Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/i2UAbpsfSElaK2cVVvsm_AfnxdI.roa
File:                     i2UAbpsfSElaK2cVVvsm_AfnxdI.roa (raw, json)
Hash identifier:          Th4Zc9LLXM0w7C8OXuy9WhgtS33BSO1CTQ3T2KHe4/4=
Subject key identifier:   8B:65:00:6E:9B:1F:48:49:5A:2B:67:15:56:FB:26:FC:07:E7:C5:D2
Certificate issuer:       /CN=0a35575b9947ace25ce87774c82775f18977fd19
Certificate serial:       04249D89
Authority key identifier: 0A:35:57:5B:99:47:AC:E2:5C:E8:77:74:C8:27:75:F1:89:77:FD:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/i2UAbpsfSElaK2cVVvsm_AfnxdI.roa
Signing time:             Sat 01 Jan 2022 14:05:59 +0000
ROA not before:           Sat 01 Jan 2022 14:05:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     766
IP address blocks:        2001:678:508::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 69508489 (0x4249d89)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a35575b9947ace25ce87774c82775f18977fd19
        Validity
            Not Before: Jan  1 14:05:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8b65006e9b1f48495a2b671556fb26fc07e7c5d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3b:ad:41:f5:05:37:84:c4:c1:6d:3a:25:13:
                    05:4d:91:0a:dc:ad:6b:3c:8c:3f:fc:bf:9b:a5:a1:
                    8d:0a:58:81:35:7a:5b:d4:ca:90:6e:e3:7a:55:e8:
                    e7:36:dd:4f:5d:ee:02:78:9c:b7:63:49:47:8d:64:
                    97:07:d5:e5:cc:cb:fc:89:f2:e6:1e:dd:84:9b:00:
                    0f:aa:29:fa:4d:ef:ae:14:67:54:07:05:63:74:1c:
                    70:49:fa:47:3b:a4:44:d6:dc:b8:0c:54:e2:9b:25:
                    cc:1b:06:40:b2:e9:b9:23:2d:1c:0c:11:0d:90:81:
                    05:10:53:eb:a7:d3:28:5e:7f:17:b3:35:77:44:1d:
                    fa:c5:5a:e0:bb:12:01:37:d0:18:90:66:95:6e:db:
                    ed:de:3c:22:a6:33:90:33:cd:78:c2:12:b7:61:f9:
                    0b:ea:fa:cd:40:ec:2c:48:b7:f4:d7:75:37:ab:b6:
                    b7:70:9a:58:81:73:c8:28:c7:b1:48:df:7e:5a:98:
                    b3:90:5c:91:1e:9a:3a:b8:00:f8:ab:a9:81:62:dc:
                    96:d8:39:c4:8f:6d:10:50:24:19:eb:b8:f0:83:b1:
                    f7:16:39:64:69:05:bf:35:19:dd:81:68:51:4c:83:
                    99:21:79:27:c4:c9:6e:6b:1b:b4:2d:05:19:9c:6a:
                    45:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:65:00:6E:9B:1F:48:49:5A:2B:67:15:56:FB:26:FC:07:E7:C5:D2
            X509v3 Authority Key Identifier:
                keyid:0A:35:57:5B:99:47:AC:E2:5C:E8:77:74:C8:27:75:F1:89:77:FD:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/i2UAbpsfSElaK2cVVvsm_AfnxdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0f2da9-f3d5-4ab4-babe-79d91ef827ce/1/CjVXW5lHrOJc6Hd0yCd18Yl3_Rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:508::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:f1:c3:9b:62:1a:42:a4:84:83:d5:93:fd:0b:1a:1f:ec:63:
