Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/4N5nbyPi1bijLdSJfnde4XhZ-uQ.roa
File:                     4N5nbyPi1bijLdSJfnde4XhZ-uQ.roa (raw, json)
Hash identifier:          H5qQ7e+YWKqAd0zzChgEs0VRqFW5m7UwaURcYerqMUo=
Subject key identifier:   E0:DE:67:6F:23:E2:D5:B8:A3:2D:D4:89:7E:77:5E:E1:78:59:FA:E4
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       08CD170E
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/4N5nbyPi1bijLdSJfnde4XhZ-uQ.roa
Signing time:             Sat 01 Jan 2022 14:02:07 +0000
ROA not before:           Sat 01 Jan 2022 14:02:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213126
IP address blocks:        2a0e:8f02:f001::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147658510 (0x8cd170e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 14:02:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e0de676f23e2d5b8a32dd4897e775ee17859fae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:03:70:4e:d8:0b:c6:57:7d:ab:df:21:4a:5a:
                    7e:8b:db:9d:f1:e8:d1:2b:dc:9e:a3:2f:13:d0:ff:
                    9a:7a:eb:12:93:00:61:3b:db:05:37:87:97:9d:e0:
                    23:8f:4d:65:de:71:6c:00:7b:eb:bb:e0:76:e8:c0:
                    13:2f:21:10:cb:85:71:3f:a6:c8:bb:f7:02:aa:b6:
                    7c:fd:94:77:96:bd:ed:2b:66:0c:d7:a6:d1:1c:d3:
                    d2:06:3b:77:46:95:0f:41:90:00:ee:47:dd:65:78:
                    43:d2:12:9c:e3:a8:82:e5:8b:69:61:42:a9:2a:c9:
                    88:a4:a1:c5:40:cb:60:42:ce:05:02:2a:15:6e:10:
                    c6:18:75:51:53:b9:71:a7:0b:3e:c3:d3:28:31:8c:
                    c7:b4:2a:bf:cc:3f:48:aa:cd:7b:b2:67:c7:33:c6:
                    8d:d5:f8:41:35:ec:1f:27:d5:48:73:54:fb:a5:15:
                    46:d7:9f:1f:93:55:39:79:a6:9f:67:71:73:f9:7d:
                    91:a2:19:8e:53:ac:a7:ef:bd:11:b8:4e:3d:3f:f1:
                    65:2c:7b:e2:eb:cc:01:9b:3e:97:ed:ec:c2:4d:28:
                    df:f7:31:d5:70:f6:70:d3:e2:c3:ad:d7:53:c0:43:
                    5f:73:0c:84:c0:ee:aa:b6:7f:f6:52:5e:29:b5:27:
                    c4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:DE:67:6F:23:E2:D5:B8:A3:2D:D4:89:7E:77:5E:E1:78:59:FA:E4
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/4N5nbyPi1bijLdSJfnde4XhZ-uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f001::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:f1:ec:fa:1c:35:06:bc:1e:d6:52:7b:72:c8:a8:5c:6d:b2:
         89:a1:e7:57:a2:a4:5a:7b:88:ed:4d:1b:59:10:7c:e3:22:09:
         3b:24:71:4a:e7:a0:79:7f:fb:1c:ca:db:12:4b:ed:32:fc:9a:
         7b:e2:7a:7c:5c:10:a2:5a:e2:cb:92:e5:43:a1:ea:2f:7d:51:
         60:ae:93:9c:18:f2:1e:75:42:23:c5:46:fb:67:ed:6f:e2:d9:
         4d:88:b4:9f:c1:22:69:71:6b:da:d3:4d:e9:3f:43:17:40:5c:
         25:82:fc:20:6f:b4:45:2c:01:c8:d4:3d:66:a3:da:21:23:39:
         52:37:a9:dd:83:19:4d:10:af:b7:2a:1c:cf:1e:8e:fb:2a:1b:
         da:d5:ad:55:a6:0c:5e:73:2f:79:88:66:24:aa:25:95:eb:b8:
         72:64:32:74:58:7b:82:c2:37:00:e5:71:ff:e0:f1:b2:4c:ba:
         ca:98:a2:94:dc:4f:05:d7:82:02:80:fe:22:5b:d2:0a:b6:92:
         f3:91:c1:85:86:6f:8a:1f:68:21:b2:54:75:8a:6e:87:51:9f:
         ff:81:a4:37:d0:c7:17:e1:b6:fa:ad:34:cc:db:19:84:7a:c2:
         c5:29:51:21:2d:b2:27:ec:72:91:3e:c9:6c:66:5b:7a:0b:7b:
         23:1d:22:94
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECM0XDjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NTZlZjQ4ZWQ2MTU1ZGQ3ODQzZWVkMzYzMjQ2OWFiYWEzMTAwYmYzMB4XDTIyMDEw
MTE0MDIwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTBkZTY3NmYyM2Uy
ZDViOGEzMmRkNDg5N2U3NzVlZTE3ODU5ZmFlNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANIDcE7YC8ZXfavfIUpafovbnfHo0SvcnqMvE9D/mnrrEpMA
YTvbBTeHl53gI49NZd5xbAB767vgdujAEy8hEMuFcT+myLv3Aqq2fP2Ud5a97Stm
DNem0RzT0gY7d0aVD0GQAO5H3WV4Q9ISnOOoguWLaWFCqSrJiKShxUDLYELOBQIq
FW4Qxhh1UVO5cacLPsPTKDGMx7Qqv8w/SKrNe7JnxzPGjdX4QTXsHyfVSHNU+6UV
RtefH5NVOXmmn2dxc/l9kaIZjlOsp++9EbhOPT/xZSx74uvMAZs+l+3swk0o3/cx
1XD2cNPiw63XU8BDX3MMhMDuqrZ/9lJeKbUnxMECAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTg3mdvI+LVuKMt1Il+d17heFn65DAfBgNVHSMEGDAWgBTVbvSO1hVd14Q+
7TYyRpq6oxAL8zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFXNzBqdFlWWGRlRVB1MDJNa2FhdXFNUUNfTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvNThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8x
LzRONW5ieVBpMWJpakxkU0pmbmRlNFhoWi11US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
NThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8xLzFXNzBqdFlWWGRl
RVB1MDJNa2FhdXFNUUNfTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOjwLwATANBgkqhkiG9w0BAQsF
AAOCAQEAUvHs+hw1Brwe1lJ7csioXG2yiaHnV6KkWnuI7U0bWRB84yIJOyRxSueg
eX/7HMrbEkvtMvyae+J6fFwQolriy5LlQ6HqL31RYK6TnBjyHnVCI8VG+2ftb+LZ
TYi0n8EiaXFr2tNN6T9DF0BcJYL8IG+0RSwByNQ9ZqPaISM5Ujep3YMZTRCvtyoc
zx6O+yob2tWtVaYMXnMveYhmJKolleu4cmQydFh7gsI3AOVx/+Dxsky6ypiilNxP
BdeCAoD+IlvSCraS85HBhYZvih9oIbJUdYpuh1Gf/4GkN9DHF+G2+q00zNsZhHrC
xSlRIS2yJ+xykT7JbGZbegt7Ix0ilA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:41 2024 by rpki-client on console-fra.rpki-client.org