Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/haIvU17zidKk2fze2NgbkmQbW8A.roa
File:                     haIvU17zidKk2fze2NgbkmQbW8A.roa (raw, json)
Hash identifier:          OkzFoDJQPzTHuuinMyzt+yD9DqqAXGVv53bP7uMNE5w=
Subject key identifier:   85:A2:2F:53:5E:F3:89:D2:A4:D9:FC:DE:D8:D8:1B:92:64:1B:5B:C0
Certificate issuer:       /CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
Certificate serial:       09E5FF15
Authority key identifier: 62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/haIvU17zidKk2fze2NgbkmQbW8A.roa
Signing time:             Wed 23 Feb 2022 12:50:09 +0000
ROA not before:           Wed 23 Feb 2022 12:50:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398559
IP address blocks:        2a0f:306::/32 maxlen: 32
                          2a0f:305::/32 maxlen: 32
                          2a0f:302::/32 maxlen: 32
                          2a0f:303::/32 maxlen: 32
                          2a0f:301::/32 maxlen: 32
                          2a0f:307::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 166067989 (0x9e5ff15)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
        Validity
            Not Before: Feb 23 12:50:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=85a22f535ef389d2a4d9fcded8d81b92641b5bc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8e:e4:ab:a7:37:4f:9e:fc:33:15:db:66:0b:
                    7d:ee:4c:bb:57:a6:cf:3c:bb:9c:16:59:65:18:c3:
                    7f:3a:0d:d4:f0:ec:87:5c:18:f2:4f:e7:fc:98:65:
                    79:bb:92:8d:cb:9e:b6:10:b4:8f:3c:8d:eb:4c:9d:
                    49:47:d9:c4:d6:7e:8f:90:b9:33:03:2e:51:7b:69:
                    39:f4:1c:e2:8d:48:eb:84:be:6a:86:f4:5d:71:c7:
                    ee:7b:6d:cc:d7:70:1d:36:75:ff:45:6b:26:64:1f:
                    20:25:9a:65:b4:42:e2:4b:98:94:11:a7:8f:30:4b:
                    c4:5c:a6:49:f8:3d:d4:aa:08:6a:39:9e:10:ef:7d:
                    1a:5f:9c:2e:1d:44:37:1f:b3:7c:df:3d:c4:72:ae:
                    99:1b:fa:a8:66:57:ec:40:3f:74:83:91:63:38:50:
                    41:07:71:fc:42:2c:32:7c:e7:d6:03:5d:91:52:6c:
                    80:93:5e:cf:dc:7e:4b:90:b4:07:27:90:5f:ff:36:
                    2c:c3:19:80:f2:32:88:c1:d6:eb:b8:1f:a2:a3:63:
                    6e:a6:4e:85:a5:59:29:a4:39:7d:a2:50:48:e4:9a:
                    21:4a:89:b9:d4:c9:60:71:fd:74:1b:97:b7:d7:a3:
                    d9:d5:9d:fc:75:97:e4:15:a9:30:8b:b0:ca:d2:ae:
                    5c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A2:2F:53:5E:F3:89:D2:A4:D9:FC:DE:D8:D8:1B:92:64:1B:5B:C0
            X509v3 Authority Key Identifier:
                keyid:62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/haIvU17zidKk2fze2NgbkmQbW8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:301::-2a0f:303:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0f:305::-2a0f:307:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8b:4c:3b:57:19:5a:36:0f:00:55:fb:6b:f1:76:6a:f2:93:76:
