Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/811db9-cbe0-4a89-a220-1174a428036b/1/glVaQvuaNNmnH2PKNpp-2mBoAgs.roa
File:                     glVaQvuaNNmnH2PKNpp-2mBoAgs.roa (raw, json)
Hash identifier:          dr95IdCPZrtq14G0cp46lgldsKtQR+CVWSDT2ZUPItM=
Subject key identifier:   82:55:5A:42:FB:9A:34:D9:A7:1F:63:CA:36:9A:7E:DA:60:68:02:0B
Certificate issuer:       /CN=23b29accd4c0d5f5f8377ea7f46343b7606bab7c
Certificate serial:       FD25
Authority key identifier: 23:B2:9A:CC:D4:C0:D5:F5:F8:37:7E:A7:F4:63:43:B7:60:6B:AB:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7KazNTA1fX4N36n9GNDt2Brq3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/811db9-cbe0-4a89-a220-1174a428036b/1/glVaQvuaNNmnH2PKNpp-2mBoAgs.roa
Signing time:             Thu 02 Jun 2022 13:33:21 +0000
ROA not before:           Thu 02 Jun 2022 13:33:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206459
IP address blocks:        2a12:bd40::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64805 (0xfd25)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23b29accd4c0d5f5f8377ea7f46343b7606bab7c
        Validity
            Not Before: Jun  2 13:33:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=82555a42fb9a34d9a71f63ca369a7eda6068020b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:92:d5:8a:90:9c:49:0e:56:64:d7:ff:bf:f8:
                    12:48:d6:23:df:f2:d0:a6:24:d8:7d:45:65:8f:c3:
                    5a:03:fd:bb:d7:f3:05:bd:c5:2e:2c:70:11:b5:9b:
                    fa:95:b0:be:fa:f2:d1:89:97:8a:b7:58:90:0d:a0:
                    29:f3:11:88:87:07:2a:fc:ed:5d:f7:2d:c2:40:d6:
                    83:28:bd:42:95:4b:02:0f:3d:df:ad:97:74:9d:c0:
                    eb:60:9f:eb:7f:84:18:00:ac:10:3c:96:4d:83:55:
                    b2:d2:e2:45:71:91:d0:36:62:59:f1:fa:22:a8:1b:
                    3d:14:e5:20:73:f8:8b:b6:6b:0a:24:75:df:ad:d7:
                    ab:c8:19:d3:16:79:47:31:3b:3c:00:ca:4c:94:57:
                    6d:15:60:ad:a8:c7:38:3f:1f:b0:2b:f7:09:84:11:
                    e9:02:20:b0:ca:c0:45:56:1d:dd:8f:e0:d4:d9:14:
                    30:15:24:fc:3e:c3:77:e6:e2:52:69:9f:32:d4:ba:
                    e0:0b:14:5c:f3:cf:2a:4a:0f:20:11:75:36:04:aa:
                    db:f6:41:89:32:9f:28:9f:38:9c:86:85:d3:1c:b4:
                    df:38:56:8f:49:8d:88:13:76:18:5c:5c:96:35:23:
                    21:6c:9b:59:ca:db:66:3c:e3:4c:a7:5f:f7:fd:03:
                    88:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:55:5A:42:FB:9A:34:D9:A7:1F:63:CA:36:9A:7E:DA:60:68:02:0B
            X509v3 Authority Key Identifier:
                keyid:23:B2:9A:CC:D4:C0:D5:F5:F8:37:7E:A7:F4:63:43:B7:60:6B:AB:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7KazNTA1fX4N36n9GNDt2Brq3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/811db9-cbe0-4a89-a220-1174a428036b/1/glVaQvuaNNmnH2PKNpp-2mBoAgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/811db9-cbe0-4a89-a220-1174a428036b/1/I7KazNTA1fX4N36n9GNDt2Brq3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:92:8d:35:2a:8e:9b:1f:d2:92:38:5e:5e:d3:41:92:7b:b9:
