Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/9MJfOf7vzJPdDh2ZA_owT4naDrU.roa
File:                     9MJfOf7vzJPdDh2ZA_owT4naDrU.roa (raw, json)
Hash identifier:          aYXsOQNTKwhGeDX7BYh0W6MoOztFBJqWOIe1gB6iktc=
Subject key identifier:   F4:C2:5F:39:FE:EF:CC:93:DD:0E:1D:99:03:FA:30:4F:89:DA:0E:B5
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       10A9F5DB
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/9MJfOf7vzJPdDh2ZA_owT4naDrU.roa
Signing time:             Sat 01 Jan 2022 13:59:29 +0000
ROA not before:           Sat 01 Jan 2022 13:59:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211387
IP address blocks:        2a0b:6b86:f00::/40 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 279573979 (0x10a9f5db)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 13:59:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f4c25f39feefcc93dd0e1d9903fa304f89da0eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:52:96:27:d2:00:43:90:9a:07:2d:0d:e4:a0:
                    7d:d4:e5:7a:fe:e3:a7:c0:9f:9c:de:32:b7:60:b4:
                    12:a4:60:89:d7:1d:85:54:65:8c:46:d2:9c:43:46:
                    56:1f:c2:53:4e:9a:a7:d2:33:2f:be:eb:bd:b5:10:
                    48:86:97:22:50:e8:0c:9a:16:1e:4b:6c:6f:32:1d:
                    13:ab:6d:ff:93:69:ce:81:13:dc:12:40:e4:cf:80:
                    ca:c4:91:c3:4e:86:4a:e1:b1:2e:38:cc:4b:36:1f:
                    81:89:51:aa:b1:18:f8:41:fd:69:0c:8d:99:79:85:
                    92:da:e8:03:ce:1c:dd:ce:8a:86:c9:b5:fd:0c:6e:
                    67:77:4e:af:f9:20:98:e9:81:00:61:3a:2c:a1:dc:
                    c6:7a:e2:7d:e5:07:2e:e4:de:32:cd:10:79:17:9a:
                    c4:a7:1b:55:d5:cd:51:88:41:0c:3a:84:a9:93:b9:
                    b2:5c:a5:25:8b:e7:b6:3a:ef:f0:ff:e2:fd:b5:64:
                    7d:7c:40:91:b5:ea:e6:c6:a9:d7:e1:58:20:62:d2:
                    03:a7:3b:c9:26:23:44:78:ce:48:b2:49:65:fe:3d:
                    de:a4:90:24:3d:a6:70:e8:bf:ba:43:85:4b:4f:1b:
                    99:74:93:6b:a0:40:1a:00:09:3a:96:84:df:08:6b:
                    bc:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C2:5F:39:FE:EF:CC:93:DD:0E:1D:99:03:FA:30:4F:89:DA:0E:B5
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/9MJfOf7vzJPdDh2ZA_owT4naDrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         83:eb:9b:2e:0b:f0:fc:eb:2e:be:ed:72:22:14:ef:a1:97:2f:
         61:b3:d9:21:2a:37:f2:16:82:d6:7a:b3:8f:a7:19:c7:aa:55:
         c1:47:83:81:56:51:cf:ec:74:63:1e:9c:c1:47:0b:01:91:2c:
         2a:12:6f:f0:58:3c:bd:74:72:83:a9:6a:8e:c0:f5:74:ab:c1:
         38:4d:79:de:61:de:33:07:04:ec:ea:19:a7:20:87:04:d9:05:
         8e:43:15:fb:68:c7:05:25:db:ba:c0:14:6d:f2:f2:38:65:10:
         62:40:21:f1:44:2b:c0:12:2d:4c:ed:50:08:c7:e6:53:b9:f2:
         cb:59:a5:8c:95:37:a9:e9:4b:d6:20:60:1e:8b:04:96:7c:95:
         89:80:35:27:a9:23:c6:61:59:9a:24:6d:1d:04:79:7d:62:90:
         71:d2:99:3f:b1:65:21:af:03:cb:f7:62:cb:12:73:23:21:e3:
         c9:6f:56:e2:15:36:ac:20:62:be:47:00:87:f1:8e:8d:ae:c1:
         d7:d5:89:90:7c:ac:21:cd:79:b2:2e:c1:62:16:b1:e6:3a:df:
         0d:94:11:b4:8a:ce:01:7d:3b:58:3c:79:7e:29:ac:a2:8c:e8:
         f8:f5:3f:5f:00:3d:c2:d2:54:91:a1:c5:26:1a:f0:a8:3b:0e:
         66:98:df:c6
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEEKn12zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MzViYzliYjU0N2UyNzc4OGQyMjFiYzhiYmQ1ZmIwMmUwMjQ0ODBmMB4XDTIyMDEw
MTEzNTkyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjRjMjVmMzlmZWVm
Y2M5M2RkMGUxZDk5MDNmYTMwNGY4OWRhMGViNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMpSlifSAEOQmgctDeSgfdTlev7jp8CfnN4yt2C0EqRgidcd
hVRljEbSnENGVh/CU06ap9IzL77rvbUQSIaXIlDoDJoWHktsbzIdE6tt/5NpzoET
3BJA5M+AysSRw06GSuGxLjjMSzYfgYlRqrEY+EH9aQyNmXmFktroA84c3c6Khsm1
/QxuZ3dOr/kgmOmBAGE6LKHcxnrifeUHLuTeMs0QeReaxKcbVdXNUYhBDDqEqZO5
slylJYvntjrv8P/i/bVkfXxAkbXq5sap1+FYIGLSA6c7ySYjRHjOSLJJZf493qSQ
JD2mcOi/ukOFS08bmXSTa6BAGgAJOpaE3whrvN8CAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBT0wl85/u/Mk90OHZkD+jBPidoOtTAfBgNVHSMEGDAWgBSDW8m7VH4neI0i
G8i71fsC4CRIDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2cxdkp1MVItSjNpTklodkl1OVg3QXVBa1NBOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODQvOTYyZmIxLTNkZjAtNGVjMi1iNTBhLWIzNmEyNGQzOTQyNy8x
LzlNSmZPZjd2ekpQZERoMlpBX293VDRuYURyVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQv
OTYyZmIxLTNkZjAtNGVjMi1iNTBhLWIzNmEyNGQzOTQyNy8xL2cxdkp1MVItSjNp
Tklodkl1OVg3QXVBa1NBOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAh
BggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoLa4YPMA0GCSqGSIb3DQEBCwUA
A4IBAQCD65suC/D86y6+7XIiFO+hly9hs9khKjfyFoLWerOPpxnHqlXBR4OBVlHP
7HRjHpzBRwsBkSwqEm/wWDy9dHKDqWqOwPV0q8E4TXneYd4zBwTs6hmnIIcE2QWO
QxX7aMcFJdu6wBRt8vI4ZRBiQCHxRCvAEi1M7VAIx+ZTufLLWaWMlTep6UvWIGAe
iwSWfJWJgDUnqSPGYVmaJG0dBHl9YpBx0pk/sWUhrwPL92LLEnMjIePJb1biFTas
IGK+RwCH8Y6NrsHX1YmQfKwhzXmyLsFiFrHmOt8NlBG0is4BfTtYPHl+KayijOj4
9T9fAD3C0lSRocUmGvCoOw5mmN/G
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:14 2024 by rpki-client on console-ams.rpki-client.org