Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/pqnXaNNtpzHxrYp8J2dFBQIdKHA.roa
File:                     pqnXaNNtpzHxrYp8J2dFBQIdKHA.roa (raw, json)
Hash identifier:          UJb1M7wT378rLiuhtCqOvwx400KlCJnYOW/gJtvsFrw=
Subject key identifier:   A6:A9:D7:68:D3:6D:A7:31:F1:AD:8A:7C:27:67:45:05:02:1D:28:70
Certificate issuer:       /CN=0232a4bfb7796405a556b759f1d193e4c4d37129
Certificate serial:       11DAC94E
Authority key identifier: 02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/pqnXaNNtpzHxrYp8J2dFBQIdKHA.roa
Signing time:             Sat 01 Jan 2022 09:59:17 +0000
ROA not before:           Sat 01 Jan 2022 09:59:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3356
IP address blocks:        2001:4c08:201e::/48 maxlen: 48
                          2001:4c08:2006::/48 maxlen: 48
                          2001:4c08:2007::/48 maxlen: 48
                          2001:4c08:2012::/48 maxlen: 48
                          2001:4c08:2002::/48 maxlen: 48
                          2001:4c08:2005::/48 maxlen: 48
                          2001:4c08:2008::/48 maxlen: 48
                          2001:4c08:2018::/48 maxlen: 48
                          2001:4c08:2020::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 299551054 (0x11dac94e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0232a4bfb7796405a556b759f1d193e4c4d37129
        Validity
            Not Before: Jan  1 09:59:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a6a9d768d36da731f1ad8a7c27674505021d2870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:44:d5:43:58:aa:f5:45:de:53:c8:3d:ac:8d:
                    ea:5d:c1:81:41:0e:51:de:71:85:72:b8:21:a2:d6:
                    6d:e3:b2:40:e7:ce:aa:ef:c1:75:9b:8f:17:40:48:
                    95:2c:37:23:e4:01:12:e7:a8:78:df:42:3a:49:14:
                    c6:9c:3a:e9:fb:8e:96:04:6d:a7:1d:34:64:c8:d0:
                    96:fc:bf:52:0f:9f:66:d8:8f:66:e5:e2:36:ed:e5:
                    d6:da:bd:94:34:d1:74:be:9b:ea:93:95:5c:c3:de:
                    af:7a:32:ee:84:d2:a8:7c:f5:47:46:f5:c7:6c:d2:
                    4c:48:2d:b0:f3:92:59:53:a1:d9:30:0c:7c:38:7d:
                    a4:44:60:2f:ac:8a:b9:c4:30:d6:90:43:7e:64:c6:
                    53:de:23:f7:a2:74:ae:9f:16:3f:50:3a:8a:07:7e:
                    b2:1f:34:a6:36:a6:9d:5b:7e:d2:9f:0e:11:33:15:
                    44:27:f3:61:a1:38:fb:c1:f8:05:da:11:81:b6:2b:
                    a7:f4:18:d9:98:20:ee:16:61:5f:ff:ed:49:cf:37:
                    42:01:52:41:e0:32:25:ff:d5:f9:e4:ce:b3:1c:0f:
                    a4:2f:29:ff:85:ea:3f:7f:0a:b5:89:f2:fa:5b:28:
                    29:7b:6d:01:b9:bc:cb:12:b3:a9:6b:fb:4a:45:ff:
                    53:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A9:D7:68:D3:6D:A7:31:F1:AD:8A:7C:27:67:45:05:02:1D:28:70
            X509v3 Authority Key Identifier:
                keyid:02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/pqnXaNNtpzHxrYp8J2dFBQIdKHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4c08:2002::/48
