Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Nz3X-cs7dLRQJLA9v_2K5N2x4EU.roa
File:                     Nz3X-cs7dLRQJLA9v_2K5N2x4EU.roa (raw, json)
Hash identifier:          GSvL61P3LuZHlSVNM+Oxmr1+ZWbg4x+u6Vll2VWWVUs=
Subject key identifier:   37:3D:D7:F9:CB:3B:74:B4:50:24:B0:3D:BF:FD:8A:E4:DD:B1:E0:45
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       010E8340
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Nz3X-cs7dLRQJLA9v_2K5N2x4EU.roa
Signing time:             Sat 01 Jan 2022 00:59:34 +0000
ROA not before:           Sat 01 Jan 2022 00:59:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60404
IP address blocks:        2a0c:b642:1a01::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17728320 (0x10e8340)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 00:59:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=373dd7f9cb3b74b45024b03dbffd8ae4ddb1e045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:14:a4:67:ee:c3:78:18:04:a8:1d:75:12:db:
                    6c:63:aa:4e:ae:3e:38:a2:fb:4d:b2:43:3f:cf:07:
                    13:d0:0a:a8:f5:8e:19:e9:2b:07:3a:94:35:45:3f:
                    08:64:e2:4f:c9:47:7d:cc:3d:f8:8e:f5:b3:5a:fb:
                    8b:e2:6c:18:a7:f3:e9:e3:b0:e4:88:76:59:08:a9:
                    ca:80:12:fc:c3:61:6f:df:68:81:0e:4b:df:6c:b6:
                    11:23:10:ed:fc:6f:1c:ea:aa:02:5e:ef:d9:32:1c:
                    5e:5f:94:e4:e9:37:b3:f4:46:18:b4:d9:2e:7e:20:
                    79:25:49:73:9d:a3:b5:80:da:87:bc:95:a9:9c:37:
                    eb:1e:a4:7d:90:aa:14:fd:20:dd:0f:89:5f:bd:27:
                    6d:0a:ff:25:e8:76:75:07:b0:0c:84:29:11:65:f3:
                    b6:da:c1:54:86:df:17:2c:51:85:03:15:26:9c:1b:
                    c1:bc:dd:ac:e7:77:a6:41:51:6d:c9:ae:d7:36:3e:
                    04:3b:44:83:46:ee:a9:b7:40:31:5b:e7:e3:1d:4e:
                    74:95:56:4a:9d:e7:d2:da:6b:74:74:4f:32:4e:d1:
                    52:47:6c:c9:b0:9b:16:9f:05:7a:4a:48:ab:b2:91:
                    1d:ef:1e:e0:dc:ac:a5:d1:84:f5:23:43:c2:23:b7:
                    dd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:3D:D7:F9:CB:3B:74:B4:50:24:B0:3D:BF:FD:8A:E4:DD:B1:E0:45
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Nz3X-cs7dLRQJLA9v_2K5N2x4EU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a01::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:dc:e4:4c:75:f9:46:05:5a:40:b5:5b:02:ab:ac:b8:20:14:
         dd:9a:d4:04:4d:a9:f5:bb:97:4a:0b:6e:f9:59:16:2e:de:11:
         50:90:ed:25:41:a9:df:cc:2b:02:82:f1:74:7c:e6:c2:24:e5:
         21:26:0f:c0:67:a2:0a:db:05:45:64:4e:ce:5b:02:ca:fb:43:
         54:2d:45:fa:84:16:37:f8:a3:ab:3e:1a:e6:2c:51:23:eb:42:
         a1:9f:a0:9d:cc:d3:13:6f:33:14:23:b7:09:cd:a0:e7:7f:f4:
         2a:79:de:eb:b9:9d:31:b8:8b:43:96:4f:f4:30:28:88:b8:7e:
         72:0d:44:a7:78:1d:75:44:09:72:65:cc:13:89:d9:a7:1e:2d:
         90:99:5f:23:05:bd:e4:ff:5c:cf:ae:0d:86:9b:7d:c2:95:4f:
         ca:d1:e9:a0:b4:25:64:3d:84:95:d3:ab:2b:90:84:c5:d4:32:
         14:ae:74:17:04:66:d9:f6:7f:4a:a6:fa:31:cb:45:cb:09:bc:
         ce:c8:49:72:af:4a:79:ac:e7:29:3e:d8:56:d3:d9:31:3c:1b:
         91:cb:5a:d5:79:a7:be:50:13:a8:0e:24:5c:10:16:15:62:54:
         a1:9f:7f:db:31:5d:4b:1a:67:50:7a:76:82:24:92:88:cd:8e:
         08:af:b9:e7
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEAQ6DQDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTk3NjgwMTM2M2QzNzU3ODYxNTJlNGQwNjFlNzVjOGJlYjM1MDU4MB4XDTIyMDEw
MTAwNTkzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzczZGQ3ZjljYjNi
NzRiNDUwMjRiMDNkYmZmZDhhZTRkZGIxZTA0NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK4UpGfuw3gYBKgddRLbbGOqTq4+OKL7TbJDP88HE9AKqPWO
GekrBzqUNUU/CGTiT8lHfcw9+I71s1r7i+JsGKfz6eOw5Ih2WQipyoAS/MNhb99o
gQ5L32y2ESMQ7fxvHOqqAl7v2TIcXl+U5Ok3s/RGGLTZLn4geSVJc52jtYDah7yV
qZw36x6kfZCqFP0g3Q+JX70nbQr/Jeh2dQewDIQpEWXzttrBVIbfFyxRhQMVJpwb
wbzdrOd3pkFRbcmu1zY+BDtEg0buqbdAMVvn4x1OdJVWSp3n0tprdHRPMk7RUkds
ybCbFp8FekpIq7KRHe8e4NyspdGE9SNDwiO33SMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQ3Pdf5yzt0tFAksD2//Yrk3bHgRTAfBgNVHSMEGDAWgBQFl2gBNj03V4YV
Lk0GHnXIvrNQWDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JaZG9BVFk5TjFlR0ZTNU5CaDUxeUw2elVGZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvMmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBmZC8x
L056M1gtY3M3ZExSUUpMQTl2XzJLNU4yeDRFVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
MmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBmZC8xL0JaZG9BVFk5TjFl
R0ZTNU5CaDUxeUw2elVGZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoMtkIaATANBgkqhkiG9w0BAQsF
AAOCAQEAXtzkTHX5RgVaQLVbAqusuCAU3ZrUBE2p9buXSgtu+VkWLt4RUJDtJUGp
38wrAoLxdHzmwiTlISYPwGeiCtsFRWROzlsCyvtDVC1F+oQWN/ijqz4a5ixRI+tC
oZ+gnczTE28zFCO3Cc2g53/0Knne67mdMbiLQ5ZP9DAoiLh+cg1Ep3gddUQJcmXM
E4nZpx4tkJlfIwW95P9cz64Nhpt9wpVPytHpoLQlZD2EldOrK5CExdQyFK50FwRm
2fZ/Sqb6MctFywm8zshJcq9KeaznKT7YVtPZMTwbkcta1XmnvlATqA4kXBAWFWJU
oZ9/2zFdSxpnUHp2giSSiM2OCK+55w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:15 2024 by rpki-client on console-fra.rpki-client.org