Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bRB4f2C1m7dJj7X6dtdkRjEp9so.roa
File:                     bRB4f2C1m7dJj7X6dtdkRjEp9so.roa (raw, json)
Hash identifier:          4FznbxsSZLT7T+GOmyzIHqi9xCLqcDUN2GkiFbX9zvI=
Subject key identifier:   6D:10:78:7F:60:B5:9B:B7:49:8F:B5:FA:76:D7:64:46:31:29:F6:CA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018525B373945659B7DA2007378F3B116477
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bRB4f2C1m7dJj7X6dtdkRjEp9so.roa
Signing time:             Sun 18 Dec 2022 14:46:35 +0000
ROA not before:           Sun 18 Dec 2022 14:46:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203446
IP address blocks:        2a0e:97c0:470::/48 maxlen: 48
                          2a0e:97c0:471::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:25:b3:73:94:56:59:b7:da:20:07:37:8f:3b:11:64:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec 18 14:46:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6d10787f60b59bb7498fb5fa76d764463129f6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:74:c2:2c:fb:2b:db:f8:48:95:7c:7c:a4:1f:
                    c9:4e:9a:d6:1b:06:6f:55:22:fe:cb:28:0a:52:14:
                    00:46:27:9d:6a:56:a2:db:1a:9b:41:d5:21:ef:0d:
                    cd:42:a1:25:fe:99:ee:e6:aa:f1:32:e1:e7:2f:dd:
                    15:24:33:5f:ef:42:95:fb:4f:25:c2:9d:ec:90:8f:
                    e7:b1:3f:b0:ea:9a:8e:b6:69:02:41:1c:7f:95:c1:
                    ac:2b:d6:62:bb:dc:7e:69:11:a1:a3:bd:21:ba:08:
                    63:36:c7:40:a0:bf:93:db:12:f3:96:6a:50:e9:b0:
                    62:31:24:6c:54:a6:6a:e9:93:fe:1c:6c:eb:0c:d2:
                    80:70:c2:5b:58:1e:a2:03:e6:cd:81:f3:24:67:29:
                    f3:6e:01:64:d0:11:f7:9a:cc:b8:bd:a0:3f:ae:ea:
                    79:dd:42:03:db:bd:91:7d:ae:0d:f6:2b:0e:18:77:
                    f5:b4:4e:f8:e7:78:1b:0e:f0:4a:f4:f8:14:43:8f:
                    61:58:49:b0:ff:4f:3b:44:c4:b6:4c:4b:41:da:d6:
                    60:13:38:96:2a:bb:48:7b:f1:d1:18:4f:c8:1e:1e:
                    a4:74:bd:f6:e2:75:6f:7e:37:94:11:5a:9c:dc:84:
                    ec:25:3c:56:14:6b:7c:df:4b:26:42:cb:b0:e9:68:
                    65:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:10:78:7F:60:B5:9B:B7:49:8F:B5:FA:76:D7:64:46:31:29:F6:CA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bRB4f2C1m7dJj7X6dtdkRjEp9so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:470::/47

    Signature Algorithm: sha256WithRSAEncryption
         25:a7:ee:2f:ef:fc:e4:95:e8:96:10:61:2f:ea:c2:cc:5e:93:
         74:12:19:19:bc:de:97:ad:f8:1a:f9:ef:e1:1e:79:07:e7:1f:
         e5:0a:0d:c0:81:8a:90:9d:41:a7:17:1c:1b:8a:0a:26:e6:9c:
         64:19:3b:87:c7:3e:e6:86:19:f5:d6:6a:4d:07:be:44:31:0c:
         53:17:01:50:25:67:73:39:da:0a:02:84:82:1a:03:07:c6:84:
         ad:36:e4:3d:b9:1f:ad:66:4e:94:f8:6f:62:3c:43:3a:a4:d8:
         82:5d:75:8b:56:31:42:f8:4a:95:90:e5:45:74:b5:61:ae:22:
         c1:3a:bb:5a:be:16:ce:e8:11:2e:a1:c5:e6:76:36:59:92:90:
         4d:0a:ec:1d:20:4e:3c:2c:62:41:d5:67:19:e1:6f:5c:8d:1d:
         c9:71:5a:88:f0:b3:12:d1:5c:13:3b:89:8d:4c:7f:c5:e8:b6:
         7a:f1:d7:d3:6f:bd:04:81:d0:3d:4e:b0:74:9b:0a:7c:9f:f9:
         a1:38:5d:f0:6a:e3:d3:2c:57:75:a4:8e:ed:cb:52:cb:ab:ce:
         2b:27:7c:8b:ab:4d:00:a2:0b:6a:58:ab:db:bf:0d:39:49:db:
         e6:4a:01:02:ce:1d:b2:f7:82:ec:f1:08:5b:9a:d6:80:9d:39:
         9d:d7:a8:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYUls3OUVlm32iAHN487EWR3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMjE4MTQ0NjM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDEwNzg3ZjYwYjU5YmI3NDk4ZmI1ZmE3NmQ3NjQ0NjMxMjlmNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHTCLPsr2/hIlXx8pB/JTprWGwZv
VSL+yygKUhQARiedalai2xqbQdUh7w3NQqEl/pnu5qrxMuHnL90VJDNf70KV+08l
wp3skI/nsT+w6pqOtmkCQRx/lcGsK9Ziu9x+aRGho70hughjNsdAoL+T2xLzlmpQ
6bBiMSRsVKZq6ZP+HGzrDNKAcMJbWB6iA+bNgfMkZynzbgFk0BH3msy4vaA/rup5
3UID272Rfa4N9isOGHf1tE7453gbDvBK9PgUQ49hWEmw/087RMS2TEtB2tZgEziW
KrtIe/HRGE/IHh6kdL324nVvfjeUEVqc3ITsJTxWFGt830smQsuw6WhlIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG0QeH9gtZu3SY+1+nbXZEYxKfbKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYlJCNGYyQzFtN2RKajdYNmR0ZGtSakVwOXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6XwARw
MA0GCSqGSIb3DQEBCwUAA4IBAQAlp+4v7/zkleiWEGEv6sLMXpN0EhkZvN6Xrfga
+e/hHnkH5x/lCg3AgYqQnUGnFxwbigom5pxkGTuHxz7mhhn11mpNB75EMQxTFwFQ
JWdzOdoKAoSCGgMHxoStNuQ9uR+tZk6U+G9iPEM6pNiCXXWLVjFC+EqVkOVFdLVh
riLBOrtavhbO6BEuocXmdjZZkpBNCuwdIE48LGJB1WcZ4W9cjR3JcVqI8LMS0VwT
O4mNTH/F6LZ68dfTb70EgdA9TrB0mwp8n/mhOF3wauPTLFd1pI7ty1LLq84rJ3yL
q00AogtqWKvbvw05SdvmSgECzh2y94Ls8QhbmtaAnTmd16iE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:07 2024 by rpki-client on console-ams.rpki-client.org