Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/zEHva07BE1zSKVq1KjQrPHSnSWE.roa
File:                     zEHva07BE1zSKVq1KjQrPHSnSWE.roa (raw, json)
Hash identifier:          9EVhGXdHa+Tkj0A81CQSaW4wVxGl1py52bQtSaqRXjg=
Subject key identifier:   CC:41:EF:6B:4E:C1:13:5C:D2:29:5A:B5:2A:34:2B:3C:74:A7:49:61
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       07D239
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/zEHva07BE1zSKVq1KjQrPHSnSWE.roa
Signing time:             Wed 16 Mar 2022 07:37:39 +0000
ROA not before:           Wed 16 Mar 2022 07:37:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21485
IP address blocks:        2a12:a4c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 512569 (0x7d239)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Mar 16 07:37:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cc41ef6b4ec1135cd2295ab52a342b3c74a74961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9a:da:73:9f:f1:af:45:57:79:eb:5d:33:eb:
                    a1:55:ff:e5:6c:2f:a9:33:00:56:4f:37:e5:fb:7d:
                    7e:96:c4:5b:42:cc:87:be:59:86:77:3d:b2:6c:53:
                    dc:59:47:36:84:c5:34:1e:e3:8a:10:78:dd:06:e9:
                    cc:f8:a5:d7:3d:0b:6a:31:25:26:65:1c:35:fb:99:
                    6c:f6:8d:5a:eb:c7:90:14:86:37:a0:6d:46:af:85:
                    c5:34:19:78:cb:ac:ee:6a:85:51:a7:18:02:a9:b2:
                    2e:68:0f:ad:d9:16:33:01:28:37:0f:be:3d:eb:88:
                    fe:1f:78:01:55:74:26:bc:ea:d7:c8:dd:ec:c2:ad:
                    cb:e9:cc:e1:4a:7d:8a:34:15:d2:a1:76:74:52:57:
                    b7:6f:0b:6a:d2:36:f9:f3:01:63:e4:8a:04:c4:41:
                    5f:50:6e:24:bd:70:6b:91:21:ad:a6:c1:36:0a:e2:
                    8a:74:e8:37:ac:32:f4:ff:29:12:ab:73:47:b6:7a:
                    64:54:b7:e9:be:ea:73:d7:85:9d:70:12:34:1f:79:
                    10:6d:70:42:c3:b4:7e:f4:cd:79:ad:6d:c0:7c:f1:
                    e4:d3:55:64:57:e9:b5:46:4b:48:f6:52:26:7a:6e:
                    76:3f:1d:9b:fe:a3:e0:13:b4:94:a2:14:2a:47:53:
                    a3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:41:EF:6B:4E:C1:13:5C:D2:29:5A:B5:2A:34:2B:3C:74:A7:49:61
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/zEHva07BE1zSKVq1KjQrPHSnSWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:64:98:b4:85:a7:7b:dc:a3:f6:d5:d0:14:eb:90:32:69:0e:
         96:06:a3:4e:84:c7:e0:61:b0:9d:e4:6b:23:81:85:35:ed:12:
         1b:aa:b6:02:38:b2:0a:c4:c4:44:38:30:1b:9a:81:7a:c8:5d:
         7b:2d:c8:87:1d:56:1d:5e:22:fd:11:06:09:52:a5:b3:c1:3a:
         89:d3:c5:e7:67:8a:48:a8:1b:33:65:4a:5d:76:e4:d8:7b:d8:
         94:9e:0b:d0:9a:c4:ea:13:79:c7:cf:68:57:74:84:e7:75:9c:
         58:b9:05:de:6a:90:20:c8:3d:d2:c0:90:30:2e:3b:0c:08:d7:
         a4:03:19:fc:5e:f7:27:a5:4d:16:a5:05:a8:5e:6b:d2:bd:c2:
         74:16:6d:6f:81:dc:b1:22:dd:93:e1:22:ce:8b:8d:32:38:1c:
         e1:ae:c7:c5:a3:4c:40:a6:61:2d:b0:9b:1d:5a:c7:2a:fd:d7:
         69:f7:87:1d:eb:e5:05:a6:fd:4b:03:c8:b0:5a:42:59:50:3c:
         d3:1f:cb:02:73:25:32:e2:7e:4a:9e:80:06:3f:51:fd:b6:b8:
         15:4a:06:51:4c:7b:25:d8:8e:0e:97:2e:3c:44:96:27:b9:9f:
         57:43:a2:b9:c0:db:bd:9e:4e:e0:28:1a:c0:ce:05:a9:0e:3e:
         fb:e3:c0:b0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIDB9I5MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE3
ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0NDg4NzgwHhcNMjIwMzE2
MDczNzM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjYzQxZWY2YjRlYzEx
MzVjZDIyOTVhYjUyYTM0MmIzYzc0YTc0OTYxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyprac5/xr0VXeetdM+uhVf/lbC+pMwBWTzfl+31+lsRbQsyH
vlmGdz2ybFPcWUc2hMU0HuOKEHjdBunM+KXXPQtqMSUmZRw1+5ls9o1a68eQFIY3
oG1Gr4XFNBl4y6zuaoVRpxgCqbIuaA+t2RYzASg3D74964j+H3gBVXQmvOrXyN3s
wq3L6czhSn2KNBXSoXZ0Ule3bwtq0jb58wFj5IoExEFfUG4kvXBrkSGtpsE2CuKK
dOg3rDL0/ykSq3NHtnpkVLfpvupz14WdcBI0H3kQbXBCw7R+9M15rW3AfPHk01Vk
V+m1RktI9lImem52Px2b/qPgE7SUohQqR1OjQQIDAQABo4ICCjCCAgYwHQYDVR0O
BBYEFMxB72tOwRNc0ilatSo0Kzx0p0lhMB8GA1UdIwQYMBaAFKf9P4kzXc+Chmay
j62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1LzEv
ekVIdmEwN0JFMXpTS1ZxMUtqUXJQSFNuU1dFLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8z
ODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1LzEvcF8wX2lUTmR6NEtH
WnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAG
CCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKkwDANBgkqhkiG9w0BAQsFAAOC
AQEAEWSYtIWne9yj9tXQFOuQMmkOlgajToTH4GGwneRrI4GFNe0SG6q2AjiyCsTE
RDgwG5qBeshdey3Ihx1WHV4i/REGCVKls8E6idPF52eKSKgbM2VKXXbk2HvYlJ4L
0JrE6hN5x89oV3SE53WcWLkF3mqQIMg90sCQMC47DAjXpAMZ/F73J6VNFqUFqF5r
0r3CdBZtb4HcsSLdk+EizouNMjgc4a7HxaNMQKZhLbCbHVrHKv3XafeHHevlBab9
SwPIsFpCWVA80x/LAnMlMuJ+Sp6ABj9R/ba4FUoGUUx7JdiODpcuPESWJ7mfV0Oi
ucDbvZ5O4CgawM4FqQ4+++PAsA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:48 2024 by rpki-client on console-ams.rpki-client.org