Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/zz5GT-vmiSbdj9NpmP-0uPklg6c.roa
File:                     zz5GT-vmiSbdj9NpmP-0uPklg6c.roa (raw, json)
Hash identifier:          c52N7URqP5uz0cKyoJQs8MV7oBFFD6vF/jWrzk/Io8w=
Subject key identifier:   CF:3E:46:4F:EB:E6:89:26:DD:8F:D3:69:98:FF:B4:B8:F9:25:83:A7
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0984F6D1
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/zz5GT-vmiSbdj9NpmP-0uPklg6c.roa
Signing time:             Sat 01 Jan 2022 09:04:12 +0000
ROA not before:           Sat 01 Jan 2022 09:04:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212916
IP address blocks:        2a0e:aa07:e011::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 159708881 (0x984f6d1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 09:04:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cf3e464febe68926dd8fd36998ffb4b8f92583a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8e:9b:9f:c9:e8:97:8d:85:43:17:f7:05:b6:
                    1b:3d:46:f2:d0:32:14:c8:17:52:97:21:39:3f:c6:
                    ae:fb:2a:ee:2a:87:31:8f:8c:ff:9f:2d:6b:b9:3e:
                    5c:42:41:a6:1d:3e:42:ff:c0:a7:21:38:82:7c:c4:
                    b7:a8:88:d2:bb:c4:c6:3c:89:46:8a:fd:34:16:03:
                    4c:4f:36:2d:4b:19:99:89:91:0d:bd:55:17:b1:80:
                    63:bc:46:70:1f:0c:ad:45:92:60:42:02:91:7c:6e:
                    39:e1:90:96:81:81:3f:a3:f9:3b:49:28:e0:f3:4f:
                    f1:2c:33:35:5b:e7:d6:62:e7:c0:64:f2:c2:35:ca:
                    d3:2d:6b:5a:99:54:20:c7:fe:28:d9:5a:4e:59:b1:
                    fd:9a:19:96:92:99:44:12:e4:36:56:97:dd:1d:5e:
                    46:c9:bc:37:a6:ed:46:3f:69:e1:fc:27:f1:e6:89:
                    49:5c:f3:32:aa:94:70:dd:ea:70:30:c5:d7:a4:c9:
                    8d:b5:67:d3:20:5d:d0:7a:f0:70:8c:aa:b2:98:dc:
                    2c:13:74:d5:3a:ee:79:06:d9:8a:0a:47:24:9a:a3:
                    ae:30:f7:6f:61:86:a2:34:8e:67:5f:9c:77:cf:ab:
                    c8:dd:b4:7c:38:bd:83:9d:49:08:ce:8e:97:0f:4b:
                    a4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:3E:46:4F:EB:E6:89:26:DD:8F:D3:69:98:FF:B4:B8:F9:25:83:A7
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/zz5GT-vmiSbdj9NpmP-0uPklg6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e011::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:1e:af:dc:43:4d:99:cc:d6:27:f9:21:b8:c9:1e:27:05:63:
         f8:21:d0:50:96:93:ab:24:26:b8:1a:96:b9:d0:c1:b7:91:44:
         bb:46:9e:c1:a3:80:1f:5a:61:c6:20:51:1b:fb:ab:11:09:2b:
         5a:c1:c1:10:a0:ae:4a:98:23:5c:5e:e6:db:c9:d7:da:3c:62:
         62:37:29:d2:69:d8:24:3c:79:15:3c:c5:00:77:57:89:82:d6:
         58:b7:1a:93:3e:cd:fc:87:e7:c6:97:c1:1a:33:86:a0:bc:33:
         55:91:89:c8:29:00:f5:48:d9:8d:ce:d9:fb:4d:d6:72:64:d1:
         29:14:78:2c:bf:6c:b7:9d:0f:c4:21:ea:98:64:be:8f:8f:be:
         5c:78:1c:f4:bd:e3:72:ff:b6:91:20:ba:06:4e:dc:a8:82:5b:
         ba:ab:52:3d:17:60:01:79:17:b6:d6:8e:3c:07:eb:8a:cd:2f:
         6a:cb:95:b9:26:29:d6:1e:12:e2:02:3d:6e:81:59:43:04:b3:
         3e:2c:29:12:ac:7a:d0:4e:41:33:1c:3e:92:db:c7:cc:83:74:
         d2:11:57:2b:83:f1:58:e1:e5:27:91:46:b5:d2:d3:96:e5:23:
         cb:98:90:61:c2:0f:a7:a5:33:ae:e3:66:2f:f3:48:60:4a:87:
         bb:b8:f9:f2
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECYT20TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MzYxYjVjZDY5NjgyNWI3NGZjY2JhN2Q5N2MzZDBhMjcyNGVmM2FhMB4XDTIyMDEw
MTA5MDQxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2YzZTQ2NGZlYmU2
ODkyNmRkOGZkMzY5OThmZmI0YjhmOTI1ODNhNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI+Om5/J6JeNhUMX9wW2Gz1G8tAyFMgXUpchOT/Grvsq7iqH
MY+M/58ta7k+XEJBph0+Qv/ApyE4gnzEt6iI0rvExjyJRor9NBYDTE82LUsZmYmR
Db1VF7GAY7xGcB8MrUWSYEICkXxuOeGQloGBP6P5O0ko4PNP8SwzNVvn1mLnwGTy
wjXK0y1rWplUIMf+KNlaTlmx/ZoZlpKZRBLkNlaX3R1eRsm8N6btRj9p4fwn8eaJ
SVzzMqqUcN3qcDDF16TJjbVn0yBd0HrwcIyqspjcLBN01TrueQbZigpHJJqjrjD3
b2GGojSOZ1+cd8+ryN20fDi9g51JCM6Olw9LpL0CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTPPkZP6+aJJt2P02mY/7S4+SWDpzAfBgNVHSMEGDAWgBSTYbXNaWglt0/M
un2Xw9Cick7zqjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2syRzF6V2xvSmJkUHpMcDlsOFBRb25KTzg2by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2YvNzJiZjJmLThlMzQtNDhhMi04NDlhLWE1NDFkMWJjZWUxOS8x
L3p6NUdULXZtaVNiZGo5TnBtUC0wdVBrbGc2Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Yv
NzJiZjJmLThlMzQtNDhhMi04NDlhLWE1NDFkMWJjZWUxOS8xL2syRzF6V2xvSmJk
UHpMcDlsOFBRb25KTzg2by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOqgfgETANBgkqhkiG9w0BAQsF
AAOCAQEAYR6v3ENNmczWJ/khuMkeJwVj+CHQUJaTqyQmuBqWudDBt5FEu0aewaOA
H1phxiBRG/urEQkrWsHBEKCuSpgjXF7m28nX2jxiYjcp0mnYJDx5FTzFAHdXiYLW
WLcakz7N/IfnxpfBGjOGoLwzVZGJyCkA9UjZjc7Z+03WcmTRKRR4LL9st50PxCHq
mGS+j4++XHgc9L3jcv+2kSC6Bk7cqIJbuqtSPRdgAXkXttaOPAfris0vasuVuSYp
1h4S4gI9boFZQwSzPiwpEqx60E5BMxw+ktvHzIN00hFXK4PxWOHlJ5FGtdLTluUj
y5iQYcIPp6UzruNmL/NIYEqHu7j58g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:37 2024 by rpki-client on console-fra.rpki-client.org