Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0bfXoMLqmKuXBKtqa-vjQFBtYtY.roa
File:                     0bfXoMLqmKuXBKtqa-vjQFBtYtY.roa (raw, json)
Hash identifier:          jqDc7C7uN6XXezqCoTbcaCR3yGjuCwuYHWuFb/9ADuY=
Subject key identifier:   D1:B7:D7:A0:C2:EA:98:AB:97:04:AB:6A:6B:EB:E3:40:50:6D:62:D6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0181F3307D79D4A60C33F5D27040E6617088
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0bfXoMLqmKuXBKtqa-vjQFBtYtY.roa
Signing time:             Tue 12 Jul 2022 16:14:10 +0000
ROA not before:           Tue 12 Jul 2022 16:14:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209606
IP address blocks:        2a0c:b641:320::/44 maxlen: 48
                          2a0c:b641:200::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f3:30:7d:79:d4:a6:0c:33:f5:d2:70:40:e6:61:70:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul 12 16:14:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d1b7d7a0c2ea98ab9704ab6a6bebe340506d62d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1a:79:99:20:aa:a7:33:d0:5e:ee:9e:cf:31:
                    da:b6:d4:bf:4c:bb:8f:32:cb:48:c1:3b:c1:73:05:
                    97:1d:2b:fa:c1:52:b6:80:c0:ca:51:0e:36:c4:2d:
                    fa:c6:40:8f:e3:2b:29:b3:36:0e:31:c8:a1:b7:ac:
                    9c:ef:4e:d9:ba:78:7e:82:40:f6:e8:f7:ac:b1:0a:
                    de:be:8c:9e:f3:71:57:43:cc:85:5f:67:0b:89:2f:
                    3e:3e:e5:5f:ec:79:ad:d7:25:f9:ca:66:bf:d0:60:
                    23:93:eb:0c:89:8d:55:24:55:f4:23:7c:47:c8:9d:
                    ec:83:97:2e:65:1a:a9:a8:6e:eb:5c:c8:30:4f:b6:
                    fb:53:b0:b9:86:cd:7c:9d:06:ab:3a:28:e1:89:de:
                    eb:c0:82:84:ff:6a:63:8c:4c:ce:1c:ca:e9:6e:b4:
                    45:bd:ce:64:e3:a9:be:ce:ad:4e:42:2e:41:77:5d:
                    17:f7:07:cf:7d:2f:84:3f:39:26:2c:81:f1:7d:b6:
                    5b:7a:59:c1:be:bf:51:8d:2d:41:4e:2e:43:0f:f2:
                    4f:41:2f:03:ce:dc:25:d1:a2:55:39:4b:b9:a7:1b:
                    f2:cf:e0:dd:5a:91:05:ca:fe:42:7d:b0:21:64:f3:
                    2d:63:a9:5e:e2:24:4c:7e:5a:4d:6b:e5:d1:49:62:
                    f1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B7:D7:A0:C2:EA:98:AB:97:04:AB:6A:6B:EB:E3:40:50:6D:62:D6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0bfXoMLqmKuXBKtqa-vjQFBtYtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:200::/44
                  2a0c:b641:320::/44

    Signature Algorithm: sha256WithRSAEncryption
         05:9b:5e:21:ce:7c:a5:4c:31:23:9e:6e:7d:0d:be:f6:d8:17:
         9d:2f:af:65:f7:3d:e7:96:d4:b0:da:25:ed:15:ec:bf:19:5e:
         35:43:a3:87:44:0d:57:ff:66:f7:6c:c1:4f:46:07:59:28:31:
         1f:74:8b:9b:83:bc:20:3f:33:01:2e:60:d4:de:98:ba:06:65:
         60:d1:0c:ba:c0:36:69:45:f0:ab:df:5d:a7:cd:75:46:2b:f1:
         0c:bf:8b:c4:b9:dd:f9:c4:c8:7d:0c:54:75:75:97:fb:24:9a:
         ef:0a:c2:c0:ea:5e:79:c1:76:ef:c5:41:41:51:d4:ba:21:73:
         8f:b9:f6:f6:77:a0:f7:73:6a:1a:96:2e:2e:e6:d1:f6:f2:cf:
         bf:8c:55:68:06:5c:cb:c8:d3:40:62:6d:73:6e:07:16:66:07:
         af:f6:6d:e3:ef:76:49:e5:d5:fd:7c:e1:a5:bc:e4:ff:ae:5f:
         5c:32:7f:67:5c:fd:dd:d9:ec:46:50:8d:44:eb:68:b4:43:fa:
         94:24:97:76:f4:ff:15:9f:9d:74:d8:b5:48:9f:78:e4:02:38:
         19:6a:08:45:5c:3e:49:13:d3:28:77:4e:63:a2:2b:d2:7c:43:
         53:e5:55:04:66:3b:15:66:c6:5b:e5:ce:71:8d:b3:27:ae:8a:
         51:da:03:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYHzMH151KYMM/XScEDmYXCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjIwNzEyMTYxNDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI3ZDdhMGMyZWE5OGFiOTcwNGFiNmE2YmViZTM0MDUwNmQ2MmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxp5mSCqpzPQXu6ezzHattS/TLuP
MstIwTvBcwWXHSv6wVK2gMDKUQ42xC36xkCP4yspszYOMciht6yc707Zunh+gkD2
6PessQrevoye83FXQ8yFX2cLiS8+PuVf7Hmt1yX5yma/0GAjk+sMiY1VJFX0I3xH
yJ3sg5cuZRqpqG7rXMgwT7b7U7C5hs18nQarOijhid7rwIKE/2pjjEzOHMrpbrRF
vc5k46m+zq1OQi5Bd10X9wfPfS+EPzkmLIHxfbZbelnBvr9RjS1BTi5DD/JPQS8D
ztwl0aJVOUu5pxvyz+DdWpEFyv5CfbAhZPMtY6le4iRMflpNa+XRSWLxmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNG316DC6pirlwSramvr40BQbWLWMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMGJmWG9NTHFtS3VYQkt0cWEtdmpRRkJ0WXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgy2QQIA
AwcEKgy2QQMgMA0GCSqGSIb3DQEBCwUAA4IBAQAFm14hznylTDEjnm59Db722Bed
L69l9z3nltSw2iXtFey/GV41Q6OHRA1X/2b3bMFPRgdZKDEfdIubg7wgPzMBLmDU
3pi6BmVg0Qy6wDZpRfCr312nzXVGK/EMv4vEud35xMh9DFR1dZf7JJrvCsLA6l55
wXbvxUFBUdS6IXOPufb2d6D3c2oali4u5tH28s+/jFVoBlzLyNNAYm1zbgcWZgev
9m3j73ZJ5dX9fOGlvOT/rl9cMn9nXP3d2exGUI1E62i0Q/qUJJd29P8Vn5102LVI
n3jkAjgZaghFXD5JE9Mod05joivSfENT5VUEZjsVZsZb5c5xjbMnropR2gN3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:15 2024 by rpki-client on console-fra.rpki-client.org