Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GQqEra8_vcLUFKFl8OtcWGC5-LA.roa
File:                     GQqEra8_vcLUFKFl8OtcWGC5-LA.roa (raw, json)
Hash identifier:          ZnfB7+A24E7tFFHJF5jBl2Fp9PdP49jWvTPrxqe0+bA=
Subject key identifier:   19:0A:84:AD:AF:3F:BD:C2:D4:14:A1:65:F0:EB:5C:58:60:B9:F8:B0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01841BB75C10263D9322FCE402E49D4E252D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GQqEra8_vcLUFKFl8OtcWGC5-LA.roa
Signing time:             Thu 27 Oct 2022 23:11:52 +0000
ROA not before:           Thu 27 Oct 2022 23:11:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a10:cc44:800::/37 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:97c7:800::/37 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:1b:b7:5c:10:26:3d:93:22:fc:e4:02:e4:9d:4e:25:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 27 23:11:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=190a84adaf3fbdc2d414a165f0eb5c5860b9f8b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7d:64:69:de:9b:3e:77:59:94:d0:ad:5c:cd:
                    e0:83:e9:31:e5:f1:2c:10:41:02:11:d2:24:3d:7d:
                    96:e2:84:53:12:7f:73:38:28:ac:46:47:1f:8b:51:
                    89:98:19:da:3c:72:8b:27:c8:4e:16:c6:6b:89:d4:
                    c4:b7:ef:f7:ec:41:47:ca:83:fd:c7:52:fe:88:a4:
                    6d:1e:a2:ad:ea:2b:a1:3f:0a:f9:94:19:93:87:3d:
                    93:8e:d7:03:30:10:c9:32:1a:6d:78:28:e5:4b:3a:
                    dd:7a:a5:a4:ad:50:65:99:d4:9f:8a:b6:a7:1b:0d:
                    d7:64:18:b7:44:f7:0a:b3:c8:d2:4a:9c:e8:09:87:
                    3b:b4:53:22:1e:80:6a:08:f3:b5:41:8f:34:82:94:
                    c0:a1:71:0c:2f:27:28:cb:1c:81:ae:57:e9:76:25:
                    6f:99:7b:0b:fa:9b:ba:36:41:6e:f2:fe:4d:2c:09:
                    b2:3f:31:ee:f3:ac:b1:52:90:6a:84:25:7d:68:dd:
                    4b:47:08:38:4d:72:c7:7a:d3:77:09:65:fd:06:90:
                    bb:2b:d1:a3:49:35:fc:6a:0c:03:07:a8:99:00:bc:
                    b6:ab:06:ef:3d:47:ef:b9:b0:3a:a7:eb:76:60:d2:
                    48:0d:a2:18:80:e1:11:96:9e:36:0b:93:8f:3d:b9:
                    4c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:0A:84:AD:AF:3F:BD:C2:D4:14:A1:65:F0:EB:5C:58:60:B9:F8:B0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GQqEra8_vcLUFKFl8OtcWGC5-LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:97c7:800::/37
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a10:cc44:800::/37

    Signature Algorithm: sha256WithRSAEncryption
         ac:11:d7:1a:49:8b:5a:83:93:27:fe:a8:ff:92:16:e4:16:94:
         62:6c:70:b2:d3:e8:13:f3:c4:58:d0:ac:ab:58:0d:ef:65:cd:
         a5:94:65:18:af:5d:5d:1a:37:f4:25:44:8a:b8:39:78:45:17:
         52:11:7b:da:8d:c3:53:d0:f6:38:e0:ca:0f:41:b1:ae:ae:ec:
         5f:8d:f7:6c:ca:fa:c1:3d:e3:c4:72:41:eb:c5:7c:1f:fc:c5:
         ae:87:b3:dd:02:ae:90:9f:0a:0c:07:fc:cc:84:65:fc:95:95:
         41:d6:33:39:56:fa:a7:11:37:68:97:f4:f4:d9:41:24:d7:da:
         73:4f:40:64:6e:99:81:12:6d:7d:80:ed:3a:1c:f4:78:e1:93:
         7d:27:5c:b9:44:53:e3:f2:90:dd:93:c2:f5:d9:9f:bd:eb:91:
         8e:47:3e:dd:07:10:c6:3f:ef:21:61:60:bb:23:48:64:e0:01:
         ce:f1:1c:3f:5d:5b:ad:4b:ab:a8:04:74:0e:69:7a:1a:c5:3c:
         16:0a:54:64:8a:f6:20:4c:27:7f:37:b3:52:d4:04:d8:3f:3b:
         35:31:ca:1d:7d:70:0d:d0:97:23:95:de:ac:d6:88:1f:bc:cf:
         ed:ae:c1:15:08:a9:f4:ac:d2:34:c0:70:1f:dc:2c:41:ee:d6:
         f6:86:4b:cf
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYQbt1wQJj2TIvzkAuSdTiUtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMDI3MjMxMTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTBhODRhZGFmM2ZiZGMyZDQxNGExNjVmMGViNWM1ODYwYjlmOGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkX1kad6bPndZlNCtXM3gg+kx5fEs
EEECEdIkPX2W4oRTEn9zOCisRkcfi1GJmBnaPHKLJ8hOFsZridTEt+/37EFHyoP9
x1L+iKRtHqKt6iuhPwr5lBmThz2TjtcDMBDJMhpteCjlSzrdeqWkrVBlmdSfiran
Gw3XZBi3RPcKs8jSSpzoCYc7tFMiHoBqCPO1QY80gpTAoXEMLycoyxyBrlfpdiVv
mXsL+pu6NkFu8v5NLAmyPzHu86yxUpBqhCV9aN1LRwg4TXLHetN3CWX9BpC7K9Gj
STX8agwDB6iZALy2qwbvPUfvubA6p+t2YNJIDaIYgOERlp42C5OPPblMzwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFBkKhK2vP73C1BShZfDrXFhgufiwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR1FxRXJhOF92Y0xVRktGbDhPdGNXR0M1LUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAIwfgMHACoO
l8AHNgMHACoOl8AHPwMHACoOl8AHUAMHACoOl8AHbwMGAyoOl8cIAwcAKg6xAgEv
MBIDBwQqDrEHBdADBwQqDrEHBeADBwQqDrEHCQADBwAqDrEHCfQDBwAqDrEHCfYD
BwAqDrEHDfIDBwAqDrEHGHADBgMqEMxECDANBgkqhkiG9w0BAQsFAAOCAQEArBHX
GkmLWoOTJ/6o/5IW5BaUYmxwstPoE/PEWNCsq1gN72XNpZRlGK9dXRo39CVEirg5
eEUXUhF72o3DU9D2OODKD0Gxrq7sX433bMr6wT3jxHJB68V8H/zFroez3QKukJ8K
DAf8zIRl/JWVQdYzOVb6pxE3aJf09NlBJNfac09AZG6ZgRJtfYDtOhz0eOGTfSdc
uURT4/KQ3ZPC9dmfveuRjkc+3QcQxj/vIWFguyNIZOABzvEcP11brUurqAR0Dml6
GsU8FgpUZIr2IEwnfzezUtQE2D87NTHKHX1wDdCXI5XerNaIH7zP7a7BFQip9KzS
NMBwH9wsQe7W9oZLzw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:58 2024 by rpki-client on console-ams.rpki-client.org