Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/kkT-3vCQr-qAnnPLIKl_c_BX-dQ.roa
File:                     kkT-3vCQr-qAnnPLIKl_c_BX-dQ.roa (raw, json)
Hash identifier:          APFcbncwYNNwMRrFCS8NVoQDcTdfJd5fvzlbTOarsN8=
Subject key identifier:   92:44:FE:DE:F0:90:AF:EA:80:9E:73:CB:20:A9:7F:73:F0:57:F9:D4
Certificate issuer:       /CN=20f6e53b697ad263b4ba4ea49814366a883b54ad
Certificate serial:       080F1216
Authority key identifier: 20:F6:E5:3B:69:7A:D2:63:B4:BA:4E:A4:98:14:36:6A:88:3B:54:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/kkT-3vCQr-qAnnPLIKl_c_BX-dQ.roa
Signing time:             Sat 01 Jan 2022 02:56:49 +0000
ROA not before:           Sat 01 Jan 2022 02:56:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208727
IP address blocks:        2001:678:a8c::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 135205398 (0x80f1216)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f6e53b697ad263b4ba4ea49814366a883b54ad
        Validity
            Not Before: Jan  1 02:56:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9244fedef090afea809e73cb20a97f73f057f9d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:73:7b:48:83:ac:d0:24:0a:fc:f1:14:20:e7:
                    ec:b6:2c:46:08:ef:9a:43:73:cb:15:bd:9b:2b:d9:
                    68:e4:19:76:01:c3:f5:92:9c:24:ec:c5:49:b4:d2:
                    13:87:d1:b8:64:3d:75:72:d5:10:72:84:88:d0:1b:
                    72:c1:74:a7:7f:bb:ad:cb:04:f3:8f:62:1e:fc:03:
                    84:6a:03:32:81:8f:10:29:39:39:a4:2a:12:85:a0:
                    69:df:bb:4a:eb:77:a0:1b:e2:51:fe:d6:22:b4:06:
                    30:80:0b:21:a4:bd:98:81:59:18:1b:d6:49:9c:60:
                    d1:92:77:9f:5e:1b:df:6d:c7:00:37:4e:ee:59:6b:
                    75:65:95:2d:73:92:b1:b3:38:7a:68:cd:18:a1:af:
                    cb:ae:26:85:a4:3c:e7:fb:51:bb:05:16:4c:8b:8d:
                    a7:97:57:44:a5:1c:66:72:e2:2d:7f:61:99:4e:fc:
                    93:40:74:17:37:96:be:5c:54:4a:a2:fd:4b:17:7e:
                    19:32:0a:cd:b7:fc:61:01:91:2c:20:ca:2a:9c:48:
                    72:2a:cd:8d:d0:31:b0:c7:f7:82:cd:d3:3a:ff:01:
                    03:d8:e3:26:88:c8:ca:2f:2f:a7:fa:27:c2:dd:16:
                    03:b2:c9:1f:ab:c2:19:13:b4:ec:c1:ee:87:06:7d:
                    48:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:44:FE:DE:F0:90:AF:EA:80:9E:73:CB:20:A9:7F:73:F0:57:F9:D4
            X509v3 Authority Key Identifier:
                keyid:20:F6:E5:3B:69:7A:D2:63:B4:BA:4E:A4:98:14:36:6A:88:3B:54:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPblO2l60mO0uk6kmBQ2aog7VK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/kkT-3vCQr-qAnnPLIKl_c_BX-dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e7576a-4363-4984-b4c7-b1f29cccce55/1/IPblO2l60mO0uk6kmBQ2aog7VK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:38:95:fe:03:e9:dd:a4:7a:71:ff:e4:1b:ba:25:2c:73:ca:
