Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/ny3oB9YTZMlY_NpIgmvTzIFHsUU.roa
File:                     ny3oB9YTZMlY_NpIgmvTzIFHsUU.roa (raw, json)
Hash identifier:          4i8aNzZJinFOz22lcrcvkhbOSBbgrx0Yk2KauQdVPfk=
Subject key identifier:   9F:2D:E8:07:D6:13:64:C9:58:FC:DA:48:82:6B:D3:CC:81:47:B1:45
Certificate issuer:       /CN=505127723ea0cfd0724713b291734caa353e20ea
Certificate serial:       078EACDE
Authority key identifier: 50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/ny3oB9YTZMlY_NpIgmvTzIFHsUU.roa
Signing time:             Sat 01 Jan 2022 09:01:25 +0000
ROA not before:           Sat 01 Jan 2022 09:01:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206479
IP address blocks:        2a07:a907:50d::/48 maxlen: 128

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 126790878 (0x78eacde)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505127723ea0cfd0724713b291734caa353e20ea
        Validity
            Not Before: Jan  1 09:01:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9f2de807d61364c958fcda48826bd3cc8147b145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:29:f6:61:1f:fa:78:5a:4f:1c:81:b7:9d:e1:
                    13:8e:07:4e:11:fa:99:1f:29:0d:71:3a:a5:c7:33:
                    9f:c0:29:95:5f:c5:aa:0c:d4:45:b3:42:23:e3:8e:
                    99:23:46:ba:11:16:6b:d1:24:31:a5:54:86:d5:e0:
                    b7:1f:d0:e3:77:d3:52:76:93:fa:63:da:80:a3:e5:
                    41:c5:14:24:f1:cc:47:01:f0:f4:f5:b2:dc:16:99:
                    11:73:8c:5d:14:4a:a1:cd:9a:82:c8:56:ff:9e:ee:
                    41:4b:f9:b4:67:11:69:83:84:bd:e5:8d:2c:06:30:
                    aa:6d:0c:42:df:b4:b7:ae:8b:d7:eb:79:34:47:29:
                    da:ef:b0:2b:cb:76:5f:d9:b5:7d:0b:21:a5:e9:cf:
                    91:3a:b0:d9:49:b5:09:a7:ef:2f:b2:1b:ff:fe:46:
                    ca:12:fb:cd:60:87:52:e5:01:dc:cf:64:08:b8:16:
                    b3:10:b8:1a:5f:5c:25:ab:c3:21:e4:42:4c:d0:7f:
                    9c:4e:1d:00:b1:c8:a5:b7:08:1d:bc:fa:35:ae:34:
                    24:a1:78:ed:ce:65:ce:df:f0:5b:83:27:33:6b:77:
                    82:14:37:d9:af:d4:e2:30:df:ce:39:a4:63:65:10:
                    a9:11:15:d9:06:34:91:e6:b3:5d:3c:19:05:76:3b:
                    da:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:2D:E8:07:D6:13:64:C9:58:FC:DA:48:82:6B:D3:CC:81:47:B1:45
            X509v3 Authority Key Identifier:
                keyid:50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/ny3oB9YTZMlY_NpIgmvTzIFHsUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:a907:50d::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:2e:e7:23:22:23:15:2d:30:c0:4d:09:69:7e:d6:1a:33:15:
