Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/f1h_2YwFivHsPHx978_1i8bSPvY.roa
File:                     f1h_2YwFivHsPHx978_1i8bSPvY.roa (raw, json)
Hash identifier:          kc2yz9+v+22w2uc4ZPOKFqn2sAbJ9zVcBXpI1s+SE+U=
Subject key identifier:   7F:58:7F:D9:8C:05:8A:F1:EC:3C:7C:7D:EF:CF:F5:8B:C6:D2:3E:F6
Certificate issuer:       /CN=8d337c0c856946b8fbdaf285f52caddcf38ad0a8
Certificate serial:       04E8444B
Authority key identifier: 8D:33:7C:0C:85:69:46:B8:FB:DA:F2:85:F5:2C:AD:DC:F3:8A:D0:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTN8DIVpRrj72vKF9Syt3POK0Kg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/f1h_2YwFivHsPHx978_1i8bSPvY.roa
Signing time:             Sat 01 Jan 2022 06:52:02 +0000
ROA not before:           Sat 01 Jan 2022 06:52:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213092
IP address blocks:        2001:678:d90::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 82330699 (0x4e8444b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d337c0c856946b8fbdaf285f52caddcf38ad0a8
        Validity
            Not Before: Jan  1 06:52:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7f587fd98c058af1ec3c7c7defcff58bc6d23ef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:83:2c:77:28:3a:86:6b:d4:54:f2:8b:c4:87:
                    17:1c:f6:13:04:d3:1e:d1:1c:48:e3:19:f1:21:2f:
                    fe:a7:d7:cf:b9:e3:ac:ce:f2:71:68:42:06:4d:7c:
                    d0:f1:7a:5f:eb:a2:d5:0a:7b:85:38:be:a9:07:39:
                    dd:fc:7e:ea:39:e8:ca:cf:c5:11:98:82:50:db:51:
                    db:25:17:61:2c:ef:17:cc:4b:71:14:5d:15:11:a1:
                    26:e1:d5:0a:06:65:1e:58:00:b2:3e:9d:6f:07:8e:
                    5a:39:db:ac:60:81:84:e3:61:c6:1f:ff:8f:1b:11:
                    23:4b:4a:6a:d9:6d:03:ff:c5:e6:25:23:25:a4:36:
                    93:ae:0e:2d:ae:17:7f:a0:70:61:a5:56:6b:ee:f5:
                    d3:4c:3d:fe:58:a9:01:52:01:19:a5:46:1c:21:87:
                    31:41:c4:75:04:44:36:93:91:1f:2c:d0:48:6b:29:
                    79:96:f3:7c:7a:e0:8e:63:bd:8a:c6:ee:db:67:e1:
                    f4:18:17:d8:eb:d2:9a:c6:e1:a1:7b:cb:fe:07:3d:
                    6f:2c:82:bb:15:80:78:ee:0d:f0:ba:8e:85:a7:bc:
                    43:0b:28:d7:00:3f:4a:ce:d8:0d:fe:28:ba:2e:9f:
                    18:ef:18:67:7b:19:b5:dc:5b:49:a7:fa:fa:3e:57:
                    cf:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:58:7F:D9:8C:05:8A:F1:EC:3C:7C:7D:EF:CF:F5:8B:C6:D2:3E:F6
            X509v3 Authority Key Identifier:
                keyid:8D:33:7C:0C:85:69:46:B8:FB:DA:F2:85:F5:2C:AD:DC:F3:8A:D0:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTN8DIVpRrj72vKF9Syt3POK0Kg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/f1h_2YwFivHsPHx978_1i8bSPvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/5c9bd9-09ad-4fac-bbbc-3f15f8836dbb/1/jTN8DIVpRrj72vKF9Syt3POK0Kg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:32:96:23:2e:40:24:b8:eb:73:8e:c0:20:21:c4:08:0c:e9:
