Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cpoJhuwDY2VHUBcGGoWMHZ8sgcg.roa
File:                     cpoJhuwDY2VHUBcGGoWMHZ8sgcg.roa (raw, json)
Hash identifier:          WYkE4loVENwEleEfOe8eWQKbjz61dJ4Y7qou23IwsLI=
Subject key identifier:   72:9A:09:86:EC:03:63:65:47:50:17:06:1A:85:8C:1D:9F:2C:81:C8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01850A98A4C1686D1976D5BDC12D8FAF041B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cpoJhuwDY2VHUBcGGoWMHZ8sgcg.roa
Signing time:             Tue 13 Dec 2022 08:27:33 +0000
ROA not before:           Tue 13 Dec 2022 08:27:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212164
IP address blocks:        2a0e:b107:1d20::/48 maxlen: 48
                          2a0e:b107:1d25::/48 maxlen: 48
                          2a0e:b107:1d22::/48 maxlen: 48
                          2a0e:b107:1d2a::/48 maxlen: 48
                          2a0e:b107:1d21::/48 maxlen: 48
                          2a0e:b107:1d23::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0a:98:a4:c1:68:6d:19:76:d5:bd:c1:2d:8f:af:04:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec 13 08:27:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=729a0986ec036365475017061a858c1d9f2c81c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:83:77:81:53:92:8d:bf:f1:02:75:8c:3a:aa:
                    8f:fa:70:a7:c0:4b:4a:a2:0c:28:07:e9:a4:70:37:
                    58:d1:de:07:4c:91:87:d7:f8:6e:d5:0e:87:b8:eb:
                    59:8e:36:38:19:f0:a9:53:4a:60:03:bf:5c:33:88:
                    95:12:f1:95:80:d1:56:d7:69:44:bd:5b:f7:f0:06:
                    d0:26:e6:29:0b:b4:95:c5:ac:38:87:d6:fa:4b:80:
                    85:04:e5:cd:a2:b6:57:54:36:16:85:3f:13:3c:bb:
                    1b:88:e4:cd:d8:9c:46:8b:7c:82:50:66:e1:25:29:
                    f8:01:24:03:b9:cd:c0:78:d7:d0:ca:1c:98:ca:79:
                    d5:c1:6b:e6:ca:38:cd:ee:be:ef:04:9e:51:48:78:
                    7e:07:9e:b8:0e:dd:a5:b0:5c:ca:21:85:9a:fe:ff:
                    39:55:06:5b:8d:69:f3:e6:e7:da:d5:52:4b:c3:ed:
                    7c:9b:12:7a:23:71:24:77:b9:e2:92:a6:55:a8:67:
                    5d:c8:fe:7d:25:23:db:3f:20:cf:9e:af:64:62:e7:
                    ee:75:42:9f:fa:c3:67:26:40:cd:af:f4:d1:6c:57:
                    79:7c:ff:36:a4:72:36:4b:46:b5:46:c6:31:fc:bf:
                    45:08:34:ff:88:85:79:30:21:20:4a:5b:ea:4f:87:
                    d3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9A:09:86:EC:03:63:65:47:50:17:06:1A:85:8C:1D:9F:2C:81:C8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cpoJhuwDY2VHUBcGGoWMHZ8sgcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1d20::/46
                  2a0e:b107:1d25::/48
                  2a0e:b107:1d2a::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:14:70:db:bd:58:26:19:d3:31:3b:a0:c7:cb:39:95:a3:42:
         52:52:94:19:26:43:6c:fd:00:89:54:b6:bd:1e:eb:7b:96:52:
         ea:4c:88:fa:77:20:90:d9:40:a2:7d:47:23:8a:a9:f9:b3:e7:
         80:63:5e:e6:37:10:38:da:01:53:95:cf:bd:9a:55:5b:1a:b0:
         56:c6:f8:66:fa:be:e8:aa:05:89:84:cc:6f:5d:74:a3:6c:cf:
         03:22:ca:36:90:79:be:ad:18:aa:6e:7a:3e:79:39:43:bd:e7:
         48:a3:85:42:76:c3:61:20:a9:1a:a5:6a:96:cc:13:96:5e:b7:
         59:ad:75:65:65:63:dd:86:7d:80:6f:86:8f:72:78:21:10:b9:
         27:d7:8a:3f:e7:cd:64:a2:81:ba:d4:8d:67:c3:ae:75:a5:42:
         7b:f0:cb:23:8f:c1:94:a1:d7:3a:0a:f0:38:74:cd:67:1c:4b:
         87:07:04:3c:6c:4d:a1:49:c8:27:17:b4:08:63:1d:67:b6:65:
         cb:af:a3:42:13:29:ad:fd:d2:d0:88:64:db:8b:39:9d:a8:06:
         fc:71:d3:bf:df:c7:69:bd:cf:5c:88:06:0a:2c:9d:33:fb:26:
         3d:77:fb:1c:b8:a2:b0:5f:c1:ae:99:d6:fc:29:d8:87:d5:a9:
         59:4b:8d:3f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYUKmKTBaG0ZdtW9wS2PrwQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMjEzMDgyNzMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjlhMDk4NmVjMDM2MzY1NDc1MDE3MDYxYTg1OGMxZDlmMmM4MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYN3gVOSjb/xAnWMOqqP+nCnwEtK
ogwoB+mkcDdY0d4HTJGH1/hu1Q6HuOtZjjY4GfCpU0pgA79cM4iVEvGVgNFW12lE
vVv38AbQJuYpC7SVxaw4h9b6S4CFBOXNorZXVDYWhT8TPLsbiOTN2JxGi3yCUGbh
JSn4ASQDuc3AeNfQyhyYynnVwWvmyjjN7r7vBJ5RSHh+B564Dt2lsFzKIYWa/v85
VQZbjWnz5ufa1VJLw+18mxJ6I3Ekd7nikqZVqGddyP59JSPbPyDPnq9kYufudUKf
+sNnJkDNr/TRbFd5fP82pHI2S0a1RsYx/L9FCDT/iIV5MCEgSlvqT4fTDwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHKaCYbsA2NlR1AXBhqFjB2fLIHIMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY3BvSmh1d0RZMlZIVUJjR0dvV01IWjhzZ2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcCKg6xBx0g
AwcAKg6xBx0lAwcAKg6xBx0qMA0GCSqGSIb3DQEBCwUAA4IBAQBlFHDbvVgmGdMx
O6DHyzmVo0JSUpQZJkNs/QCJVLa9Hut7llLqTIj6dyCQ2UCifUcjiqn5s+eAY17m
NxA42gFTlc+9mlVbGrBWxvhm+r7oqgWJhMxvXXSjbM8DIso2kHm+rRiqbno+eTlD
vedIo4VCdsNhIKkapWqWzBOWXrdZrXVlZWPdhn2Ab4aPcnghELkn14o/581kooG6
1I1nw651pUJ78Msjj8GUodc6CvA4dM1nHEuHBwQ8bE2hScgnF7QIYx1ntmXLr6NC
Eymt/dLQiGTbizmdqAb8cdO/38dpvc9ciAYKLJ0z+yY9d/scuKKwX8Gumdb8KdiH
1alZS40/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:08 2024 by rpki-client on console-ams.rpki-client.org