:3d:3d:48:97:68:94:72:c2:b1:56:2f:ba:
                    c2:c1:35:e9:75:eb:09:2c:62:87:83:40:bf:1a:41:
                    85:98:8e:5b:3d:44:3e:cf:c0:13:ad:a8:f7:4e:cb:
                    20:ff:fe:07:5a:89:a5:02:a0:b8:22:16:a6:0e:06:
                    71:6a:27:05:44:60:b4:d0:10:51:90:6e:77:56:f6:
                    ab:e9:0a:90:8b:04:17:0f:66:54:e7:c2:3e:fa:51:
                    ff:01:0d:c9:e0:59:ca:b8:a9:87:b3:8e:bf:1d:6b:
                    9e:db:bc:b9:b5:3e:9a:e0:13:a6:a2:0d:ca:ec:41:
                    e1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A3:79:AC:6E:83:0C:D8:8B:B8:5D:E8:CE:A8:6D:31:4F:00:9C:AB
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/3KN5rG6DDNiLuF3ozqhtMU8AnKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffb5::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:8f:93:47:fc:da:27:d0:bf:31:1d:3f:0c:ac:59:55:1e:5a:
         e8:db:01:71:96:3f:02:8e:15:7d:61:58:ec:8f:a7:6d:01:35:
         a4:4e:2c:18:c5:7c:0c:7c:18:1e:ae:48:de:2e:0b:a0:59:bc:
         ea:c5:45:fd:92:f4:85:5d:21:16:aa:57:c4:fd:e0:a4:ad:d7:
         e4:c8:e5:1a:40:61:40:51:b5:5b:04:fd:92:5a:5b:af:08:65:
         57:42:3d:b0:bd:d4:3d:6b:1a:f8:68:1b:9a:77:df:42:7a:05:
         0b:21:8e:c3:79:18:c8:00:1d:1c:65:69:2b:0e:68:36:ae:7a:
         b5:15:09:46:68:86:af:ac:05:54:67:7c:41:bf:62:47:de:f4:
         d4:b1:8f:46:1b:61:83:13:3e:c1:1b:88:ca:bc:86:12:3b:e2:
         c6:18:ad:87:0a:99:d4:6f:6a:db:2d:03:65:c1:24:e3:c3:18:
         e6:bc:f9:04:a9:c5:53:d0:b3:d1:1b:bb:8e:49:1d:43:7a:d4:
         a7:90:fe:05:0b:d4:07:b7:69:85:7a:8c:53:cb:48:8d:0d:c3:
         fc:8e:71:df:a0:f2:63:fc:69:79:55:26:e2:24:83:96:7c:18:
         49:32:ab:aa:5f:eb:8d:b8:c2:3d:21:1f:0c:0e:c4:46:00:93:
         8c:bb:be:30
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECTArJTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWE3YjBkOGRlODI1MWQzNmQ3YzgzZmFmNmJjN2VmZWM3M2I1MDM0MB4XDTIyMDEw
MTE2MDA1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGNhMzc5YWM2ZTgz
MGNkODhiYjg1ZGU4Y2VhODZkMzE0ZjAwOWNhYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN/lrlKoxztwDtsxe+ISKvFjMvebvyKY5s86r1klQNmalcZZ
yf1TuIEyojY0ARZq1yKOF1UsuE8a4gM7oVlfFu1D4RdlHL/4+c6g0bM4b1f23RZf
xNbpMPtssq6MjSpTsdQw3PRX5SBVh9Qm3ikBSdbxq6tMUZ1ARblFM5eoE3txyGab
p0gWd3WxPT1Il2iUcsKxVi+6wsE16XXrCSxih4NAvxpBhZiOWz1EPs/AE62o907L
IP/+B1qJpQKguCIWpg4GcWonBURgtNAQUZBud1b2q+kKkIsEFw9mVOfCPvpR/wEN
yeBZyriph7OOvx1rntu8ubU+muATpqINyuxB4VUCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTco3msboMM2Iu4XejOqG0xTwCcqzAfBgNVHSMEGDAWgBSxp7DY3oJR0218
g/r2vH7+xztQNDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NhZXcyTjZDVWROdGZJUDY5cngtX3NjN1VEUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTcvZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8x
LzNLTjVyRzZERE5pTHVGM296cWh0TVU4QW5Lcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcv
ZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8xL3NhZXcyTjZDVWRO
dGZJUDY5cngtX3NjN1VEUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoLC4f/tTANBgkqhkiG9w0BAQsF
AAOCAQEAA4+TR/zaJ9C/MR0/DKxZVR5a6NsBcZY/Ao4VfWFY7I+nbQE1pE4sGMV8
DHwYHq5I3i4LoFm86sVF/ZL0hV0hFqpXxP3gpK3X5MjlGkBhQFG1WwT9klpbrwhl
V0I9sL3UPWsa+GgbmnffQnoFCyGOw3kYyAAdHGVpKw5oNq56tRUJRmiGr6wFVGd8
Qb9iR9701LGPRhthgxM+wRuIyryGEjvixhithwqZ1G9q2y0DZcEk48MY5rz5BKnF
U9Cz0Ru7jkkdQ3rUp5D+BQvUB7dphXqMU8tIjQ3D/I5x36DyY/xpeVUm4iSDlnwY
STKrql/rjbjCPSEfDA7ERgCTjLu+MA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:39 2024 by rpki-client on console-ams.rpki-client.org