Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-VYbTiwYh4Sp_1V20x8l5sr_lR0.roa
File:                     1-VYbTiwYh4Sp_1V20x8l5sr_lR0.roa (raw, json)
Hash identifier:          e2SE4MyRCi3NGWcJVBb8Xv8EJLEXkNyRVgrgr+a1uAE=
Subject key identifier:   F9:56:1B:4E:2C:18:87:84:A9:FF:55:76:D3:1F:25:E6:CA:FF:95:1D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       13EAF1D0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-VYbTiwYh4Sp_1V20x8l5sr_lR0.roa
Signing time:             Thu 21 Apr 2022 08:13:34 +0000
ROA not before:           Thu 21 Apr 2022 08:13:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206290
IP address blocks:        2a0e:97c0:a20::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 334164432 (0x13eaf1d0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 21 08:13:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f9561b4e2c188784a9ff5576d31f25e6caff951d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7d:f3:ca:4b:22:bb:b3:2f:8d:aa:9f:4e:99:
                    69:52:e8:92:68:9c:7b:75:70:2d:f3:67:01:60:bf:
                    fc:de:23:34:97:b8:71:83:0a:af:7e:91:bd:f5:56:
                    4e:3c:03:7b:d2:d9:24:2d:84:b1:9e:9c:e9:30:34:
                    83:51:64:c7:f8:a1:68:24:24:0b:a2:ee:5c:9f:1e:
                    7f:5a:81:2b:d0:23:92:05:cf:05:78:b2:41:3a:3b:
                    1b:a4:68:29:df:4b:ad:de:ee:6d:7a:c9:33:06:0f:
                    1b:40:a8:66:f7:bb:1c:0a:40:0b:95:04:4a:f3:79:
                    bb:6f:54:25:f3:52:7a:fc:f4:85:45:8b:a5:fc:34:
                    cc:f0:6d:55:df:bf:e1:cc:5c:30:27:78:88:53:d0:
                    0c:fe:c2:3b:28:48:0d:e8:50:e1:ca:2c:db:29:e1:
                    1e:8f:1c:0e:68:b7:ef:27:0c:de:13:59:dd:42:ea:
                    06:7c:9e:ba:a6:87:09:8e:48:bf:ed:a0:a2:67:f8:
                    7f:f2:22:d1:fb:13:0b:ed:b5:13:1e:14:93:2d:7d:
                    ab:1a:fc:f2:c4:0f:bf:8e:d1:05:72:25:14:8a:f9:
                    eb:87:b2:6b:77:61:bd:98:ca:3c:b6:ee:d5:f5:f1:
                    ba:b7:46:b8:2b:f4:e4:3b:05:43:90:b6:5f:95:17:
                    47:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:56:1B:4E:2C:18:87:84:A9:FF:55:76:D3:1F:25:E6:CA:FF:95:1D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-VYbTiwYh4Sp_1V20x8l5sr_lR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a20::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:dc:f0:7c:51:98:31:84:4d:67:c2:a3:07:b6:28:5d:c0:86:
         7a:18:b4:1a:f7:38:a4:11:93:8b:e6:3e:c8:7e:84:11:70:1e:
         03:f3:21:fb:d5:15:06:da:ae:2e:e9:84:2b:a8:80:11:33:b9:
         51:16:ae:97:91:cf:f5:1b:7c:e2:15:3b:5e:cf:ae:a1:28:54:
         b7:14:ff:d2:e3:3e:ad:d4:b2:d6:f0:c7:f1:2c:ec:5c:7d:53:
         8f:00:20:a4:ce:3c:f4:f7:ca:64:a4:e0:5f:cc:46:82:c1:17:
         45:f5:c6:2a:ef:cd:7c:57:e5:d0:68:97:7c:43:fb:cf:56:06:
         47:ca:c9:11:f6:89:a2:1c:4b:5c:de:65:c1:c1:7b:19:3e:e6:
         0b:93:75:10:16:30:19:3c:d8:d9:37:2d:37:a5:b1:69:81:e0:
         60:97:de:cd:b1:d3:5a:6f:d3:c4:d3:ad:c2:8f:6d:bb:9f:95:
         00:ae:4d:48:3d:20:01:c0:87:5d:e8:b0:e8:ef:0d:5c:e3:30:
         b0:22:c7:d0:26:39:7c:20:7f:78:2b:8b:9c:a9:88:96:4f:cb:
         6e:af:1b:05:51:fc:d1:b1:9c:ee:02:18:45:88:6d:90:2d:cb:
         f8:85:56:84:68:10:9f:70:d5:1c:9e:c6:0c:66:2f:fe:8b:63:
         e6:bd:10:f0
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIEE+rx0DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDQy
MTA4MTMzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjk1NjFiNGUyYzE4
ODc4NGE5ZmY1NTc2ZDMxZjI1ZTZjYWZmOTUxZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANd988pLIruzL42qn06ZaVLokmice3VwLfNnAWC//N4jNJe4
cYMKr36RvfVWTjwDe9LZJC2EsZ6c6TA0g1Fkx/ihaCQkC6LuXJ8ef1qBK9AjkgXP
BXiyQTo7G6RoKd9Lrd7ubXrJMwYPG0CoZve7HApAC5UESvN5u29UJfNSevz0hUWL
pfw0zPBtVd+/4cxcMCd4iFPQDP7COyhIDehQ4cos2ynhHo8cDmi37ycM3hNZ3ULq
BnyeuqaHCY5Iv+2gomf4f/Ii0fsTC+21Ex4Uky19qxr88sQPv47RBXIlFIr564ey
a3dhvZjKPLbu1fXxurdGuCv05DsFQ5C2X5UXR6cCAwEAAaOCAg0wggIJMB0GA1Ud
DgQWBBT5VhtOLBiHhKn/VXbTHyXmyv+VHTAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
LzEtVlliVGl3WWg0U3BfMVYyMHg4bDVzcl9sUjAucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUx
LzQ5NTdhNC1jZTU5LTQzMTUtOTk3Ni1kYzVlYzc0OGY2YTUvMS9ZLWtXY1hxeEhN
enhIdkg3WEJMdVFaVVByWnMuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqDpfACiAwDQYJKoZIhvcNAQEL
BQADggEBADDc8HxRmDGETWfCowe2KF3AhnoYtBr3OKQRk4vmPsh+hBFwHgPzIfvV
FQbari7phCuogBEzuVEWrpeRz/UbfOIVO17PrqEoVLcU/9LjPq3Ustbwx/Es7Fx9
U48AIKTOPPT3ymSk4F/MRoLBF0X1xirvzXxX5dBol3xD+89WBkfKyRH2iaIcS1ze
ZcHBexk+5guTdRAWMBk82Nk3LTelsWmB4GCX3s2x01pv08TTrcKPbbuflQCuTUg9
IAHAh13osOjvDVzjMLAix9AmOXwgf3gri5ypiJZPy26vGwVR/NGxnO4CGEWIbZAt
y/iFVoRoEJ9w1RyexgxmL/6LY+a9EPA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:21 2024 by rpki-client on console-fra.rpki-client.org