Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/hUlNxghqNEN_hAwcPJYDydom1MI.roa
File:                     hUlNxghqNEN_hAwcPJYDydom1MI.roa (raw, json)
Hash identifier:          /+XxYrAS7m/65Zw1870cIE5eQioNmMJYcArFBS2q7b0=
Subject key identifier:   85:49:4D:C6:08:6A:34:43:7F:84:0C:1C:3C:96:03:C9:DA:26:D4:C2
Certificate issuer:       /CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
Certificate serial:       03B1AE64
Authority key identifier: 13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/hUlNxghqNEN_hAwcPJYDydom1MI.roa
Signing time:             Sat 01 Jan 2022 14:58:46 +0000
ROA not before:           Sat 01 Jan 2022 14:58:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8456
IP address blocks:        161.9.144.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 61976164 (0x3b1ae64)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
        Validity
            Not Before: Jan  1 14:58:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=85494dc6086a34437f840c1c3c9603c9da26d4c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e8:0f:81:9a:85:99:51:3d:1b:4e:a4:89:c3:
                    e7:a3:8d:5e:ec:c5:11:aa:c5:e5:91:6a:d9:dc:76:
                    55:c4:39:d5:4d:4c:c7:bd:2c:29:17:81:f3:af:e4:
                    8e:46:13:ac:fd:32:ef:2c:53:79:43:b5:9a:78:37:
                    37:36:f1:ef:b7:f5:33:bf:e8:1f:6f:cc:61:d3:c7:
                    77:a2:e3:22:3d:ca:dd:db:16:b3:16:9e:4e:e2:ea:
                    13:58:fe:f0:ce:0d:ef:fb:ea:e9:b6:a4:2e:9b:27:
                    e7:99:3e:80:6f:f8:ba:96:09:61:82:d9:35:3a:68:
                    33:c2:a7:7a:c3:71:17:41:e1:42:c8:90:09:68:b7:
                    2d:b4:21:e6:91:5f:4e:20:b9:03:d8:e2:18:2b:0a:
                    2f:25:ea:8e:e7:5c:03:ec:ad:27:6f:40:84:19:6b:
                    bb:8d:96:df:d3:92:8a:29:9b:ca:90:df:1c:65:18:
                    33:a8:c6:c1:62:0b:79:0a:0e:3a:8e:c3:d4:c1:41:
                    27:15:fd:59:25:0a:98:50:b4:80:a5:63:d1:c7:02:
                    6d:12:8f:a2:39:99:cd:94:d4:c3:89:28:69:c9:0a:
                    fa:5a:d8:a3:80:e3:e8:bc:03:b5:cb:10:d2:8d:e7:
                    18:6c:80:a0:27:f1:08:52:00:ce:4f:fd:9a:f6:df:
                    6b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:49:4D:C6:08:6A:34:43:7F:84:0C:1C:3C:96:03:C9:DA:26:D4:C2
            X509v3 Authority Key Identifier:
                keyid:13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/hUlNxghqNEN_hAwcPJYDydom1MI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.9.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         75:e3:88:8d:7e:3a:6c:56:50:bb:d4:b9:78:4c:18:2f:52:db:
         b9:49:de:05:69:b0:ba:03:b3:c6:92:7b:c0:fb:0b:94:53:71:
         68:ae:0a:27:75:bb:fc:5b:58:0a:4a:ce:2c:23:41:ac:a3:9f:
         a7:18:bc:74:d5:0f:04:01:d5:62:0a:64:db:19:3c:78:57:ca:
         21:da:78:07:42:30:8e:3e:84:07:02:b3:2f:63:2e:7b:f4:ee:
         0c:c7:28:73:28:e9:cb:ee:e7:64:58:ea:bd:f1:d9:e1:ee:d5:
         59:a5:0e:a5:0b:68:d1:9c:7c:71:16:0c:51:08:2d:5a:c1:c2:
         6f:16:22:f7:cc:a9:43:ce:fd:76:29:0a:84:80:80:3a:fb:9f:
         18:16:00:c8:31:86:0f:23:3d:5f:a9:14:c9:3a:30:a8:35:9b:
         a5:22:9e:96:f7:b6:b9:cc:e7:0d:b9:b9:b5:f2:a2:1f:75:80:
         50:66:67:15:f5:f4:4a:d1:b7:d9:57:a6:93:fb:b7:77:02:60:
         a7:d6:07:d3:8a:e3:7f:26:26:ab:0a:bb:c7:30:5e:3c:ae:00:
         75:45:fa:25:f9:ff:48:3a:4a:d6:90:7e:07:c5:f0:e6:11:73:
         be:fc:06:a5:1b:3d:30:8f:a8:0b:b9:26:df:d3:17:8a:04:80:
         4d:50:94:5f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA7GuZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
M2VhNzhiMjhmMDU0ZjcyZjUyMjZhZTNlYzQ1NDk4MGVkMmExMGM5MB4XDTIyMDEw
MTE0NTg0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODU0OTRkYzYwODZh
MzQ0MzdmODQwYzFjM2M5NjAzYzlkYTI2ZDRjMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMjoD4GahZlRPRtOpInD56ONXuzFEarF5ZFq2dx2VcQ51U1M
x70sKReB86/kjkYTrP0y7yxTeUO1mng3Nzbx77f1M7/oH2/MYdPHd6LjIj3K3dsW
sxaeTuLqE1j+8M4N7/vq6bakLpsn55k+gG/4upYJYYLZNTpoM8KnesNxF0HhQsiQ
CWi3LbQh5pFfTiC5A9jiGCsKLyXqjudcA+ytJ29AhBlru42W39OSiimbypDfHGUY
M6jGwWILeQoOOo7D1MFBJxX9WSUKmFC0gKVj0ccCbRKPojmZzZTUw4koackK+lrY
o4Dj6LwDtcsQ0o3nGGyAoCfxCFIAzk/9mvbfa5UCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSFSU3GCGo0Q3+EDBw8lgPJ2ibUwjAfBgNVHSMEGDAWgBQT6niyjwVPcvUi
auPsRUmA7SoQyTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0UtcDRzbzhGVDNMMUltcmo3RVZKZ08wcUVNay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmEvYjk3Mjk0LTI4MDItNGQwNS05MTU1LTEwOThkNmQ4OGRlOC8x
L2hVbE54Z2hxTkVOX2hBd2NQSllEeWRvbTFNSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEv
Yjk3Mjk0LTI4MDItNGQwNS05MTU1LTEwOThkNmQ4OGRlOC8xL0UtcDRzbzhGVDNM
MUltcmo3RVZKZ08wcUVNay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA6EJkDANBgkqhkiG9w0BAQsFAAOC
AQEAdeOIjX46bFZQu9S5eEwYL1LbuUneBWmwugOzxpJ7wPsLlFNxaK4KJ3W7/FtY
CkrOLCNBrKOfpxi8dNUPBAHVYgpk2xk8eFfKIdp4B0Iwjj6EBwKzL2Mue/TuDMco
cyjpy+7nZFjqvfHZ4e7VWaUOpQto0Zx8cRYMUQgtWsHCbxYi98ypQ879dikKhICA
OvufGBYAyDGGDyM9X6kUyTowqDWbpSKelve2ucznDbm5tfKiH3WAUGZnFfX0StG3
2Vemk/u3dwJgp9YH04rjfyYmqwq7xzBePK4AdUX6Jfn/SDpK1pB+B8Xw5hFzvvwG
pRs9MI+oC7km39MXigSATVCUXw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:14 2024 by rpki-client on console-ams.rpki-client.org