Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/ub4D2bhIW86hLotp7lbrud1fKbc.roa
File:                     ub4D2bhIW86hLotp7lbrud1fKbc.roa (raw, json)
Hash identifier:          7IbaG9y9ysIqceNEN9Mi/GFlffaSRqPpO22tILGyDdI=
Subject key identifier:   B9:BE:03:D9:B8:48:5B:CE:A1:2E:8B:69:EE:56:EB:B9:DD:5F:29:B7
Certificate issuer:       /CN=a802b73ef4a8b6b0e0883a9c8bc6e7f012db93a0
Certificate serial:       8676DA
Authority key identifier: A8:02:B7:3E:F4:A8:B6:B0:E0:88:3A:9C:8B:C6:E7:F0:12:DB:93:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/ub4D2bhIW86hLotp7lbrud1fKbc.roa
Signing time:             Sat 26 Mar 2022 01:20:40 +0000
ROA not before:           Sat 26 Mar 2022 01:20:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49581
IP address blocks:        2a12:8640::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8812250 (0x8676da)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a802b73ef4a8b6b0e0883a9c8bc6e7f012db93a0
        Validity
            Not Before: Mar 26 01:20:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b9be03d9b8485bcea12e8b69ee56ebb9dd5f29b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:30:77:4a:d1:3f:fb:75:9d:b4:38:d4:90:66:
                    e5:87:f8:08:40:86:23:4a:04:a7:e3:8d:e7:7b:03:
                    04:2f:87:dd:e3:ba:ae:c6:9f:0e:71:bd:b8:b2:ad:
                    cd:97:9c:7d:d2:89:ce:7f:0e:92:1f:fb:1e:a9:da:
                    f6:35:00:1d:8f:27:1e:c9:00:ff:eb:8e:e0:2a:ab:
                    cc:c4:6b:ea:53:98:19:a3:46:01:95:a3:fe:18:3c:
                    27:ad:8d:84:64:ad:a6:08:58:8d:60:a3:3f:cc:64:
                    3b:b0:19:ca:e6:f7:1a:22:95:aa:2b:62:59:ed:02:
                    69:fa:45:86:9f:f1:af:93:62:e2:32:e0:73:40:e7:
                    ae:58:6d:c8:a5:da:0e:d7:2d:5b:09:9f:91:11:96:
                    bb:23:45:1d:4d:48:f6:f5:8a:95:d8:a5:ca:18:ff:
                    40:13:89:1b:c7:b7:4c:65:3a:3e:75:e7:c0:40:a5:
                    be:49:78:05:27:50:83:2c:5a:9c:b7:29:18:03:71:
                    08:ee:da:9d:7d:1a:a8:50:91:6a:27:2d:0b:d7:48:
                    0d:9c:da:73:31:25:c9:63:6a:36:78:16:18:cc:4d:
                    8c:aa:fe:21:a2:eb:a9:80:4d:d5:6d:42:95:39:57:
                    5a:e2:46:1c:7a:de:4a:be:e1:8e:dd:58:c6:79:ee:
                    f9:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:BE:03:D9:B8:48:5B:CE:A1:2E:8B:69:EE:56:EB:B9:DD:5F:29:B7
            X509v3 Authority Key Identifier:
                keyid:A8:02:B7:3E:F4:A8:B6:B0:E0:88:3A:9C:8B:C6:E7:F0:12:DB:93:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/ub4D2bhIW86hLotp7lbrud1fKbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/qAK3PvSotrDgiDqci8bn8BLbk6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8640::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:2c:c4:c1:f6:11:54:00:b6:0c:67:d9:2c:ee:c6:2a:db:b9:
