Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cjl4K_Ap6OeV4kTdkQSRWMQDKdE.roa
File:                     cjl4K_Ap6OeV4kTdkQSRWMQDKdE.roa (raw, json)
Hash identifier:          TXnGfYTPfWcp89DaAyxbeBHo/XxBphYNbjEFH3oynzw=
Subject key identifier:   72:39:78:2B:F0:29:E8:E7:95:E2:44:DD:91:04:91:58:C4:03:29:D1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       153ED92C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cjl4K_Ap6OeV4kTdkQSRWMQDKdE.roa
Signing time:             Tue 21 Jun 2022 09:51:45 +0000
ROA not before:           Tue 21 Jun 2022 09:51:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a10:cc42:1000::/36 maxlen: 48
                          2a0e:b107:1163::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 356440364 (0x153ed92c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 21 09:51:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7239782bf029e8e795e244dd91049158c40329d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e4:d2:07:b1:16:b4:e5:14:c8:2d:ae:ea:97:
                    df:0a:58:2e:cc:82:86:cf:2d:dc:5b:e6:9b:e3:ad:
                    9e:59:67:28:20:5e:50:be:a4:6a:72:f1:15:5d:81:
                    ca:8d:02:3d:16:02:11:5d:15:43:74:20:f2:1b:63:
                    d7:1f:89:34:ec:c3:c5:dc:a2:0b:95:22:20:86:54:
                    db:d7:d5:bc:32:d8:e6:22:6d:89:41:96:a4:9d:4e:
                    eb:b5:92:a6:74:ab:54:70:96:54:55:a4:dc:03:c6:
                    ab:d9:bd:45:f7:96:1c:4e:47:48:0e:42:b5:ba:19:
                    49:03:c6:36:aa:cd:11:e7:6c:7e:34:aa:bb:4a:47:
                    dd:e8:11:a7:2c:f4:24:9a:c6:72:f5:d0:47:e4:95:
                    9f:59:ed:05:38:87:23:37:74:99:f2:6c:a8:51:27:
                    12:a9:cf:0c:18:70:6f:fa:a8:a7:ec:21:53:fc:b5:
                    a2:74:fa:10:bc:c7:db:d3:fe:8e:e2:f2:bc:a0:19:
                    40:0f:2b:f4:10:28:3a:ca:2c:27:b0:2c:8a:5a:1f:
                    16:29:ce:9e:c3:13:8b:24:4f:d4:44:a0:a0:9c:d9:
                    a7:42:cc:36:d7:77:00:bf:7b:15:8a:7e:a1:5a:83:
                    a1:8d:84:5c:61:4a:73:60:db:a8:84:af:91:58:45:
                    35:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:39:78:2B:F0:29:E8:E7:95:E2:44:DD:91:04:91:58:C4:03:29:D1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cjl4K_Ap6OeV4kTdkQSRWMQDKdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1163::/48
                  2a0e:b107:1870::/48
                  2a10:cc42:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         94:fb:4e:85:3e:54:8d:68:6a:68:51:f1:ca:0d:34:23:39:fd:
         98:28:45:94:e7:aa:62:f7:66:f2:a0:d0:00:55:16:62:6c:e0:
         32:a0:c7:dc:81:6b:84:79:2a:b4:6d:aa:22:87:b8:29:25:da:
         a2:d1:e3:73:87:ff:28:c7:35:36:7f:10:d8:b3:07:e5:df:72:
         c5:1e:46:e9:b3:a9:a0:66:8d:13:5e:4f:e8:9b:42:22:19:6f:
         89:18:c2:f5:0f:b7:eb:4f:04:b6:f0:3c:f3:ca:ea:b7:52:97:
         68:43:d8:35:31:5a:38:8f:9b:30:bf:ed:b4:c5:9e:93:69:78:
         b6:e8:84:e8:3d:e9:ca:2b:a3:09:67:95:5b:91:7f:86:d1:46:
         5b:5d:b2:c3:8d:02:e6:3b:92:53:3f:58:5c:d4:1b:1d:5f:e7:
         51:59:db:56:bb:05:35:81:cc:9e:49:17:b1:f1:46:b0:9d:a0:
         00:6c:ea:41:8a:df:3e:40:84:33:65:32:3e:02:e2:4a:24:72:
         b2:a5:8f:3f:f2:10:37:dc:ff:60:61:f3:8b:27:72:d6:db:81:
         28:2c:7b:8b:c7:d4:7e:15:ed:b0:93:67:23:05:a2:a2:41:33:
         a4:ca:b6:db:f0:1d:d7:d0:c8:09:28:fa:74:ad:da:bc:a3:df:
         88:9d:6c:c2
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIEFT7ZLDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDYy
MTA5NTE0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzIzOTc4MmJmMDI5
ZThlNzk1ZTI0NGRkOTEwNDkxNThjNDAzMjlkMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKPk0gexFrTlFMgtruqX3wpYLsyChs8t3Fvmm+OtnllnKCBe
UL6kanLxFV2Byo0CPRYCEV0VQ3Qg8htj1x+JNOzDxdyiC5UiIIZU29fVvDLY5iJt
iUGWpJ1O67WSpnSrVHCWVFWk3APGq9m9RfeWHE5HSA5CtboZSQPGNqrNEedsfjSq
u0pH3egRpyz0JJrGcvXQR+SVn1ntBTiHIzd0mfJsqFEnEqnPDBhwb/qop+whU/y1
onT6ELzH29P+juLyvKAZQA8r9BAoOsosJ7AsilofFinOnsMTiyRP1ESgoJzZp0LM
Ntd3AL97FYp+oVqDoY2EXGFKc2DbqISvkVhFNdUCAwEAAaOCAoYwggKCMB0GA1Ud
DgQWBBRyOXgr8Cno55XiRN2RBJFYxAMp0TAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L2NqbDRLX0FwNk9lVjRrVGRrUVNSV01RREtkRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
mwYIKwYBBQUHAQcBAf8EgYswgYgwgYUEAgACMH8DBwAqDpfABzYDBwAqDpfABz8D
BwAqDpfAB1ADBwAqDpfAB28DBwAqDrECAS8wEgMHBCoOsQcF0AMHBCoOsQcF4AMH
BCoOsQcJAAMHACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMHACoOsQcRYwMHACoO
sQcYcAMGBCoQzEIQMA0GCSqGSIb3DQEBCwUAA4IBAQCU+06FPlSNaGpoUfHKDTQj
Of2YKEWU56pi92byoNAAVRZibOAyoMfcgWuEeSq0baoih7gpJdqi0eNzh/8oxzU2
fxDYswfl33LFHkbps6mgZo0TXk/om0IiGW+JGML1D7frTwS28Dzzyuq3UpdoQ9g1
MVo4j5swv+20xZ6TaXi26IToPenKK6MJZ5VbkX+G0UZbXbLDjQLmO5JTP1hc1Bsd
X+dRWdtWuwU1gcyeSRex8UawnaAAbOpBit8+QIQzZTI+AuJKJHKypY8/8hA33P9g
YfOLJ3LW24EoLHuLx9R+Fe2wk2cjBaKiQTOkyrbb8B3X0MgJKPp0rdq8o9+InWzC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:35 2024 by rpki-client on console-fra.rpki-client.org