Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/zJ7GKlXU_Uyf2avsxG7DfZBKXT8.roa
File:                     zJ7GKlXU_Uyf2avsxG7DfZBKXT8.roa (raw, json)
Hash identifier:          HalPFebwPMdsW8GBb95kdyEchCyCfhmOvV/1PSaUK04=
Subject key identifier:   CC:9E:C6:2A:55:D4:FD:4C:9F:D9:AB:EC:C4:6E:C3:7D:90:4A:5D:3F
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       1B5A6C51
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/zJ7GKlXU_Uyf2avsxG7DfZBKXT8.roa
Signing time:             Sat 01 Jan 2022 10:56:00 +0000
ROA not before:           Sat 01 Jan 2022 10:56:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49030
IP address blocks:        2a01:240:ab01::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 458910801 (0x1b5a6c51)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 10:56:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cc9ec62a55d4fd4c9fd9abecc46ec37d904a5d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:fa:e2:4a:9c:d9:83:bc:e9:42:6e:c0:a4:b0:
                    2d:c4:3f:0d:d0:39:9a:1e:a9:db:ad:84:e1:de:ff:
                    86:fe:73:ff:72:a3:89:2f:1f:87:de:4d:4b:c7:47:
                    1d:49:2d:08:7f:7f:f5:93:d3:01:f7:f6:d6:2b:2c:
                    c3:8e:ad:8a:81:ba:47:e9:19:76:07:4f:6b:ed:6c:
                    cc:91:f9:0b:45:24:c1:5d:f1:c9:48:a7:55:dc:bc:
                    b8:40:70:5f:9c:59:c7:69:0e:52:9b:54:ac:53:0f:
                    c5:16:57:6e:68:1d:cd:60:1b:b0:19:7d:b7:f0:dd:
                    01:48:6b:43:80:31:76:13:1d:35:9f:a0:3d:eb:79:
                    29:a4:ab:bf:a9:83:67:0b:52:10:4a:f6:76:c4:b8:
                    ac:44:75:53:e6:c5:34:5b:98:e6:da:e2:d6:c9:57:
                    7c:59:23:f6:0c:15:6e:9a:f3:77:1f:87:a8:43:96:
                    1c:53:cd:89:6b:49:37:7d:b2:6d:86:96:96:9e:c9:
                    7f:51:58:a5:30:69:77:3d:c4:9c:92:f7:48:ae:2f:
                    02:6e:80:ba:79:c0:53:87:10:c0:e2:de:52:29:ea:
                    da:c5:1f:25:b1:85:cf:0c:e5:91:5b:e2:cb:29:4e:
                    48:e0:d6:fe:1d:b3:f2:4b:ce:05:19:ba:a8:1c:59:
                    3e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:9E:C6:2A:55:D4:FD:4C:9F:D9:AB:EC:C4:6E:C3:7D:90:4A:5D:3F
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/zJ7GKlXU_Uyf2avsxG7DfZBKXT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:240:ab01::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:ef:e4:c5:07:02:3d:86:cd:d9:d5:d4:a1:8c:bd:c5:1d:73:
         7b:3e:bf:15:89:c9:2c:5a:4c:55:6b:11:48:75:be:dd:67:a7:
         c0:12:9b:94:60:f0:1e:12:7c:66:84:58:79:41:e2:73:f5:e4:
         9e:6d:67:bd:8a:da:80:7d:8d:b8:92:73:50:f7:0f:23:33:58:
         73:d7:3c:de:6b:ad:5e:fc:0e:80:76:a8:08:ae:22:1b:99:bc:
         9d:1f:a8:a3:09:c7:9b:8a:01:07:ab:84:ee:a5:14:0b:81:00:
         08:f5:ae:a7:42:a4:93:d3:d7:4c:05:ca:35:e7:4e:ce:c1:67:
         10:5d:19:c6:53:3f:94:66:a0:19:71:e8:75:f2:b5:98:13:8c:
         df:df:fe:62:29:80:ac:95:a5:33:7f:89:7e:b7:24:bb:6b:57:
         dc:fc:a0:11:bb:38:50:82:f6:a5:ab:42:eb:8f:8e:31:2c:b1:
         6e:ed:3e:fb:65:e7:bf:ed:46:df:1e:33:bb:96:3e:be:59:6f:
         78:77:ac:cc:bc:95:8a:00:fb:bd:65:39:4c:ec:6f:d0:50:72:
         54:f0:2f:2d:cb:75:73:1d:18:10:e2:f3:3a:bb:63:97:3a:1d:
         56:79:63:71:0a:fa:d8:8a:a4:4d:19:77:ce:0e:58:92:d3:b4:
         6e:3c:b0:6d
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEG1psUTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
OTA5ZWUzZDYxODk3NGRhMGNiZDgwNWEyZGE4MDQxMGE0OTg5ODgxMB4XDTIyMDEw
MTEwNTYwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2M5ZWM2MmE1NWQ0
ZmQ0YzlmZDlhYmVjYzQ2ZWMzN2Q5MDRhNWQzZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOL64kqc2YO86UJuwKSwLcQ/DdA5mh6p262E4d7/hv5z/3Kj
iS8fh95NS8dHHUktCH9/9ZPTAff21issw46tioG6R+kZdgdPa+1szJH5C0UkwV3x
yUinVdy8uEBwX5xZx2kOUptUrFMPxRZXbmgdzWAbsBl9t/DdAUhrQ4AxdhMdNZ+g
Pet5KaSrv6mDZwtSEEr2dsS4rER1U+bFNFuY5tri1slXfFkj9gwVbprzdx+HqEOW
HFPNiWtJN32ybYaWlp7Jf1FYpTBpdz3EnJL3SK4vAm6AunnAU4cQwOLeUinq2sUf
JbGFzwzlkVviyylOSODW/h2z8kvOBRm6qBxZPjkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTMnsYqVdT9TJ/Zq+zEbsN9kEpdPzAfBgNVHSMEGDAWgBTpCe49YYl02gy9
gFotqAQQpJiYgTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZRbnVQV0dKZE5vTXZZQmFMYWdFRUtTWW1JRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWUvMmI1ZjVmLWJiOTYtNGIzMS04YTZhLWRkMTE1ZjllMzMwMS8x
L3pKN0dLbFhVX1V5ZjJhdnN4RzdEZlpCS1hUOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUv
MmI1ZjVmLWJiOTYtNGIzMS04YTZhLWRkMTE1ZjllMzMwMS8xLzZRbnVQV0dKZE5v
TXZZQmFMYWdFRUtTWW1JRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBAkCrATANBgkqhkiG9w0BAQsF
AAOCAQEAue/kxQcCPYbN2dXUoYy9xR1zez6/FYnJLFpMVWsRSHW+3WenwBKblGDw
HhJ8ZoRYeUHic/Xknm1nvYragH2NuJJzUPcPIzNYc9c83mutXvwOgHaoCK4iG5m8
nR+oownHm4oBB6uE7qUUC4EACPWup0Kkk9PXTAXKNedOzsFnEF0ZxlM/lGagGXHo
dfK1mBOM39/+YimArJWlM3+Jfrcku2tX3PygEbs4UIL2patC64+OMSyxbu0++2Xn
v+1G3x4zu5Y+vllveHeszLyVigD7vWU5TOxv0FByVPAvLct1cx0YEOLzOrtjlzod
VnljcQr62IqkTRl3zg5YktO0bjywbQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:44 2024 by rpki-client on console-fra.rpki-client.org