Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IPkdeR_cqqdDEsLBylkr6zzIW08.roa
File:                     IPkdeR_cqqdDEsLBylkr6zzIW08.roa (raw, json)
Hash identifier:          NNoDYzb3KSo6OTq7prUkEpTqrH39VS3yLXFXtW3dWtM=
Subject key identifier:   20:F9:1D:79:1F:DC:AA:A7:43:12:C2:C1:CA:59:2B:EB:3C:C8:5B:4F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       014D5B72
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IPkdeR_cqqdDEsLBylkr6zzIW08.roa
Signing time:             Sat 01 Jan 2022 01:00:21 +0000
ROA not before:           Sat 01 Jan 2022 01:00:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212196
IP address blocks:        2a0c:b641:d0::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21846898 (0x14d5b72)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 01:00:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=20f91d791fdcaaa74312c2c1ca592beb3cc85b4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fb:f8:31:9f:69:2c:39:ea:dc:be:7c:b1:ea:
                    fc:58:86:7c:80:c2:c6:43:f0:5d:ef:a6:72:53:e8:
                    ae:8f:67:ff:5d:58:1d:87:24:3c:fc:a3:b0:0a:67:
                    ea:b3:4f:21:b8:2a:3c:e8:e2:a7:46:97:bd:ea:68:
                    fb:9d:db:b6:50:03:11:a1:3a:4e:01:a9:f4:86:bc:
                    46:75:58:b6:72:18:56:83:c1:52:a2:a6:52:75:7a:
                    3d:be:d5:7f:46:49:4d:d1:8b:42:8a:86:6f:ee:b8:
                    c1:55:32:9f:8c:f3:80:e8:a4:91:ff:4f:b6:e8:79:
                    34:6b:e3:27:97:1c:ad:6a:dc:8d:be:03:78:1f:01:
                    7d:97:b8:4d:41:55:01:2c:84:09:09:cc:df:90:06:
                    06:67:83:b7:5f:92:54:59:0e:1c:36:d5:15:e5:d0:
                    88:e8:5e:a9:c7:eb:16:7d:bc:a3:7c:69:45:af:96:
                    f3:8d:d2:45:c5:d5:9b:d0:c9:ef:0c:74:27:94:80:
                    1a:f8:8d:6b:a3:79:8d:dd:b8:92:a1:2f:72:89:0f:
                    fe:6d:be:46:e1:ec:39:b1:c4:43:39:f4:0e:9a:a4:
                    cf:f6:3b:04:16:23:c3:22:c2:06:dc:67:48:50:1a:
                    80:14:6a:15:93:39:68:18:da:e4:0c:ed:1d:b8:e6:
                    f2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F9:1D:79:1F:DC:AA:A7:43:12:C2:C1:CA:59:2B:EB:3C:C8:5B:4F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IPkdeR_cqqdDEsLBylkr6zzIW08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:82:15:e6:c0:eb:ca:2b:a0:5d:c8:ff:10:3b:24:35:52:8f:
         c0:36:14:44:cf:3a:08:cb:26:3a:fc:e7:1c:13:57:33:31:3e:
         84:f2:06:2d:11:72:51:54:ea:c7:73:14:72:75:90:dd:de:0d:
         31:b8:4f:99:0e:2e:f3:2e:fe:0f:ea:85:d1:79:68:fe:59:97:
         53:35:47:dd:2f:6e:d7:ef:dc:95:c1:2a:9e:15:eb:e9:6e:b9:
         7f:e9:c9:26:05:7c:cc:92:33:a1:11:cc:22:64:55:b6:c6:c6:
         b5:a4:52:6d:d0:29:0c:fa:4b:27:96:04:27:12:9a:eb:7a:72:
         13:9f:8a:22:16:45:cf:27:cd:79:28:26:dc:a3:e4:58:7a:44:
         74:bc:25:de:bf:b3:b7:b6:86:19:c8:4a:9d:b3:fe:a2:c1:9e:
         53:66:90:29:f8:9c:70:e9:0f:7c:c4:ec:4d:3f:ed:e1:6e:b2:
         04:17:84:19:38:1d:7e:31:41:b1:37:63:21:6c:1d:cc:74:d1:
         e3:f9:55:17:ad:a2:23:00:5a:19:25:06:4d:dc:10:6e:6f:f7:
         30:d7:84:98:0a:b3:b9:92:fb:a7:c0:1f:14:bd:d7:47:c8:3b:
         62:f3:c9:68:7a:86:5b:66:77:36:67:fa:97:d1:d3:29:7d:2d:
         7a:c2:85:23
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEAU1bcjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTk3NjgwMTM2M2QzNzU3ODYxNTJlNGQwNjFlNzVjOGJlYjM1MDU4MB4XDTIyMDEw
MTAxMDAyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjBmOTFkNzkxZmRj
YWFhNzQzMTJjMmMxY2E1OTJiZWIzY2M4NWI0ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ37+DGfaSw56ty+fLHq/FiGfIDCxkPwXe+mclPoro9n/11Y
HYckPPyjsApn6rNPIbgqPOjip0aXvepo+53btlADEaE6TgGp9Ia8RnVYtnIYVoPB
UqKmUnV6Pb7Vf0ZJTdGLQoqGb+64wVUyn4zzgOikkf9Ptuh5NGvjJ5ccrWrcjb4D
eB8BfZe4TUFVASyECQnM35AGBmeDt1+SVFkOHDbVFeXQiOheqcfrFn28o3xpRa+W
843SRcXVm9DJ7wx0J5SAGviNa6N5jd24kqEvcokP/m2+RuHsObHEQzn0Dpqkz/Y7
BBYjwyLCBtxnSFAagBRqFZM5aBja5AztHbjm8ssCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQg+R15H9yqp0MSwsHKWSvrPMhbTzAfBgNVHSMEGDAWgBQFl2gBNj03V4YV
Lk0GHnXIvrNQWDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JaZG9BVFk5TjFlR0ZTNU5CaDUxeUw2elVGZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvMmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBmZC8x
L0lQa2RlUl9jcXFkREVzTEJ5bGtyNnp6SVcwOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
MmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBmZC8xL0JaZG9BVFk5TjFl
R0ZTNU5CaDUxeUw2elVGZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoMtkEA0DANBgkqhkiG9w0BAQsF
AAOCAQEAToIV5sDryiugXcj/EDskNVKPwDYURM86CMsmOvznHBNXMzE+hPIGLRFy
UVTqx3MUcnWQ3d4NMbhPmQ4u8y7+D+qF0Xlo/lmXUzVH3S9u1+/clcEqnhXr6W65
f+nJJgV8zJIzoRHMImRVtsbGtaRSbdApDPpLJ5YEJxKa63pyE5+KIhZFzyfNeSgm
3KPkWHpEdLwl3r+zt7aGGchKnbP+osGeU2aQKficcOkPfMTsTT/t4W6yBBeEGTgd
fjFBsTdjIWwdzHTR4/lVF62iIwBaGSUGTdwQbm/3MNeEmAqzuZL7p8AfFL3XR8g7
YvPJaHqGW2Z3Nmf6l9HTKX0tesKFIw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:15 2024 by rpki-client on console-fra.rpki-client.org