Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/_zH1IXNUru0fHbSs_uW1bW2HSPM.roa
File:                     _zH1IXNUru0fHbSs_uW1bW2HSPM.roa (raw, json)
Hash identifier:          DSikdXZ3FulYjP4NJqCtpDvV0YSnHW+usaOMql9KdLM=
Subject key identifier:   FF:31:F5:21:73:54:AE:ED:1F:1D:B4:AC:FE:E5:B5:6D:6D:87:48:F3
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       109CA3A1
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/_zH1IXNUru0fHbSs_uW1bW2HSPM.roa
Signing time:             Sat 01 Jan 2022 13:59:24 +0000
ROA not before:           Sat 01 Jan 2022 13:59:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0b:6b86:f00::/40 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 278700961 (0x109ca3a1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 13:59:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ff31f5217354aeed1f1db4acfee5b56d6d8748f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:96:4f:0c:d3:6d:d2:9a:9f:04:39:a9:de:62:
                    b5:b0:e5:ed:9f:14:41:73:02:9f:43:2f:12:15:4a:
                    54:56:5d:01:4c:ee:28:24:45:a8:bd:c8:ae:54:89:
                    b4:3b:a7:89:84:d0:0b:60:06:76:34:7d:52:ab:54:
                    a9:2a:9a:8a:06:aa:6e:98:a9:9c:16:7c:70:b6:4e:
                    5b:7e:e9:f1:2a:85:01:be:8d:90:d7:1a:66:21:36:
                    f5:13:25:74:cf:c1:f1:3d:4d:a0:0f:e5:c0:e8:fc:
                    96:ae:8c:14:32:47:24:6a:52:30:c6:f6:43:1d:42:
                    3d:ab:de:8c:84:30:37:8a:19:45:53:60:cf:0b:4e:
                    10:64:74:47:0e:e4:27:9c:58:d1:a7:30:c0:f6:54:
                    37:08:b0:99:cb:b2:ac:7c:ec:93:d7:90:aa:a4:ab:
                    88:97:70:01:03:36:f9:e1:f6:d1:69:0b:75:4c:91:
                    86:0c:a2:63:63:28:11:c7:88:a5:54:27:3b:80:40:
                    c6:fa:69:7c:08:1c:6c:a0:92:55:17:fb:05:61:bd:
                    49:cf:27:8d:10:13:0f:23:d2:d8:be:a3:1f:b7:ac:
                    6a:e7:f4:a8:28:86:e9:4f:af:64:1d:91:c3:a0:34:
                    28:2a:34:63:9e:9e:e4:ab:a0:d8:ea:36:d7:4a:b4:
                    78:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:31:F5:21:73:54:AE:ED:1F:1D:B4:AC:FE:E5:B5:6D:6D:87:48:F3
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/_zH1IXNUru0fHbSs_uW1bW2HSPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         44:aa:2b:4b:23:dc:4d:d1:36:8b:7f:e5:ef:27:42:39:95:e4:
         88:58:f8:9b:d4:45:ed:29:ed:d8:a1:23:fe:24:f7:3c:62:f5:
         82:67:2e:fd:f5:46:5f:c6:ec:fc:0c:45:5f:87:f8:b7:e7:e9:
         db:c7:37:ab:62:47:98:37:81:91:cf:a5:d8:e9:2c:78:3d:92:
         08:26:cf:5d:90:83:b4:d3:14:bc:68:ba:13:50:12:96:c5:2e:
         24:6e:15:31:62:30:0f:e5:71:04:36:33:e2:68:f8:09:cd:26:
         84:aa:ff:0f:7f:03:ea:2c:ce:c7:7e:32:df:49:f3:2d:ec:60:
         84:5a:51:f9:61:e5:e0:8b:7b:30:84:3c:db:31:e9:df:bd:8a:
         26:e8:f7:8b:11:00:3d:51:9a:d8:02:5e:fe:76:e6:b4:91:e4:
         2d:1a:eb:60:64:e7:88:b0:03:24:6a:d5:91:e2:62:0d:a8:c3:
         4c:ec:bb:a0:e0:fe:3e:c5:0e:fb:6d:4e:b4:61:58:5b:2e:38:
         0d:7c:bb:36:53:05:c8:d0:d0:e9:37:47:ca:87:42:03:68:06:
         b3:5f:08:e6:97:d3:2d:81:89:b3:f6:05:61:dc:1f:86:36:87:
         2c:28:08:98:91:46:f4:12:88:7c:06:62:34:9e:47:3b:80:ad:
         48:41:fd:8c
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEEJyjoTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MzViYzliYjU0N2UyNzc4OGQyMjFiYzhiYmQ1ZmIwMmUwMjQ0ODBmMB4XDTIyMDEw
MTEzNTkyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmYzMWY1MjE3MzU0
YWVlZDFmMWRiNGFjZmVlNWI1NmQ2ZDg3NDhmMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOGWTwzTbdKanwQ5qd5itbDl7Z8UQXMCn0MvEhVKVFZdAUzu
KCRFqL3IrlSJtDuniYTQC2AGdjR9UqtUqSqaigaqbpipnBZ8cLZOW37p8SqFAb6N
kNcaZiE29RMldM/B8T1NoA/lwOj8lq6MFDJHJGpSMMb2Qx1CPavejIQwN4oZRVNg
zwtOEGR0Rw7kJ5xY0acwwPZUNwiwmcuyrHzsk9eQqqSriJdwAQM2+eH20WkLdUyR
hgyiY2MoEceIpVQnO4BAxvppfAgcbKCSVRf7BWG9Sc8njRATDyPS2L6jH7esauf0
qCiG6U+vZB2Rw6A0KCo0Y56e5Kug2Oo210q0eE8CAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBT/MfUhc1Su7R8dtKz+5bVtbYdI8zAfBgNVHSMEGDAWgBSDW8m7VH4neI0i
G8i71fsC4CRIDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2cxdkp1MVItSjNpTklodkl1OVg3QXVBa1NBOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODQvOTYyZmIxLTNkZjAtNGVjMi1iNTBhLWIzNmEyNGQzOTQyNy8x
L196SDFJWE5VcnUwZkhiU3NfdVcxYlcySFNQTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQv
OTYyZmIxLTNkZjAtNGVjMi1iNTBhLWIzNmEyNGQzOTQyNy8xL2cxdkp1MVItSjNp
Tklodkl1OVg3QXVBa1NBOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAh
BggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoLa4YPMA0GCSqGSIb3DQEBCwUA
A4IBAQBEqitLI9xN0TaLf+XvJ0I5leSIWPib1EXtKe3YoSP+JPc8YvWCZy799UZf
xuz8DEVfh/i35+nbxzerYkeYN4GRz6XY6Sx4PZIIJs9dkIO00xS8aLoTUBKWxS4k
bhUxYjAP5XEENjPiaPgJzSaEqv8PfwPqLM7HfjLfSfMt7GCEWlH5YeXgi3swhDzb
MenfvYom6PeLEQA9UZrYAl7+dua0keQtGutgZOeIsAMkatWR4mINqMNM7Lug4P4+
xQ77bU60YVhbLjgNfLs2UwXI0NDpN0fKh0IDaAazXwjml9MtgYmz9gVh3B+GNocs
KAiYkUb0Eoh8BmI0nkc7gK1IQf2M
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:58:50 2023 by rpki-client on console-fra.rpki-client.org