Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/_3G7ukJZ28RRiS2M9EYLv2rAITQ.roa
File:                     _3G7ukJZ28RRiS2M9EYLv2rAITQ.roa (raw, json)
Hash identifier:          1VxK1zfh1idxMNCBFCMJWhHNhWKcFNi+a55SDRwNw2w=
Subject key identifier:   FF:71:BB:BA:42:59:DB:C4:51:89:2D:8C:F4:46:0B:BF:6A:C0:21:34
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       0184750C7CED3A190B80A5B83CA78B4C3BD0
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/_3G7ukJZ28RRiS2M9EYLv2rAITQ.roa
Signing time:             Mon 14 Nov 2022 07:31:03 +0000
ROA not before:           Mon 14 Nov 2022 07:31:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51345
IP address blocks:        2a13:1c47:ffff::/48 maxlen: 48
                          2a13:1c40::/32 maxlen: 32
                          2a13:1c40::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:75:0c:7c:ed:3a:19:0b:80:a5:b8:3c:a7:8b:4c:3b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Nov 14 07:31:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ff71bbba4259dbc451892d8cf4460bbf6ac02134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:70:07:22:bf:85:b1:0f:e3:eb:ad:db:d0:17:
                    9f:ae:80:d0:eb:8c:a5:e7:98:34:e2:d1:6b:9b:38:
                    c2:7a:fd:bd:57:d5:99:d7:43:c0:db:aa:86:7b:3a:
                    2f:74:a1:0a:f4:06:e7:ae:97:a5:2b:84:7e:6a:18:
                    df:0e:d8:e0:ff:95:c1:63:16:24:c0:0c:43:f7:f1:
                    d4:0c:91:10:3c:95:29:fa:d9:cc:a5:8a:3d:85:e5:
                    0e:c7:18:9b:b5:8d:aa:f7:c2:ed:22:3a:44:97:58:
                    bc:2e:e5:3a:26:b9:82:ff:1b:38:d0:20:63:fb:9c:
                    da:80:81:bd:92:35:08:04:fd:a2:d9:43:16:49:f0:
                    84:b4:51:c9:71:f9:af:6d:ef:12:dd:c8:d4:a5:99:
                    8d:43:f6:b6:20:bd:cd:d0:4d:af:b0:a3:b1:2a:b4:
                    b1:db:fe:dd:d6:49:18:15:a2:3b:43:1b:d7:15:2e:
                    2b:85:6c:b1:1b:f7:60:54:42:d8:e2:4e:ad:14:5f:
                    45:40:6e:4e:f5:ce:a8:48:1f:72:de:e6:3d:10:c4:
                    0f:33:0c:9a:70:cb:f5:b5:90:88:b1:11:69:ad:09:
                    bf:62:3c:d9:0c:39:de:86:ec:ae:73:e0:f6:94:0e:
                    1b:45:a5:b4:6c:10:5f:1d:7e:fc:49:5d:b9:41:91:
                    2c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:71:BB:BA:42:59:DB:C4:51:89:2D:8C:F4:46:0B:BF:6A:C0:21:34
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/_3G7ukJZ28RRiS2M9EYLv2rAITQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:b8:3f:b0:36:f0:ea:1b:20:a3:aa:76:7d:fc:c1:f5:ed:d9:
         73:7d:88:5f:9b:69:6c:1d:3f:8d:2d:77:f1:40:f9:a1:9d:ef:
         99:77:0c:77:fb:23:e5:f3:12:f4:3d:87:9a:fe:0c:4b:e6:65:
         9c:13:6e:d9:bf:de:69:3b:bf:9b:99:e0:28:9c:a1:46:cd:ab:
         fc:45:da:46:d4:cd:2d:95:9e:8e:67:dc:1c:ed:52:45:80:37:
         82:0a:7a:da:34:38:99:10:59:c0:eb:9d:e0:d3:a5:5a:6d:91:
         12:c6:2f:d9:dc:d4:ae:43:0a:01:25:a1:07:2a:04:5f:17:23:
         0e:aa:1d:36:6e:af:a0:e4:fe:61:67:70:8d:07:5a:c5:ba:f5:
         d4:2a:67:32:78:e1:fa:fd:78:04:50:bf:15:b3:47:90:dc:a6:
         0b:eb:0f:8f:cc:83:26:2b:99:a0:c3:59:26:be:0e:a3:40:99:
         b2:eb:46:fd:d1:35:04:22:d7:a4:2d:58:1e:ae:f7:ba:49:1c:
         38:00:35:73:e9:f9:b0:0a:13:1b:5a:db:9a:45:8c:01:fc:08:
         da:aa:b2:2b:56:97:a0:d9:0a:09:07:f8:6e:27:21:58:6b:1b:
         ee:84:54:dd:c6:c3:eb:0c:45:02:82:f7:6a:5f:86:63:72:49:
         23:0f:d7:3d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYR1DHztOhkLgKW4PKeLTDvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjIxMTE0MDczMTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjcxYmJiYTQyNTlkYmM0NTE4OTJkOGNmNDQ2MGJiZjZhYzAyMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXAHIr+FsQ/j663b0BefroDQ64yl
55g04tFrmzjCev29V9WZ10PA26qGezovdKEK9AbnrpelK4R+ahjfDtjg/5XBYxYk
wAxD9/HUDJEQPJUp+tnMpYo9heUOxxibtY2q98LtIjpEl1i8LuU6JrmC/xs40CBj
+5zagIG9kjUIBP2i2UMWSfCEtFHJcfmvbe8S3cjUpZmNQ/a2IL3N0E2vsKOxKrSx
2/7d1kkYFaI7QxvXFS4rhWyxG/dgVELY4k6tFF9FQG5O9c6oSB9y3uY9EMQPMwya
cMv1tZCIsRFprQm/YjzZDDnehuyuc+D2lA4bRaW0bBBfHX78SV25QZEsdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP9xu7pCWdvEUYktjPRGC79qwCE0MB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvXzNHN3VrSloyOFJSaVMyTTlFWUx2MnJBSVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMcQDAN
BgkqhkiG9w0BAQsFAAOCAQEADLg/sDbw6hsgo6p2ffzB9e3Zc32IX5tpbB0/jS13
8UD5oZ3vmXcMd/sj5fMS9D2Hmv4MS+ZlnBNu2b/eaTu/m5ngKJyhRs2r/EXaRtTN
LZWejmfcHO1SRYA3ggp62jQ4mRBZwOud4NOlWm2REsYv2dzUrkMKASWhByoEXxcj
DqodNm6voOT+YWdwjQdaxbr11CpnMnjh+v14BFC/FbNHkNymC+sPj8yDJiuZoMNZ
Jr4Oo0CZsutG/dE1BCLXpC1YHq73ukkcOAA1c+n5sAoTG1rbmkWMAfwI2qqyK1aX
oNkKCQf4bichWGsb7oRU3cbD6wxFAoL3al+GY3JJIw/XPQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:44 2024 by rpki-client on console-fra.rpki-client.org