         c6:9e:95:b0:76:d8:c7:0c:31:0d:10:2c:b9:20:55:56:05:77:
         45:88:17:69:9b:26:f0:d1:37:8b:a7:22:89:22:9a:cb:12:0f:
         fc:01:ca:79:58:ab:0e:d9:ae:56:dd:a1:97:5b:92:8e:a8:69:
         34:9a:39:7c:78:31:9f:23:aa:67:2b:d6:4d:02:6a:94:bb:a7:
         db:e4:24:2c:aa:2a:d8:60:0b:6a:49:39:b8:03:16:58:e5:6e:
         16:8e:76:5b:79:8d:40:25:2b:e2:cf:92:be:56:ed:90:59:4b:
         2f:45:bd:ed:bf:5c:35:21:b9:16:a3:2b:92:2e:f3:25:cf:fe:
         5f:88:83:8e:fe:f8:8e:37:8d:be:38:53:1c:44:b7:8e:ee:0f:
         c5:42:e9:4c:7a:bd:31:dc:ff:2b:48:98:2a:96:f1:d7:ce:a2:
         6d:2d:b9:79:99:1f:f4:18:cf:75:d2:d0:1c:11:c4:f2:26:4b:
         aa:6e:34:34:32:7c:fd:37:55:91:da:a6:15:be:c8:17:94:0d:
         b7:b7:3c:e3:91:0b:77:ad:ba:d6:7c:fc:ee:fe:39:09:2f:f6:
         ad:70:ee:8b:a5:d5:4c:92:8d:07:e5:68:b8:70:0f:5e:77:6c:
         59:b6:c7:fe
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBCSdiTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YTM1NTc1Yjk5NDdhY2UyNWNlODc3NzRjODI3NzVmMTg5NzdmZDE5MB4XDTIyMDEw
MTE0MDU1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGI2NTAwNmU5YjFm
NDg0OTVhMmI2NzE1NTZmYjI2ZmMwN2U3YzVkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANc7rUH1BTeExMFtOiUTBU2RCtytazyMP/y/m6WhjQpYgTV6
W9TKkG7jelXo5zbdT13uAnict2NJR41klwfV5czL/Iny5h7dhJsAD6op+k3vrhRn
VAcFY3QccEn6RzukRNbcuAxU4pslzBsGQLLpuSMtHAwRDZCBBRBT66fTKF5/F7M1
d0Qd+sVa4LsSATfQGJBmlW7b7d48IqYzkDPNeMISt2H5C+r6zUDsLEi39Nd1N6u2
t3CaWIFzyCjHsUjfflqYs5BckR6aOrgA+KupgWLcltg5xI9tEFAkGeu48IOx9xY5
ZGkFvzUZ3YFoUUyDmSF5J8TJbmsbtC0FGZxqRXECAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSLZQBumx9ISVorZxVW+yb8B+fF0jAfBgNVHSMEGDAWgBQKNVdbmUes4lzo
d3TIJ3XxiXf9GTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NqVlhXNWxIck9KYzZIZDB5Q2QxOFlsM19Say5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDAvMGYyZGE5LWYzZDUtNGFiNC1iYWJlLTc5ZDkxZWY4MjdjZS8x
L2kyVUFicHNmU0VsYUsyY1ZWdnNtX0FmbnhkSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAv
MGYyZGE5LWYzZDUtNGFiNC1iYWJlLTc5ZDkxZWY4MjdjZS8xL0NqVlhXNWxIck9K
YzZIZDB5Q2QxOFlsM19Say5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngFCDANBgkqhkiG9w0BAQsF
AAOCAQEAGvHDm2IaQqSEg9WT/QsaH+xjxp6VsHbYxwwxDRAsuSBVVgV3RYgXaZsm
8NE3i6ciiSKayxIP/AHKeVirDtmuVt2hl1uSjqhpNJo5fHgxnyOqZyvWTQJqlLun
2+QkLKoq2GALakk5uAMWWOVuFo52W3mNQCUr4s+SvlbtkFlLL0W97b9cNSG5FqMr
ki7zJc/+X4iDjv74jjeNvjhTHES3ju4PxULpTHq9Mdz/K0iYKpbx186ibS25eZkf
9BjPddLQHBHE8iZLqm40NDJ8/TdVkdqmFb7IF5QNt7c845ELd6261nz87v45CS/2
rXDui6XVTJKNB+VouHAPXndsWbbH/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:51 2024 by rpki-client on console-ams.rpki-client.org