Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/n48DLesO3uyBfYsCL9hRptdDZ3A.roa
File:                     n48DLesO3uyBfYsCL9hRptdDZ3A.roa (raw, json)
Hash identifier:          xA/0TfAlpO7B/K4BR6PTEI3wPhK0u/EjShnsup9u4+s=
Subject key identifier:   9F:8F:03:2D:EB:0E:DE:EC:81:7D:8B:02:2F:D8:51:A6:D7:43:67:70
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       12C53D64
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/n48DLesO3uyBfYsCL9hRptdDZ3A.roa
Signing time:             Wed 09 Mar 2022 09:20:32 +0000
ROA not before:           Wed 09 Mar 2022 09:20:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        2a0e:b107:5c8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 314916196 (0x12c53d64)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar  9 09:20:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9f8f032deb0edeec817d8b022fd851a6d7436770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8c:5e:a1:8c:e1:65:c2:7f:b1:ac:01:62:80:
                    ea:b7:db:43:e8:1b:a1:bd:e3:64:14:b9:5d:bc:ef:
                    bf:9e:88:ee:ec:52:11:b4:e6:04:3e:72:eb:51:1e:
                    c0:34:c1:46:40:c1:71:87:54:4b:aa:1a:bf:c2:97:
                    0a:a1:87:2a:97:df:68:b2:cb:42:5a:93:e0:2b:8d:
                    5c:d7:78:47:13:05:a6:d3:f3:08:fd:23:9f:c3:0f:
                    49:67:58:60:a5:6d:ca:75:2a:ea:5d:e7:73:97:a0:
                    6b:35:d6:a2:8f:36:42:87:6b:01:8f:6e:5b:ae:2c:
                    9e:8f:e3:04:06:7e:24:88:3a:c7:17:d6:b5:3c:89:
                    bb:b5:fd:dd:a6:66:ee:cb:b9:ca:21:2c:60:58:90:
                    9b:d2:1f:a3:6c:3e:e6:26:65:83:90:fd:45:7c:7c:
                    ae:92:90:2d:48:85:d8:59:a1:c8:0f:ce:72:ca:ed:
                    b0:ca:e4:36:c0:27:72:04:52:ce:7d:b5:2b:90:b3:
                    31:33:fc:88:1a:39:24:17:57:e5:7e:13:ee:b8:d2:
                    ef:aa:2c:f1:21:c1:93:e7:32:27:a9:42:a2:b0:a9:
                    8d:0b:7f:6f:c5:90:5b:5c:c8:03:93:d9:6f:95:59:
                    0f:c7:20:74:ac:b1:77:8d:55:e6:c3:ac:bf:bc:39:
                    ff:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:8F:03:2D:EB:0E:DE:EC:81:7D:8B:02:2F:D8:51:A6:D7:43:67:70
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/n48DLesO3uyBfYsCL9hRptdDZ3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:5c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:90:45:dc:89:bf:58:c9:04:a0:7b:6b:40:9c:0e:4b:e3:e8:
         64:10:2e:20:33:08:e6:24:d1:86:82:5d:85:c4:b2:a4:ea:a0:
         fa:74:fa:15:0e:bf:04:3e:19:6f:87:bb:e0:3d:fa:c5:7a:8f:
         b0:10:83:ec:ec:5c:de:2f:28:70:32:2b:0f:5c:d2:99:b6:d7:
         b4:15:68:9e:da:89:27:29:06:11:ad:68:00:e5:47:05:a8:0f:
         6e:7d:c8:71:ac:31:7e:68:d9:a5:49:4f:a5:39:0b:ae:8e:d4:
         38:e0:7d:97:aa:22:70:3b:16:2b:02:4e:94:dd:7c:69:d3:23:
         c0:15:f3:ef:75:bd:f5:10:a4:e9:19:8a:24:49:14:d3:51:05:
         0a:83:ee:23:27:ab:30:c5:7a:fa:0c:7e:a8:1e:5c:c9:2d:0d:
         a0:e4:f2:2b:c1:02:1b:68:35:b3:50:9d:49:37:3f:6b:ea:4b:
         0e:be:be:a8:4b:96:9b:c4:9f:0b:77:18:d3:fa:7f:26:11:85:
         1b:f6:71:7f:03:32:ae:ec:a4:a9:d4:1a:6a:33:4b:48:db:25:
         55:cd:55:53:b1:be:d7:90:66:00:0c:15:19:a9:20:17:1e:51:
         9c:ad:9e:e1:6f:25:fb:3d:b2:33:ae:85:b3:42:85:fa:be:83:
         3a:0e:fd:07
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEEsU9ZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDMw
OTA5MjAzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWY4ZjAzMmRlYjBl
ZGVlYzgxN2Q4YjAyMmZkODUxYTZkNzQzNjc3MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKKMXqGM4WXCf7GsAWKA6rfbQ+gbob3jZBS5Xbzvv56I7uxS
EbTmBD5y61EewDTBRkDBcYdUS6oav8KXCqGHKpffaLLLQlqT4CuNXNd4RxMFptPz
CP0jn8MPSWdYYKVtynUq6l3nc5egazXWoo82QodrAY9uW64sno/jBAZ+JIg6xxfW
tTyJu7X93aZm7su5yiEsYFiQm9Ifo2w+5iZlg5D9RXx8rpKQLUiF2FmhyA/Ocsrt
sMrkNsAncgRSzn21K5CzMTP8iBo5JBdX5X4T7rjS76os8SHBk+cyJ6lCorCpjQt/
b8WQW1zIA5PZb5VZD8cgdKyxd41V5sOsv7w5/8UCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSfjwMt6w7e7IF9iwIv2FGm10NncDAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L240OERMZXNPM3V5QmZZc0NMOWhScHRkRFozQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOsQcFyDANBgkqhkiG9w0BAQsF
AAOCAQEAJJBF3Im/WMkEoHtrQJwOS+PoZBAuIDMI5iTRhoJdhcSypOqg+nT6FQ6/
BD4Zb4e74D36xXqPsBCD7Oxc3i8ocDIrD1zSmbbXtBVontqJJykGEa1oAOVHBagP
bn3IcawxfmjZpUlPpTkLro7UOOB9l6oicDsWKwJOlN18adMjwBXz73W99RCk6RmK
JEkU01EFCoPuIyerMMV6+gx+qB5cyS0NoOTyK8ECG2g1s1CdSTc/a+pLDr6+qEuW
m8SfC3cY0/p/JhGFG/ZxfwMyruykqdQaajNLSNslVc1VU7G+15BmAAwVGakgFx5R
nK2e4W8l+z2yM66Fs0KF+r6DOg79Bw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:19 2023 by rpki-client on console-fra.rpki-client.org