         a4:f5:b4:37:2a:11:ab:cf:f2:c7:a3:9c:07:66:98:d4:4f:09:
         36:da:0c:2b:9a:70:83:58:59:f3:2b:42:09:c1:d2:75:f8:0a:
         2c:50:7b:f2:31:9f:7e:45:53:79:3a:c0:39:85:07:e1:9d:58:
         d7:57:b9:a5:be:17:82:81:d8:82:24:86:67:a1:73:05:af:0e:
         0f:89:a8:13:78:c2:26:6b:5a:0d:d1:21:13:34:87:9e:3e:b1:
         91:ef:eb:1f:4e:f5:43:7a:a6:d7:86:da:58:3d:41:dc:33:b1:
         01:c7:1b:f5:aa:de:f8:42:fc:24:53:c9:3b:89:c3:6f:d2:66:
         81:61:67:9a:03:a3:c7:c8:c7:9f:c3:19:eb:88:0d:a0:91:fe:
         f6:b5:62:37:22:af:12:fa:4f:c0:fb:b5:d7:dd:15:c9:7c:4d:
         61:8f:e7:cc:e2:40:4b:ec:ee:cd:89:00:f1:69:e0:dd:63:ca:
         ff:15:36:a7:3d:ad:d5:b1:cb:55:6b:09:88:87:0b:ad:db:e9:
         e3:07:4c:3e:15:93:93:38:6b:bc:cd:cf:5a:3b:5d:b8:19:78:
         be:73:0e:0d:25:d7:6e:1c:ca:3f:16:a5:f6:c1:69:0f:03:89:
         17:28:8a:75
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBOhESzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZDMzN2MwYzg1Njk0NmI4ZmJkYWYyODVmNTJjYWRkY2YzOGFkMGE4MB4XDTIyMDEw
MTA2NTIwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2Y1ODdmZDk4YzA1
OGFmMWVjM2M3YzdkZWZjZmY1OGJjNmQyM2VmNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKWDLHcoOoZr1FTyi8SHFxz2EwTTHtEcSOMZ8SEv/qfXz7nj
rM7ycWhCBk180PF6X+ui1Qp7hTi+qQc53fx+6jnoys/FEZiCUNtR2yUXYSzvF8xL
cRRdFRGhJuHVCgZlHlgAsj6dbweOWjnbrGCBhONhxh//jxsRI0tKatltA//F5iUj
JaQ2k64OLa4Xf6BwYaVWa+7100w9/lipAVIBGaVGHCGHMUHEdQRENpORHyzQSGsp
eZbzfHrgjmO9isbu22fh9BgX2OvSmsbhoXvL/gc9byyCuxWAeO4N8LqOhae8Qwso
1wA/Ss7YDf4oui6fGO8YZ3sZtdxbSaf6+j5Xzy0CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBR/WH/ZjAWK8ew8fH3vz/WLxtI+9jAfBgNVHSMEGDAWgBSNM3wMhWlGuPva
8oX1LK3c84rQqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pUTjhESVZwUnJqNzJ2S0Y5U3l0M1BPSzBLZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTYvNWM5YmQ5LTA5YWQtNGZhYy1iYmJjLTNmMTVmODgzNmRiYi8x
L2YxaF8yWXdGaXZIc1BIeDk3OF8xaThiU1B2WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTYv
NWM5YmQ5LTA5YWQtNGZhYy1iYmJjLTNmMTVmODgzNmRiYi8xL2pUTjhESVZwUnJq
NzJ2S0Y5U3l0M1BPSzBLZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngNkDANBgkqhkiG9w0BAQsF
AAOCAQEAXzKWIy5AJLjrc47AICHECAzppPW0NyoRq8/yx6OcB2aY1E8JNtoMK5pw
g1hZ8ytCCcHSdfgKLFB78jGffkVTeTrAOYUH4Z1Y11e5pb4XgoHYgiSGZ6FzBa8O
D4moE3jCJmtaDdEhEzSHnj6xke/rH071Q3qm14baWD1B3DOxAccb9are+EL8JFPJ
O4nDb9JmgWFnmgOjx8jHn8MZ64gNoJH+9rViNyKvEvpPwPu1190VyXxNYY/nzOJA
S+zuzYkA8Wng3WPK/xU2pz2t1bHLVWsJiIcLrdvp4wdMPhWTkzhrvM3PWjtduBl4
vnMODSXXbhzKPxal9sFpDwOJFyiKdQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:44 2024 by rpki-client on console-ams.rpki-client.org