Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TozoQtznBOdCPB3TfQd6jmqA-nc.roa
File:                     TozoQtznBOdCPB3TfQd6jmqA-nc.roa (raw, json)
Hash identifier:          NgLC4cBO1Vb4fJ/LCCWut8OBTbi1997K41QiwPdKNcA=
Subject key identifier:   4E:8C:E8:42:DC:E7:04:E7:42:3C:1D:D3:7D:07:7A:8E:6A:80:FA:77
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0184E74FBA62A2F1183F7B3142D250EFD08A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TozoQtznBOdCPB3TfQd6jmqA-nc.roa
Signing time:             Tue 06 Dec 2022 12:01:12 +0000
ROA not before:           Tue 06 Dec 2022 12:01:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201398
IP address blocks:        2a0e:b107:1c88::/48 maxlen: 48
                          2a0e:b107:1c80::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e7:4f:ba:62:a2:f1:18:3f:7b:31:42:d2:50:ef:d0:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec  6 12:01:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4e8ce842dce704e7423c1dd37d077a8e6a80fa77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b9:01:ba:32:69:29:db:72:60:8d:62:eb:6d:
                    8c:50:26:b8:b3:e2:f1:9a:c9:b7:45:7c:68:50:04:
                    a8:f5:7a:23:42:23:66:3e:d6:32:0a:f8:a4:e3:09:
                    b6:dc:5b:91:6b:7e:df:70:30:f7:eb:d2:c7:fb:1e:
                    6f:bc:ee:d1:d9:59:9e:51:14:14:0d:d2:e9:a2:5b:
                    28:39:d3:7a:e4:33:e3:8a:d1:1c:ae:d0:54:cd:00:
                    7c:b5:24:d1:31:3d:04:93:eb:a8:ff:a9:b2:3b:50:
                    ea:60:62:17:e9:2c:4e:38:cc:03:d1:a3:a3:06:11:
                    05:cb:fa:67:69:1c:a8:93:41:59:72:c0:0f:ca:5d:
                    30:62:74:d6:36:10:06:e7:b8:41:f0:86:d2:07:f5:
                    96:e3:3c:09:ae:be:8c:1d:3b:8c:bd:ce:db:c8:d9:
                    0a:5a:cd:8a:f2:3e:1f:58:bb:6c:79:e8:d5:5e:1a:
                    c3:71:20:4d:63:e3:17:70:2f:94:08:39:c9:bc:eb:
                    9b:1e:ac:43:d3:9d:34:2a:dc:13:1d:3e:bd:c8:1c:
                    b7:95:d9:83:1f:56:c6:6d:7f:f0:19:5c:ad:bd:29:
                    78:df:2b:e4:35:a2:f6:49:58:3d:1f:9b:82:d0:c4:
                    a9:fe:e8:8b:17:a3:48:c1:73:e7:d2:39:27:37:50:
                    d7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8C:E8:42:DC:E7:04:E7:42:3C:1D:D3:7D:07:7A:8E:6A:80:FA:77
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TozoQtznBOdCPB3TfQd6jmqA-nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1c80::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:e3:d8:d4:04:85:91:df:be:ef:08:2a:07:00:4a:96:dc:ea:
         fd:b2:b1:b7:0e:5c:f8:3a:d4:61:06:1e:6f:7a:7e:df:e4:64:
         65:85:f9:c3:ce:b6:79:ab:ae:92:da:9b:82:bb:a4:21:47:b3:
         c1:8d:58:8e:a5:89:03:4c:e2:95:a8:35:bc:fa:8d:69:01:12:
         c5:ae:0d:2c:5e:f1:d7:8a:e2:4d:8b:fc:50:ed:e7:4c:41:87:
         66:c3:87:55:c2:b0:3e:82:5a:41:5a:a1:13:01:23:77:3d:0e:
         90:13:6a:1c:12:c6:5f:34:64:0e:46:72:12:19:ac:f3:3f:ad:
         e4:b0:28:1f:4e:e0:a2:eb:c8:d0:56:5d:06:d3:95:75:d7:a6:
         f8:6f:16:38:de:c1:43:16:45:29:89:ea:20:d3:18:7a:f9:c5:
         ee:00:86:4e:94:22:7b:37:5d:45:49:2e:c3:cd:43:d5:68:b2:
         b1:60:58:51:1d:fa:fd:3f:52:da:c7:4f:33:5a:43:b1:c2:64:
         00:21:53:47:76:9c:ae:fc:68:30:9b:f3:36:a1:90:5d:1e:e5:
         dd:88:b4:cf:24:24:55:2c:35:3e:85:49:1c:c7:c7:15:dc:b3:
         2d:ba:b0:2b:a0:64:04:8a:13:ef:e8:aa:2c:34:f1:7c:72:23:
         0e:5d:d5:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYTnT7piovEYP3sxQtJQ79CKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMjA2MTIwMTEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThjZTg0MmRjZTcwNGU3NDIzYzFkZDM3ZDA3N2E4ZTZhODBmYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rkBujJpKdtyYI1i622MUCa4s+Lx
msm3RXxoUASo9XojQiNmPtYyCvik4wm23FuRa37fcDD369LH+x5vvO7R2VmeURQU
DdLpolsoOdN65DPjitEcrtBUzQB8tSTRMT0Ek+uo/6myO1DqYGIX6SxOOMwD0aOj
BhEFy/pnaRyok0FZcsAPyl0wYnTWNhAG57hB8IbSB/WW4zwJrr6MHTuMvc7byNkK
Ws2K8j4fWLtseejVXhrDcSBNY+MXcC+UCDnJvOubHqxD0500KtwTHT69yBy3ldmD
H1bGbX/wGVytvSl43yvkNaL2SVg9H5uC0MSp/uiLF6NIwXPn0jknN1DX/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE6M6ELc5wTnQjwd030Heo5qgPp3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVG96b1F0em5CT2RDUEIzVGZRZDZqbXFBLW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxyA
MA0GCSqGSIb3DQEBCwUAA4IBAQCV49jUBIWR377vCCoHAEqW3Or9srG3Dlz4OtRh
Bh5ven7f5GRlhfnDzrZ5q66S2puCu6QhR7PBjViOpYkDTOKVqDW8+o1pARLFrg0s
XvHXiuJNi/xQ7edMQYdmw4dVwrA+glpBWqETASN3PQ6QE2ocEsZfNGQORnISGazz
P63ksCgfTuCi68jQVl0G05V116b4bxY43sFDFkUpieog0xh6+cXuAIZOlCJ7N11F
SS7DzUPVaLKxYFhRHfr9P1Lax08zWkOxwmQAIVNHdpyu/Ggwm/M2oZBdHuXdiLTP
JCRVLDU+hUkcx8cV3LMturAroGQEihPv6KosNPF8ciMOXdVw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:03 2024 by rpki-client on console-ams.rpki-client.org