         0b:0f:1f:63:af:b1:7c:71:6a:1e:5a:b2:60:0b:ed:3b:e6:18:
         75:97:1d:7b:74:c1:6a:d5:29:14:7b:19:33:b1:6b:88:24:54:
         42:6b:5c:7b:13:51:c1:45:e2:48:cf:f1:db:fe:17:50:26:31:
         f6:c0:09:21:82:0f:b4:40:36:ff:60:fc:66:23:82:30:40:da:
         3c:ae:60:e5:3d:cb:73:c9:28:1c:92:fd:f0:ec:43:69:a1:47:
         cf:51:d4:39:e1:05:3c:d5:df:68:10:56:1e:c9:6b:42:1f:a5:
         5f:ee:93:af:16:36:bf:12:ac:b2:f0:b5:e4:e7:4b:f3:e2:8f:
         64:0a:c2:73:ce:b2:0c:5e:a8:eb:e3:bd:54:a0:7b:ff:0d:33:
         ba:05:b0:c4:3c:91:6a:5c:94:47:8a:73:72:d3:7a:78:fc:bf:
         b4:85:41:20:b2:1d:2c:3c:e6:fa:e7:84:96:b9:3e:20:0a:d2:
         c3:69:4f:a9:e8:75:c8:5e:14:fb:b8:6a:5c:15:52:a9:b1:f6:
         aa:46:a2:ad:96:1c:55:5b:0d:7c:e5:73:18:ff:28:3e:b7:d3:
         c3:77:c8:fa:8f:c2:c9:56:f6:f7:c8:ee:35:f7:4c:a6:37:0a:
         17:ef:64:cf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIECeX/FTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MmJlY2M0YmE4YTRkNTI0OThhMGQyOTgzYTY4YjYxMzgzYWE3ZmQ3MB4XDTIyMDIy
MzEyNTAwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODVhMjJmNTM1ZWYz
ODlkMmE0ZDlmY2RlZDhkODFiOTI2NDFiNWJjMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL+O5KunN0+e/DMV22YLfe5Mu1emzzy7nBZZZRjDfzoN1PDs
h1wY8k/n/JhlebuSjcuethC0jzyN60ydSUfZxNZ+j5C5MwMuUXtpOfQc4o1I64S+
aob0XXHH7nttzNdwHTZ1/0VrJmQfICWaZbRC4kuYlBGnjzBLxFymSfg91KoIajme
EO99Gl+cLh1ENx+zfN89xHKumRv6qGZX7EA/dIORYzhQQQdx/EIsMnzn1gNdkVJs
gJNez9x+S5C0ByeQX/82LMMZgPIyiMHW67gfoqNjbqZOhaVZKaQ5faJQSOSaIUqJ
udTJYHH9dBuXt9ej2dWd/HWX5BWpMIuwytKuXFkCAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBSFoi9TXvOJ0qTZ/N7Y2BuSZBtbwDAfBgNVHSMEGDAWgBRivsxLqKTVJJig
0pg6aLYTg6p/1zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lyN01TNmlrMVNTWW9OS1lPbWkyRTRPcWY5Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODYvOWM0OTNiLTQxN2ItNGFmNi05ZjQzLTJmZjE0YzIxODcxOS8x
L2hhSXZVMTd6aWRLazJmemUyTmdia21RYlc4QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYv
OWM0OTNiLTQxN2ItNGFmNi05ZjQzLTJmZjE0YzIxODcxOS8xL1lyN01TNmlrMVNT
WW9OS1lPbWkyRTRPcWY5Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwJgQCAAIwIDAOAwUAKg8DAQMFAioPAwAwDgMFACoP
AwUDBQMqDwMAMA0GCSqGSIb3DQEBCwUAA4IBAQCLTDtXGVo2DwBV+2vxdmryk3YL
Dx9jr7F8cWoeWrJgC+075hh1lx17dMFq1SkUexkzsWuIJFRCa1x7E1HBReJIz/Hb
/hdQJjH2wAkhgg+0QDb/YPxmI4IwQNo8rmDlPctzySgckv3w7ENpoUfPUdQ54QU8
1d9oEFYeyWtCH6Vf7pOvFja/Eqyy8LXk50vz4o9kCsJzzrIMXqjr471UoHv/DTO6
BbDEPJFqXJRHinNy03p4/L+0hUEgsh0sPOb654SWuT4gCtLDaU+p6HXIXhT7uGpc
FVKpsfaqRqKtlhxVWw185XMY/yg+t9PDd8j6j8LJVvb3yO4190ymNwoX72TP
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:58:55 2023 by rpki-client on console-fra.rpki-client.org