                  2001:4c08:2005::-2001:4c08:2008:ffff:ffff:ffff:ffff:ffff
                  2001:4c08:2012::/48
                  2001:4c08:2018::/48
                  2001:4c08:201e::/48
                  2001:4c08:2020::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:bc:45:33:89:06:2d:5e:de:b8:54:70:87:a7:88:b9:81:15:
         4c:8f:50:9a:ef:99:fa:26:43:aa:e7:89:c2:83:31:f1:d4:e4:
         68:37:ce:54:81:39:5d:4b:98:79:a9:ef:f9:b1:d2:ab:fc:60:
         a6:8c:a6:98:83:00:9f:f5:24:f3:43:93:c9:36:32:45:68:f9:
         b8:5a:4e:eb:f4:0f:2b:d5:d6:11:36:19:43:45:11:3a:eb:e3:
         4f:ab:2a:ea:0a:66:d9:61:aa:6b:57:ca:52:56:52:aa:68:0b:
         b8:12:83:f5:da:73:8b:23:f0:09:20:8b:c8:d3:3a:f9:26:da:
         42:c9:9f:8b:7a:4e:f3:1a:67:90:15:3e:3b:86:0f:69:59:26:
         c6:94:0a:43:53:97:52:46:eb:36:a6:af:73:83:68:00:4e:b4:
         e2:88:2c:18:ba:79:d6:a9:fd:d9:88:e0:39:3c:8b:16:67:b7:
         cf:e2:11:21:0e:30:9e:ab:30:f0:c5:f2:7f:2e:b0:20:c0:b0:
         c4:4e:b5:10:e6:16:bf:4a:e3:ac:02:16:ce:9f:df:50:91:98:
         66:40:ff:e7:b1:94:30:76:63:82:51:01:95:8a:0e:73:66:2f:
         bc:20:39:fa:3c:5f:65:92:1c:4e:55:66:7c:9e:dc:ef:ed:56:
         2b:f7:b8:b3
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIEEdrJTjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MjMyYTRiZmI3Nzk2NDA1YTU1NmI3NTlmMWQxOTNlNGM0ZDM3MTI5MB4XDTIyMDEw
MTA5NTkxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTZhOWQ3NjhkMzZk
YTczMWYxYWQ4YTdjMjc2NzQ1MDUwMjFkMjg3MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN9E1UNYqvVF3lPIPayN6l3BgUEOUd5xhXK4IaLWbeOyQOfO
qu/BdZuPF0BIlSw3I+QBEueoeN9COkkUxpw66fuOlgRtpx00ZMjQlvy/Ug+fZtiP
ZuXiNu3l1tq9lDTRdL6b6pOVXMPer3oy7oTSqHz1R0b1x2zSTEgtsPOSWVOh2TAM
fDh9pERgL6yKucQw1pBDfmTGU94j96J0rp8WP1A6igd+sh80pjamnVt+0p8OETMV
RCfzYaE4+8H4BdoRgbYrp/QY2Zgg7hZhX//tSc83QgFSQeAyJf/V+eTOsxwPpC8p
/4XqP38KtYny+lsoKXttAbm8yxKzqWv7SkX/Uy8CAwEAAaOCAkQwggJAMB0GA1Ud
DgQWBBSmqddo022nMfGtinwnZ0UFAh0ocDAfBgNVHSMEGDAWgBQCMqS/t3lkBaVW
t1nx0ZPkxNNxKTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FqS2t2N2Q1WkFXbFZyZFo4ZEdUNU1UVGNTay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODEvYTdjZTdhLTg0NDMtNDZlYi04Y2JhLTNiYjRkNjIwMDUxOC8x
L3BxblhhTk50cHpIeHJZcDhKMmRGQlFJZEtIQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODEv
YTdjZTdhLTg0NDMtNDZlYi04Y2JhLTNiYjRkNjIwMDUxOC8xL0FqS2t2N2Q1WkFX
bFZyZFo4ZEdUNU1UVGNTay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBa
BggrBgEFBQcBBwEB/wRLMEkwRwQCAAIwQQMHACABTAggAjASAwcAIAFMCCAFAwcA
IAFMCCAIAwcAIAFMCCASAwcAIAFMCCAYAwcAIAFMCCAeAwcAIAFMCCAgMA0GCSqG
SIb3DQEBCwUAA4IBAQAhvEUziQYtXt64VHCHp4i5gRVMj1Ca75n6JkOq54nCgzHx
1ORoN85UgTldS5h5qe/5sdKr/GCmjKaYgwCf9STzQ5PJNjJFaPm4Wk7r9A8r1dYR
NhlDRRE66+NPqyrqCmbZYaprV8pSVlKqaAu4EoP12nOLI/AJIIvI0zr5JtpCyZ+L
ek7zGmeQFT47hg9pWSbGlApDU5dSRus2pq9zg2gATrTiiCwYunnWqf3ZiOA5PIsW
Z7fP4hEhDjCeqzDwxfJ/LrAgwLDETrUQ5ha/SuOsAhbOn99QkZhmQP/nsZQwdmOC
UQGVig5zZi+8IDn6PF9lkhxOVWZ8ntzv7VYr97iz
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:18 2023 by rpki-client on console-ams.rpki-client.org