Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/GzlCq1Ogdgs6Mnz6hg6A5HIZnOw.roa
File:                     GzlCq1Ogdgs6Mnz6hg6A5HIZnOw.roa (raw, json)
Hash identifier:          6eiBeHhrSh3JLPoKFpXuhJZF5+T7mfNVbGXp+Al3d9o=
Subject key identifier:   1B:39:42:AB:53:A0:76:0B:3A:32:7C:FA:86:0E:80:E4:72:19:9C:EC
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       08CBFE18
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/GzlCq1Ogdgs6Mnz6hg6A5HIZnOw.roa
Signing time:             Sat 01 Jan 2022 14:02:06 +0000
ROA not before:           Sat 01 Jan 2022 14:02:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213045
IP address blocks:        2a0e:8f02:2000::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147586584 (0x8cbfe18)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 14:02:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1b3942ab53a0760b3a327cfa860e80e472199cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9f:85:ca:24:4e:7d:f8:6c:cd:95:4c:f4:ab:
                    f2:d5:63:72:32:a8:26:eb:7c:93:5b:ea:16:35:04:
                    39:92:76:ae:68:95:c8:de:44:6d:61:dd:88:e6:a5:
                    f6:01:f8:6e:9f:79:c2:7e:c3:e0:32:b7:6d:17:9d:
                    22:f1:bc:b2:ce:ff:9a:63:33:0a:f0:94:b4:6a:12:
                    44:e9:fd:ae:a6:06:ba:e3:13:08:0f:94:64:8f:64:
                    28:81:31:bb:b5:fc:f3:6d:dc:99:b1:0c:3c:b2:f9:
                    97:69:bd:b3:a0:ef:02:c2:e1:0a:f5:3a:e8:e7:41:
                    f7:56:16:07:0f:c4:b5:e4:86:4e:1c:06:ad:05:ab:
                    93:87:3b:10:64:b5:9d:e1:56:ee:e4:5a:00:86:be:
                    19:96:33:55:e1:e0:b4:9a:4a:95:15:65:de:28:f2:
                    32:09:69:29:ed:c7:5e:5c:bf:0e:e4:50:23:16:17:
                    45:10:c1:ae:bb:23:4d:6f:55:78:04:8e:66:ff:66:
                    23:74:e3:78:48:47:65:87:37:74:91:e9:19:29:19:
                    b8:42:5c:27:73:cc:20:ba:aa:28:48:27:ff:01:d8:
                    ad:20:db:d0:ce:5c:2d:32:75:84:ac:51:9c:88:a5:
                    a2:76:1b:e6:96:7b:5a:0b:28:79:7c:70:3c:3f:70:
                    e0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:39:42:AB:53:A0:76:0B:3A:32:7C:FA:86:0E:80:E4:72:19:9C:EC
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/GzlCq1Ogdgs6Mnz6hg6A5HIZnOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2000::/44

    Signature Algorithm: sha256WithRSAEncryption
         51:52:ac:e1:ab:d7:b0:f3:f6:80:65:9d:24:08:89:af:94:26:
         34:99:fa:77:3d:e1:f8:5b:4c:9d:5a:20:33:4e:a9:30:58:e3:
         b5:8c:6c:eb:99:06:ce:0d:4c:12:11:91:78:7a:54:a0:ed:6f:
         db:64:e0:73:90:76:fe:fc:30:a2:b4:d7:b6:6a:be:a2:4c:39:
         06:1a:19:73:9d:95:22:d4:12:07:03:40:7c:e7:6d:b3:38:0d:
         74:cc:25:40:53:8d:cf:dc:e5:a4:ad:24:48:73:82:d6:93:83:
         b3:c2:b0:75:e4:6a:36:54:bf:41:79:62:b9:8e:52:96:ff:bc:
         63:43:28:fa:ee:e3:1b:50:ba:b5:45:a0:19:34:cc:bc:13:8d:
         be:64:fb:f2:8b:61:67:93:e9:83:3e:e7:32:25:1e:d7:60:27:
         0c:c4:65:6d:11:12:07:c7:a9:7a:67:59:5c:51:94:b1:45:c9:
         95:07:f3:b2:2f:61:05:81:d8:1c:d2:57:14:86:e7:c7:a8:7c:
         1b:5e:d4:28:fd:e2:a0:f9:21:fe:ce:23:21:40:a2:3f:06:3f:
         7a:e5:c1:10:06:4e:64:b5:b4:fd:bf:ba:29:52:65:b3:a4:72:
         72:09:33:cd:79:e7:66:0f:a1:47:de:1d:04:64:a1:e0:4d:ff:
         7a:79:70:fa
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECMv+GDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NTZlZjQ4ZWQ2MTU1ZGQ3ODQzZWVkMzYzMjQ2OWFiYWEzMTAwYmYzMB4XDTIyMDEw
MTE0MDIwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWIzOTQyYWI1M2Ew
NzYwYjNhMzI3Y2ZhODYwZTgwZTQ3MjE5OWNlYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJufhcokTn34bM2VTPSr8tVjcjKoJut8k1vqFjUEOZJ2rmiV
yN5EbWHdiOal9gH4bp95wn7D4DK3bRedIvG8ss7/mmMzCvCUtGoSROn9rqYGuuMT
CA+UZI9kKIExu7X8823cmbEMPLL5l2m9s6DvAsLhCvU66OdB91YWBw/EteSGThwG
rQWrk4c7EGS1neFW7uRaAIa+GZYzVeHgtJpKlRVl3ijyMglpKe3HXly/DuRQIxYX
RRDBrrsjTW9VeASOZv9mI3TjeEhHZYc3dJHpGSkZuEJcJ3PMILqqKEgn/wHYrSDb
0M5cLTJ1hKxRnIilonYb5pZ7WgsoeXxwPD9w4LcCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQbOUKrU6B2CzoyfPqGDoDkchmc7DAfBgNVHSMEGDAWgBTVbvSO1hVd14Q+
7TYyRpq6oxAL8zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFXNzBqdFlWWGRlRVB1MDJNa2FhdXFNUUNfTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvNThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8x
L0d6bENxMU9nZGdzNk1uejZoZzZBNUhJWm5Pdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
NThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8xLzFXNzBqdFlWWGRl
RVB1MDJNa2FhdXFNUUNfTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOjwIgADANBgkqhkiG9w0BAQsF
AAOCAQEAUVKs4avXsPP2gGWdJAiJr5QmNJn6dz3h+FtMnVogM06pMFjjtYxs65kG
zg1MEhGReHpUoO1v22Tgc5B2/vwworTXtmq+okw5BhoZc52VItQSBwNAfOdtszgN
dMwlQFONz9zlpK0kSHOC1pODs8KwdeRqNlS/QXliuY5Slv+8Y0Mo+u7jG1C6tUWg
GTTMvBONvmT78othZ5Ppgz7nMiUe12AnDMRlbRESB8epemdZXFGUsUXJlQfzsi9h
BYHYHNJXFIbnx6h8G17UKP3ioPkh/s4jIUCiPwY/euXBEAZOZLW0/b+6KVJls6Ry
cgkzzXnnZg+hR94dBGSh4E3/enlw+g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:35 2024 by rpki-client on console-ams.rpki-client.org