Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/SGWj5z4FZdXtiEbzGaSmkb_aKHI.roa
File:                     SGWj5z4FZdXtiEbzGaSmkb_aKHI.roa (raw, json)
Hash identifier:          Rafc4gn1Ce05CktM0ES8i7/pXU/b0f/A+vdAGYaii6Q=
Subject key identifier:   48:65:A3:E7:3E:05:65:D5:ED:88:46:F3:19:A4:A6:91:BF:DA:28:72
Certificate issuer:       /CN=991b5422cd5578d4715ebe4c5097202523dd5658
Certificate serial:       04F82997
Authority key identifier: 99:1B:54:22:CD:55:78:D4:71:5E:BE:4C:50:97:20:25:23:DD:56:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/SGWj5z4FZdXtiEbzGaSmkb_aKHI.roa
Signing time:             Sat 01 Jan 2022 11:54:31 +0000
ROA not before:           Sat 01 Jan 2022 11:54:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60404
IP address blocks:        2001:678:acc::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83372439 (0x4f82997)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=991b5422cd5578d4715ebe4c5097202523dd5658
        Validity
            Not Before: Jan  1 11:54:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4865a3e73e0565d5ed8846f319a4a691bfda2872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:84:94:2a:59:83:06:35:c0:67:71:f9:22:b3:
                    e8:ba:3e:47:57:05:22:fb:53:0c:fa:43:40:99:63:
                    b6:4b:c9:3f:cb:db:5a:f6:70:fb:e7:9a:24:0e:40:
                    21:0d:1b:55:3b:64:8c:d1:d3:9e:b4:18:3a:18:9c:
                    f4:ca:6b:9b:fc:53:a9:4b:24:6f:34:78:5c:30:af:
                    8f:82:66:2e:a6:66:6a:c4:16:d4:0c:6a:7e:9a:2d:
                    c2:1c:c0:31:7b:73:7b:36:dc:17:53:b3:5a:5d:da:
                    8f:6a:dd:80:5a:2c:42:71:7a:9a:8f:4d:13:23:14:
                    b8:ff:9b:f3:cb:e5:19:4d:2e:61:4b:7d:fc:62:1d:
                    70:e6:b2:42:3d:92:23:66:f5:35:7f:5d:b5:2e:51:
                    9b:07:d9:e9:75:f1:44:56:c0:56:02:83:8a:60:de:
                    ac:e2:fc:9b:9c:68:d1:80:37:26:b8:04:d6:69:32:
                    31:02:a2:69:d4:df:9e:f8:09:53:e4:b6:ed:41:29:
                    3a:46:ab:e0:58:ed:26:86:fa:83:ea:1c:ab:d9:e2:
                    3d:26:4f:22:82:34:36:28:4a:f9:86:c0:e4:f9:71:
                    d7:0b:a2:25:6a:e8:8f:41:85:ce:66:5e:f4:4c:97:
                    39:69:f5:23:d0:37:2d:dd:aa:0c:82:d9:5b:6b:6c:
                    6c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:65:A3:E7:3E:05:65:D5:ED:88:46:F3:19:A4:A6:91:BF:DA:28:72
            X509v3 Authority Key Identifier:
                keyid:99:1B:54:22:CD:55:78:D4:71:5E:BE:4C:50:97:20:25:23:DD:56:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRtUIs1VeNRxXr5MUJcgJSPdVlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/SGWj5z4FZdXtiEbzGaSmkb_aKHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/5811c0-6dae-4dd4-987c-d46ffc501f36/1/mRtUIs1VeNRxXr5MUJcgJSPdVlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:acc::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:14:80:ba:7f:ca:cd:90:9e:5d:9d:9f:d5:d0:66:ad:b5:57:
