Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/MnbzZ6_2s4rOto9TDRlBdFNJKfs.roa
File:                     MnbzZ6_2s4rOto9TDRlBdFNJKfs.roa (raw, json)
Hash identifier:          bgL25tEywidwCWOtWLK1fDGSLhL/4p5RBGywCuLL5AE=
Subject key identifier:   32:76:F3:67:AF:F6:B3:8A:CE:B6:8F:53:0D:19:41:74:53:49:29:FB
Certificate issuer:       /CN=cbf74cd846493138f522c57c0065b5c60512dd09
Certificate serial:       0537F754
Authority key identifier: CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/MnbzZ6_2s4rOto9TDRlBdFNJKfs.roa
Signing time:             Sat 01 Jan 2022 04:00:51 +0000
ROA not before:           Sat 01 Jan 2022 04:00:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        2a06:3b80:154::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 87553876 (0x537f754)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbf74cd846493138f522c57c0065b5c60512dd09
        Validity
            Not Before: Jan  1 04:00:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3276f367aff6b38aceb68f530d194174534929fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f6:4a:84:26:0d:ee:fe:1f:e2:39:06:ee:31:
                    68:24:ce:d8:f6:dc:4e:26:be:3d:96:1f:c7:3b:7f:
                    46:87:13:df:0d:7e:23:bd:77:bc:66:3d:bd:9b:10:
                    14:c7:3f:45:06:05:4f:1e:67:e5:a0:69:cf:69:8b:
                    f1:93:de:66:b3:f6:8f:0c:70:48:8c:3f:4e:fd:ea:
                    c6:b7:5b:dd:64:9e:cb:9c:1d:29:b9:2b:4d:8b:c9:
                    17:02:11:2f:bd:d7:42:b3:58:2b:27:73:23:3e:34:
                    02:0d:c0:65:64:70:b2:77:a4:aa:04:b5:3b:28:99:
                    b6:52:4f:d8:53:cd:cd:f8:51:b5:b3:48:72:b2:dc:
                    2e:2b:0a:b0:91:8d:b0:57:1b:e0:7c:c6:41:6f:5b:
                    d2:59:61:56:15:dc:68:78:c3:88:9d:e5:a0:0d:e6:
                    b3:73:2f:53:66:d9:dd:05:ae:66:b0:62:da:7f:60:
                    51:f4:fb:1e:a3:8e:78:34:6e:80:78:4d:98:1e:49:
                    c1:ab:36:7a:48:f4:37:88:94:70:6c:d6:42:d4:e4:
                    b5:8a:4f:e5:0d:0d:76:23:fc:f3:43:d7:5f:d3:6b:
                    5e:4a:3e:34:a4:a2:94:f4:2f:96:33:a0:d4:52:ab:
                    8e:73:ea:c1:95:53:c6:a5:8a:0f:e1:12:fe:1c:79:
                    10:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:76:F3:67:AF:F6:B3:8A:CE:B6:8F:53:0D:19:41:74:53:49:29:FB
            X509v3 Authority Key Identifier:
                keyid:CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/MnbzZ6_2s4rOto9TDRlBdFNJKfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3b80:154::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:04:fe:e4:40:7a:ea:43:1f:79:d6:75:a3:7d:f5:f5:09:5b:
