Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/gfK6HMe63ZIX18iSwToKc29BkRU.roa
File:                     gfK6HMe63ZIX18iSwToKc29BkRU.roa (raw, json)
Hash identifier:          nZ6zNNyIcMNN8yTEYHp4TcaVNXZdcjuzv9BkEMGlyMw=
Subject key identifier:   81:F2:BA:1C:C7:BA:DD:92:17:D7:C8:92:C1:3A:0A:73:6F:41:91:15
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       08CA33DC
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/gfK6HMe63ZIX18iSwToKc29BkRU.roa
Signing time:             Sat 01 Jan 2022 14:02:05 +0000
ROA not before:           Sat 01 Jan 2022 14:02:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213018
IP address blocks:        2a0e:8f00:dfc0::/42 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147469276 (0x8ca33dc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 14:02:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=81f2ba1cc7badd9217d7c892c13a0a736f419115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c6:86:66:d7:9d:84:8a:89:ff:9e:ed:27:0b:
                    97:d1:23:94:54:eb:98:8f:18:4c:84:4e:a6:34:a4:
                    40:d0:e6:e4:90:1c:7b:c0:7e:39:05:b8:d8:af:b5:
                    c4:b6:54:f1:a8:11:4a:35:10:59:48:4c:aa:5f:16:
                    67:7c:8d:67:86:7f:4d:82:ea:c5:4c:6b:83:e4:3e:
                    c2:9f:3a:62:43:78:0b:b3:4e:8f:b9:2e:dc:12:b8:
                    8a:f9:de:0c:1b:7c:a7:49:8f:b8:c7:8d:a0:1f:c3:
                    fb:70:d6:91:0e:d7:9c:b0:e3:5e:7f:9c:9a:e0:fa:
                    15:3c:ac:3f:9b:0e:5c:47:1f:fa:f5:64:ae:84:cd:
                    10:8c:4a:92:42:c2:6b:bc:e4:e5:09:af:75:26:17:
                    07:06:69:62:da:96:2a:8c:28:1b:df:c1:01:3a:7e:
                    79:8d:53:5a:51:79:dc:05:04:e2:99:59:ce:68:87:
                    24:ad:e4:6b:49:0f:63:0a:c9:89:8f:34:37:52:e7:
                    a6:5e:c1:57:62:23:1b:10:a8:98:f1:59:f8:9e:03:
                    ff:ca:ae:53:41:9a:c9:33:66:eb:11:12:26:7d:8e:
                    0e:55:d6:dd:0e:fd:b7:40:11:0a:95:66:03:66:87:
                    25:24:36:af:7f:db:1a:ec:74:b9:ce:7e:4e:05:49:
                    4b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:F2:BA:1C:C7:BA:DD:92:17:D7:C8:92:C1:3A:0A:73:6F:41:91:15
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/gfK6HMe63ZIX18iSwToKc29BkRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f00:dfc0::/42

    Signature Algorithm: sha256WithRSAEncryption
         7e:60:c2:0e:b6:ac:fb:37:df:69:60:99:7f:4e:64:7a:c1:0c:
         fb:95:44:24:b5:05:44:72:fd:39:e7:73:38:47:fc:8b:9a:88:
         5a:ab:ed:a9:da:6b:6e:13:d3:49:75:75:fe:1a:97:32:66:b2:
         26:2e:b6:52:1d:a8:e7:03:36:28:92:d3:37:56:bf:60:85:02:
         ea:ee:b8:02:4f:48:b4:f1:46:63:e1:97:32:76:84:0c:b6:de:
         6f:90:85:52:1e:9c:43:0f:b8:7c:dd:cc:c2:f7:ae:66:5e:41:
         a6:40:ff:fb:30:c5:de:74:36:3b:57:ce:5d:82:15:ff:b0:dd:
         24:a4:81:db:7e:05:fd:1c:74:2f:09:f0:44:28:2b:b2:94:2a:
         ff:a3:ac:b3:6a:0a:c7:a9:5d:a6:d1:25:00:a7:d1:6c:98:db:
         e6:98:a7:e0:ba:2e:8e:ec:99:dc:5e:e7:36:f6:e5:dd:af:eb:
         c6:91:1e:29:56:1c:33:d9:e6:4c:bd:99:00:48:03:b5:b6:78:
         c1:e0:31:61:05:5a:07:d4:fa:98:de:9e:81:f0:03:fd:cf:fe:
         ea:ea:75:de:dd:45:11:48:b8:2b:85:33:e8:ac:3e:b8:b4:7b:
         a7:32:60:68:fa:f7:80:76:ae:57:3b:ef:81:64:35:34:f9:00:
         eb:86:f4:bb
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECMoz3DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NTZlZjQ4ZWQ2MTU1ZGQ3ODQzZWVkMzYzMjQ2OWFiYWEzMTAwYmYzMB4XDTIyMDEw
MTE0MDIwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODFmMmJhMWNjN2Jh
ZGQ5MjE3ZDdjODkyYzEzYTBhNzM2ZjQxOTExNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOPGhmbXnYSKif+e7ScLl9EjlFTrmI8YTIROpjSkQNDm5JAc
e8B+OQW42K+1xLZU8agRSjUQWUhMql8WZ3yNZ4Z/TYLqxUxrg+Q+wp86YkN4C7NO
j7ku3BK4ivneDBt8p0mPuMeNoB/D+3DWkQ7XnLDjXn+cmuD6FTysP5sOXEcf+vVk
roTNEIxKkkLCa7zk5QmvdSYXBwZpYtqWKowoG9/BATp+eY1TWlF53AUE4plZzmiH
JK3ka0kPYwrJiY80N1Lnpl7BV2IjGxComPFZ+J4D/8quU0GayTNm6xESJn2ODlXW
3Q79t0ARCpVmA2aHJSQ2r3/bGux0uc5+TgVJSykCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSB8rocx7rdkhfXyJLBOgpzb0GRFTAfBgNVHSMEGDAWgBTVbvSO1hVd14Q+
7TYyRpq6oxAL8zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFXNzBqdFlWWGRlRVB1MDJNa2FhdXFNUUNfTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvNThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8x
L2dmSzZITWU2M1pJWDE4aVN3VG9LYzI5QmtSVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
NThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRkZi8xLzFXNzBqdFlWWGRl
RVB1MDJNa2FhdXFNUUNfTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBioOjwDfwDANBgkqhkiG9w0BAQsF
AAOCAQEAfmDCDras+zffaWCZf05kesEM+5VEJLUFRHL9OedzOEf8i5qIWqvtqdpr
bhPTSXV1/hqXMmayJi62Uh2o5wM2KJLTN1a/YIUC6u64Ak9ItPFGY+GXMnaEDLbe
b5CFUh6cQw+4fN3MwveuZl5BpkD/+zDF3nQ2O1fOXYIV/7DdJKSB234F/Rx0Lwnw
RCgrspQq/6Oss2oKx6ldptElAKfRbJjb5pin4LoujuyZ3F7nNvbl3a/rxpEeKVYc
M9nmTL2ZAEgDtbZ4weAxYQVaB9T6mN6egfAD/c/+6up13t1FEUi4K4Uz6Kw+uLR7
pzJgaPr3gHauVzvvgWQ1NPkA64b0uw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:12 2023 by rpki-client on console-ams.rpki-client.org