Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/utSY3X5jrGCyAF4gPvtEKTVkzEY.roa
File:                     utSY3X5jrGCyAF4gPvtEKTVkzEY.roa (raw, json)
Hash identifier:          GrBkcVCyVzrI2elWA5ZcDvojiFw/6kXk00sVfzpnSyA=
Subject key identifier:   BA:D4:98:DD:7E:63:AC:60:B2:00:5E:20:3E:FB:44:29:35:64:CC:46
Certificate issuer:       /CN=cbf74cd846493138f522c57c0065b5c60512dd09
Certificate serial:       0537A79C
Authority key identifier: CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/utSY3X5jrGCyAF4gPvtEKTVkzEY.roa
Signing time:             Sat 01 Jan 2022 04:00:50 +0000
ROA not before:           Sat 01 Jan 2022 04:00:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        2a06:3b80:154::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 87533468 (0x537a79c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbf74cd846493138f522c57c0065b5c60512dd09
        Validity
            Not Before: Jan  1 04:00:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bad498dd7e63ac60b2005e203efb44293564cc46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d3:a5:44:45:09:0e:55:0f:1b:34:6e:49:58:
                    75:1a:eb:d7:38:b5:96:9f:b5:6d:1a:8e:fb:ad:7d:
                    c5:62:10:46:fe:b6:4e:43:b4:22:f7:b8:9e:22:d0:
                    b2:0a:be:4f:12:a1:58:d2:37:01:1a:9c:75:9b:76:
                    de:66:f4:94:98:e8:75:bc:92:cc:88:78:7a:2f:9a:
                    cd:e7:39:df:01:e5:e4:64:0f:21:14:32:66:ba:ab:
                    ce:90:c4:94:1c:7d:71:6f:ba:a7:21:74:dc:c2:06:
                    45:ee:76:ef:6a:43:90:43:17:9a:bc:42:92:52:49:
                    df:c7:fe:e7:72:b2:d6:c8:51:12:67:93:04:9e:f7:
                    0a:cb:41:42:6d:80:fb:81:4f:df:61:25:2c:6b:f8:
                    eb:92:69:2e:c8:b0:b3:94:c9:4d:27:e2:3e:64:4c:
                    67:a2:57:f2:fa:65:33:d7:4b:b4:bc:b1:d8:04:30:
                    77:fd:f7:30:c1:39:69:b5:05:31:3b:d6:01:a1:2a:
                    0c:3c:e3:6a:2d:7a:53:34:4d:c6:42:84:81:f6:fc:
                    db:8a:8e:78:15:f5:a1:7e:05:cd:83:af:94:fd:3f:
                    c3:92:26:44:11:c8:11:e1:e5:92:8f:8f:2c:72:19:
                    76:a1:ae:91:9a:56:b9:a8:5f:af:17:0f:5c:1d:5e:
                    28:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:D4:98:DD:7E:63:AC:60:B2:00:5E:20:3E:FB:44:29:35:64:CC:46
            X509v3 Authority Key Identifier:
                keyid:CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/utSY3X5jrGCyAF4gPvtEKTVkzEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3b80:154::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:5a:f5:62:94:32:06:01:ab:18:d7:86:ae:62:a3:c1:83:d8:
         ac:b9:71:da:9b:30:d3:32:6e:99:de:a0:33:bb:dc:1d:27:95:
         7c:b7:f9:fa:f0:f2:1c:97:70:b9:ad:be:64:66:cf:f7:41:1b:
         40:6c:e6:2d:ed:6b:11:6e:98:2f:21:6f:53:5e:cf:de:14:18:
         b1:7f:b0:52:5e:b4:dd:df:83:03:29:f0:29:0e:6a:78:1b:f4:
         7d:ac:e2:e0:ce:a2:c6:3d:dc:af:ed:99:ff:8f:e1:75:e7:dc:
         b1:8f:fd:db:54:3f:f0:7d:1d:b9:45:0e:91:2e:c4:0b:fe:73:
         17:f8:fc:d6:17:5b:1b:b5:99:23:6c:8c:c7:12:9d:dd:11:2f:
         ab:c8:8a:c3:65:89:0f:cf:17:01:cb:70:29:9f:6d:b7:61:6d:
         c8:33:f3:3c:73:d7:0f:38:5b:d0:13:6c:79:29:ed:57:1e:8e:
         c8:8e:58:97:da:67:f9:d1:70:f5:7d:17:27:c1:4d:26:ae:2f:
         60:b5:8b:ce:c4:b0:a3:0e:68:ba:89:cf:23:88:da:92:b8:ab:
         16:fe:27:fa:00:a7:cf:46:76:f6:0d:e1:e7:58:a6:35:4d:d8:
         17:8a:02:c5:22:cd:67:31:ce:41:12:74:2b:f3:1e:7c:a2:c5:
         81:55:9a:06
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBTennDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YmY3NGNkODQ2NDkzMTM4ZjUyMmM1N2MwMDY1YjVjNjA1MTJkZDA5MB4XDTIyMDEw
MTA0MDA1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmFkNDk4ZGQ3ZTYz
YWM2MGIyMDA1ZTIwM2VmYjQ0MjkzNTY0Y2M0NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALTTpURFCQ5VDxs0bklYdRrr1zi1lp+1bRqO+619xWIQRv62
TkO0Ive4niLQsgq+TxKhWNI3ARqcdZt23mb0lJjodbySzIh4ei+azec53wHl5GQP
IRQyZrqrzpDElBx9cW+6pyF03MIGRe5272pDkEMXmrxCklJJ38f+53Ky1shREmeT
BJ73CstBQm2A+4FP32ElLGv465JpLsiws5TJTSfiPmRMZ6JX8vplM9dLtLyx2AQw
d/33MME5abUFMTvWAaEqDDzjai16UzRNxkKEgfb824qOeBX1oX4FzYOvlP0/w5Im
RBHIEeHlko+PLHIZdqGukZpWuahfrxcPXB1eKLkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBS61JjdfmOsYLIAXiA++0QpNWTMRjAfBgNVHSMEGDAWgBTL90zYRkkxOPUi
xXwAZbXGBRLdCTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lfZE0yRVpKTVRqMUlzVjhBR1cxeGdVUzNRay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDAvMzQ4Nzg5LTMyMDgtNDg0Ny05YzNmLTk4MmQxZjIxYTMyYi8x
L3V0U1kzWDVqckdDeUFGNGdQdnRFS1RWa3pFWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAv
MzQ4Nzg5LTMyMDgtNDg0Ny05YzNmLTk4MmQxZjIxYTMyYi8xL3lfZE0yRVpKTVRq
MUlzVjhBR1cxeGdVUzNRay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoGO4ABVDANBgkqhkiG9w0BAQsF
AAOCAQEAKlr1YpQyBgGrGNeGrmKjwYPYrLlx2psw0zJumd6gM7vcHSeVfLf5+vDy
HJdwua2+ZGbP90EbQGzmLe1rEW6YLyFvU17P3hQYsX+wUl603d+DAynwKQ5qeBv0
fazi4M6ixj3cr+2Z/4/hdefcsY/921Q/8H0duUUOkS7EC/5zF/j81hdbG7WZI2yM
xxKd3REvq8iKw2WJD88XActwKZ9tt2FtyDPzPHPXDzhb0BNseSntVx6OyI5Yl9pn
+dFw9X0XJ8FNJq4vYLWLzsSwow5ouonPI4jakrirFv4n+gCnz0Z29g3h51imNU3Y
F4oCxSLNZzHOQRJ0K/MefKLFgVWaBg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:52 2024 by rpki-client on console-ams.rpki-client.org