Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i5tYcS6t2W7PqzCGZARHqx5zwnM.roa
File:                     i5tYcS6t2W7PqzCGZARHqx5zwnM.roa (raw, json)
Hash identifier:          bpMVbRrP46PTbNGdWfuBailHMtU5MI/nOFWwpIFszGQ=
Subject key identifier:   8B:9B:58:71:2E:AD:D9:6E:CF:AB:30:86:64:04:47:AB:1E:73:C2:73
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       13F44768
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i5tYcS6t2W7PqzCGZARHqx5zwnM.roa
Signing time:             Fri 22 Apr 2022 11:45:40 +0000
ROA not before:           Fri 22 Apr 2022 11:45:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205740
IP address blocks:        2a0e:97c0:a60::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 334776168 (0x13f44768)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 22 11:45:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8b9b58712eadd96ecfab3086640447ab1e73c273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a1:c5:19:75:f8:29:55:36:f5:ab:15:39:db:
                    b9:dd:20:c9:1e:3b:d3:0e:56:12:1a:f8:af:54:20:
                    3d:81:bd:2b:c7:50:8c:71:f8:23:25:a1:78:a0:57:
                    73:e6:2c:b5:e5:7d:ee:1c:9f:32:1c:9f:12:13:e2:
                    fd:4c:d7:c0:37:8b:79:ef:d3:73:f4:17:a5:cd:1f:
                    3d:3c:58:3a:23:3f:72:09:92:8b:40:d1:3f:ba:8e:
                    06:1d:ae:8c:de:c1:1d:49:8c:04:48:17:55:cb:bb:
                    4f:05:00:1b:8a:0d:03:d4:d5:0d:d5:ac:92:71:3c:
                    4a:35:92:09:1f:2e:3b:26:f6:cb:8b:71:20:bd:ca:
                    74:65:ce:a5:a3:5f:5a:78:9b:38:57:d8:d2:cc:34:
                    cb:2d:2c:fd:8a:b9:e2:31:fa:31:d8:4d:39:c9:f6:
                    f9:31:0f:76:a5:c0:a1:8e:f6:be:67:ae:f1:91:97:
                    20:3b:25:b3:dd:01:49:f0:12:e4:d9:47:b9:cc:cb:
                    7d:f1:e8:3f:fa:b7:e7:88:0d:bc:62:e9:62:7f:73:
                    e5:b4:f1:9f:9e:62:b0:53:62:e6:b3:fc:5d:32:79:
                    a1:db:d9:14:c2:3c:a7:cc:ef:ce:8d:e4:d7:2e:d5:
                    da:ca:8e:9d:39:89:0f:f6:c3:14:70:c0:dd:7b:2a:
                    c6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:9B:58:71:2E:AD:D9:6E:CF:AB:30:86:64:04:47:AB:1E:73:C2:73
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i5tYcS6t2W7PqzCGZARHqx5zwnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a60::/44

    Signature Algorithm: sha256WithRSAEncryption
         b1:f4:cf:f7:32:0e:99:ce:32:cf:ee:7e:72:3d:31:75:6a:1d:
         1a:5e:c0:a9:87:e3:59:77:d6:2d:a7:88:dc:1f:f5:a5:36:26:
         38:10:75:ac:33:c9:54:c9:cd:24:eb:ef:44:65:13:a3:74:3f:
         5f:6b:ea:d0:f2:58:d0:68:be:b5:a9:b6:72:bf:bd:60:56:50:
         ee:49:ec:0f:fd:32:7f:ab:a2:66:fe:8e:ee:58:cb:23:b9:ba:
         b2:1c:5a:ff:9f:54:d4:a2:59:1c:d4:57:a8:55:8c:2e:8f:14:
         4d:9d:74:78:f3:c3:37:1b:19:0d:50:28:d8:97:66:58:5f:ec:
         b0:51:f5:6a:de:19:3c:59:9c:d5:0c:c1:e2:88:e8:f1:cb:cd:
         50:9c:64:87:6b:40:ab:1e:cd:49:58:39:0e:4c:22:09:e7:d0:
         b9:5b:6b:c7:61:27:87:cf:c0:8a:d2:74:75:ba:ff:f4:3c:4c:
         4b:01:0b:76:98:d3:9a:11:aa:f8:62:8b:62:9c:f8:e4:bd:8e:
         f8:03:61:9f:3c:d6:fe:77:b9:8e:ff:35:79:19:36:64:fb:ce:
         ab:96:d7:46:d4:cb:f2:1c:ce:0f:61:11:a4:a0:2b:c1:f0:26:
         5d:5a:87:d6:b8:ff:80:c6:d3:b5:9c:81:6e:c9:7b:18:8f:72:
         82:ac:9f:09
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEE/RHaDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDQy
MjExNDU0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGI5YjU4NzEyZWFk
ZDk2ZWNmYWIzMDg2NjQwNDQ3YWIxZTczYzI3MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJWhxRl1+ClVNvWrFTnbud0gyR470w5WEhr4r1QgPYG9K8dQ
jHH4IyWheKBXc+YsteV97hyfMhyfEhPi/UzXwDeLee/Tc/QXpc0fPTxYOiM/cgmS
i0DRP7qOBh2ujN7BHUmMBEgXVcu7TwUAG4oNA9TVDdWsknE8SjWSCR8uOyb2y4tx
IL3KdGXOpaNfWnibOFfY0sw0yy0s/Yq54jH6MdhNOcn2+TEPdqXAoY72vmeu8ZGX
IDsls90BSfAS5NlHuczLffHoP/q354gNvGLpYn9z5bTxn55isFNi5rP8XTJ5odvZ
FMI8p8zvzo3k1y7V2sqOnTmJD/bDFHDA3XsqxocCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSLm1hxLq3Zbs+rMIZkBEerHnPCczAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L2k1dFljUzZ0Mlc3UHF6Q0daQVJIcXg1enduTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOl8AKYDANBgkqhkiG9w0BAQsF
AAOCAQEAsfTP9zIOmc4yz+5+cj0xdWodGl7AqYfjWXfWLaeI3B/1pTYmOBB1rDPJ
VMnNJOvvRGUTo3Q/X2vq0PJY0Gi+tam2cr+9YFZQ7knsD/0yf6uiZv6O7ljLI7m6
shxa/59U1KJZHNRXqFWMLo8UTZ10ePPDNxsZDVAo2JdmWF/ssFH1at4ZPFmc1QzB
4ojo8cvNUJxkh2tAqx7NSVg5DkwiCefQuVtrx2Enh8/AitJ0dbr/9DxMSwELdpjT
mhGq+GKLYpz45L2O+ANhnzzW/ne5jv81eRk2ZPvOq5bXRtTL8hzOD2ERpKArwfAm
XVqH1rj/gMbTtZyBbsl7GI9ygqyfCQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:10 2024 by rpki-client on console-ams.rpki-client.org