Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/x8Iv4FifNfrG1vVt-70RdhN57X0.roa
File:                     x8Iv4FifNfrG1vVt-70RdhN57X0.roa (raw, json)
Hash identifier:          llZlvmVI0YKs7rPZS2c5BGxLXn4cM1tpAKQV7SfS6Dk=
Subject key identifier:   C7:C2:2F:E0:58:9F:35:FA:C6:D6:F5:6D:FB:BD:11:76:13:79:ED:7D
Certificate issuer:       /CN=aa85e9da2227345c18abd7e75272f81c29b30d1b
Certificate serial:       0AA10245
Authority key identifier: AA:85:E9:DA:22:27:34:5C:18:AB:D7:E7:52:72:F8:1C:29:B3:0D:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qoXp2iInNFwYq9fnUnL4HCmzDRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/x8Iv4FifNfrG1vVt-70RdhN57X0.roa
Signing time:             Sat 01 Jan 2022 15:57:42 +0000
ROA not before:           Sat 01 Jan 2022 15:57:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12552
IP address blocks:        2001:67c:198::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 178324037 (0xaa10245)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa85e9da2227345c18abd7e75272f81c29b30d1b
        Validity
            Not Before: Jan  1 15:57:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c7c22fe0589f35fac6d6f56dfbbd11761379ed7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:87:a8:e1:91:c8:c6:32:ed:11:70:2e:9b:92:
                    a6:35:31:f6:9e:28:be:6c:94:59:c4:b8:af:16:c6:
                    7a:97:32:ab:5e:fa:cc:41:1b:dc:e9:e3:a7:35:62:
                    8d:be:a5:1a:77:52:af:13:ac:79:3a:b3:55:d7:8e:
                    d9:9f:c8:d5:88:f6:ef:e0:6a:e7:c1:c8:4b:8a:01:
                    4a:02:1a:1a:bb:c9:1a:d8:7c:ab:87:37:15:c0:5f:
                    b6:5e:e6:6b:be:72:68:15:cb:d0:c0:ad:70:b2:ef:
                    28:06:47:97:e7:2e:bb:e6:e0:6c:5d:d4:48:62:78:
                    42:2c:fe:98:18:0c:da:b7:87:2b:f3:1a:2d:73:2f:
                    17:cb:82:9e:74:32:d5:95:72:7c:93:ac:f2:16:c6:
                    6b:c3:d9:98:57:52:b8:80:a8:ac:5c:6b:6d:7a:59:
                    05:a1:7d:5a:78:c1:8d:0f:49:5a:eb:2b:31:0c:01:
                    b9:03:65:54:5d:c1:b8:07:8b:1e:f6:12:52:5c:4f:
                    55:e6:a0:49:10:50:13:38:d4:81:f4:88:5b:1b:ee:
                    ba:40:0f:1c:74:7f:92:4f:36:6a:05:c7:b5:d0:09:
                    5d:40:8c:dc:1a:24:3b:c6:3e:d5:dd:f5:b1:a1:2c:
                    63:3d:e5:92:57:93:dc:9a:89:88:6f:30:fd:1c:d1:
                    c9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C2:2F:E0:58:9F:35:FA:C6:D6:F5:6D:FB:BD:11:76:13:79:ED:7D
            X509v3 Authority Key Identifier:
                keyid:AA:85:E9:DA:22:27:34:5C:18:AB:D7:E7:52:72:F8:1C:29:B3:0D:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoXp2iInNFwYq9fnUnL4HCmzDRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/x8Iv4FifNfrG1vVt-70RdhN57X0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f2fc0e-bbb9-4924-a89c-7620db279962/1/qoXp2iInNFwYq9fnUnL4HCmzDRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:198::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:5c:78:f6:78:ac:7a:58:b7:f5:6c:3d:16:45:65:b2:cf:81:
