Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/On02W9hpEniEOC31ETnfsGQE3YI.roa
File:                     On02W9hpEniEOC31ETnfsGQE3YI.roa (raw, json)
Hash identifier:          5joBue3W6yd9/7ynbzV8/xsJT61KlNwpvoNr55FQAGg=
Subject key identifier:   3A:7D:36:5B:D8:69:12:78:84:38:2D:F5:11:39:DF:B0:64:04:DD:82
Certificate issuer:       /CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
Certificate serial:       0181DA59FBBAF935567DADDF5F313570AAA5
Authority key identifier: 1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/On02W9hpEniEOC31ETnfsGQE3YI.roa
Signing time:             Thu 07 Jul 2022 20:28:59 +0000
ROA not before:           Thu 07 Jul 2022 20:28:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1022
IP address blocks:        2a12:f3c0::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:da:59:fb:ba:f9:35:56:7d:ad:df:5f:31:35:70:aa:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
        Validity
            Not Before: Jul  7 20:28:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3a7d365bd869127884382df51139dfb06404dd82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8c:64:12:3f:38:99:9b:fd:d6:08:ff:82:5e:
                    07:5c:55:e4:28:df:be:4a:10:a4:cb:2c:9f:2a:87:
                    a0:3d:f1:66:90:fb:7b:f7:b0:ad:fc:e9:e5:89:02:
                    5a:de:04:34:a0:7e:02:fb:a4:91:88:19:27:32:dd:
                    d1:07:15:9d:88:3e:46:e8:61:5e:88:3a:4e:a4:26:
                    f6:0a:79:5d:56:e9:12:19:26:ea:19:97:b8:0c:ed:
                    1a:4e:ab:33:3d:ef:c2:9a:91:94:2f:e0:1c:46:36:
                    82:76:77:3c:d4:f2:95:ac:a3:19:f6:89:01:82:55:
                    fb:e6:60:e9:f4:51:06:86:ae:af:15:c8:81:59:81:
                    14:0b:91:03:44:30:87:0e:ba:2a:87:8e:3d:c8:ec:
                    99:2b:87:23:13:2a:19:48:9d:ed:5b:56:b5:ee:87:
                    35:a1:66:21:77:0d:af:6a:21:a7:18:51:b4:41:d1:
                    8e:33:02:a7:30:b7:9c:bc:cd:78:c6:8c:3e:81:b6:
                    c4:41:61:46:a3:e8:25:4b:39:f7:4f:ba:59:af:e2:
                    e2:91:8b:54:c3:ac:e6:ff:57:09:bb:d1:eb:61:43:
                    41:25:73:aa:7a:b6:c9:d7:c3:07:50:12:41:b9:54:
                    2c:a0:8d:f7:a1:9c:f5:8c:bd:cb:fa:49:90:5f:a0:
                    88:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7D:36:5B:D8:69:12:78:84:38:2D:F5:11:39:DF:B0:64:04:DD:82
            X509v3 Authority Key Identifier:
                keyid:1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/On02W9hpEniEOC31ETnfsGQE3YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:cc:e8:fe:5e:c4:66:b4:e1:2b:45:a7:a3:34:f1:0e:ec:8b:
         24:e7:65:68:19:92:d5:bc:73:b7:2d:63:3c:06:f6:40:2d:1c:
         10:3e:fd:26:36:0d:a3:d5:5a:8e:54:f2:a2:7d:57:43:25:7d:
         4d:5d:5f:34:5e:9d:ee:18:1f:61:a4:07:c4:41:76:eb:ca:d5:
         60:08:74:e3:da:d6:56:78:2a:9a:74:08:f6:9c:38:f0:14:a5:
         e8:39:0a:17:21:57:7c:88:53:87:54:f3:c1:68:51:e1:c9:b6:
         a0:38:ef:ce:c2:b1:54:4f:1f:28:29:c4:15:aa:25:e3:b2:f5:
         73:1f:b3:b6:93:7e:2a:76:0f:77:18:fe:d7:5a:41:3a:a8:06:
         b3:a3:3b:2f:42:b3:5a:f0:bf:d3:1a:00:a7:b1:f4:46:d2:bf:
         ba:db:62:d5:bc:4b:70:39:0e:e2:7f:2a:87:bc:5e:99:b8:72:
         d0:db:6c:bb:7c:fd:a0:1c:65:a7:32:ab:7d:8e:09:c2:08:d3:
         85:0e:2d:aa:d9:39:70:f7:44:55:76:72:5d:cd:e6:e4:b9:6b:
         98:b9:4b:32:32:0c:85:1d:a4:90:f3:a0:b5:ad:07:09:87:d6:
         97:84:85:b9:f9:80:ba:02:25:c2:b9:ca:48:4f:62:b8:38:ba:
         77:f2:75:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYHaWfu6+TVWfa3fXzE1cKqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTE1NGUxYzU1NzhiMGZlZjhhYmI3NzlmODExN2U2NGU4
ODRkMTgwHhcNMjIwNzA3MjAyODU5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdkMzY1YmQ4NjkxMjc4ODQzODJkZjUxMTM5ZGZiMDY0MDRkZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoxkEj84mZv91gj/gl4HXFXkKN++
ShCkyyyfKoegPfFmkPt797Ct/OnliQJa3gQ0oH4C+6SRiBknMt3RBxWdiD5G6GFe
iDpOpCb2CnldVukSGSbqGZe4DO0aTqszPe/CmpGUL+AcRjaCdnc81PKVrKMZ9okB
glX75mDp9FEGhq6vFciBWYEUC5EDRDCHDroqh449yOyZK4cjEyoZSJ3tW1a17oc1
oWYhdw2vaiGnGFG0QdGOMwKnMLecvM14xow+gbbEQWFGo+glSzn3T7pZr+LikYtU
w6zm/1cJu9HrYUNBJXOqerbJ18MHUBJBuVQsoI33oZz1jL3L+kmQX6CIIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDp9NlvYaRJ4hDgt9RE537BkBN2CMB8GA1UdIwQY
MBaAFBqRVOHFV4sP74q7d5+BF+ZOiE0YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDIt
Mzg4ZDhhZDJhNWJiLzEvT24wMlc5aHBFbmlFT0MzMUVUbmZzR1FFM1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDItMzg4ZDhhZDJhNWJi
LzEvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAd8zo/l7EZrThK0WnozTxDuyLJOdlaBmS1bxzty1j
PAb2QC0cED79JjYNo9VajlTyon1XQyV9TV1fNF6d7hgfYaQHxEF268rVYAh049rW
VngqmnQI9pw48BSl6DkKFyFXfIhTh1TzwWhR4cm2oDjvzsKxVE8fKCnEFaol47L1
cx+ztpN+KnYPdxj+11pBOqgGs6M7L0KzWvC/0xoAp7H0RtK/utti1bxLcDkO4n8q
h7xembhy0Ntsu3z9oBxlpzKrfY4JwgjThQ4tqtk5cPdEVXZyXc3m5LlrmLlLMjIM
hR2kkPOgta0HCYfWl4SFufmAugIlwrnKSE9iuDi6d/J1MQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:19 2024 by rpki-client on console-fra.rpki-client.org