         a4:44:76:db:09:09:ad:81:7c:2e:d9:f9:16:88:55:d7:2b:52:
         75:db:1d:68:55:44:e4:ca:99:21:38:fb:75:69:01:8a:bb:5f:
         cc:f7:e8:86:7b:bb:5f:4b:6b:f6:20:35:d3:b5:6a:13:cf:47:
         ad:5d:bf:be:53:f2:8c:52:d7:7f:49:3b:d0:3e:09:8a:12:ad:
         f8:bc:52:c8:36:08:79:ad:4c:42:02:5a:bf:50:d4:50:a0:2b:
         fb:b1:72:65:74:ac:3b:93:65:e9:b0:40:d1:5b:c3:f6:e5:31:
         68:c9:ab:33:d7:cb:51:04:be:5a:49:4f:e3:14:1a:e3:67:f2:
         65:77:59:c2:0b:0c:40:e0:64:9d:dc:af:bd:dd:49:28:ae:76:
         7f:7a:36:ab:fa:62:9f:c5:51:ba:da:4a:a0:98:01:b0:2c:22:
         24:89:f9:31:24:cc:31:62:c6:df:52:0d:db:a5:f5:b3:a3:2a:
         5c:96:11:f6:2a:3e:b4:0e:5e:6c:7d:cb:2f:97:34:62:86:0b:
         30:ce:89:e1:9f:24:fc:a4:7d:8e:98:a3:ce:62:7e:c1:ca:f2:
         cc:a3:55:1e:ed:7f:2d:c9:95:5f:88:e3:1a:d4:82:fb:71:e5:
         28:66:b3:fc
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIEAIZ22jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ODAyYjczZWY0YThiNmIwZTA4ODNhOWM4YmM2ZTdmMDEyZGI5M2EwMB4XDTIyMDMy
NjAxMjA0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjliZTAzZDliODQ4
NWJjZWExMmU4YjY5ZWU1NmViYjlkZDVmMjliNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKYwd0rRP/t1nbQ41JBm5Yf4CECGI0oEp+ON53sDBC+H3eO6
rsafDnG9uLKtzZecfdKJzn8Okh/7Hqna9jUAHY8nHskA/+uO4CqrzMRr6lOYGaNG
AZWj/hg8J62NhGStpghYjWCjP8xkO7AZyub3GiKVqitiWe0CafpFhp/xr5Ni4jLg
c0DnrlhtyKXaDtctWwmfkRGWuyNFHU1I9vWKldilyhj/QBOJG8e3TGU6PnXnwECl
vkl4BSdQgyxanLcpGANxCO7anX0aqFCRaictC9dIDZzaczElyWNqNngWGMxNjKr+
IaLrqYBN1W1ClTlXWuJGHHreSr7hjt1Yxnnu+RECAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBS5vgPZuEhbzqEui2nuVuu53V8ptzAfBgNVHSMEGDAWgBSoArc+9Ki2sOCI
OpyLxufwEtuToDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FBSzNQdlNvdHJEZ2lEcWNpOGJuOEJMYms2QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGMvN2MwN2U4LTNiOGMtNGM5My05YTA4LWE5MDljYjBhMTM4Zi8x
L3ViNEQyYmhJVzg2aExvdHA3bGJydWQxZktiYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMv
N2MwN2U4LTNiOGMtNGM5My05YTA4LWE5MDljYjBhMTM4Zi8xL3FBSzNQdlNvdHJE
Z2lEcWNpOGJuOEJMYms2QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoShkAwDQYJKoZIhvcNAQELBQAD
ggEBAJksxMH2EVQAtgxn2SzuxirbuaREdtsJCa2BfC7Z+RaIVdcrUnXbHWhVROTK
mSE4+3VpAYq7X8z36IZ7u19La/YgNdO1ahPPR61dv75T8oxS139JO9A+CYoSrfi8
Usg2CHmtTEICWr9Q1FCgK/uxcmV0rDuTZemwQNFbw/blMWjJqzPXy1EEvlpJT+MU
GuNn8mV3WcILDEDgZJ3cr73dSSiudn96Nqv6Yp/FUbraSqCYAbAsIiSJ+TEkzDFi
xt9SDdul9bOjKlyWEfYqPrQOXmx9yy+XNGKGCzDOieGfJPykfY6Yo85ifsHK8syj
VR7tfy3JlV+I4xrUgvtx5Shms/w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:52 2024 by rpki-client on console-ams.rpki-client.org