Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1iKongL1kJuYKmlmR-DCOY9XJgU.roa
File:                     1iKongL1kJuYKmlmR-DCOY9XJgU.roa (raw, json)
Hash identifier:          wr03d3jVyuxfkJSLMcGWGnQvkLV/kgVnabPOaRpGb+k=
Subject key identifier:   D6:22:A8:9E:02:F5:90:9B:98:2A:69:66:47:E0:C2:39:8F:57:26:05
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       08B5E2D3
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1iKongL1kJuYKmlmR-DCOY9XJgU.roa
Signing time:             Sat 01 Jan 2022 14:01:50 +0000
ROA not before:           Sat 01 Jan 2022 14:01:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211522
IP address blocks:        2a0e:8f02:f023::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 146137811 (0x8b5e2d3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 14:01:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d622a89e02f5909b982a696647e0c2398f572605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:be:dc:e0:98:c6:b1:37:4c:1a:97:e7:16:e8:
                    bf:08:8a:57:ad:5b:af:89:27:4b:63:13:e2:60:ae:
                    58:45:fe:b5:87:a8:a6:e2:5c:9b:45:be:93:07:ac:
                    f3:2d:77:49:23:f9:22:d2:99:37:c1:90:61:5b:7e:
                    c7:8b:72:d5:57:ad:4e:3a:da:e3:2d:55:10:01:99:
                    a4:b2:de:a1:36:c0:0d:5b:3b:46:db:94:0d:00:f6:
                    8e:1e:b2:20:c2:29:fd:5f:e5:33:68:3a:6b:33:d6:
                    fa:2a:5e:ae:5c:a9:52:5a:0a:a8:34:15:85:5d:61:
                    7b:52:2f:0e:4f:65:63:e4:1e:84:ae:44:b4:17:29:
                    0a:2a:af:b5:17:80:bc:b1:97:f2:24:b9:fe:9d:e6:
                    20:d7:56:7b:17:28:80:f1:5b:90:f1:ed:d3:72:c6:
                    51:01:16:77:ef:31:2b:d4:ec:60:f9:d4:ac:3f:ec:
                    97:9b:f2:e2:e9:57:83:f5:5b:6a:e5:69:b4:bb:92:
                    e2:5d:57:ad:bb:46:9b:47:4c:84:ba:af:04:a0:d7:
                    74:bf:b2:61:a2:1a:a6:05:b0:8d:42:82:1b:2d:13:
                    10:d4:7a:9d:a2:22:70:72:05:27:bc:d7:e3:3b:3b:
                    76:e4:6f:74:1c:c7:7b:62:a4:1c:82:b0:90:12:68:
                    85:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:22:A8:9E:02:F5:90:9B:98:2A:69:66:47:E0:C2:39:8F:57:26:05
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1iKongL1kJuYKmlmR-DCOY9XJgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f023::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:3e:9e:53:7a:c9:8b:0b:67:d9:fa:13:08:80:6f:32:be:9c:
         0f:aa:25:fa:95:ea:a2:04:11:90:d8:12:cf:8f:b7:4e:91:f2:
         15:fd:9f:1d:4a:59:ca:e4:28:5a:d2:a6:5b:c9:08:ff:4d:f8:
         8a:5e:e5:cd:23:75:e8:27:f1:00:ce:d2:3e:57:fb:5d:d5:37:
         56:57:38:03:8e:64:3b:aa:6c:c4:76:31:ca:b8:38:5b:6a:9e:
         cd:2b:1a:43:69:96:12:14:77:7e:01:08:80:54:33:e8:56:9a:
         1a:81:e7:cb:96:e0:2b:02:50:4b:f7:ec:23:95:b4:bf:3a:60:
         4a:07:24:9f:1a:1e:4f:a5:8f:41:3b:9d:13:da:53:43:ab:72:
         d2:3d:1b:0f:e6:07:0c:28:ea:95:1d:c0:d0:0d:9f:00:41:72:
         5f:99:31:34:62:2e:e5:79:61:c3:64:d4:11:a2:6d:68:2c:50:
         41:43:5b:f7:be:36:cd:5a:3d:ca:34:85:dc:9b:30:68:ae:e3:
         4d:8e:33:9a:cb:63:c2:fe:21:fc:db:6e:c5:7f:c3:17:b8:84:
         f7:a4:f1:2d:c8:40:1b:f6:ee:53:8a:dc:9f:09:55:4c:80:69:
         0f:ae:2d:fb:f0:1d:7a:f9:a0:93:9f:49:80:4c:56:c9:67:55:
         ea:e3:19:06
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECLXi0zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NTZlZjQ4ZWQ2MTU1ZGQ3ODQzZWVkMzYzMjQ2OWFiYWEzMTAwYmYzMB4XDTIyMDEw
MTE0MDE1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDYyMmE4OWUwMmY1
OTA5Yjk4MmE2OTY2NDdlMGMyMzk4ZjU3MjYwNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ++3OCYxrE3TBqX5xbovwiKV61br4knS2MT4mCuWEX+tYeo
puJcm0W+kwes8y13SSP5ItKZN8GQYVt+x4ty1VetTjra4y1VEAGZpLLeoTbADVs7
RtuUDQD2jh6yIMIp/V/lM2g6azPW+iperlypUloKqDQVhV1he1IvDk9lY+QehK5E
tBcpCiqvtReAvLGX8iS5/p3mINdWexcogPFbkPHt03LGUQEWd+8xK9TsYPnUrD/s
l5vy4ulXg/VbauVptLuS4l1XrbtGm0dMhLqvBKDXdL+yYaIapgWwjUKCGy0TENR6
naIicHIFJ7zX4zs7duRvdBzHe2KkHIKwkBJohZsCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTWIqieAvWQm5gqaWZH4MI5j1cmBTAfBgNVHSMEGDAWgBTVbvSO1hVd14Q+
7TYyRpq6oxAL8zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFXNzBqdFlWWGRlRVB1MDJNa2FhdXFNUUNfTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvNThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8x
LzFpS29uZ0wxa0p1WUttbG1SLURDT1k5WEpnVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
NThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8xLzFXNzBqdFlWWGRl
RVB1MDJNa2FhdXFNUUNfTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOjwLwIzANBgkqhkiG9w0BAQsF
AAOCAQEAYz6eU3rJiwtn2foTCIBvMr6cD6ol+pXqogQRkNgSz4+3TpHyFf2fHUpZ
yuQoWtKmW8kI/034il7lzSN16CfxAM7SPlf7XdU3Vlc4A45kO6psxHYxyrg4W2qe
zSsaQ2mWEhR3fgEIgFQz6FaaGoHny5bgKwJQS/fsI5W0vzpgSgcknxoeT6WPQTud
E9pTQ6ty0j0bD+YHDCjqlR3A0A2fAEFyX5kxNGIu5Xlhw2TUEaJtaCxQQUNb9742
zVo9yjSF3JswaK7jTY4zmstjwv4h/NtuxX/DF7iE96TxLchAG/buU4rcnwlVTIBp
D64t+/Adevmgk59JgExWyWdV6uMZBg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:41 2024 by rpki-client on console-fra.rpki-client.org