Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/xJR5OAu6YiLUA2Upsv1h6n0LDzI.roa
File:                     xJR5OAu6YiLUA2Upsv1h6n0LDzI.roa (raw, json)
Hash identifier:          56wbADkuER08WbnyecRDrztI0fw8B7wRl3MSx1PmXjs=
Subject key identifier:   C4:94:79:38:0B:BA:62:22:D4:03:65:29:B2:FD:61:EA:7D:0B:0F:32
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01856D6B8B143A6D5E27A9DE9D77776A8BC0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/xJR5OAu6YiLUA2Upsv1h6n0LDzI.roa
Signing time:             Sun 01 Jan 2023 13:00:42 +0000
ROA not before:           Sun 01 Jan 2023 13:00:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35619
IP address blocks:        2a10:ccc2::/36 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:6b:8b:14:3a:6d:5e:27:a9:de:9d:77:77:6a:8b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  1 13:00:42 2023 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c49479380bba6222d4036529b2fd61ea7d0b0f32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e1:b1:72:e8:ad:f2:b2:b3:dc:a8:06:1b:f4:
                    ce:65:ff:fc:67:81:8a:f7:66:b6:3a:30:0b:0e:5d:
                    44:02:a1:18:42:10:43:d8:f4:30:92:fb:f3:00:8c:
                    09:db:50:c7:1f:cc:cc:70:f3:bf:62:0d:45:f1:71:
                    48:9e:e0:c2:e4:9d:9e:93:c1:f2:fa:a4:67:80:c1:
                    c3:26:71:5a:0f:72:d9:82:71:b0:74:03:15:11:37:
                    0f:0a:47:80:fd:6b:b4:2b:b3:52:33:90:9b:18:09:
                    c1:99:b3:e7:ef:44:d7:20:f8:44:55:a7:16:97:36:
                    78:8b:e8:17:76:58:f2:ff:dc:00:14:c8:8e:97:bf:
                    e5:5b:9e:45:12:f9:4f:79:4d:e6:df:a6:a5:5f:aa:
                    8e:80:14:1d:cc:ec:d3:e8:54:e3:f9:62:ac:75:57:
                    ee:24:cc:73:02:fe:8d:4b:30:a4:16:11:5f:7e:52:
                    0f:7e:a2:44:ae:28:2b:37:be:63:1e:24:36:e0:dd:
                    6b:02:75:8d:13:af:01:d7:27:40:7f:62:ea:27:b4:
                    6b:32:bd:2f:31:45:ce:ac:ff:cf:85:7f:ba:09:50:
                    2e:42:7e:a1:72:6f:5c:7e:ff:b8:c9:07:8e:a2:84:
                    96:b8:0c:ba:37:88:ad:00:74:51:23:d3:42:8b:a9:
                    64:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:94:79:38:0B:BA:62:22:D4:03:65:29:B2:FD:61:EA:7D:0B:0F:32
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/xJR5OAu6YiLUA2Upsv1h6n0LDzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc2::/36

    Signature Algorithm: sha256WithRSAEncryption
         17:4d:54:bf:91:90:3e:59:c4:5c:e0:38:24:96:fb:09:3a:82:
         6a:ff:80:c3:41:0c:2f:1d:b6:ef:b6:82:3a:a2:c0:eb:41:c0:
         19:43:af:f2:7a:5b:e5:f9:35:bf:6e:4a:fa:b3:00:c0:b6:ec:
         65:2a:0c:b3:cf:26:d1:c5:a3:e8:95:91:3a:d2:f8:c3:f7:5d:
         76:03:dc:e2:6b:fa:6c:c9:04:0a:ed:fa:44:98:97:a6:73:73:
         15:ac:5c:68:43:a5:6f:8f:8b:9f:90:b2:91:ab:21:d8:bc:d7:
         3c:b2:b3:2c:08:91:5f:eb:a7:47:4e:fc:5c:eb:db:68:35:b0:
         97:a8:ec:d2:1a:b7:3c:5c:7e:98:a3:e9:4c:bb:fa:69:0b:75:
         a3:15:2d:f5:dc:3d:2d:b3:f4:a5:64:62:9b:5b:33:8b:27:5c:
         6b:13:9d:11:6f:33:44:5c:98:9a:ca:f5:75:49:7f:2e:42:36:
         10:ab:04:9d:b4:e7:5b:6b:19:8f:4c:86:ed:15:d9:4a:71:32:
         6b:a4:f9:64:07:32:da:2d:44:03:99:a3:94:47:19:29:16:16:
         d8:c1:1a:17:62:59:26:07:50:d6:06:30:e5:5b:b6:d0:ed:b0:
         7f:41:df:f5:5b:f8:96:0a:dd:1c:b3:e3:6a:0e:38:1a:1f:44:
         80:51:8b:ca
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVta4sUOm1eJ6nenXd3aovAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAxMTMwMDQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDk0NzkzODBiYmE2MjIyZDQwMzY1MjliMmZkNjFlYTdkMGIwZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOGxcuit8rKz3KgGG/TOZf/8Z4GK
92a2OjALDl1EAqEYQhBD2PQwkvvzAIwJ21DHH8zMcPO/Yg1F8XFInuDC5J2ek8Hy
+qRngMHDJnFaD3LZgnGwdAMVETcPCkeA/Wu0K7NSM5CbGAnBmbPn70TXIPhEVacW
lzZ4i+gXdljy/9wAFMiOl7/lW55FEvlPeU3m36alX6qOgBQdzOzT6FTj+WKsdVfu
JMxzAv6NSzCkFhFfflIPfqJErigrN75jHiQ24N1rAnWNE68B1ydAf2LqJ7RrMr0v
MUXOrP/PhX+6CVAuQn6hcm9cfv+4yQeOooSWuAy6N4itAHRRI9NCi6lkJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMSUeTgLumIi1ANlKbL9Yep9Cw8yMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveEpSNU9BdTZZaUxVQTJVcHN2MWg2bjBMRHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhDMwgAw
DQYJKoZIhvcNAQELBQADggEBABdNVL+RkD5ZxFzgOCSW+wk6gmr/gMNBDC8dtu+2
gjqiwOtBwBlDr/J6W+X5Nb9uSvqzAMC27GUqDLPPJtHFo+iVkTrS+MP3XXYD3OJr
+mzJBArt+kSYl6ZzcxWsXGhDpW+Pi5+QspGrIdi81zyysywIkV/rp0dO/Fzr22g1
sJeo7NIatzxcfpij6Uy7+mkLdaMVLfXcPS2z9KVkYptbM4snXGsTnRFvM0RcmJrK
9XVJfy5CNhCrBJ2051trGY9Mhu0V2UpxMmuk+WQHMtotRAOZo5RHGSkWFtjBGhdi
WSYHUNYGMOVbttDtsH9B3/Vb+JYK3Ryz42oOOBofRIBRi8o=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:40 2024 by rpki-client on console-fra.rpki-client.org