Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/ZARxLA3Ee6LkL2CmkIzG6LjU9gQ.roa
File:                     ZARxLA3Ee6LkL2CmkIzG6LjU9gQ.roa (raw, json)
Hash identifier:          n2WnPJgfW4JRG3d9LDb6KLetciWgI6QlZFo4nODaFEs=
Subject key identifier:   64:04:71:2C:0D:C4:7B:A2:E4:2F:60:A6:90:8C:C6:E8:B8:D4:F6:04
Certificate issuer:       /CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
Certificate serial:       06D70084
Authority key identifier: CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/ZARxLA3Ee6LkL2CmkIzG6LjU9gQ.roa
Signing time:             Mon 28 Mar 2022 11:58:52 +0000
ROA not before:           Mon 28 Mar 2022 11:58:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     63023
IP address blocks:        213.170.203.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 114753668 (0x6d70084)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
        Validity
            Not Before: Mar 28 11:58:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6404712c0dc47ba2e42f60a6908cc6e8b8d4f604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:af:ed:9e:da:87:03:9d:64:e2:18:f2:2e:3e:
                    8f:0b:9e:d5:b4:c9:ae:17:97:d6:59:95:76:76:af:
                    00:a7:e1:89:54:82:91:ec:7d:a2:22:88:46:f0:25:
                    5f:1f:43:7d:d0:da:04:76:41:c2:3a:1d:e9:1d:91:
                    c0:4d:44:25:0b:05:8d:39:54:5e:5b:6d:b4:57:27:
                    99:64:1b:45:cf:e2:f8:81:f9:25:b9:d3:bd:86:ab:
                    60:e3:14:ac:10:e8:f9:a8:9c:11:f1:a0:b6:99:bb:
                    83:ba:5d:e3:0c:e0:22:89:af:89:49:0d:6d:67:2c:
                    4d:3a:20:3e:20:f2:9d:d6:d4:3d:51:e2:a5:ae:4d:
                    67:0a:dc:08:b3:35:29:40:d5:25:d4:fb:41:63:4a:
                    40:1a:37:9c:d0:43:df:a3:4f:48:84:45:46:5d:01:
                    fb:4b:8e:15:57:18:0e:a5:81:cd:1f:15:3b:95:f3:
                    5f:9f:ad:0c:17:04:60:87:7c:6b:53:fb:2f:bb:09:
                    37:96:52:b8:d0:23:5b:64:4d:e8:e8:33:94:77:09:
                    88:60:3b:5e:e5:e7:aa:04:06:9c:83:96:f5:0f:4f:
                    bd:c1:f8:3c:bf:ec:28:28:e5:41:df:fd:1f:50:b9:
                    01:f9:1d:a1:8c:90:d7:51:28:da:f5:fe:f9:ce:af:
                    c3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:04:71:2C:0D:C4:7B:A2:E4:2F:60:A6:90:8C:C6:E8:B8:D4:F6:04
            X509v3 Authority Key Identifier:
                keyid:CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/ZARxLA3Ee6LkL2CmkIzG6LjU9gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.170.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:d5:ee:0e:d6:a5:1a:75:96:11:35:f5:05:a8:7f:d8:0c:e6:
         bf:33:7b:0f:85:97:b1:a8:27:1a:40:0c:37:2e:15:5f:8d:a5:
         21:cb:57:a8:cc:b8:ee:5d:61:ac:4b:5f:40:e2:09:aa:f3:24:
         41:50:de:c9:8d:b2:e0:23:40:67:76:bf:8e:7c:f0:dd:6a:76:
         d3:79:ac:d3:f8:cb:14:6e:8c:38:49:f0:5e:a9:93:78:58:3d:
         8f:6e:dd:b9:c6:30:ad:55:fe:27:f7:da:76:00:7f:fb:24:84:
         aa:f1:07:3c:fb:66:9d:9b:5c:d3:4e:7a:8e:43:c0:62:e5:ad:
         ef:12:3f:58:32:2c:dc:b6:c2:87:1a:00:6b:fe:c9:d3:39:9b:
         3e:56:07:7b:8c:86:a0:32:9a:9c:5b:8d:1b:14:00:d1:27:17:
         ab:e8:77:ff:b0:23:0a:12:04:15:0b:a4:99:80:c9:79:fa:69:
         38:b5:b9:9a:d2:b4:a9:fe:68:96:2e:0c:fa:79:c0:ed:48:3d:
         39:12:3e:c5:f4:5c:5c:d9:9c:39:9d:81:07:7a:d4:fd:9a:9e:
         32:42:6e:72:f2:67:61:71:3c:c0:1c:07:9b:0b:b2:22:32:cd:
         48:ac:09:04:78:e5:79:0b:52:57:59:c1:5b:88:30:ff:6f:6a:
         cb:72:1b:b8
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBtcAhDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Y2JmOTViNDdhYjJiOTljMjIyYmZlNTQ1MjFlZmQxYWI2N2QyNjdmMB4XDTIyMDMy
ODExNTg1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjQwNDcxMmMwZGM0
N2JhMmU0MmY2MGE2OTA4Y2M2ZThiOGQ0ZjYwNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKGv7Z7ahwOdZOIY8i4+jwue1bTJrheX1lmVdnavAKfhiVSC
kex9oiKIRvAlXx9DfdDaBHZBwjod6R2RwE1EJQsFjTlUXltttFcnmWQbRc/i+IH5
JbnTvYarYOMUrBDo+aicEfGgtpm7g7pd4wzgIomviUkNbWcsTTogPiDyndbUPVHi
pa5NZwrcCLM1KUDVJdT7QWNKQBo3nNBD36NPSIRFRl0B+0uOFVcYDqWBzR8VO5Xz
X5+tDBcEYId8a1P7L7sJN5ZSuNAjW2RN6OgzlHcJiGA7XuXnqgQGnIOW9Q9PvcH4
PL/sKCjlQd/9H1C5AfkdoYyQ11Eo2vX++c6vw1sCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRkBHEsDcR7ouQvYKaQjMbouNT2BDAfBgNVHSMEGDAWgBTMv5W0erK5nCIr
/lRSHv0atn0mfzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pMLVZ0SHF5dVp3aUtfNVVVaDc5R3JaOUpuOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjAvYTI5Yjk1LWNjYjMtNDY3Yi1hYjdhLWFjNWI2MTQ5M2UwMS8x
L1pBUnhMQTNFZTZMa0wyQ21rSXpHNkxqVTlnUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAv
YTI5Yjk1LWNjYjMtNDY3Yi1hYjdhLWFjNWI2MTQ5M2UwMS8xL3pMLVZ0SHF5dVp3
aUtfNVVVaDc5R3JaOUpuOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWqyzANBgkqhkiG9w0BAQsFAAOC
AQEAKtXuDtalGnWWETX1Bah/2AzmvzN7D4WXsagnGkAMNy4VX42lIctXqMy47l1h
rEtfQOIJqvMkQVDeyY2y4CNAZ3a/jnzw3Wp203ms0/jLFG6MOEnwXqmTeFg9j27d
ucYwrVX+J/fadgB/+ySEqvEHPPtmnZtc0056jkPAYuWt7xI/WDIs3LbChxoAa/7J
0zmbPlYHe4yGoDKanFuNGxQA0ScXq+h3/7AjChIEFQukmYDJefppOLW5mtK0qf5o
li4M+nnA7Ug9ORI+xfRcXNmcOZ2BB3rU/ZqeMkJucvJnYXE8wBwHmwuyIjLNSKwJ
BHjleQtSV1nBW4gw/29qy3IbuA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:13:58 2024 by rpki-client on console-ams.rpki-client.org