Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Tf8Gwq8wHxJPe7hiDba9sb_dUhs.roa
File:                     Tf8Gwq8wHxJPe7hiDba9sb_dUhs.roa (raw, json)
Hash identifier:          peSqoUIeg4OnTcXxQ52Ry60xrqHb01TwuVgxEz803RU=
Subject key identifier:   4D:FF:06:C2:AF:30:1F:12:4F:7B:B8:62:0D:B6:BD:B1:BF:DD:52:1B
Certificate issuer:       /CN=0efd1cad121902755089e3ca80ba6d7ccc4b9b71
Certificate serial:       01821130D8A7214057B8ED42406502111465
Authority key identifier: 0E:FD:1C:AD:12:19:02:75:50:89:E3:CA:80:BA:6D:7C:CC:4B:9B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dv0crRIZAnVQiePKgLptfMxLm3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Tf8Gwq8wHxJPe7hiDba9sb_dUhs.roa
Signing time:             Mon 18 Jul 2022 12:03:09 +0000
ROA not before:           Mon 18 Jul 2022 12:03:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212488
IP address blocks:        2001:67c:3f8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:11:30:d8:a7:21:40:57:b8:ed:42:40:65:02:11:14:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0efd1cad121902755089e3ca80ba6d7ccc4b9b71
        Validity
            Not Before: Jul 18 12:03:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4dff06c2af301f124f7bb8620db6bdb1bfdd521b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:79:b3:3c:30:83:e7:a4:ed:63:47:28:5b:8c:
                    7e:e9:cc:3a:d2:5c:30:ec:02:71:c4:96:51:56:9a:
                    4a:3f:79:dc:23:a6:51:94:b5:7c:91:5e:b5:f1:10:
                    c3:9d:c3:df:f3:45:fa:fd:a6:f9:65:5e:fb:6a:ee:
                    aa:31:c7:f0:4f:22:41:18:9f:b6:9e:79:fe:bb:c9:
                    c6:62:dc:dc:29:db:fa:63:28:9a:f9:73:63:9d:d4:
                    44:33:34:e9:5a:62:52:ff:a3:e9:48:34:52:b9:6f:
                    cf:bf:da:a1:c6:7c:88:06:23:d7:62:e6:c8:50:c0:
                    b5:24:8b:35:e3:3c:cb:f4:2e:d8:f6:ba:68:4b:4b:
                    30:e3:2d:52:a7:72:7c:89:bf:d7:8c:ce:c7:b4:7f:
                    f4:81:78:87:c1:6d:b5:c9:6c:e1:d6:8a:3f:51:87:
                    b9:ba:5f:fc:45:ec:48:7b:60:dd:13:bf:06:2a:b0:
                    34:08:44:54:ef:36:ba:2c:bc:0d:5b:15:e3:ad:51:
                    1b:ff:5e:a0:5b:6e:e1:f2:dd:fb:4f:d5:51:e7:5a:
                    35:b9:9e:32:49:4e:9d:6f:1b:8a:ce:36:dc:f9:02:
                    f2:d2:c0:8b:81:1d:a9:45:cc:98:a9:ef:65:1a:d3:
                    6f:0d:61:62:6c:89:ef:8b:2e:a8:c1:97:e8:21:49:
                    ae:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:FF:06:C2:AF:30:1F:12:4F:7B:B8:62:0D:B6:BD:B1:BF:DD:52:1B
            X509v3 Authority Key Identifier:
                keyid:0E:FD:1C:AD:12:19:02:75:50:89:E3:CA:80:BA:6D:7C:CC:4B:9B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dv0crRIZAnVQiePKgLptfMxLm3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Tf8Gwq8wHxJPe7hiDba9sb_dUhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/df99d3-5028-4361-b795-3af4a9463b77/1/Dv0crRIZAnVQiePKgLptfMxLm3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:3f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:96:ce:7d:f4:0a:78:99:d4:08:37:9b:67:92:59:85:4a:f2:
