Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/XwYXZHM6FQEG_-HCJ-gPuJt1dDE.roa
File:                     XwYXZHM6FQEG_-HCJ-gPuJt1dDE.roa (raw, json)
Hash identifier:          YIbpUn1jmYcnEsGeA9xLj4MggIKTLrrMfS8HesYOpHs=
Subject key identifier:   5F:06:17:64:73:3A:15:01:06:FF:E1:C2:27:E8:0F:B8:9B:75:74:31
Certificate issuer:       /CN=8405c07192a8106fedb0760b8945032ca1d3054b
Certificate serial:       02B5D465
Authority key identifier: 84:05:C0:71:92:A8:10:6F:ED:B0:76:0B:89:45:03:2C:A1:D3:05:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/XwYXZHM6FQEG_-HCJ-gPuJt1dDE.roa
Signing time:             Sat 01 Jan 2022 11:00:39 +0000
ROA not before:           Sat 01 Jan 2022 11:00:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41320
IP address blocks:        2a0c:3a81:100::/40 maxlen: 40

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45470821 (0x2b5d465)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8405c07192a8106fedb0760b8945032ca1d3054b
        Validity
            Not Before: Jan  1 11:00:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5f061764733a150106ffe1c227e80fb89b757431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:fa:ed:c1:70:60:e7:f5:c0:bd:8a:18:d9:
                    ad:9e:b9:81:02:56:b0:6a:ea:76:ef:4e:61:e1:dc:
                    7f:8f:1c:4d:6d:85:6c:67:c1:79:cc:d1:53:5a:47:
                    ce:bd:17:4a:51:3d:8b:f2:30:a3:1e:00:b7:0b:55:
                    d7:22:d2:5e:07:67:03:45:9b:a5:d2:7b:c0:0f:8d:
                    d5:3f:5a:e0:78:a9:dc:19:04:d6:4a:0f:6e:ff:58:
                    72:65:38:96:ad:88:ea:95:64:83:96:05:c9:17:b6:
                    60:f9:a8:17:0c:7f:66:6d:60:bd:28:99:1f:39:24:
                    84:83:d8:05:19:8c:d7:b6:69:fc:34:1d:20:72:42:
                    d8:18:5f:96:e5:3f:49:ef:ec:65:a9:41:84:a7:38:
                    5b:01:40:6d:07:d6:78:d5:4b:dd:fa:15:ca:b7:24:
                    88:ef:64:ee:d2:dd:4d:85:f2:b1:d1:e7:49:56:3c:
                    d5:e5:41:27:de:cb:4b:f6:04:10:c3:ac:64:fb:6e:
                    5e:bc:ab:0f:ba:a5:80:d3:3f:f7:0d:d3:7d:00:7a:
                    3e:6a:5c:98:5a:4a:b2:37:5f:11:32:a5:b0:b9:3f:
                    3c:2c:9e:ae:d9:6a:6f:da:03:86:e7:fe:b6:72:13:
                    f8:12:da:fc:f3:a8:40:8b:87:06:14:30:d1:04:78:
                    bd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:06:17:64:73:3A:15:01:06:FF:E1:C2:27:E8:0F:B8:9B:75:74:31
            X509v3 Authority Key Identifier:
                keyid:84:05:C0:71:92:A8:10:6F:ED:B0:76:0B:89:45:03:2C:A1:D3:05:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/XwYXZHM6FQEG_-HCJ-gPuJt1dDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/hAXAcZKoEG_tsHYLiUUDLKHTBUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:3a81:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:07:4d:52:3c:01:96:04:72:d7:d7:8b:5e:3c:9a:80:be:e9:
