Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LdnTsl1GGjPH_atQy8kel0RcWak.roa
File:                     LdnTsl1GGjPH_atQy8kel0RcWak.roa (raw, json)
Hash identifier:          B61tSQ7ySae1s/lxjTz5sBwdMhNU2HqFSOLXt+aZJ+A=
Subject key identifier:   2D:D9:D3:B2:5D:46:1A:33:C7:FD:AB:50:CB:C9:1E:97:44:5C:59:A9
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       09AA2984
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LdnTsl1GGjPH_atQy8kel0RcWak.roa
Signing time:             Tue 31 May 2022 14:38:13 +0000
ROA not before:           Tue 31 May 2022 14:38:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211338
IP address blocks:        2a06:c3c0:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 162146692 (0x9aa2984)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: May 31 14:38:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2dd9d3b25d461a33c7fdab50cbc91e97445c59a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a9:a1:15:29:51:0e:c6:70:b3:d5:28:b1:03:
                    35:a4:03:05:df:58:c2:c9:73:b9:e7:a2:68:98:67:
                    c1:a8:e0:8d:90:80:d3:54:17:70:f5:10:9b:a5:75:
                    c1:c0:02:72:f6:58:d9:87:d8:55:b1:08:3a:a8:24:
                    3c:aa:c9:18:1f:d1:2b:ca:ec:b1:ef:30:59:e2:90:
                    51:42:a4:82:a5:6d:5f:f7:b2:61:ff:cb:c0:cd:64:
                    f0:00:76:d3:ee:e7:bd:87:1c:99:70:fe:13:bb:c9:
                    aa:a7:fa:b8:ae:e8:9e:39:03:ad:06:d4:a3:0f:82:
                    27:4c:8b:ae:8c:41:ed:0a:66:05:62:d4:13:02:05:
                    82:9b:23:66:05:9e:47:b3:65:fe:ee:f7:4e:7a:cf:
                    cc:12:10:71:70:0e:6e:57:e8:86:2b:5f:2e:2a:4e:
                    d7:92:9f:3c:d7:45:93:40:ba:89:c5:31:c9:84:b8:
                    19:6a:c1:5a:00:4e:75:4f:70:28:44:10:f1:20:c4:
                    67:5f:77:be:bf:75:db:cd:68:c6:bb:73:b3:75:26:
                    d8:03:dd:08:ac:b3:8f:fa:ca:ee:62:49:0f:a1:7c:
                    2d:9e:2e:53:9c:4a:6f:87:20:63:5a:15:1a:8a:b3:
                    2f:61:dc:75:88:5b:c0:84:7a:c1:90:7b:a9:0e:3e:
                    91:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D9:D3:B2:5D:46:1A:33:C7:FD:AB:50:CB:C9:1E:97:44:5C:59:A9
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LdnTsl1GGjPH_atQy8kel0RcWak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:c3c0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:39:ae:66:64:fe:da:72:7d:e5:a7:d3:c6:c5:e0:72:8a:76:
         bc:f5:b6:9f:c5:2f:bc:cc:53:82:d7:32:17:a0:f9:55:70:a2:
         76:13:ce:b8:63:5d:03:f5:0a:31:c4:3e:ef:dc:4e:f2:1f:f7:
         b0:6e:ae:61:75:90:73:7d:36:6f:73:26:f1:91:94:3b:dd:69:
         ed:c0:55:b0:03:1e:8e:76:5c:4d:bd:95:2b:3b:12:11:29:14:
         d4:aa:69:71:9e:95:be:66:dd:f6:ae:51:20:12:2e:b9:72:e9:
         ad:57:5b:c6:48:56:ff:8a:5e:0d:76:94:0a:51:42:e1:a7:cf:
         09:d3:4e:fe:6d:10:1b:e6:52:b3:ab:de:97:87:2a:c1:17:04:
         37:29:62:b4:3c:e7:9d:b1:61:99:66:c4:64:0a:31:ca:c8:96:
         0e:85:02:e0:62:a2:05:1a:92:c5:3b:98:25:90:09:77:0c:2c:
         50:a5:ff:e2:aa:fb:f9:1b:73:77:67:80:3d:7d:74:81:c9:5c:
         6d:49:05:36:51:c3:90:0d:84:22:8d:db:d5:17:12:82:c3:fc:
         75:8f:6d:80:27:db:e6:2a:87:ee:55:fe:16:c4:c2:27:61:15:
         e6:1d:d8:a6:02:75:81:7a:c0:28:7f:ed:32:6d:5b:a6:84:7a:
         87:f5:43:41
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECaophDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NDYzNjUzNTViNjY1NTY0YTIxMGMzNThjNjhhMDExN2I3ZmJlYjlhMB4XDTIyMDUz
MTE0MzgxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmRkOWQzYjI1ZDQ2
MWEzM2M3ZmRhYjUwY2JjOTFlOTc0NDVjNTlhOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALCpoRUpUQ7GcLPVKLEDNaQDBd9YwslzueeiaJhnwajgjZCA
01QXcPUQm6V1wcACcvZY2YfYVbEIOqgkPKrJGB/RK8rsse8wWeKQUUKkgqVtX/ey
Yf/LwM1k8AB20+7nvYccmXD+E7vJqqf6uK7onjkDrQbUow+CJ0yLroxB7QpmBWLU
EwIFgpsjZgWeR7Nl/u73TnrPzBIQcXAOblfohitfLipO15KfPNdFk0C6icUxyYS4
GWrBWgBOdU9wKEQQ8SDEZ193vr91281oxrtzs3Um2APdCKyzj/rK7mJJD6F8LZ4u
U5xKb4cgY1oVGoqzL2HcdYhbwIR6wZB7qQ4+kasCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQt2dOyXUYaM8f9q1DLyR6XRFxZqTAfBgNVHSMEGDAWgBR0Y2U1W2ZVZKIQ
w1jGigEXt/vrmjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RHTmxOVnRtVldTaUVNTll4b29CRjdmNzY1by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvYWVhMzZkLWJhYmYtNDQ3NC1hNzhiLTZhNGVjYWY4YjNiMS8x
L0xkblRzbDFHR2pQSF9hdFF5OGtlbDBSY1dhay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
YWVhMzZkLWJhYmYtNDQ3NC1hNzhiLTZhNGVjYWY4YjNiMS8xL2RHTmxOVnRtVldT
aUVNTll4b29CRjdmNzY1by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoGw8AAAzANBgkqhkiG9w0BAQsF
AAOCAQEAfzmuZmT+2nJ95afTxsXgcop2vPW2n8UvvMxTgtcyF6D5VXCidhPOuGNd
A/UKMcQ+79xO8h/3sG6uYXWQc302b3Mm8ZGUO91p7cBVsAMejnZcTb2VKzsSESkU
1KppcZ6Vvmbd9q5RIBIuuXLprVdbxkhW/4peDXaUClFC4afPCdNO/m0QG+ZSs6ve
l4cqwRcENylitDznnbFhmWbEZAoxysiWDoUC4GKiBRqSxTuYJZAJdwwsUKX/4qr7
+Rtzd2eAPX10gclcbUkFNlHDkA2EIo3b1RcSgsP8dY9tgCfb5iqH7lX+FsTCJ2EV
5h3YpgJ1gXrAKH/tMm1bpoR6h/VDQQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:30 2024 by rpki-client on console-ams.rpki-client.org