Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/8Ss9q5Ox2Yedlk0DxBfvINJ8_W0.roa
File:                     8Ss9q5Ox2Yedlk0DxBfvINJ8_W0.roa (raw, json)
Hash identifier:          JlqryZoc79V6bDMlHaUBxAQYotp+/mPBWlcu/38lwKI=
Subject key identifier:   F1:2B:3D:AB:93:B1:D9:87:9D:96:4D:03:C4:17:EF:20:D2:7C:FD:6D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       092B9FBD
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/8Ss9q5Ox2Yedlk0DxBfvINJ8_W0.roa
Signing time:             Sat 01 Jan 2022 16:00:53 +0000
ROA not before:           Sat 01 Jan 2022 16:00:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210667
IP address blocks:        2a0b:b87:ff14::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 153853885 (0x92b9fbd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 16:00:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f12b3dab93b1d9879d964d03c417ef20d27cfd6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:45:4d:c7:8b:1f:62:03:c4:b4:db:d1:f7:be:
                    e8:fe:fd:62:06:ec:9e:c3:77:92:09:81:85:c8:36:
                    fb:e0:74:ef:89:7a:d3:57:18:bc:2a:ab:9d:7f:ee:
                    e9:93:ac:c6:7c:01:a2:d7:13:a5:3a:ea:d5:43:69:
                    08:77:10:ce:fa:af:f3:f5:f2:01:5c:5a:5e:73:49:
                    5c:78:47:0c:23:2a:3d:30:dc:37:6e:a8:13:9d:85:
                    dd:ec:71:07:36:a9:f3:11:c8:a7:6d:00:8a:0c:8d:
                    66:d1:02:cf:c3:e4:ea:14:43:d1:25:81:6f:84:f9:
                    21:d2:01:d2:9a:63:1c:f9:22:97:bf:77:63:61:0d:
                    aa:33:d3:1f:3a:18:41:b7:13:eb:d3:e0:5f:6d:36:
                    c3:75:48:f2:59:08:5d:b2:9a:1c:91:aa:18:55:a7:
                    5f:98:67:3c:ed:59:89:2d:ba:8f:da:5e:c2:bc:91:
                    ac:59:78:ff:07:3a:de:55:5d:52:4a:69:c2:8c:09:
                    22:12:07:12:05:00:d1:a9:97:11:9d:9b:e4:26:a4:
                    65:0c:f9:a0:af:d3:02:2b:4b:1f:b5:fa:fb:00:fd:
                    60:13:94:17:ab:1e:ea:66:87:35:94:83:6a:3f:9c:
                    e7:d4:12:5a:89:81:84:58:ea:6a:26:04:13:61:32:
                    50:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:2B:3D:AB:93:B1:D9:87:9D:96:4D:03:C4:17:EF:20:D2:7C:FD:6D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/8Ss9q5Ox2Yedlk0DxBfvINJ8_W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff14::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:bd:a3:8b:d4:34:a8:ee:da:db:8a:cd:89:83:1b:1a:eb:f2:
         be:d2:e4:20:47:1b:28:a8:b6:ec:07:15:3f:09:f2:51:c2:6c:
         10:81:7f:b4:eb:8c:5a:84:a1:07:cc:9c:18:3f:54:ca:3c:ab:
         9d:3c:b1:57:55:be:9e:28:b6:17:21:41:15:1b:84:fc:38:52:
         43:76:51:03:3e:d5:b1:5d:d6:48:5d:75:c1:0c:e8:ba:10:41:
         b6:ed:38:87:7c:1e:11:91:92:a2:23:d6:81:b7:e7:02:76:8e:
         94:17:98:c7:28:0d:95:7e:b6:29:5b:7e:0e:ab:d1:a4:18:77:
         66:42:e5:22:49:82:ba:03:cd:40:ac:3b:83:1c:cb:10:4e:bd:
         8c:0a:60:c3:17:36:f0:e0:5d:6a:c4:59:c1:e8:aa:12:58:e9:
         84:ee:0a:81:ef:c2:a4:a9:24:ec:8a:32:28:91:92:2a:4a:a9:
         17:91:b6:26:a2:76:f9:80:b7:be:c6:1e:f9:e3:43:06:60:d1:
         bf:0b:c2:42:ac:05:2e:55:9b:ca:ba:c6:3e:ff:ef:ba:e9:c5:
         85:e8:6f:9b:ee:11:89:6e:10:27:d4:83:46:0d:90:ed:e8:59:
         90:38:7a:e3:54:7b:0b:19:d2:75:c1:88:38:1f:18:75:b0:81:
         e1:42:e6:d6
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECSufvTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWE3YjBkOGRlODI1MWQzNmQ3YzgzZmFmNmJjN2VmZWM3M2I1MDM0MB4XDTIyMDEw
MTE2MDA1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjEyYjNkYWI5M2Ix
ZDk4NzlkOTY0ZDAzYzQxN2VmMjBkMjdjZmQ2ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMpFTceLH2IDxLTb0fe+6P79YgbsnsN3kgmBhcg2++B074l6
01cYvCqrnX/u6ZOsxnwBotcTpTrq1UNpCHcQzvqv8/XyAVxaXnNJXHhHDCMqPTDc
N26oE52F3exxBzap8xHIp20AigyNZtECz8Pk6hRD0SWBb4T5IdIB0ppjHPkil793
Y2ENqjPTHzoYQbcT69PgX202w3VI8lkIXbKaHJGqGFWnX5hnPO1ZiS26j9pewryR
rFl4/wc63lVdUkppwowJIhIHEgUA0amXEZ2b5CakZQz5oK/TAitLH7X6+wD9YBOU
F6se6maHNZSDaj+c59QSWomBhFjqaiYEE2EyUOkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTxKz2rk7HZh52WTQPEF+8g0nz9bTAfBgNVHSMEGDAWgBSxp7DY3oJR0218
g/r2vH7+xztQNDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NhZXcyTjZDVWROdGZJUDY5cngtX3NjN1VEUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTcvZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8x
LzhTczlxNU94MlllZGxrMER4QmZ2SU5KOF9XMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcv
ZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8xL3NhZXcyTjZDVWRO
dGZJUDY5cngtX3NjN1VEUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoLC4f/FDANBgkqhkiG9w0BAQsF
AAOCAQEAhb2ji9Q0qO7a24rNiYMbGuvyvtLkIEcbKKi27AcVPwnyUcJsEIF/tOuM
WoShB8ycGD9UyjyrnTyxV1W+nii2FyFBFRuE/DhSQ3ZRAz7VsV3WSF11wQzouhBB
tu04h3weEZGSoiPWgbfnAnaOlBeYxygNlX62KVt+DqvRpBh3ZkLlIkmCugPNQKw7
gxzLEE69jApgwxc28OBdasRZweiqEljphO4Kge/CpKkk7IoyKJGSKkqpF5G2JqJ2
+YC3vsYe+eNDBmDRvwvCQqwFLlWbyrrGPv/vuunFhehvm+4RiW4QJ9SDRg2Q7ehZ
kDh641R7CxnSdcGIOB8YdbCB4ULm1g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:48 2024 by rpki-client on console-fra.rpki-client.org