Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IKtXO5T09d6QILWJpYWzwMl8Lms.roa
File:                     IKtXO5T09d6QILWJpYWzwMl8Lms.roa (raw, json)
Hash identifier:          4UZaYZwbW/2okdHLM2/iS4RDQsS+B81dWCM75iVl9wE=
Subject key identifier:   20:AB:57:3B:94:F4:F5:DE:90:20:B5:89:A5:85:B3:C0:C9:7C:2E:6B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       14CB8BEA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IKtXO5T09d6QILWJpYWzwMl8Lms.roa
Signing time:             Sun 22 May 2022 13:22:30 +0000
ROA not before:           Sun 22 May 2022 13:22:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210563
IP address blocks:        2a10:cc44:170::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 348883946 (0x14cb8bea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May 22 13:22:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=20ab573b94f4f5de9020b589a585b3c0c97c2e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:06:98:36:b9:06:28:28:40:ae:70:54:45:c1:
                    34:b9:26:db:36:5f:1a:bb:d0:36:8c:43:bb:03:9e:
                    60:da:45:9d:11:09:b2:c7:91:85:9c:1b:30:07:f7:
                    26:c6:ae:cb:ba:be:ea:2d:d7:79:47:5f:ee:89:b0:
                    4d:7a:8a:32:f0:ab:b8:4a:5f:85:e5:00:99:19:29:
                    28:ba:22:91:3a:39:3f:22:f9:fa:36:49:61:d2:8d:
                    a1:9a:f0:0a:4e:4a:b1:eb:0a:34:fa:d4:54:b4:38:
                    22:ec:73:12:47:bd:57:58:bb:a0:3b:92:c9:32:a5:
                    bf:47:cf:60:6f:33:f5:ee:af:52:7c:da:5d:e2:8c:
                    a5:c8:5d:0f:01:56:0c:5b:b6:a7:7c:20:5a:3f:a0:
                    09:77:35:7d:40:6f:4b:35:e9:3f:f7:4d:bf:12:10:
                    59:f2:ec:7f:36:26:ee:73:be:5d:e3:9e:1f:65:f9:
                    d3:63:a2:21:ae:08:45:1c:26:3f:1a:10:c5:90:e3:
                    c0:6a:6b:2a:cb:d7:0a:4c:45:b0:85:6e:6f:78:71:
                    e8:ac:02:06:ef:b7:8e:c6:89:83:bf:85:51:5f:b7:
                    3a:56:26:0f:5d:87:31:d8:95:ae:6c:65:c5:ae:e5:
                    b0:11:42:fe:b3:55:b5:f0:e1:ba:a3:fb:0f:b9:24:
                    ac:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:AB:57:3B:94:F4:F5:DE:90:20:B5:89:A5:85:B3:C0:C9:7C:2E:6B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IKtXO5T09d6QILWJpYWzwMl8Lms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc44:170::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:a4:71:49:91:88:36:51:05:27:b2:e8:bf:f7:12:bb:51:a1:
         b1:75:e6:74:1e:a6:44:26:7d:25:ea:5c:86:f3:d9:3b:3a:b6:
         97:7c:f0:35:5a:84:52:2b:41:f5:e3:03:32:48:7e:e1:f8:8f:
         8c:fe:74:79:41:85:f9:7c:9c:46:38:54:53:1a:60:35:a4:c6:
         8b:bc:e1:66:b9:47:70:0c:1e:ae:7c:9a:da:ea:5f:c6:3f:31:
         91:be:b8:ce:77:6f:71:07:41:ef:24:28:02:14:ac:44:ea:94:
         24:04:f7:04:b6:b8:2b:23:cf:e1:bf:a2:62:7c:0a:51:5c:e3:
         ad:38:07:92:c2:c4:35:9d:e9:98:2f:99:fd:a9:38:e3:5f:af:
         77:54:27:f8:c6:44:71:5d:33:7d:41:3a:57:b1:d0:79:83:e1:
         5e:5b:04:c1:2f:0b:dd:6e:72:e2:58:47:3f:d7:15:d2:71:a2:
         48:40:5e:b8:97:b0:83:39:8e:5a:3e:d1:e5:e1:c4:e4:70:8d:
         a7:97:83:fe:75:75:7c:1c:d0:2a:f8:64:d0:fc:b5:38:56:4a:
         84:6d:3e:ec:8b:52:3c:32:b8:8b:cb:f9:0c:91:ae:5e:cd:ba:
         d8:1f:46:21:43:b1:90:cc:06:cd:7c:0a:82:af:a6:7d:4a:4b:
         4c:5f:a7:7b
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEFMuL6jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDUy
MjEzMjIzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjBhYjU3M2I5NGY0
ZjVkZTkwMjBiNTg5YTU4NWIzYzBjOTdjMmU2YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKYGmDa5BigoQK5wVEXBNLkm2zZfGrvQNoxDuwOeYNpFnREJ
sseRhZwbMAf3Jsauy7q+6i3XeUdf7omwTXqKMvCruEpfheUAmRkpKLoikTo5PyL5
+jZJYdKNoZrwCk5KsesKNPrUVLQ4IuxzEke9V1i7oDuSyTKlv0fPYG8z9e6vUnza
XeKMpchdDwFWDFu2p3wgWj+gCXc1fUBvSzXpP/dNvxIQWfLsfzYm7nO+XeOeH2X5
02OiIa4IRRwmPxoQxZDjwGprKsvXCkxFsIVub3hx6KwCBu+3jsaJg7+FUV+3OlYm
D12HMdiVrmxlxa7lsBFC/rNVtfDhuqP7D7kkrN8CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQgq1c7lPT13pAgtYmlhbPAyXwuazAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L0lLdFhPNVQwOWQ2UUlMV0pwWVd6d01sOExtcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoQzEQBcDANBgkqhkiG9w0BAQsF
AAOCAQEAHaRxSZGINlEFJ7Lov/cSu1GhsXXmdB6mRCZ9JepchvPZOzq2l3zwNVqE
UitB9eMDMkh+4fiPjP50eUGF+XycRjhUUxpgNaTGi7zhZrlHcAwernya2upfxj8x
kb64zndvcQdB7yQoAhSsROqUJAT3BLa4KyPP4b+iYnwKUVzjrTgHksLENZ3pmC+Z
/ak441+vd1Qn+MZEcV0zfUE6V7HQeYPhXlsEwS8L3W5y4lhHP9cV0nGiSEBeuJew
gzmOWj7R5eHE5HCNp5eD/nV1fBzQKvhk0Py1OFZKhG0+7ItSPDK4i8v5DJGuXs26
2B9GIUOxkMwGzXwKgq+mfUpLTF+new==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:29 2024 by rpki-client on console-fra.rpki-client.org