         1d:0c:22:77:06:f6:c3:09:d3:d4:28:ae:2f:35:83:37:d8:3f:
         91:07:8b:32:f4:a6:d7:79:b9:3c:c0:65:62:57:c6:c9:c0:f6:
         5f:e3:7f:e8:b3:dc:aa:fa:ec:c2:d8:0a:d2:17:e1:3d:eb:fd:
         de:3e:20:1b:49:6c:e9:a8:3e:93:cf:76:6c:2d:03:01:44:96:
         d5:52:d3:6e:50:fc:91:b2:50:7f:ec:b3:72:17:a1:c9:f2:9c:
         5c:37:9f:29:67:c3:db:bc:94:44:32:aa:e4:d3:d9:1f:05:2a:
         eb:2a:fc:43:c0:40:06:bc:0c:26:07:2e:f0:cf:64:8a:bb:5c:
         d2:21:80:41:72:5f:27:5e:81:b8:48:16:28:9a:8c:e0:a9:f1:
         34:b6:5e:75:98:0e:91:bf:d6:25:97:57:e7:c4:2d:5e:c0:8e:
         d1:d7:8f:2d:f8:48:32:cd:5c:bc:3f:cd:fe:62:29:36:f7:44:
         7a:a8:40:18:89:7d:ec:b9:d9:55:d2:bf:e2:57:e2:df:84:00:
         15:93:f8:c2:34:eb:4c:d1:33:a2:41:55:aa:5f:23:d9:24:5f:
         ec:d0:79:ce:a7:1b:2a:31:12:00:d7:e3:e1:b6:be:68:12:ed:
         69:25:64:00
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBTf3VDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YmY3NGNkODQ2NDkzMTM4ZjUyMmM1N2MwMDY1YjVjNjA1MTJkZDA5MB4XDTIyMDEw
MTA0MDA1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzI3NmYzNjdhZmY2
YjM4YWNlYjY4ZjUzMGQxOTQxNzQ1MzQ5MjlmYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ32SoQmDe7+H+I5Bu4xaCTO2PbcTia+PZYfxzt/RocT3w1+
I713vGY9vZsQFMc/RQYFTx5n5aBpz2mL8ZPeZrP2jwxwSIw/Tv3qxrdb3WSey5wd
KbkrTYvJFwIRL73XQrNYKydzIz40Ag3AZWRwsnekqgS1OyiZtlJP2FPNzfhRtbNI
crLcLisKsJGNsFcb4HzGQW9b0llhVhXcaHjDiJ3loA3ms3MvU2bZ3QWuZrBi2n9g
UfT7HqOOeDRugHhNmB5Jwas2ekj0N4iUcGzWQtTktYpP5Q0NdiP880PXX9NrXko+
NKSilPQvljOg1FKrjnPqwZVTxqWKD+ES/hx5EAMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQydvNnr/azis62j1MNGUF0U0kp+zAfBgNVHSMEGDAWgBTL90zYRkkxOPUi
xXwAZbXGBRLdCTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lfZE0yRVpKTVRqMUlzVjhBR1cxeGdVUzNRay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDAvMzQ4Nzg5LTMyMDgtNDg0Ny05YzNmLTk4MmQxZjIxYTMyYi8x
L01uYnpaNl8yczRyT3RvOVREUmxCZEZOSktmcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAv
MzQ4Nzg5LTMyMDgtNDg0Ny05YzNmLTk4MmQxZjIxYTMyYi8xL3lfZE0yRVpKTVRq
MUlzVjhBR1cxeGdVUzNRay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoGO4ABVDANBgkqhkiG9w0BAQsF
AAOCAQEAEwT+5EB66kMfedZ1o3319QlbHQwidwb2wwnT1CiuLzWDN9g/kQeLMvSm
13m5PMBlYlfGycD2X+N/6LPcqvrswtgK0hfhPev93j4gG0ls6ag+k892bC0DAUSW
1VLTblD8kbJQf+yzchehyfKcXDefKWfD27yURDKq5NPZHwUq6yr8Q8BABrwMJgcu
8M9kirtc0iGAQXJfJ16BuEgWKJqM4KnxNLZedZgOkb/WJZdX58QtXsCO0dePLfhI
Ms1cvD/N/mIpNvdEeqhAGIl97LnZVdK/4lfi34QAFZP4wjTrTNEzokFVql8j2SRf
7NB5zqcbKjESANfj4ba+aBLtaSVkAA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:52 2024 by rpki-client on console-ams.rpki-client.org