Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/Ng2rFJ9RUjGwyBQtgWNMJ5RZCRk.roa
File:                     Ng2rFJ9RUjGwyBQtgWNMJ5RZCRk.roa (raw, json)
Hash identifier:          WGHgK9E9xaeJ2cr30EsdyodwktiYRceNhJ+bIY6sFqY=
Subject key identifier:   36:0D:AB:14:9F:51:52:31:B0:C8:14:2D:81:63:4C:27:94:59:09:19
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       086C2947
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/Ng2rFJ9RUjGwyBQtgWNMJ5RZCRk.roa
Signing time:             Sat 01 Jan 2022 14:56:59 +0000
ROA not before:           Sat 01 Jan 2022 14:56:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        2a0b:8d00::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 141306183 (0x86c2947)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Jan  1 14:56:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=360dab149f515231b0c8142d81634c2794590919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0f:e2:8e:39:40:b6:cc:41:f7:36:04:c9:b1:
                    b1:52:91:1e:0b:4f:19:11:35:5e:50:9d:8a:1d:d4:
                    c0:b2:be:0c:10:d3:66:3d:d6:7f:19:81:44:e6:e4:
                    fa:3a:8a:97:ed:39:6e:6d:9e:ae:8f:0e:bd:36:45:
                    fd:07:9f:81:12:56:b9:36:e0:b4:98:13:36:14:bc:
                    e9:92:06:85:f5:cb:c7:d0:dd:28:69:16:07:e2:a9:
                    01:be:57:cf:45:55:ce:62:df:51:14:db:d0:1e:e9:
                    c7:40:e2:9e:a5:eb:b2:bf:7f:8b:40:ff:01:57:04:
                    28:4a:a6:37:99:c2:b0:7b:2a:0b:75:27:c5:d8:1e:
                    6a:46:a7:d3:64:7a:c4:f2:60:22:7e:d5:8e:fe:d0:
                    be:ea:af:6c:f9:c9:40:90:84:68:1a:13:4a:a7:00:
                    72:ad:5f:c2:5c:fb:86:18:50:c9:49:e9:8a:17:f7:
                    99:bf:2f:6f:4e:6e:e6:75:3b:58:2a:ca:6e:31:b4:
                    6a:92:87:60:e0:4b:05:5c:d9:36:dd:3e:79:76:1c:
                    e1:b5:ed:78:fb:77:f1:7a:ad:a1:73:f2:46:db:c4:
                    2a:d6:77:3b:d8:53:91:1b:aa:bb:1d:f4:72:7d:45:
                    58:b8:76:0c:f8:06:3d:d1:ea:4c:6c:60:7d:16:dc:
                    62:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:0D:AB:14:9F:51:52:31:B0:C8:14:2D:81:63:4C:27:94:59:09:19
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/Ng2rFJ9RUjGwyBQtgWNMJ5RZCRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:a6:8a:83:5a:8a:70:c3:e6:e0:28:d6:aa:ee:d4:b2:c8:f2:
         fc:47:1c:ee:87:60:6e:90:77:7d:a1:d5:6f:49:fb:dd:91:10:
         0f:a6:e1:41:73:23:b9:5a:e4:3a:65:35:ae:9e:6a:26:c0:6c:
         99:f5:c2:26:01:f0:ca:07:23:37:00:6f:7d:29:75:d4:66:69:
         49:2f:3f:aa:85:f0:58:2a:06:17:71:91:42:90:ca:a9:23:17:
         e6:a6:74:13:e0:b9:8e:06:8c:74:e5:54:99:ea:f2:bb:6a:07:
         ed:3a:91:f7:78:dd:47:2b:3d:d5:a4:15:29:4a:e9:63:b7:3b:
         38:ee:0b:a0:f7:25:20:15:59:4c:73:05:a5:2b:a7:f4:28:c4:
         7e:08:55:ee:7f:0a:f4:20:3e:bd:66:e6:4e:ac:d7:f3:66:77:
         3f:0f:7a:8d:ea:58:4e:61:4d:41:88:a9:a0:2d:d5:ea:20:00:
         81:99:ba:e4:cc:ff:f9:e0:27:d2:84:51:b4:0b:06:78:85:c4:
         7b:4f:e9:fe:3f:62:cf:a7:f8:78:03:1a:7c:4c:a3:8a:f0:31:
         27:d9:31:42:2a:8f:55:d0:46:46:6f:e3:4d:33:fa:62:ec:cb:
         69:5a:a3:29:51:55:80:57:f6:a5:39:c5:2e:6d:fe:56:54:d4:
         53:ce:5f:08
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIECGwpRzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZGE4NGQyNDdjZTM3Y2RjY2YwNmUxNTcxZDIyNmEyYjg1Njc3YmNkMB4XDTIyMDEw
MTE0NTY1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzYwZGFiMTQ5ZjUx
NTIzMWIwYzgxNDJkODE2MzRjMjc5NDU5MDkxOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALAP4o45QLbMQfc2BMmxsVKRHgtPGRE1XlCdih3UwLK+DBDT
Zj3WfxmBRObk+jqKl+05bm2ero8OvTZF/QefgRJWuTbgtJgTNhS86ZIGhfXLx9Dd
KGkWB+KpAb5Xz0VVzmLfURTb0B7px0DinqXrsr9/i0D/AVcEKEqmN5nCsHsqC3Un
xdgeakan02R6xPJgIn7Vjv7QvuqvbPnJQJCEaBoTSqcAcq1fwlz7hhhQyUnpihf3
mb8vb05u5nU7WCrKbjG0apKHYOBLBVzZNt0+eXYc4bXtePt38XqtoXPyRtvEKtZ3
O9hTkRuqux30cn1FWLh2DPgGPdHqTGxgfRbcYgUCAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBQ2DasUn1FSMbDIFC2BY0wnlFkJGTAfBgNVHSMEGDAWgBRNqE0kfON83M8G
4VcdImorhWd7zTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RhaE5KSHpqZk56UEJ1RlhIU0pxSzRWbmU4MC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzgvMjEwZmJiLWFhNmUtNDljOS05MThiLTU1NThhOGI1M2UzZC8x
L05nMnJGSjlSVWpHd3lCUXRnV05NSjVSWkNSay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgv
MjEwZmJiLWFhNmUtNDljOS05MThiLTU1NThhOGI1M2UzZC8xL1RhaE5KSHpqZk56
UEJ1RlhIU0pxSzRWbmU4MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoLjQAwDQYJKoZIhvcNAQELBQAD
ggEBACimioNainDD5uAo1qru1LLI8vxHHO6HYG6Qd32h1W9J+92REA+m4UFzI7la
5DplNa6eaibAbJn1wiYB8MoHIzcAb30pddRmaUkvP6qF8FgqBhdxkUKQyqkjF+am
dBPguY4GjHTlVJnq8rtqB+06kfd43UcrPdWkFSlK6WO3OzjuC6D3JSAVWUxzBaUr
p/QoxH4IVe5/CvQgPr1m5k6s1/Nmdz8Peo3qWE5hTUGIqaAt1eogAIGZuuTM//ng
J9KEUbQLBniFxHtP6f4/Ys+n+HgDGnxMo4rwMSfZMUIqj1XQRkZv400z+mLsy2la
oylRVYBX9qU5xS5t/lZU1FPOXwg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:44 2024 by rpki-client on console-ams.rpki-client.org