Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/i4uXfR1Z8V3yBWZY0pZqOLlZgf0.roa
File:                     i4uXfR1Z8V3yBWZY0pZqOLlZgf0.roa (raw, json)
Hash identifier:          JkygbTaSFAx8zH1tNDLe+YR4D4FEzU309Le6++5Mcf4=
Subject key identifier:   8B:8B:97:7D:1D:59:F1:5D:F2:05:66:58:D2:96:6A:38:B9:59:81:FD
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       096B800C
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/i4uXfR1Z8V3yBWZY0pZqOLlZgf0.roa
Signing time:             Sat 01 Jan 2022 09:03:57 +0000
ROA not before:           Sat 01 Jan 2022 09:03:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208217
IP address blocks:        2a0e:aa01:fe00::/44 maxlen: 48
                          2a0e:aa01:fe80::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158040076 (0x96b800c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 09:03:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8b8b977d1d59f15df2056658d2966a38b95981fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bc:ba:ae:63:08:74:6b:4a:15:75:6c:39:2a:
                    f6:b8:e7:28:92:33:ad:24:a4:b6:70:ab:e7:3b:a6:
                    06:9c:b5:fe:7c:91:08:98:49:53:d5:c1:00:31:0a:
                    e8:91:13:0e:cb:47:51:f4:65:55:c9:24:13:20:63:
                    90:43:c0:9e:dc:7e:0d:28:b1:01:c4:3d:25:10:96:
                    f7:53:c4:d5:67:c9:61:a0:88:1b:dc:89:ca:75:96:
                    e3:81:f4:6f:ff:23:26:f9:06:4f:30:cd:fc:37:12:
                    50:8e:0b:1a:d2:48:03:c3:6b:03:be:81:55:00:66:
                    85:4e:ee:56:84:c3:d0:b7:ee:03:3c:00:8d:f3:ac:
                    45:a3:d1:90:a0:bd:c6:a5:09:d4:8f:1b:1c:0d:ec:
                    b2:14:81:5e:cc:fe:36:28:f5:53:88:aa:ce:87:23:
                    00:08:99:79:03:e0:ec:4c:40:a5:de:0b:e2:14:3f:
                    19:25:74:50:95:3b:c4:d1:05:a2:b2:c0:42:2a:22:
                    0b:fb:fe:f9:31:83:d9:04:bc:00:36:7b:8a:59:45:
                    32:3b:f4:a3:4a:45:9f:bb:b5:9f:e0:22:d1:1c:78:
                    89:bd:1d:e2:b6:cc:01:49:33:c9:28:db:d0:b7:2f:
                    1c:1c:7d:46:c1:d9:e7:d1:ec:e1:ca:a3:9c:cb:94:
                    bf:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:8B:97:7D:1D:59:F1:5D:F2:05:66:58:D2:96:6A:38:B9:59:81:FD
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/i4uXfR1Z8V3yBWZY0pZqOLlZgf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:fe00::/44
                  2a0e:aa01:fe80::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:fa:5c:18:21:fe:8d:41:30:28:b7:30:cd:b8:b3:99:76:7f:
         1f:4e:9d:95:1f:c4:b3:84:41:56:79:36:07:ee:86:6e:85:a7:
         ce:08:4a:5d:07:7e:3e:0e:1c:18:08:a2:00:d3:99:26:3e:d7:
         16:24:80:46:b9:5f:35:03:b8:b4:ae:50:ad:ee:73:a3:f5:ac:
         cd:d5:65:62:70:0e:0c:1d:cc:fc:0c:d3:bb:f2:18:6e:76:89:
         ea:c5:f7:01:36:6e:7a:34:c3:5b:3e:83:1c:13:ac:f8:fa:22:
         63:55:15:cc:b9:7a:9f:38:8f:b3:e8:a6:fe:e7:d1:5b:3c:49:
         87:91:96:b0:47:d7:0d:00:de:ce:b2:a3:24:0c:3c:90:26:f6:
         25:31:5d:2a:61:39:27:e4:1a:53:7a:cb:8e:a4:51:70:09:b2:
         5d:57:b8:77:8a:14:ec:fd:67:97:a7:97:60:69:b6:b4:ba:bf:
         88:db:2b:f4:0e:79:30:32:72:ed:23:a1:22:49:f2:31:c2:1c:
         53:56:b9:3e:2a:49:41:13:26:7f:b0:1e:ae:b3:57:f7:90:15:
         fa:27:fe:30:23:f6:ee:c4:d5:07:c4:66:f3:ba:c3:50:58:63:
         7c:ee:ea:f3:77:fd:ff:46:5b:f8:9c:be:4e:18:87:36:b9:f4:
         7b:17:e7:85
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIECWuADDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MzYxYjVjZDY5NjgyNWI3NGZjY2JhN2Q5N2MzZDBhMjcyNGVmM2FhMB4XDTIyMDEw
MTA5MDM1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGI4Yjk3N2QxZDU5
ZjE1ZGYyMDU2NjU4ZDI5NjZhMzhiOTU5ODFmZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANK8uq5jCHRrShV1bDkq9rjnKJIzrSSktnCr5zumBpy1/nyR
CJhJU9XBADEK6JETDstHUfRlVckkEyBjkEPAntx+DSixAcQ9JRCW91PE1WfJYaCI
G9yJynWW44H0b/8jJvkGTzDN/DcSUI4LGtJIA8NrA76BVQBmhU7uVoTD0LfuAzwA
jfOsRaPRkKC9xqUJ1I8bHA3sshSBXsz+Nij1U4iqzocjAAiZeQPg7ExApd4L4hQ/
GSV0UJU7xNEForLAQioiC/v++TGD2QS8ADZ7illFMjv0o0pFn7u1n+Ai0Rx4ib0d
4rbMAUkzySjb0LcvHBx9RsHZ59Hs4cqjnMuUvz0CAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBSLi5d9HVnxXfIFZljSlmo4uVmB/TAfBgNVHSMEGDAWgBSTYbXNaWglt0/M
un2Xw9Cick7zqjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2syRzF6V2xvSmJkUHpMcDlsOFBRb25KTzg2by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2YvNzJiZjJmLThlMzQtNDhhMi04NDlhLWE1NDFkMWJjZWUxOS8x
L2k0dVhmUjFaOFYzeUJXWlkwcFpxT0xsWmdmMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Yv
NzJiZjJmLThlMzQtNDhhMi04NDlhLWE1NDFkMWJjZWUxOS8xL2syRzF6V2xvSmJk
UHpMcDlsOFBRb25KTzg2by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHBCoOqgH+AAMHACoOqgH+gDANBgkq
hkiG9w0BAQsFAAOCAQEAZfpcGCH+jUEwKLcwzbizmXZ/H06dlR/Es4RBVnk2B+6G
boWnzghKXQd+Pg4cGAiiANOZJj7XFiSARrlfNQO4tK5Qre5zo/WszdVlYnAODB3M
/AzTu/IYbnaJ6sX3ATZuejTDWz6DHBOs+PoiY1UVzLl6nziPs+im/ufRWzxJh5GW
sEfXDQDezrKjJAw8kCb2JTFdKmE5J+QaU3rLjqRRcAmyXVe4d4oU7P1nl6eXYGm2
tLq/iNsr9A55MDJy7SOhIknyMcIcU1a5PipJQRMmf7AerrNX95AV+if+MCP27sTV
B8Rm87rDUFhjfO7q83f9/0Zb+Jy+ThiHNrn0exfnhQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:11 2024 by rpki-client on console-ams.rpki-client.org