         d0:72:04:11:9b:ef:d2:b2:42:25:20:96:d3:7c:27:1b:7e:6b:
         7a:72:88:f5:7c:98:6f:b3:10:0b:65:f1:0a:5f:d8:cf:56:57:
         f5:a9:6e:39:b5:3b:5a:00:49:42:33:99:66:1a:9c:e3:7d:2a:
         5a:5c:bd:aa:88:9e:5d:f8:05:06:20:cb:ba:a9:d2:76:5c:95:
         27:a2:6c:8b:d7:7f:34:1f:fd:41:4d:ef:4a:96:4d:c5:af:3c:
         c8:8c:7b:e2:50:9b:e1:e9:d5:8d:22:18:2c:9c:ef:48:f6:d4:
         0c:a3:b5:0c:80:8c:86:d1:b5:ef:62:2f:20:39:47:db:e9:a4:
         42:15:a0:af:ae:5a:32:5d:de:94:0f:19:7d:ea:ac:de:69:f2:
         80:3b:99:1b:e1:78:0f:c2:aa:ec:6a:88:99:b9:6d:1d:cc:fa:
         6c:54:53:07:2b:eb:d3:c4:65:97:28:d3:fd:11:3e:7d:0e:c1:
         18:6b:72:1c:53:40:35:80:6a:2a:50:f6:5e:02:9d:d0:73:2d:
         fb:4e:4f:cf:d8:37:d3:7c:ee:36:e4:54:0b:4c:4a:c4:22:35:
         f8:7f:80:e2:07:7b:02:8e:8f:a9:05:41:6f:53:4c:73:0b:87:
         f3:96:97:d1
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEB46s3jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
MDUxMjc3MjNlYTBjZmQwNzI0NzEzYjI5MTczNGNhYTM1M2UyMGVhMB4XDTIyMDEw
MTA5MDEyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWYyZGU4MDdkNjEz
NjRjOTU4ZmNkYTQ4ODI2YmQzY2M4MTQ3YjE0NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANgp9mEf+nhaTxyBt53hE44HThH6mR8pDXE6pcczn8AplV/F
qgzURbNCI+OOmSNGuhEWa9EkMaVUhtXgtx/Q43fTUnaT+mPagKPlQcUUJPHMRwHw
9PWy3BaZEXOMXRRKoc2agshW/57uQUv5tGcRaYOEveWNLAYwqm0MQt+0t66L1+t5
NEcp2u+wK8t2X9m1fQshpenPkTqw2Um1CafvL7Ib//5GyhL7zWCHUuUB3M9kCLgW
sxC4Gl9cJavDIeRCTNB/nE4dALHIpbcIHbz6Na40JKF47c5lzt/wW4MnM2t3ghQ3
2a/U4jDfzjmkY2UQqREV2QY0keazXTwZBXY72r0CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSfLegH1hNkyVj82kiCa9PMgUexRTAfBgNVHSMEGDAWgBRQUSdyPqDP0HJH
E7KRc0yqNT4g6jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1VGRW5jajZnejlCeVJ4T3lrWE5NcWpVLUlPby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzgvYTkwNDIzLTBiNGItNDk5Zi1iZTY2LTU1NjA4YjY5NDQ1Ni8x
L255M29COVlUWk1sWV9OcElnbXZUeklGSHNVVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgv
YTkwNDIzLTBiNGItNDk5Zi1iZTY2LTU1NjA4YjY5NDQ1Ni8xL1VGRW5jajZnejlC
eVJ4T3lrWE5NcWpVLUlPby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoHqQcFDTANBgkqhkiG9w0BAQsF
AAOCAQEAJy7nIyIjFS0wwE0JaX7WGjMV0HIEEZvv0rJCJSCW03wnG35renKI9XyY
b7MQC2XxCl/Yz1ZX9aluObU7WgBJQjOZZhqc430qWly9qoieXfgFBiDLuqnSdlyV
J6Jsi9d/NB/9QU3vSpZNxa88yIx74lCb4enVjSIYLJzvSPbUDKO1DICMhtG172Iv
IDlH2+mkQhWgr65aMl3elA8Zfeqs3mnygDuZG+F4D8Kq7GqImbltHcz6bFRTByvr
08RllyjT/RE+fQ7BGGtyHFNANYBqKlD2XgKd0HMt+05Pz9g303zuNuRUC0xKxCI1
+H+A4gd7Ao6PqQVBb1NMcwuH85aX0Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:41 2024 by rpki-client on console-fra.rpki-client.org