Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/JzS-Q1lxPg19jNG0vJPwDqTjz6g.roa
File:                     JzS-Q1lxPg19jNG0vJPwDqTjz6g.roa (raw, json)
Hash identifier:          UMuZjDt4kWYn5zVn6Jz5mNKsRvSsQYoS05d2W747XU0=
Subject key identifier:   27:34:BE:43:59:71:3E:0D:7D:8C:D1:B4:BC:93:F0:0E:A4:E3:CF:A8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       014F02F1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/JzS-Q1lxPg19jNG0vJPwDqTjz6g.roa
Signing time:             Sat 01 Jan 2022 01:00:22 +0000
ROA not before:           Sat 01 Jan 2022 01:00:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212424
IP address blocks:        2a0c:b641:2f0::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21955313 (0x14f02f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 01:00:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2734be4359713e0d7d8cd1b4bc93f00ea4e3cfa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0c:0e:d2:46:4b:7c:58:ef:b1:9e:73:e7:ac:
                    56:be:c2:4c:b3:e0:65:00:2f:da:a6:a1:ce:49:0a:
                    6c:c1:09:f1:79:1d:83:85:92:48:b1:c0:24:74:89:
                    71:83:13:e1:c1:c8:a2:56:da:ca:f2:88:c1:29:0c:
                    d1:a1:78:f0:86:d8:50:2a:e6:66:02:0e:04:ee:0b:
                    f8:a2:d1:dc:85:9c:ce:27:9d:9b:f6:6a:a8:ee:5d:
                    3c:f6:46:dc:a1:67:be:56:5e:6d:29:69:33:5d:7a:
                    a9:7f:85:87:e7:10:41:7c:27:c2:93:a6:a6:d5:bc:
                    48:38:61:05:e3:75:71:9e:4e:fa:70:00:0b:dd:b5:
                    c3:27:90:2a:fe:1d:1a:1f:28:f3:a4:b9:fc:ea:af:
                    c9:4c:2f:43:2d:cb:75:a8:d0:e8:ff:41:fe:3a:c3:
                    1b:50:49:c8:1f:f8:e0:3b:cf:00:10:f5:f6:d0:e1:
                    39:b7:22:ed:3e:12:e4:c5:cc:a2:3a:ce:d5:65:9c:
                    9f:15:5e:87:cb:e4:a4:7b:04:f7:f6:1b:40:67:ee:
                    67:f5:32:79:4d:15:dd:49:70:01:89:ec:88:01:3a:
                    75:1b:7e:fc:72:5f:b2:c1:64:db:82:ac:99:5a:77:
                    fc:cb:53:1a:78:38:f2:f3:ca:df:ba:68:5c:6c:7d:
                    67:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:34:BE:43:59:71:3E:0D:7D:8C:D1:B4:BC:93:F0:0E:A4:E3:CF:A8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/JzS-Q1lxPg19jNG0vJPwDqTjz6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:2f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:2a:01:96:07:ed:2c:6f:cc:c1:4d:c9:6d:83:0b:a0:b3:b8:
         8a:36:54:6d:fc:5f:92:6c:d1:55:ea:17:47:c8:d6:c5:e6:61:
         b8:91:88:39:7c:cc:31:e3:9a:ce:5e:3a:bf:c3:5b:31:3b:74:
         9f:c6:25:32:07:f0:70:cd:e2:15:66:48:e2:ca:00:b6:0d:55:
         15:03:55:36:ca:42:01:8d:5e:7b:9a:f8:87:fd:3a:f1:72:95:
         5a:bc:18:e5:ce:e5:51:ef:40:d3:66:0f:f3:bf:3a:1b:d4:e8:
         b5:77:b4:d6:16:cd:44:7b:94:a3:98:44:92:49:df:e1:b6:66:
         08:49:75:b9:b2:ad:66:25:e4:81:6c:66:04:ae:9c:d7:aa:01:
         a3:c2:a9:43:2d:4a:67:de:d0:5e:81:e6:43:84:f2:c0:f7:68:
         14:19:73:2f:62:ee:65:03:b7:c1:69:64:25:74:ba:a6:26:17:
         81:73:68:7a:f7:c3:8d:27:43:c0:23:a9:9d:9d:0f:cf:21:7e:
         19:9e:8f:67:d9:12:24:6f:a4:6b:51:55:7c:d4:6f:a6:4d:e7:
         41:90:4a:30:c7:92:d5:4d:e6:45:2c:e3:af:2d:aa:57:38:2a:
         9c:a8:7d:45:0e:33:c3:c5:32:63:f8:7b:af:be:23:35:f8:24:
         e0:fd:5e:a0
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEAU8C8TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTk3NjgwMTM2M2QzNzU3ODYxNTJlNGQwNjFlNzVjOGJlYjM1MDU4MB4XDTIyMDEw
MTAxMDAyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjczNGJlNDM1OTcx
M2UwZDdkOGNkMWI0YmM5M2YwMGVhNGUzY2ZhODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALoMDtJGS3xY77Gec+esVr7CTLPgZQAv2qahzkkKbMEJ8Xkd
g4WSSLHAJHSJcYMT4cHIolbayvKIwSkM0aF48IbYUCrmZgIOBO4L+KLR3IWczied
m/ZqqO5dPPZG3KFnvlZebSlpM116qX+Fh+cQQXwnwpOmptW8SDhhBeN1cZ5O+nAA
C921wyeQKv4dGh8o86S5/OqvyUwvQy3LdajQ6P9B/jrDG1BJyB/44DvPABD19tDh
Obci7T4S5MXMojrO1WWcnxVeh8vkpHsE9/YbQGfuZ/UyeU0V3UlwAYnsiAE6dRt+
/HJfssFk24KsmVp3/MtTGng48vPK37poXGx9Z9sCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQnNL5DWXE+DX2M0bS8k/AOpOPPqDAfBgNVHSMEGDAWgBQFl2gBNj03V4YV
Lk0GHnXIvrNQWDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JaZG9BVFk5TjFlR0ZTNU5CaDUxeUw2elVGZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvMmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBmZC8x
L0p6Uy1RMWx4UGcxOWpORzB2SlB3RHFUano2Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
MmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBmZC8xL0JaZG9BVFk5TjFl
R0ZTNU5CaDUxeUw2elVGZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoMtkEC8DANBgkqhkiG9w0BAQsF
AAOCAQEASyoBlgftLG/MwU3JbYMLoLO4ijZUbfxfkmzRVeoXR8jWxeZhuJGIOXzM
MeOazl46v8NbMTt0n8YlMgfwcM3iFWZI4soAtg1VFQNVNspCAY1ee5r4h/068XKV
WrwY5c7lUe9A02YP8786G9TotXe01hbNRHuUo5hEkknf4bZmCEl1ubKtZiXkgWxm
BK6c16oBo8KpQy1KZ97QXoHmQ4TywPdoFBlzL2LuZQO3wWlkJXS6piYXgXNoevfD
jSdDwCOpnZ0PzyF+GZ6PZ9kSJG+ka1FVfNRvpk3nQZBKMMeS1U3mRSzjry2qVzgq
nKh9RQ4zw8UyY/h7r74jNfgk4P1eoA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:15 2024 by rpki-client on console-fra.rpki-client.org