Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Y7XQalGOJtcPmHI3-EvnT7ImXxY.roa
File:                     Y7XQalGOJtcPmHI3-EvnT7ImXxY.roa (raw, json)
Hash identifier:          u1EPRxbFrCyniSpfHRqx7H/lkzejXmGWY01HVavq5wY=
Subject key identifier:   63:B5:D0:6A:51:8E:26:D7:0F:98:72:37:F8:4B:E7:4F:B2:26:5F:16
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       09353220
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Y7XQalGOJtcPmHI3-EvnT7ImXxY.roa
Signing time:             Sat 01 Jan 2022 16:00:59 +0000
ROA not before:           Sat 01 Jan 2022 16:00:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212332
IP address blocks:        2a0b:b87:ffa4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154481184 (0x9353220)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 16:00:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=63b5d06a518e26d70f987237f84be74fb2265f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d1:2c:66:1f:fc:39:50:b5:eb:94:c7:d6:3d:
                    14:55:2b:2f:9d:b2:e7:12:c9:8f:3c:de:85:03:bc:
                    5d:46:07:9c:9c:d6:94:c8:39:07:59:dc:2b:f8:1a:
                    af:ae:cb:9e:24:92:65:a0:d2:3e:ac:5a:ce:be:f1:
                    fd:99:87:7e:6d:a7:6e:89:17:af:8d:ef:ce:49:28:
                    71:09:7b:91:ff:83:a9:eb:7c:86:2c:53:63:1a:33:
                    a1:ee:1c:54:07:b1:06:0e:4c:ba:ca:dc:12:d1:bc:
                    58:d0:b1:b1:2d:33:ea:e0:93:82:78:02:9b:b0:10:
                    05:60:fc:9a:4d:b0:b1:93:ba:a3:47:7e:f3:7b:1b:
                    f4:ca:27:96:c1:2c:b9:84:74:47:b9:79:b9:47:f1:
                    95:20:5c:75:ba:df:34:98:1c:70:da:4e:3e:4e:54:
                    05:18:17:30:3f:16:7f:70:6c:1c:41:24:dc:1a:77:
                    6f:2c:78:a9:8d:f9:2f:3a:f2:33:af:9c:f2:6e:9b:
                    27:e4:c1:f8:5b:35:ef:cf:dd:33:3a:48:29:60:a1:
                    63:be:b3:88:c5:85:e1:0b:50:a4:73:fd:fc:36:d9:
                    52:68:b8:e1:b8:9b:0a:43:9a:c0:a9:54:50:aa:5e:
                    c2:52:4c:f0:de:e3:d7:69:d9:03:15:f9:55:df:6e:
                    d1:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B5:D0:6A:51:8E:26:D7:0F:98:72:37:F8:4B:E7:4F:B2:26:5F:16
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Y7XQalGOJtcPmHI3-EvnT7ImXxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffa4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:8b:06:a7:4c:aa:f7:02:03:87:e9:35:32:a3:7c:f0:2a:af:
         06:52:f6:08:b6:49:a0:37:52:eb:47:cb:05:19:43:09:a0:76:
         e9:ec:a7:30:17:9b:e2:4f:4f:ca:7b:88:53:07:46:9c:27:0e:
         21:97:54:9c:cb:f5:60:f0:b1:e8:2b:99:65:9e:5f:2b:01:4b:
         56:b9:e7:a8:5e:51:ab:f0:36:85:9f:f2:fc:56:f5:1b:ac:b6:
         c2:e7:3c:d3:b5:be:fc:bd:28:a2:87:6f:c2:93:0e:4d:02:1b:
         e0:b0:18:36:be:38:f6:1d:fe:50:4e:38:84:a3:2f:2a:f7:96:
         08:ca:1d:e3:99:cc:79:44:23:58:d6:0c:aa:82:e4:d1:22:19:
         78:d5:b9:eb:13:51:f9:67:48:74:b4:04:e2:a6:b6:0c:56:6a:
         fc:49:fe:f5:6e:a9:01:8e:c2:9a:97:04:37:e0:df:14:10:12:
         2c:11:54:e5:94:35:3d:b0:b3:19:da:0e:1c:66:27:db:d4:cd:
         3c:18:23:ea:05:57:78:83:c8:8d:53:ae:ad:ae:83:c2:96:e7:
         70:89:13:f2:d5:4d:96:7b:7f:0f:30:01:96:cb:f1:a9:98:45:
         09:83:f0:02:73:ca:e8:bd:75:2e:e5:01:f6:88:ce:ec:58:6d:
         33:d5:92:d1
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECTUyIDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWE3YjBkOGRlODI1MWQzNmQ3YzgzZmFmNmJjN2VmZWM3M2I1MDM0MB4XDTIyMDEw
MTE2MDA1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjNiNWQwNmE1MThl
MjZkNzBmOTg3MjM3Zjg0YmU3NGZiMjI2NWYxNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJbRLGYf/DlQteuUx9Y9FFUrL52y5xLJjzzehQO8XUYHnJzW
lMg5B1ncK/gar67LniSSZaDSPqxazr7x/ZmHfm2nbokXr43vzkkocQl7kf+Dqet8
hixTYxozoe4cVAexBg5MusrcEtG8WNCxsS0z6uCTgngCm7AQBWD8mk2wsZO6o0d+
83sb9MonlsEsuYR0R7l5uUfxlSBcdbrfNJgccNpOPk5UBRgXMD8Wf3BsHEEk3Bp3
byx4qY35LzryM6+c8m6bJ+TB+Fs178/dMzpIKWChY76ziMWF4QtQpHP9/DbZUmi4
4bibCkOawKlUUKpewlJM8N7j12nZAxX5Vd9u0Q8CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRjtdBqUY4m1w+Ycjf4S+dPsiZfFjAfBgNVHSMEGDAWgBSxp7DY3oJR0218
g/r2vH7+xztQNDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NhZXcyTjZDVWROdGZJUDY5cngtX3NjN1VEUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTcvZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8x
L1k3WFFhbEdPSnRjUG1ISTMtRXZuVDdJbVh4WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcv
ZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8xL3NhZXcyTjZDVWRO
dGZJUDY5cngtX3NjN1VEUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoLC4f/pDANBgkqhkiG9w0BAQsF
AAOCAQEAeosGp0yq9wIDh+k1MqN88CqvBlL2CLZJoDdS60fLBRlDCaB26eynMBeb
4k9PynuIUwdGnCcOIZdUnMv1YPCx6CuZZZ5fKwFLVrnnqF5Rq/A2hZ/y/Fb1G6y2
wuc807W+/L0ooodvwpMOTQIb4LAYNr449h3+UE44hKMvKveWCMod45nMeUQjWNYM
qoLk0SIZeNW56xNR+WdIdLQE4qa2DFZq/En+9W6pAY7CmpcEN+DfFBASLBFU5ZQ1
PbCzGdoOHGYn29TNPBgj6gVXeIPIjVOura6DwpbncIkT8tVNlnt/DzABlsvxqZhF
CYPwAnPK6L11LuUB9ojO7FhtM9WS0Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:49 2024 by rpki-client on console-fra.rpki-client.org