         f1:93:98:27:54:ec:56:d8:98:0e:74:0b:49:66:53:94:a6:dc:
         5d:6e:f1:09:bb:84:f7:e4:78:d4:78:85:64:d1:a6:0d:74:3c:
         ef:0b:46:65:69:ea:e9:15:ef:dd:ad:fb:6d:b4:c0:0b:df:a9:
         bf:8d:fd:a6:0c:de:0d:73:7a:e4:d0:80:9f:06:ce:55:62:6a:
         d1:07:75:36:d6:ed:89:ea:b6:62:7b:33:dd:3b:85:2f:b2:f6:
         4d:bf:79:1c:1b:18:30:01:46:10:a4:72:7b:34:cb:3f:2e:00:
         bb:54:2c:fb:44:5f:29:1c:7e:73:80:98:29:79:9f:4f:bd:39:
         18:9e:f1:1c:c5:89:87:b6:18:fb:5e:e0:66:fc:bf:af:47:ab:
         e7:f5:58:a3:66:39:c1:9d:90:b9:fa:2a:b6:b3:1b:f8:84:c8:
         f8:de:08:6e:2a:89:07:58:b4:f3:d0:60:ec:57:7e:84:a5:aa:
         15:db:2c:ee:62:6e:bf:ce:a4:46:d2:56:6e:65:ef:57:8c:0e:
         e2:51:b8:1c:43:fa:d6:c5:e4:45:84:ce:2e:ae:6c:1d:bd:0c:
         ee:e6:14:09:15:d3:3a:d3:d8:1e:c1:f8:4c:51:c7:6d:7e:71:
         a3:f7:19:b7
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECqECRTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YTg1ZTlkYTIyMjczNDVjMThhYmQ3ZTc1MjcyZjgxYzI5YjMwZDFiMB4XDTIyMDEw
MTE1NTc0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzdjMjJmZTA1ODlm
MzVmYWM2ZDZmNTZkZmJiZDExNzYxMzc5ZWQ3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJmHqOGRyMYy7RFwLpuSpjUx9p4ovmyUWcS4rxbGepcyq176
zEEb3OnjpzVijb6lGndSrxOseTqzVdeO2Z/I1Yj27+Bq58HIS4oBSgIaGrvJGth8
q4c3FcBftl7ma75yaBXL0MCtcLLvKAZHl+cuu+bgbF3USGJ4Qiz+mBgM2reHK/Ma
LXMvF8uCnnQy1ZVyfJOs8hbGa8PZmFdSuICorFxrbXpZBaF9WnjBjQ9JWusrMQwB
uQNlVF3BuAeLHvYSUlxPVeagSRBQEzjUgfSIWxvuukAPHHR/kk82agXHtdAJXUCM
3BokO8Y+1d31saEsYz3lkleT3JqJiG8w/RzRyZMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTHwi/gWJ81+sbW9W37vRF2E3ntfTAfBgNVHSMEGDAWgBSqhenaIic0XBir
1+dScvgcKbMNGzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FvWHAyaUluTkZ3WXE5Zm5Vbkw0SENtekRScy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODcvZjJmYzBlLWJiYjktNDkyNC1hODljLTc2MjBkYjI3OTk2Mi8x
L3g4SXY0RmlmTmZyRzF2VnQtNzBSZGhONTdYMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcv
ZjJmYzBlLWJiYjktNDkyNC1hODljLTc2MjBkYjI3OTk2Mi8xL3FvWHAyaUluTkZ3
WXE5Zm5Vbkw0SENtekRScy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwBmDANBgkqhkiG9w0BAQsF
AAOCAQEANlx49niseli39Ww9FkVlss+B8ZOYJ1TsVtiYDnQLSWZTlKbcXW7xCbuE
9+R41HiFZNGmDXQ87wtGZWnq6RXv3a37bbTAC9+pv439pgzeDXN65NCAnwbOVWJq
0Qd1Ntbtieq2Ynsz3TuFL7L2Tb95HBsYMAFGEKRyezTLPy4Au1Qs+0RfKRx+c4CY
KXmfT705GJ7xHMWJh7YY+17gZvy/r0er5/VYo2Y5wZ2QufoqtrMb+ITI+N4IbiqJ
B1i089Bg7Fd+hKWqFdss7mJuv86kRtJWbmXvV4wO4lG4HEP61sXkRYTOLq5sHb0M
7uYUCRXTOtPYHsH4TFHHbX5xo/cZtw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:50 2024 by rpki-client on console-fra.rpki-client.org