         aa:83:a7:b2:ab:8f:6e:b4:6f:12:b7:29:e8:d6:7c:19:e2:b4:
         ec:45:43:42:eb:82:24:18:78:fa:8d:49:c2:c0:46:2f:23:15:
         e2:a8:27:af:9e:81:2f:33:66:60:0a:f0:d1:1f:61:27:92:6a:
         6c:23:44:f7:d8:a9:b2:14:d4:f2:d2:38:98:d3:30:18:e2:3d:
         ab:a2:dc:30:77:b8:cf:da:3c:7c:2e:73:34:b8:82:ce:a6:dc:
         02:4b:7c:a8:ce:10:21:31:4e:c0:77:49:71:e9:33:b5:e4:3b:
         43:20:79:96:c9:3d:38:e4:bd:1d:a5:6a:35:b4:2b:e3:71:06:
         be:f0:4d:f4:12:d0:24:ac:67:87:b4:66:16:0e:a0:20:ee:af:
         bf:8c:4b:2d:3b:21:33:84:d0:12:3a:0a:99:05:c3:13:60:e0:
         69:6a:8b:c4:1d:5b:95:9f:d1:78:03:15:3a:f9:c3:c6:44:2d:
         30:3f:94:8f:12:6f:27:98:2b:0d:01:3c:d3:bb:c4:a7:63:a3:
         f0:d3:8f:75:e4:c9:ff:31:11:b3:da:ad:be:13:14:d6:71:92:
         74:81:95:fa:9d:30:fc:70:e0:ba:c4:50:0a:90:40:ca:84:90:
         2d:6e:e6:1e
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEArXUZTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NDA1YzA3MTkyYTgxMDZmZWRiMDc2MGI4OTQ1MDMyY2ExZDMwNTRiMB4XDTIyMDEw
MTExMDAzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWYwNjE3NjQ3MzNh
MTUwMTA2ZmZlMWMyMjdlODBmYjg5Yjc1NzQzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ3E+u3BcGDn9cC9ihjZrZ65gQJWsGrqdu9OYeHcf48cTW2F
bGfBeczRU1pHzr0XSlE9i/Iwox4AtwtV1yLSXgdnA0WbpdJ7wA+N1T9a4Hip3BkE
1koPbv9YcmU4lq2I6pVkg5YFyRe2YPmoFwx/Zm1gvSiZHzkkhIPYBRmM17Zp/DQd
IHJC2BhfluU/Se/sZalBhKc4WwFAbQfWeNVL3foVyrckiO9k7tLdTYXysdHnSVY8
1eVBJ97LS/YEEMOsZPtuXryrD7qlgNM/9w3TfQB6PmpcmFpKsjdfETKlsLk/PCye
rtlqb9oDhuf+tnIT+BLa/POoQIuHBhQw0QR4vYMCAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBRfBhdkczoVAQb/4cIn6A+4m3V0MTAfBgNVHSMEGDAWgBSEBcBxkqgQb+2w
dguJRQMsodMFSzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hBWEFjWktvRUdfdHNIWUxpVVVETEtIVEJVcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTYvZjYxNWIwLTRkOTgtNGEzZC04YmQyLTRjOTNiZWUyN2Q1NC8x
L1h3WVhaSE02RlFFR18tSENKLWdQdUp0MWRERS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTYv
ZjYxNWIwLTRkOTgtNGEzZC04YmQyLTRjOTNiZWUyN2Q1NC8xL2hBWEFjWktvRUdf
dHNIWUxpVVVETEtIVEJVcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAh
BggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoMOoEBMA0GCSqGSIb3DQEBCwUA
A4IBAQBjB01SPAGWBHLX14tePJqAvumqg6eyq49utG8Styno1nwZ4rTsRUNC64Ik
GHj6jUnCwEYvIxXiqCevnoEvM2ZgCvDRH2EnkmpsI0T32KmyFNTy0jiY0zAY4j2r
otwwd7jP2jx8LnM0uILOptwCS3yozhAhMU7Ad0lx6TO15DtDIHmWyT045L0dpWo1
tCvjcQa+8E30EtAkrGeHtGYWDqAg7q+/jEstOyEzhNASOgqZBcMTYOBpaovEHVuV
n9F4AxU6+cPGRC0wP5SPEm8nmCsNATzTu8SnY6Pw04915Mn/MRGz2q2+ExTWcZJ0
gZX6nTD8cOC6xFAKkEDKhJAtbuYe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:23 2024 by rpki-client on console-fra.rpki-client.org