Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/iYeUokI9PJm0-7ifJUbUcHc0fXo.roa
File:                     iYeUokI9PJm0-7ifJUbUcHc0fXo.roa (raw, json)
Hash identifier:          xnKTEbI9jWL+KQ8JNsywfCZX+ZeW2aRVDiLtvv2J11Q=
Subject key identifier:   89:87:94:A2:42:3D:3C:99:B4:FB:B8:9F:25:46:D4:70:77:34:7D:7A
Certificate issuer:       /CN=29b79380fe407439cc2ecd3fac18157db36cf768
Certificate serial:       0184ADF5633DC60FBD31FA36A35101D86723
Authority key identifier: 29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/iYeUokI9PJm0-7ifJUbUcHc0fXo.roa
Signing time:             Fri 25 Nov 2022 08:44:10 +0000
ROA not before:           Fri 25 Nov 2022 08:44:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3549
IP address blocks:        2a05:6744::/46 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ad:f5:63:3d:c6:0f:bd:31:fa:36:a3:51:01:d8:67:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b79380fe407439cc2ecd3fac18157db36cf768
        Validity
            Not Before: Nov 25 08:44:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=898794a2423d3c99b4fbb89f2546d47077347d7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:83:f1:d7:71:b7:76:04:d8:e0:74:3e:af:9c:
                    5a:14:b0:62:0b:ac:9e:a7:60:58:99:58:a3:d0:d9:
                    5d:11:53:a3:cb:ac:42:8f:7a:f9:72:50:99:5a:69:
                    62:c6:b2:44:fa:5b:80:f2:b1:66:38:11:bb:86:db:
                    46:9a:59:12:7a:65:90:3b:78:ab:45:0c:ac:50:fc:
                    f4:5a:b8:b1:ef:7b:71:8b:3b:5a:5e:4c:5a:04:cc:
                    8e:c5:25:3c:14:d9:2c:57:99:d9:5b:c9:3d:2f:fc:
                    fd:4b:d0:cb:7b:f4:79:9b:e9:84:77:6e:ee:6d:a1:
                    22:ea:f4:88:af:79:44:cc:1b:4b:93:4c:24:09:0b:
                    dd:50:6f:42:7d:13:6f:b7:a3:45:6a:a4:26:d6:57:
                    d2:52:2a:41:17:9c:aa:13:97:a3:1f:25:5e:79:3b:
                    6b:fa:c5:38:42:84:f5:99:d0:96:35:f7:1d:b3:4f:
                    3c:b5:21:e8:49:fa:5e:ed:d4:30:82:e7:ae:57:5a:
                    27:9d:c8:95:65:56:99:b9:60:a5:de:be:ae:ea:78:
                    41:96:a9:12:51:ea:07:a8:8b:1f:d4:0f:12:40:c0:
                    0b:f2:2d:4f:76:18:f1:18:9b:14:a8:18:38:2a:95:
                    25:f1:5b:fc:c3:2e:1a:6a:83:b7:da:74:0f:99:31:
                    ae:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:87:94:A2:42:3D:3C:99:B4:FB:B8:9F:25:46:D4:70:77:34:7D:7A
            X509v3 Authority Key Identifier:
                keyid:29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/iYeUokI9PJm0-7ifJUbUcHc0fXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:6744::/46

    Signature Algorithm: sha256WithRSAEncryption
         2c:ba:0c:42:d0:9d:02:5b:9a:81:56:ce:66:13:9c:d8:f8:5d:
         4c:d8:d6:e7:ab:5e:ce:65:4a:ab:bd:ca:46:b3:2a:f9:b3:1e:
         12:2c:59:d7:6b:77:80:62:c9:11:f1:19:6d:b5:dd:09:5f:f4:
         45:11:03:ec:0f:0b:14:36:3b:3f:e7:1b:92:46:fb:e6:04:e3:
         92:47:1a:df:e7:56:99:0f:9a:86:b9:08:20:72:65:99:0f:ed:
         b9:28:43:52:31:c8:af:ed:de:59:d3:dd:ad:20:be:c8:0f:c5:
         40:36:1b:e9:3c:7b:00:4b:f6:16:26:26:4b:00:52:42:a4:dd:
         2d:6a:2f:39:62:fa:78:61:c1:65:c4:f3:01:a6:ae:10:a4:5e:
         15:d3:84:f5:09:13:00:4d:ba:a1:f9:9d:ed:8d:bc:32:95:3c:
         b7:eb:72:8e:91:a8:d9:4e:b3:d5:fb:7e:10:17:82:58:fb:0d:
         51:9d:4e:c6:e9:0b:fa:fe:2e:43:14:b5:87:d5:eb:52:74:08:
         f0:18:c7:6d:a1:b0:ea:79:59:b8:87:ec:50:59:9b:2f:c0:99:
         88:bc:56:33:66:bd:56:f9:be:6a:5a:5d:99:ab:70:f9:82:f2:
         e9:b5:04:3f:d1:92:25:50:ad:a6:cc:93:a8:1b:c6:53:e2:8b:
         94:20:76:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYSt9WM9xg+9Mfo2o1EB2GcjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Yjc5MzgwZmU0MDc0MzljYzJlY2QzZmFjMTgxNTdkYjM2
Y2Y3NjgwHhcNMjIxMTI1MDg0NDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg3OTRhMjQyM2QzYzk5YjRmYmI4OWYyNTQ2ZDQ3MDc3MzQ3ZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYPx13G3dgTY4HQ+r5xaFLBiC6ye
p2BYmVij0NldEVOjy6xCj3r5clCZWmlixrJE+luA8rFmOBG7httGmlkSemWQO3ir
RQysUPz0Wrix73txiztaXkxaBMyOxSU8FNksV5nZW8k9L/z9S9DLe/R5m+mEd27u
baEi6vSIr3lEzBtLk0wkCQvdUG9CfRNvt6NFaqQm1lfSUipBF5yqE5ejHyVeeTtr
+sU4QoT1mdCWNfcds088tSHoSfpe7dQwgueuV1onnciVZVaZuWCl3r6u6nhBlqkS
UeoHqIsf1A8SQMAL8i1PdhjxGJsUqBg4KpUl8Vv8wy4aaoO32nQPmTGu8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFImHlKJCPTyZtPu4nyVG1HB3NH16MB8GA1UdIwQY
MBaAFCm3k4D+QHQ5zC7NP6wYFX2zbPdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWIt
MWU4NDIxMThkYjZmLzEvaVllVW9rSTlQSm0wLTdpZkpVYlVjSGMwZlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWItMWU4NDIxMThkYjZm
LzEvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgVnRAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAsugxC0J0CW5qBVs5mE5zY+F1M2Nbnq17OZUqr
vcpGsyr5sx4SLFnXa3eAYskR8Rlttd0JX/RFEQPsDwsUNjs/5xuSRvvmBOOSRxrf
51aZD5qGuQggcmWZD+25KENSMciv7d5Z092tIL7ID8VANhvpPHsAS/YWJiZLAFJC
pN0tai85Yvp4YcFlxPMBpq4QpF4V04T1CRMATbqh+Z3tjbwylTy363KOkajZTrPV
+34QF4JY+w1RnU7G6Qv6/i5DFLWH1etSdAjwGMdtobDqeVm4h+xQWZsvwJmIvFYz
Zr1W+b5qWl2Zq3D5gvLptQQ/0ZIlUK2mzJOoG8ZT4ouUIHaK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:01 2024 by rpki-client on console-fra.rpki-client.org