Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/CtZ9PpXW5RGF5G5atFM-LbWutHg.roa
File:                     CtZ9PpXW5RGF5G5atFM-LbWutHg.roa (raw, json)
Hash identifier:          VYVK9ATWISmK93Wx9couUcWNKPrb3Xr2b6dOeXpCb+8=
Subject key identifier:   0A:D6:7D:3E:95:D6:E5:11:85:E4:6E:5A:B4:53:3E:2D:B5:AE:B4:78
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       16EC5C8A
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/CtZ9PpXW5RGF5G5atFM-LbWutHg.roa
Signing time:             Sat 01 Jan 2022 05:54:59 +0000
ROA not before:           Sat 01 Jan 2022 05:54:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        2a04:e4c4:5::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 384588938 (0x16ec5c8a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Jan  1 05:54:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0ad67d3e95d6e51185e46e5ab4533e2db5aeb478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ac:7a:1c:26:e8:1d:21:68:29:28:91:8c:55:
                    9a:54:b4:53:1a:8e:f5:24:a1:36:f8:42:0d:41:fb:
                    a4:a7:e3:b9:5a:73:ae:e1:ad:a8:c1:4f:bc:7e:f1:
                    c1:92:48:a5:a3:45:77:a3:c1:44:ea:97:5c:a8:39:
                    8e:43:2a:16:3f:e8:0a:2c:9c:67:cc:5e:6e:51:07:
                    6e:22:18:fe:1e:7a:b3:91:0d:4c:91:b6:f9:d0:d3:
                    44:4b:29:42:95:0f:21:a0:d7:96:8d:6e:73:87:5a:
                    aa:78:f0:05:d9:50:dd:0d:2d:0f:10:ac:40:0d:b0:
                    3c:6b:47:0b:96:43:14:2a:77:96:03:06:2a:25:95:
                    73:df:38:7f:33:88:b4:e1:f8:fc:50:10:c1:85:a7:
                    1f:5a:ae:fa:ec:12:b8:55:bd:2a:9d:9c:3c:d7:e1:
                    5f:6a:8e:59:7c:1e:01:bc:62:62:05:0a:77:f9:58:
                    dc:fd:b2:a3:d9:13:69:f3:90:2e:92:73:f9:ad:fc:
                    cc:78:be:78:d0:74:09:da:e2:be:6d:bc:2c:b4:fc:
                    26:fc:3a:d4:03:60:2b:98:62:0d:d1:9b:53:35:f4:
                    0e:99:75:55:e5:e8:c0:41:58:cb:70:2e:3b:e1:7d:
                    e0:f1:02:40:d6:e2:37:9b:07:91:f3:d1:89:9a:59:
                    32:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D6:7D:3E:95:D6:E5:11:85:E4:6E:5A:B4:53:3E:2D:B5:AE:B4:78
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/CtZ9PpXW5RGF5G5atFM-LbWutHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:e4c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:09:d7:43:9d:06:4e:01:fb:e7:c5:3a:f9:81:da:d5:55:36:
         94:70:22:10:0f:11:cb:13:2b:7b:c4:21:0e:5f:d8:4a:ae:1a:
         8c:5c:77:ee:f2:b9:66:27:4d:fc:f2:81:4c:47:26:88:b1:b3:
         0a:90:03:43:b8:3f:52:9d:a9:f3:6b:a1:60:1b:19:78:ae:2d:
         5f:ab:55:be:43:1f:35:46:62:d6:fe:18:1f:53:c9:54:e2:4a:
         41:b3:35:66:a4:1a:d1:79:0a:7d:86:d1:a3:5a:69:36:bb:70:
         81:5a:06:9d:4d:a2:39:4f:e2:4d:c6:75:5e:9e:6e:50:bc:1c:
         5b:fc:cf:b9:f0:bf:50:10:69:b0:fe:ad:a4:9d:f7:ef:20:65:
         bd:a0:29:c0:b9:6e:c3:cf:88:a2:14:6e:39:86:1f:96:9b:8f:
         26:28:fa:cd:52:02:7c:12:fb:0d:bd:4c:0b:92:b0:7f:00:09:
         5a:df:c5:db:e5:dc:56:a6:72:bd:81:f7:6d:5c:a7:59:37:f6:
         fa:c4:4a:f4:e6:fb:2f:b7:ad:e4:54:ee:ed:13:af:5e:ab:68:
         9a:da:da:7e:80:5a:03:6f:2c:5a:0b:35:ce:e4:81:02:02:4c:
         89:26:92:c8:1c:dc:fb:cf:e5:31:2c:29:c4:84:c5:9b:39:fa:
         ee:f9:31:57
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEFuxcijANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
NzEzM2RjYWYyYjFlYmY1ZGFkZTVhMzNhYTFiMmZiOTlkMjY4OWJhMB4XDTIyMDEw
MTA1NTQ1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGFkNjdkM2U5NWQ2
ZTUxMTg1ZTQ2ZTVhYjQ1MzNlMmRiNWFlYjQ3ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJKsehwm6B0haCkokYxVmlS0UxqO9SShNvhCDUH7pKfjuVpz
ruGtqMFPvH7xwZJIpaNFd6PBROqXXKg5jkMqFj/oCiycZ8xeblEHbiIY/h56s5EN
TJG2+dDTREspQpUPIaDXlo1uc4daqnjwBdlQ3Q0tDxCsQA2wPGtHC5ZDFCp3lgMG
KiWVc984fzOItOH4/FAQwYWnH1qu+uwSuFW9Kp2cPNfhX2qOWXweAbxiYgUKd/lY
3P2yo9kTafOQLpJz+a38zHi+eNB0Cdrivm28LLT8Jvw61ANgK5hiDdGbUzX0Dpl1
VeXowEFYy3AuO+F94PECQNbiN5sHkfPRiZpZMjcCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQK1n0+ldblEYXkblq0Uz4tta60eDAfBgNVHSMEGDAWgBTnEz3K8rHr9dre
WjOqGy+5nSaJujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzV4TTl5dkt4Nl9YYTNsb3pxaHN2dVowbWliby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzIvNWU0ZGY4LWFlOGMtNDRhNy1iZDZlLTE5Y2U0NmE0MmZhNC8x
L0N0WjlQcFhXNVJHRjVHNWF0Rk0tTGJXdXRIZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIv
NWU0ZGY4LWFlOGMtNDRhNy1iZDZlLTE5Y2U0NmE0MmZhNC8xLzV4TTl5dkt4Nl9Y
YTNsb3pxaHN2dVowbWliby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoE5MQABTANBgkqhkiG9w0BAQsF
AAOCAQEApAnXQ50GTgH758U6+YHa1VU2lHAiEA8RyxMre8QhDl/YSq4ajFx37vK5
ZidN/PKBTEcmiLGzCpADQ7g/Up2p82uhYBsZeK4tX6tVvkMfNUZi1v4YH1PJVOJK
QbM1ZqQa0XkKfYbRo1ppNrtwgVoGnU2iOU/iTcZ1Xp5uULwcW/zPufC/UBBpsP6t
pJ337yBlvaApwLluw8+IohRuOYYflpuPJij6zVICfBL7Db1MC5KwfwAJWt/F2+Xc
VqZyvYH3bVynWTf2+sRK9Ob7L7et5FTu7ROvXqtomtrafoBaA28sWgs1zuSBAgJM
iSaSyBzc+8/lMSwpxITFmzn67vkxVw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:41 2024 by rpki-client on console-fra.rpki-client.org