         e1:8e:09:e9:92:87:01:04:af:f8:f7:cb:55:a4:ef:cb:9c:a0:
         44:fc:13:c2:5e:05:f4:ca:58:35:14:c5:6d:51:0f:d6:0d:d5:
         7b:9e:d7:25:9c:db:db:14:ad:20:b4:eb:96:4f:53:73:07:c1:
         51:43:32:19:2a:41:cc:5d:d0:46:8f:fc:00:b4:66:0e:f0:a4:
         fb:c1:0f:23:d6:f8:4c:07:e4:cd:ed:77:22:0c:f4:f8:af:dd:
         5e:d8:f0:02:d1:58:37:d0:85:5b:5c:01:68:dc:c6:e1:39:10:
         0a:46:f1:98:ed:0e:5e:21:ff:24:e8:10:b7:f0:25:2c:56:e4:
         bb:d9:4a:93:02:80:de:f4:5f:96:e0:99:e0:e0:85:a7:8a:c6:
         23:c2:ba:a9:97:23:05:47:cb:c5:2b:b9:e9:29:5b:55:0f:ef:
         e7:7f:5d:63:50:48:0e:7a:c8:ff:b3:0c:ec:a9:e6:2d:ab:e5:
         bd:8a:a3:bd:f1:c9:1d:a4:9f:7a:6f:01:ab:59:b5:f9:d0:25:
         b3:28:92:25:19:ff:56:ee:97:47:6d:b4:92:67:7d:db:cd:15:
         1e:96:3d:df:b8:b9:c4:05:9f:b6:e9:39:a7:4b:74:54:08:e3:
         97:90:61:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYIRMNinIUBXuO1CQGUCERRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZmQxY2FkMTIxOTAyNzU1MDg5ZTNjYTgwYmE2ZDdjY2M0
YjliNzEwHhcNMjIwNzE4MTIwMzA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGZmMDZjMmFmMzAxZjEyNGY3YmI4NjIwZGI2YmRiMWJmZGQ1MjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnmzPDCD56TtY0coW4x+6cw60lww
7AJxxJZRVppKP3ncI6ZRlLV8kV618RDDncPf80X6/ab5ZV77au6qMcfwTyJBGJ+2
nnn+u8nGYtzcKdv6Yyia+XNjndREMzTpWmJS/6PpSDRSuW/Pv9qhxnyIBiPXYubI
UMC1JIs14zzL9C7Y9rpoS0sw4y1Sp3J8ib/XjM7HtH/0gXiHwW21yWzh1oo/UYe5
ul/8RexIe2DdE78GKrA0CERU7za6LLwNWxXjrVEb/16gW27h8t37T9VR51o1uZ4y
SU6dbxuKzjbc+QLy0sCLgR2pRcyYqe9lGtNvDWFibInviy6owZfoIUmu2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE3/BsKvMB8ST3u4Yg22vbG/3VIbMB8GA1UdIwQY
MBaAFA79HK0SGQJ1UInjyoC6bXzMS5txMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHYwY3JSSVpBblZRaWVQS2dMcHRmTXhMbTNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9kZjk5ZDMtNTAyOC00MzYxLWI3OTUt
M2FmNGE5NDYzYjc3LzEvVGY4R3dxOHdIeEpQZTdoaURiYTlzYl9kVWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9kZjk5ZDMtNTAyOC00MzYxLWI3OTUtM2FmNGE5NDYzYjc3
LzEvRHYwY3JSSVpBblZRaWVQS2dMcHRmTXhMbTNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAP4
MA0GCSqGSIb3DQEBCwUAA4IBAQBtls599Ap4mdQIN5tnklmFSvLhjgnpkocBBK/4
98tVpO/LnKBE/BPCXgX0ylg1FMVtUQ/WDdV7ntclnNvbFK0gtOuWT1NzB8FRQzIZ
KkHMXdBGj/wAtGYO8KT7wQ8j1vhMB+TN7XciDPT4r91e2PAC0Vg30IVbXAFo3Mbh
ORAKRvGY7Q5eIf8k6BC38CUsVuS72UqTAoDe9F+W4Jng4IWnisYjwrqplyMFR8vF
K7npKVtVD+/nf11jUEgOesj/swzsqeYtq+W9iqO98ckdpJ96bwGrWbX50CWzKJIl
Gf9W7pdHbbSSZ33bzRUelj3fuLnEBZ+26TmnS3RUCOOXkGGf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:12 2024 by rpki-client on console-ams.rpki-client.org