Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/KycyTEVvqEGtCDnDU1AoPWG2DYI.roa
File:                     KycyTEVvqEGtCDnDU1AoPWG2DYI.roa (raw, json)
Hash identifier:          p9J5kgO7KTR04xEKZ2T0xTV37LehCFCYjoV/C0G9iMY=
Subject key identifier:   2B:27:32:4C:45:6F:A8:41:AD:08:39:C3:53:50:28:3D:61:B6:0D:82
Certificate issuer:       /CN=ccf9a6d2f6cd588a77f423622e6b8d1c654bcdf2
Certificate serial:       34E2FA4C
Authority key identifier: CC:F9:A6:D2:F6:CD:58:8A:77:F4:23:62:2E:6B:8D:1C:65:4B:CD:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zPmm0vbNWIp39CNiLmuNHGVLzfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/KycyTEVvqEGtCDnDU1AoPWG2DYI.roa
Signing time:             Sat 01 Jan 2022 02:52:06 +0000
ROA not before:           Sat 01 Jan 2022 02:52:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5588
IP address blocks:        62.201.16.0/20 maxlen: 20
                          2a06:8080::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 887290444 (0x34e2fa4c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccf9a6d2f6cd588a77f423622e6b8d1c654bcdf2
        Validity
            Not Before: Jan  1 02:52:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2b27324c456fa841ad0839c35350283d61b60d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fe:d2:1c:47:65:b8:a9:0a:43:5f:67:44:e8:
                    2b:5a:49:e2:6b:db:28:7e:3e:37:18:51:eb:3c:ca:
                    65:38:ca:ee:05:3d:56:8c:85:17:18:f7:bd:a2:a2:
                    9c:69:d9:b7:34:8b:ec:8a:f6:4d:d8:63:d1:ee:16:
                    a2:7c:31:ee:c0:76:db:58:11:e4:65:81:f6:f9:6b:
                    72:53:b4:e4:02:65:b2:e4:82:a0:a0:e3:9a:01:e3:
                    9a:c2:0a:c8:e8:09:2d:c6:ab:2f:4a:4a:cb:e3:12:
                    af:e7:b8:aa:ad:71:2f:35:77:ec:37:3d:f1:78:87:
                    fd:d9:15:a9:fe:2b:a8:e6:29:bc:0f:2a:4f:cd:b0:
                    f9:7e:a0:f9:ba:fe:45:2b:92:d5:57:b6:a8:2f:25:
                    59:2f:b5:fb:86:8c:81:0d:5a:f5:48:c2:08:3a:fa:
                    ae:8d:de:b0:a0:07:b1:d4:7a:a4:47:3b:4d:73:c6:
                    d3:29:fc:59:c9:fa:75:28:c6:56:8a:7e:ee:91:30:
                    c0:c8:6e:45:21:ba:46:95:14:25:e4:3c:46:f4:22:
                    a0:b6:b9:62:33:ed:83:e0:47:d6:42:70:6f:a0:5a:
                    bf:df:05:7c:46:47:98:cc:26:08:19:a0:c4:b0:47:
                    c0:3c:67:53:74:c8:bc:bf:46:1b:1c:9d:91:26:e5:
                    3c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:27:32:4C:45:6F:A8:41:AD:08:39:C3:53:50:28:3D:61:B6:0D:82
            X509v3 Authority Key Identifier:
                keyid:CC:F9:A6:D2:F6:CD:58:8A:77:F4:23:62:2E:6B:8D:1C:65:4B:CD:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zPmm0vbNWIp39CNiLmuNHGVLzfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/KycyTEVvqEGtCDnDU1AoPWG2DYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/421e40-edf6-47aa-9abe-1b0f254de619/1/zPmm0vbNWIp39CNiLmuNHGVLzfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.16.0/20