         f8:4a:c6:02:df:3e:d5:54:cb:64:40:aa:c2:08:f7:a5:21:8a:
         59:c0:2c:f4:ec:48:7a:fc:4b:3a:4e:a2:5e:9b:90:87:69:4a:
         e2:38:cb:c6:92:ca:2f:94:ed:ee:bf:2c:27:d3:cc:67:16:96:
         0b:43:6e:74:b4:a4:f6:38:c5:2e:d2:48:ca:f6:59:e3:2b:d1:
         a4:88:e5:55:14:3e:00:62:85:1a:2d:0c:ba:a0:7b:57:66:21:
         47:a8:72:85:fd:bb:a8:c5:a2:05:49:01:94:84:8d:28:78:62:
         c9:61:38:b8:eb:46:3d:1a:a7:8a:86:1c:8e:3b:5a:8c:f0:42:
         b3:97:79:fe:49:da:a2:c3:d8:7e:96:a2:db:a1:d4:30:81:0b:
         77:5b:55:09:1d:d0:13:01:b1:f1:ec:b6:0c:ba:bf:cc:70:d4:
         63:0a:1f:d8:12:e9:20:4d:f4:2b:d7:92:fb:d1:40:a4:3d:c9:
         05:33:c5:3e:08:31:4f:e0:23:68:39:e3:3e:26:84:4b:6a:c7:
         ac:3f:5d:84:0d:8e:ed:93:01:07:e2:82:b5:75:a4:b4:92:39:
         b3:8c:4a:c5:89:be:f0:cf:07:4a:3b:4a:aa:6a:70:6d:19:dd:
         c2:62:ef:0d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIDAP0lMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDIz
YjI5YWNjZDRjMGQ1ZjVmODM3N2VhN2Y0NjM0M2I3NjA2YmFiN2MwHhcNMjIwNjAy
MTMzMzIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg4MjU1NWE0MmZiOWEz
NGQ5YTcxZjYzY2EzNjlhN2VkYTYwNjgwMjBiMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0JLVipCcSQ5WZNf/v/gSSNYj3/LQpiTYfUVlj8NaA/271/MF
vcUuLHARtZv6lbC++vLRiZeKt1iQDaAp8xGIhwcq/O1d9y3CQNaDKL1ClUsCDz3f
rZd0ncDrYJ/rf4QYAKwQPJZNg1Wy0uJFcZHQNmJZ8foiqBs9FOUgc/iLtmsKJHXf
rderyBnTFnlHMTs8AMpMlFdtFWCtqMc4Px+wK/cJhBHpAiCwysBFVh3dj+DU2RQw
FST8PsN35uJSaZ8y1LrgCxRc888qSg8gEXU2BKrb9kGJMp8onzichoXTHLTfOFaP
SY2IE3YYXFyWNSMhbJtZyttmPONMp1/3/QOI1wIDAQABo4ICCjCCAgYwHQYDVR0O
BBYEFIJVWkL7mjTZpx9jyjaaftpgaAILMB8GA1UdIwQYMBaAFCOymszUwNX1+Dd+
p/RjQ7dga6t8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
STdLYXpOVEExZlg0TjM2bjlHTkR0MkJycTN3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC82YS84MTFkYjktY2JlMC00YTg5LWEyMjAtMTE3NGE0MjgwMzZiLzEv
Z2xWYVF2dWFOTm1uSDJQS05wcC0ybUJvQWdzLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS84
MTFkYjktY2JlMC00YTg5LWEyMjAtMTE3NGE0MjgwMzZiLzEvSTdLYXpOVEExZlg0
TjM2bjlHTkR0MkJycTN3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAG
CCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhK9QDANBgkqhkiG9w0BAQsFAAOC
AQEAGpKNNSqOmx/SkjheXtNBknu5+ErGAt8+1VTLZECqwgj3pSGKWcAs9OxIevxL
Ok6iXpuQh2lK4jjLxpLKL5Tt7r8sJ9PMZxaWC0NudLSk9jjFLtJIyvZZ4yvRpIjl
VRQ+AGKFGi0MuqB7V2YhR6hyhf27qMWiBUkBlISNKHhiyWE4uOtGPRqnioYcjjta
jPBCs5d5/knaosPYfpai26HUMIELd1tVCR3QEwGx8ey2DLq/zHDUYwof2BLpIE30
K9eS+9FApD3JBTPFPggxT+AjaDnjPiaES2rHrD9dhA2O7ZMBB+KCtXWktJI5s4xK
xYm+8M8HSjtKqmpwbRndwmLvDQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:11 2024 by rpki-client on console-ams.rpki-client.org