Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T5IpMJSnvE9wuycBoVCEBDlbSjo.roa
File:                     T5IpMJSnvE9wuycBoVCEBDlbSjo.roa (raw, json)
Hash identifier:          REEUA/y4H3Ubc2573fvV7GStR/Fquvg3fEJxCCKSnRE=
Subject key identifier:   4F:92:29:30:94:A7:BC:4F:70:BB:27:01:A1:50:84:04:39:5B:4A:3A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       10FE4AF7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T5IpMJSnvE9wuycBoVCEBDlbSjo.roa
Signing time:             Sat 01 Jan 2022 09:06:03 +0000
ROA not before:           Sat 01 Jan 2022 09:06:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398355
IP address blocks:        2a0e:b107:14ff::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 285100791 (0x10fe4af7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  1 09:06:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4f92293094a7bc4f70bb2701a1508404395b4a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c2:27:e7:68:c6:cb:fd:c5:1d:0c:ad:35:b9:
                    2b:f9:fe:9c:fd:83:2a:30:72:4b:0e:28:1a:32:5e:
                    c1:dd:e9:b7:c3:84:22:64:60:e1:6f:3e:16:3e:ce:
                    5a:2a:67:de:18:4b:04:37:ac:65:36:32:db:5c:88:
                    c2:5a:28:0a:cb:0f:25:bd:8e:07:9e:9e:e5:82:38:
                    ed:0b:5d:95:5a:24:a7:06:4c:62:57:d5:49:1e:9e:
                    67:a7:39:0d:e1:07:33:5b:a9:1d:29:a0:02:9d:1d:
                    3e:33:6d:7f:8f:8b:99:f4:56:09:9d:25:fa:49:cc:
                    3e:f7:94:48:af:d6:d4:b8:45:ad:83:bc:66:ab:77:
                    6c:5e:b6:cc:31:9d:4b:f4:81:69:93:21:8b:05:82:
                    0d:04:1a:09:2e:0b:98:ee:ae:19:91:e6:01:41:2d:
                    7a:fc:ae:43:6f:02:d0:79:f0:7b:20:dc:a0:d3:4c:
                    49:73:25:e3:ba:1e:ee:17:fd:66:88:e3:39:51:9c:
                    b8:c6:b9:da:2e:4c:cd:83:59:51:47:7d:52:f1:83:
                    79:18:5e:99:a9:cc:aa:ba:62:a0:34:8f:a0:c6:ce:
                    14:a4:29:1b:b1:84:a8:cb:1c:3b:e2:de:28:dc:35:
                    be:65:0d:fa:2a:96:f4:1b:e4:f7:88:2b:87:17:a1:
                    61:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:92:29:30:94:A7:BC:4F:70:BB:27:01:A1:50:84:04:39:5B:4A:3A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T5IpMJSnvE9wuycBoVCEBDlbSjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:14ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:2d:c1:3e:c7:16:fb:d3:6b:58:ec:f2:86:d3:f9:e4:86:78:
         c5:e6:89:ca:16:6f:11:12:aa:58:78:25:1c:f3:08:a6:88:f4:
         55:b3:67:22:f7:3a:84:fa:75:90:f3:ec:80:14:d8:0a:21:32:
         ef:d5:ae:14:93:14:1f:92:99:f5:1f:e9:57:a0:08:9d:70:63:
         60:53:09:59:e3:e2:48:2d:8e:2a:06:91:6d:d4:d6:02:6c:de:
         29:53:0e:97:b4:12:23:cc:78:65:68:13:69:7e:c3:60:f4:18:
         11:46:8a:60:90:af:b6:d8:eb:74:8e:29:12:97:1d:d1:48:44:
         9f:2d:96:e2:ae:2d:71:ad:0c:54:9e:a8:dc:1b:c1:f8:2e:66:
         30:e7:fa:ac:1d:8d:3d:64:31:92:e9:ef:e6:2e:6f:d8:07:a4:
         db:10:fd:85:f1:4a:c4:8f:b8:5a:1e:97:fe:af:1d:8f:ad:86:
         13:dd:5b:e5:c6:7c:25:00:ed:3c:ba:c6:a8:da:f4:a1:0f:be:
         b5:16:5c:ec:2e:28:80:f0:73:e2:32:39:11:30:45:7a:12:8e:
         e3:43:28:1e:83:ac:ac:27:32:6e:ff:3a:f4:b8:b5:ec:42:97:
         3c:ee:56:5e:a4:98:df:a5:bd:01:9f:ff:a3:a6:c8:40:38:91:
         5e:5a:da:be
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEEP5K9zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDEw
MTA5MDYwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGY5MjI5MzA5NGE3
YmM0ZjcwYmIyNzAxYTE1MDg0MDQzOTViNGEzYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANTCJ+doxsv9xR0MrTW5K/n+nP2DKjBySw4oGjJewd3pt8OE
ImRg4W8+Fj7OWipn3hhLBDesZTYy21yIwlooCssPJb2OB56e5YI47QtdlVokpwZM
YlfVSR6eZ6c5DeEHM1upHSmgAp0dPjNtf4+LmfRWCZ0l+knMPveUSK/W1LhFrYO8
Zqt3bF62zDGdS/SBaZMhiwWCDQQaCS4LmO6uGZHmAUEtevyuQ28C0HnweyDcoNNM
SXMl47oe7hf9ZojjOVGcuMa52i5MzYNZUUd9UvGDeRhemanMqrpioDSPoMbOFKQp
G7GEqMscO+LeKNw1vmUN+iqW9Bvk94grhxehYVMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRPkikwlKe8T3C7JwGhUIQEOVtKOjAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L1Q1SXBNSlNudkU5d3V5Y0JvVkNFQkRsYlNqby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOsQcU/zANBgkqhkiG9w0BAQsF
AAOCAQEAEi3BPscW+9NrWOzyhtP55IZ4xeaJyhZvERKqWHglHPMIpoj0VbNnIvc6
hPp1kPPsgBTYCiEy79WuFJMUH5KZ9R/pV6AInXBjYFMJWePiSC2OKgaRbdTWAmze
KVMOl7QSI8x4ZWgTaX7DYPQYEUaKYJCvttjrdI4pEpcd0UhEny2W4q4tca0MVJ6o
3BvB+C5mMOf6rB2NPWQxkunv5i5v2Aek2xD9hfFKxI+4Wh6X/q8dj62GE91b5cZ8
JQDtPLrGqNr0oQ++tRZc7C4ogPBz4jI5ETBFehKO40MoHoOsrCcybv869Li17EKX
PO5WXqSY36W9AZ//o6bIQDiRXlravg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:32 2024 by rpki-client on console-fra.rpki-client.org