Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CpqP9mG3Ea7vM68bfI2fRRWTUY0.roa
File:                     CpqP9mG3Ea7vM68bfI2fRRWTUY0.roa (raw, json)
Hash identifier:          Uf77imc2ULDDeTO+WUrPebUMRKuh7KnxeUpJKgopSc0=
Subject key identifier:   0A:9A:8F:F6:61:B7:11:AE:EF:33:AF:1B:7C:8D:9F:45:15:93:51:8D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       13BFF9D7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CpqP9mG3Ea7vM68bfI2fRRWTUY0.roa
Signing time:             Sun 17 Apr 2022 06:31:48 +0000
ROA not before:           Sun 17 Apr 2022 06:31:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0e:b107:e70::/48 maxlen: 48
                          2a10:2f00:173::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 331348439 (0x13bff9d7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 17 06:31:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a9a8ff661b711aeef33af1b7c8d9f451593518d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ff:2d:6b:bb:cc:c4:3f:cd:5d:76:4e:b4:29:
                    64:42:97:17:f7:0d:2b:a3:16:ef:dd:61:ab:b2:1a:
                    74:4f:c7:2b:64:21:db:cb:28:58:c0:8e:60:b2:b3:
                    f6:60:f6:60:d7:31:b0:59:80:84:86:99:be:a7:c4:
                    6a:da:d3:53:8f:55:81:4a:29:5a:e1:03:8f:19:c9:
                    a0:d8:e3:a6:93:6a:39:e9:23:80:80:33:4b:80:09:
                    53:ef:82:61:27:a1:91:85:84:11:09:92:d4:37:fb:
                    51:ec:89:e2:51:dc:dc:2d:da:ef:7d:95:f9:ab:10:
                    16:ce:17:f5:fd:67:f1:db:bd:8f:42:3f:ae:e3:42:
                    e6:3b:3e:9f:1e:ea:2a:56:73:52:9c:da:26:5a:6b:
                    82:f5:eb:6e:4a:7b:ba:af:cf:9e:3e:e0:a8:60:ea:
                    c4:92:ec:e0:0f:da:3a:f4:62:65:d8:ed:78:c3:cc:
                    54:f1:b6:9a:77:c9:16:6b:90:43:a3:3d:68:9b:15:
                    43:8a:a0:e2:be:1c:b9:18:f4:10:dc:df:26:1e:7e:
                    10:92:f3:dc:cb:87:27:e8:40:00:1e:a1:31:9e:93:
                    95:6f:b3:0e:89:ad:c0:58:b8:5f:a3:b0:7c:35:3a:
                    76:12:63:a6:46:09:52:e0:d8:19:9b:56:29:0b:57:
                    41:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9A:8F:F6:61:B7:11:AE:EF:33:AF:1B:7C:8D:9F:45:15:93:51:8D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CpqP9mG3Ea7vM68bfI2fRRWTUY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:e70::/48
                  2a10:2f00:173::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:a0:52:ba:a6:89:77:7e:91:09:86:3b:a1:bf:c0:d7:35:87:
         ed:ef:15:2d:15:35:1e:95:79:3a:94:fc:c1:04:65:a8:7b:93:
         d9:59:16:b0:47:8b:59:e0:b7:b1:89:70:26:1d:4f:20:61:f9:
         50:42:68:a7:f7:ce:1a:42:fc:09:63:28:31:4c:0f:74:26:64:
         c4:2b:e8:4e:5e:4a:5f:1c:31:03:c8:52:d7:6f:ab:b9:f8:1c:
         ce:ef:51:81:57:c0:68:90:fd:6e:47:6c:a3:68:30:b4:1c:74:
         ad:26:79:42:a1:4a:08:80:0f:31:d6:3f:ce:42:4f:79:67:be:
         52:ee:f0:6f:9c:df:49:dd:d6:66:57:cf:31:b1:38:20:2c:60:
         1c:df:70:b8:a8:d4:e5:0f:75:34:34:de:2c:43:0f:2e:2f:31:
         0a:f4:2e:90:7e:85:2c:cf:9f:a0:1e:e2:76:40:64:c2:e2:3a:
         82:dd:d1:fd:82:6a:8e:d6:c3:e4:75:f4:28:1e:a0:58:f2:a5:
         5e:18:5f:d7:db:e9:ed:d6:b1:04:2d:2d:52:bb:0d:39:d8:ec:
         2f:b4:9b:52:4e:04:4d:8e:b5:76:e6:a0:97:b9:be:fb:1c:21:
         b8:86:e2:a8:2b:f8:ae:fc:9e:10:54:a6:c1:3c:d3:30:5e:c0:
         7b:f5:7b:fe
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEE7/51zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDQx
NzA2MzE0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGE5YThmZjY2MWI3
MTFhZWVmMzNhZjFiN2M4ZDlmNDUxNTkzNTE4ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL3/LWu7zMQ/zV12TrQpZEKXF/cNK6MW791hq7IadE/HK2Qh
28soWMCOYLKz9mD2YNcxsFmAhIaZvqfEatrTU49VgUopWuEDjxnJoNjjppNqOekj
gIAzS4AJU++CYSehkYWEEQmS1Df7UeyJ4lHc3C3a732V+asQFs4X9f1n8du9j0I/
ruNC5js+nx7qKlZzUpzaJlprgvXrbkp7uq/Pnj7gqGDqxJLs4A/aOvRiZdjteMPM
VPG2mnfJFmuQQ6M9aJsVQ4qg4r4cuRj0ENzfJh5+EJLz3MuHJ+hAAB6hMZ6TlW+z
DomtwFi4X6OwfDU6dhJjpkYJUuDYGZtWKQtXQfsCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBQKmo/2YbcRru8zrxt8jZ9FFZNRjTAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L0NwcVA5bUczRWE3dk02OGJmSTJmUlJXVFVZMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHACoOsQcOcAMHACoQLwABczANBgkq
hkiG9w0BAQsFAAOCAQEAMaBSuqaJd36RCYY7ob/A1zWH7e8VLRU1HpV5OpT8wQRl
qHuT2VkWsEeLWeC3sYlwJh1PIGH5UEJop/fOGkL8CWMoMUwPdCZkxCvoTl5KXxwx
A8hS12+rufgczu9RgVfAaJD9bkdso2gwtBx0rSZ5QqFKCIAPMdY/zkJPeWe+Uu7w
b5zfSd3WZlfPMbE4ICxgHN9wuKjU5Q91NDTeLEMPLi8xCvQukH6FLM+foB7idkBk
wuI6gt3R/YJqjtbD5HX0KB6gWPKlXhhf19vp7daxBC0tUrsNOdjsL7SbUk4ETY61
duagl7m++xwhuIbiqCv4rvyeEFSmwTzTMF7Ae/V7/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:27 2024 by rpki-client on console-fra.rpki-client.org