         9f:ad:38:e2:58:25:78:be:69:52:46:a9:d9:3d:05:dc:dc:c3:
         6c:cf:71:0f:9d:7d:a6:5d:47:bc:91:77:48:19:f5:c7:ab:f2:
         34:63:f7:24:28:9c:d0:23:c0:da:5c:6f:c0:06:34:d3:7a:4d:
         d0:8f:e3:94:65:93:8e:5e:e8:6c:14:bc:4b:da:2b:6a:51:45:
         0d:16:f3:d0:0c:56:17:d5:e0:77:af:fc:f7:39:b8:fd:9c:0a:
         7e:32:3c:b2:19:cf:8a:2a:f9:03:0e:22:49:3f:42:4e:48:17:
         38:00:99:91:71:62:a2:73:db:6e:52:f7:87:a0:c1:ad:cb:a2:
         61:87:14:52:fa:d1:5e:9f:b8:29:da:87:83:a7:42:81:e4:fb:
         96:1f:0d:c0:70:f4:31:19:b2:a8:5c:48:a1:32:c5:82:14:c7:
         49:f7:1b:14:a4:55:5c:02:74:ef:39:c5:02:ca:4b:0b:32:33:
         9d:69:69:d4:e0:c3:1a:13:4b:fa:77:f6:27:ca:72:94:d9:ca:
         b7:83:57:ff:57:57:bc:d7:f0:30:07:d3:76:85:56:8f:5d:fa:
         51:07:1f:fa:f4:95:ca:e3:99:d7:90:73:1f:54:19:fa:4f:81:
         2f:1e:ed:1e
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBPgplzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
OTFiNTQyMmNkNTU3OGQ0NzE1ZWJlNGM1MDk3MjAyNTIzZGQ1NjU4MB4XDTIyMDEw
MTExNTQzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDg2NWEzZTczZTA1
NjVkNWVkODg0NmYzMTlhNGE2OTFiZmRhMjg3MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALuElCpZgwY1wGdx+SKz6Lo+R1cFIvtTDPpDQJljtkvJP8vb
WvZw++eaJA5AIQ0bVTtkjNHTnrQYOhic9Mprm/xTqUskbzR4XDCvj4JmLqZmasQW
1AxqfpotwhzAMXtzezbcF1OzWl3aj2rdgFosQnF6mo9NEyMUuP+b88vlGU0uYUt9
/GIdcOayQj2SI2b1NX9dtS5RmwfZ6XXxRFbAVgKDimDerOL8m5xo0YA3JrgE1mky
MQKiadTfnvgJU+S27UEpOkar4FjtJob6g+ocq9niPSZPIoI0NihK+YbA5Plx1wui
JWroj0GFzmZe9EyXOWn1I9A3Ld2qDILZW2tsbIkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRIZaPnPgVl1e2IRvMZpKaRv9oocjAfBgNVHSMEGDAWgBSZG1QizVV41HFe
vkxQlyAlI91WWDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21SdFVJczFWZU5SeFhyNU1VSmNnSlNQZFZsZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjMvNTgxMWMwLTZkYWUtNGRkNC05ODdjLWQ0NmZmYzUwMWYzNi8x
L1NHV2o1ejRGWmRYdGlFYnpHYVNta2JfYUtISS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMv
NTgxMWMwLTZkYWUtNGRkNC05ODdjLWQ0NmZmYzUwMWYzNi8xL21SdFVJczFWZU5S
eFhyNU1VSmNnSlNQZFZsZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngKzDANBgkqhkiG9w0BAQsF
AAOCAQEAMBSAun/KzZCeXZ2f1dBmrbVXn6044lgleL5pUkap2T0F3NzDbM9xD519
pl1HvJF3SBn1x6vyNGP3JCic0CPA2lxvwAY003pN0I/jlGWTjl7obBS8S9oralFF
DRbz0AxWF9Xgd6/89zm4/ZwKfjI8shnPiir5Aw4iST9CTkgXOACZkXFionPbblL3
h6DBrcuiYYcUUvrRXp+4KdqHg6dCgeT7lh8NwHD0MRmyqFxIoTLFghTHSfcbFKRV
XAJ07znFAspLCzIznWlp1ODDGhNL+nf2J8pylNnKt4NX/1dXvNfwMAfTdoVWj136
UQcf+vSVyuOZ15BzH1QZ+k+BLx7tHg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:24 2024 by rpki-client on console-fra.rpki-client.org