                IPv6:
                  2a06:8080::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:b9:c3:2e:d0:7f:3f:d9:b3:22:7b:23:40:ee:53:b3:2a:04:
         ab:3c:99:f4:25:75:ec:bd:b0:fc:6d:30:65:92:ad:22:0c:a7:
         84:9d:40:b7:e3:7a:1b:f7:7d:03:8b:48:fb:4d:6d:8d:7e:fc:
         7f:46:72:ba:ba:a8:ab:9c:a3:d0:bd:0c:5c:ce:be:fa:80:bc:
         cc:a7:88:6e:87:51:15:d0:85:be:03:9c:32:36:3f:05:c2:a9:
         e8:30:74:24:58:2f:ae:4d:56:99:bd:ad:66:8f:d5:49:2e:73:
         d4:c5:84:44:6b:37:70:34:3a:ef:51:fc:9c:12:51:47:63:b7:
         04:69:78:ee:68:33:a1:a7:2e:5a:23:0d:53:ac:ee:a4:2e:f8:
         2f:3e:eb:2c:88:41:45:0e:89:1d:dc:0c:b7:3b:94:fa:66:a2:
         1a:20:b9:c0:3c:c3:d2:9d:53:fd:49:3c:21:e0:a6:f1:96:f1:
         64:ff:23:6b:81:29:55:f2:55:0e:e8:a1:d0:04:66:3a:e4:16:
         3e:14:65:e8:7d:e5:e1:74:12:f1:67:c0:a5:60:35:60:5e:3d:
         42:80:d2:93:01:11:e1:f7:ea:a6:d5:91:bd:8b:0f:bb:63:2c:
         89:42:2a:83:53:e9:64:14:62:15:21:9f:74:fd:5f:b3:e2:12:
         04:b5:81:e0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIENOL6TDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Y2Y5YTZkMmY2Y2Q1ODhhNzdmNDIzNjIyZTZiOGQxYzY1NGJjZGYyMB4XDTIyMDEw
MTAyNTIwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmIyNzMyNGM0NTZm
YTg0MWFkMDgzOWMzNTM1MDI4M2Q2MWI2MGQ4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANn+0hxHZbipCkNfZ0ToK1pJ4mvbKH4+NxhR6zzKZTjK7gU9
VoyFFxj3vaKinGnZtzSL7Ir2Tdhj0e4Wonwx7sB221gR5GWB9vlrclO05AJlsuSC
oKDjmgHjmsIKyOgJLcarL0pKy+MSr+e4qq1xLzV37Dc98XiH/dkVqf4rqOYpvA8q
T82w+X6g+br+RSuS1Ve2qC8lWS+1+4aMgQ1a9UjCCDr6ro3esKAHsdR6pEc7TXPG
0yn8Wcn6dSjGVop+7pEwwMhuRSG6RpUUJeQ8RvQioLa5YjPtg+BH1kJwb6Bav98F
fEZHmMwmCBmgxLBHwDxnU3TIvL9GGxydkSblPL8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQrJzJMRW+oQa0IOcNTUCg9YbYNgjAfBgNVHSMEGDAWgBTM+abS9s1Yinf0
I2Iua40cZUvN8jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pQbW0wdmJOV0lwMzlDTmlMbXVOSEdWTHpmSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGUvNDIxZTQwLWVkZjYtNDdhYS05YWJlLTFiMGYyNTRkZTYxOS8x
L0t5Y3lURVZ2cUVHdENEbkRVMUFvUFdHMkRZSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUv
NDIxZTQwLWVkZjYtNDdhYS05YWJlLTFiMGYyNTRkZTYxOS8xL3pQbW0wdmJOV0lw
MzlDTmlMbXVOSEdWTHpmSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEBD7JEDANBAIAAjAHAwUDKgaAgDAN
BgkqhkiG9w0BAQsFAAOCAQEACbnDLtB/P9mzInsjQO5TsyoEqzyZ9CV17L2w/G0w
ZZKtIgynhJ1At+N6G/d9A4tI+01tjX78f0Zyurqoq5yj0L0MXM6++oC8zKeIbodR
FdCFvgOcMjY/BcKp6DB0JFgvrk1Wmb2tZo/VSS5z1MWERGs3cDQ671H8nBJRR2O3
BGl47mgzoacuWiMNU6zupC74Lz7rLIhBRQ6JHdwMtzuU+maiGiC5wDzD0p1T/Uk8
IeCm8ZbxZP8ja4EpVfJVDuih0ARmOuQWPhRl6H3l4XQS8WfApWA1YF49QoDSkwER
4ffqptWRvYsPu2MsiUIqg1PpZBRiFSGfdP1fs+ISBLWB4A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:53 2024 by rpki-client on console-fra.rpki-client.org