         4d:1f:8e:6a:d9:e5:16:67:a2:0c:67:e8:52:fc:22:61:98:23:
         19:c9:f1:37:0c:12:a5:5e:1d:2d:a7:c0:b6:dc:08:74:87:37:
         e3:88:9b:ea:aa:4c:de:54:bd:e7:05:d7:36:78:d9:17:c1:3b:
         83:9a:40:4c:a5:3d:e4:89:4a:18:61:62:83:9d:2d:94:1a:b3:
         24:07:8d:67:a4:57:8d:1e:00:8d:5e:64:34:d5:22:57:33:4e:
         10:47:5c:63:eb:5e:89:c3:99:c4:08:95:1b:62:ed:0e:f3:b2:
         e8:c8:ef:c1:a3:31:56:b9:4d:c2:01:1a:2c:26:69:f3:88:9d:
         3d:57:b4:c9:b6:c6:c1:4d:ed:c7:be:10:fe:5a:4a:ad:cc:b9:
         00:96:4a:5c:32:16:7f:fa:94:14:42:17:26:32:c9:94:a9:f8:
         5e:e9:de:47:d7:1e:4a:9e:59:b7:9a:44:4b:32:c9:6e:85:19:
         9f:29:33:ba:e0:b1:2d:d4:27:b5:25:18:58:81:8c:53:15:6a:
         79:f3:21:b8:77:1b:ba:6b:97:4a:01:0b:b8:2c:c5:45:4a:c8:
         e6:cc:89:45:a8:a6:69:a6:2f:11:d6:c2:b5:a8:13:aa:8c:dd:
         aa:d5:52:02
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECA8SFjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MGY2ZTUzYjY5N2FkMjYzYjRiYTRlYTQ5ODE0MzY2YTg4M2I1NGFkMB4XDTIyMDEw
MTAyNTY0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTI0NGZlZGVmMDkw
YWZlYTgwOWU3M2NiMjBhOTdmNzNmMDU3ZjlkNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMdze0iDrNAkCvzxFCDn7LYsRgjvmkNzyxW9myvZaOQZdgHD
9ZKcJOzFSbTSE4fRuGQ9dXLVEHKEiNAbcsF0p3+7rcsE849iHvwDhGoDMoGPECk5
OaQqEoWgad+7Sut3oBviUf7WIrQGMIALIaS9mIFZGBvWSZxg0ZJ3n14b323HADdO
7llrdWWVLXOSsbM4emjNGKGvy64mhaQ85/tRuwUWTIuNp5dXRKUcZnLiLX9hmU78
k0B0FzeWvlxUSqL9Sxd+GTIKzbf8YQGRLCDKKpxIcirNjdAxsMf3gs3TOv8BA9jj
JojIyi8vp/onwt0WA7LJH6vCGRO07MHuhwZ9SNMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSSRP7e8JCv6oCec8sgqX9z8Ff51DAfBgNVHSMEGDAWgBQg9uU7aXrSY7S6
TqSYFDZqiDtUrTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lQYmxPMmw2MG1PMHVrNmttQlEyYW9nN1ZLMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDIvZTc1NzZhLTQzNjMtNDk4NC1iNGM3LWIxZjI5Y2NjY2U1NS8x
L2trVC0zdkNRci1xQW5uUExJS2xfY19CWC1kUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIv
ZTc1NzZhLTQzNjMtNDk4NC1iNGM3LWIxZjI5Y2NjY2U1NS8xL0lQYmxPMmw2MG1P
MHVrNmttQlEyYW9nN1ZLMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngKjDANBgkqhkiG9w0BAQsF
AAOCAQEANDiV/gPp3aR6cf/kG7olLHPKTR+OatnlFmeiDGfoUvwiYZgjGcnxNwwS
pV4dLafAttwIdIc344ib6qpM3lS95wXXNnjZF8E7g5pATKU95IlKGGFig50tlBqz
JAeNZ6RXjR4AjV5kNNUiVzNOEEdcY+teicOZxAiVG2LtDvOy6MjvwaMxVrlNwgEa
LCZp84idPVe0ybbGwU3tx74Q/lpKrcy5AJZKXDIWf/qUFEIXJjLJlKn4XuneR9ce
Sp5Zt5pESzLJboUZnykzuuCxLdQntSUYWIGMUxVqefMhuHcbumuXSgELuCzFRUrI
5syJRaimaaYvEdbCtagTqozdqtVSAg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:08 2024 by rpki-client on console-fra.rpki-client.org