Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3VeMkJXQqBsfIDfWFCQAeXgS9xg.roa
File:                     3VeMkJXQqBsfIDfWFCQAeXgS9xg.roa (raw, json)
Hash identifier:          I3/naQlPBpAbl8UfWpnejo1aaFFg3AlVeEjsWs3kdzY=
Subject key identifier:   DD:57:8C:90:95:D0:A8:1B:1F:20:37:D6:14:24:00:79:78:12:F7:18
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       139348F8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3VeMkJXQqBsfIDfWFCQAeXgS9xg.roa
Signing time:             Fri 08 Apr 2022 01:32:58 +0000
ROA not before:           Fri 08 Apr 2022 01:32:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208679
IP address blocks:        2a0e:b107:178d::/48 maxlen: 48
                          2a0e:b107:178f::/48 maxlen: 48
                          2a0e:b107:178c::/48 maxlen: 48
                          2a0e:b107:178e::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 328419576 (0x139348f8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  8 01:32:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dd578c9095d0a81b1f2037d6142400797812f718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:05:20:df:a3:b8:54:d3:10:0b:5c:40:3c:10:
                    6f:05:57:a3:b3:46:aa:70:af:a4:66:70:48:9a:35:
                    87:b1:b6:08:6c:93:ca:de:b3:f4:fb:40:a4:64:60:
                    c2:09:99:d3:ce:fc:e8:b0:86:1e:80:c0:3b:a9:a9:
                    f4:1e:05:52:c2:a4:d2:74:93:c9:97:ee:b2:97:29:
                    d5:da:b3:22:6c:fc:c9:0d:50:e8:39:b0:16:74:f9:
                    ea:81:4f:ef:be:e6:d9:7f:07:9f:3b:a4:92:80:c8:
                    fa:53:99:d0:5e:65:47:31:76:b3:bf:d9:d8:78:23:
                    53:f2:a8:01:50:7d:be:fa:f9:4e:20:ca:41:1c:31:
                    04:f3:a8:f4:15:28:68:de:34:dd:45:73:99:1e:5b:
                    db:96:51:fb:e5:5c:4d:d0:ac:dd:d8:21:46:53:2b:
                    97:54:be:f0:16:42:ce:f3:05:76:16:b9:7d:ea:5c:
                    5a:c5:f8:b0:cf:12:e1:db:b8:07:85:28:cb:26:65:
                    69:7f:f1:a7:4f:4f:fe:29:19:2a:90:c2:9f:30:9e:
                    22:a3:3f:de:35:4d:b7:d2:e0:ae:b9:61:4e:4f:39:
                    18:fa:6b:65:93:74:32:4e:2b:01:38:fd:d4:41:c3:
                    b4:1a:a0:fa:cc:01:04:58:d3:69:e4:a4:35:22:64:
                    71:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:57:8C:90:95:D0:A8:1B:1F:20:37:D6:14:24:00:79:78:12:F7:18
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3VeMkJXQqBsfIDfWFCQAeXgS9xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:178c::/46

    Signature Algorithm: sha256WithRSAEncryption
         bb:41:99:34:55:fc:a4:a0:cd:30:20:7a:63:32:71:13:27:8e:
         32:a5:26:12:72:9c:32:ed:dd:d6:1f:e7:9a:d7:18:e0:70:7c:
         64:ae:3e:8f:c5:74:68:fc:4f:6e:b7:a2:31:a9:2a:93:21:76:
         42:0c:6c:6f:38:4f:74:f9:71:99:f5:6d:1f:de:ee:81:77:4d:
         41:5f:91:cf:9b:b8:8c:eb:d8:7a:a4:04:63:2e:ce:f7:b9:74:
         33:20:c4:3a:b5:67:42:b1:c4:38:3d:ce:46:71:33:4b:d4:20:
         91:56:11:19:12:c4:fe:36:68:89:ec:bf:5e:e3:ac:72:26:da:
         d9:85:d9:55:ec:0f:b0:79:28:85:e8:9f:08:35:67:84:e0:fd:
         4a:b3:a7:13:cc:b5:26:0f:6e:5d:34:a0:86:a9:53:be:94:fd:
         d8:3c:24:fd:33:7a:af:5a:68:c0:cc:1a:2e:4c:6c:c8:de:49:
         4c:c2:ea:6a:d4:98:23:db:51:64:16:c2:3b:b8:36:a8:01:18:
         8d:30:39:ce:a0:c9:2a:ad:96:27:a0:0b:5d:d2:3f:53:3d:96:
         ca:a9:be:fe:46:a6:af:ad:fc:8e:d5:2b:94:aa:df:01:ff:5c:
         45:79:dc:37:16:9f:b4:fd:cb:87:d6:96:ea:e1:6d:86:7a:79:
         d9:7a:3a:92
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEE5NI+DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDQw
ODAxMzI1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGQ1NzhjOTA5NWQw
YTgxYjFmMjAzN2Q2MTQyNDAwNzk3ODEyZjcxODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK8FIN+juFTTEAtcQDwQbwVXo7NGqnCvpGZwSJo1h7G2CGyT
yt6z9PtApGRgwgmZ08786LCGHoDAO6mp9B4FUsKk0nSTyZfuspcp1dqzImz8yQ1Q
6DmwFnT56oFP777m2X8HnzukkoDI+lOZ0F5lRzF2s7/Z2HgjU/KoAVB9vvr5TiDK
QRwxBPOo9BUoaN403UVzmR5b25ZR++VcTdCs3dghRlMrl1S+8BZCzvMFdha5fepc
WsX4sM8S4du4B4UoyyZlaX/xp09P/ikZKpDCnzCeIqM/3jVNt9LgrrlhTk85GPpr
ZZN0Mk4rATj91EHDtBqg+swBBFjTaeSkNSJkcfECAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTdV4yQldCoGx8gN9YUJAB5eBL3GDAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
LzNWZU1rSlhRcUJzZklEZldGQ1FBZVhnUzl4Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioOsQcXjDANBgkqhkiG9w0BAQsF
AAOCAQEAu0GZNFX8pKDNMCB6YzJxEyeOMqUmEnKcMu3d1h/nmtcY4HB8ZK4+j8V0
aPxPbreiMakqkyF2QgxsbzhPdPlxmfVtH97ugXdNQV+Rz5u4jOvYeqQEYy7O97l0
MyDEOrVnQrHEOD3ORnEzS9QgkVYRGRLE/jZoiey/XuOsciba2YXZVewPsHkoheif
CDVnhOD9SrOnE8y1Jg9uXTSghqlTvpT92Dwk/TN6r1powMwaLkxsyN5JTMLqatSY
I9tRZBbCO7g2qAEYjTA5zqDJKq2WJ6ALXdI/Uz2Wyqm+/kamr638jtUrlKrfAf9c
RXncNxaftP3Lh9aW6uFthnp52Xo6kg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:53 2024 by rpki-client on console-ams.rpki-client.org