Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/Vx_pgmulykVIaB7x2d5TCH29SGk.roa
File:                     Vx_pgmulykVIaB7x2d5TCH29SGk.roa (raw, json)
Hash identifier:          euYkWZC66KEElXlhTCl58GgIcBpvoVfMzl90lnGI4nA=
Subject key identifier:   57:1F:E9:82:6B:A5:CA:45:48:68:1E:F1:D9:DE:53:08:7D:BD:48:69
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       085A4427
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/Vx_pgmulykVIaB7x2d5TCH29SGk.roa
Signing time:             Sat 01 Jan 2022 12:57:39 +0000
ROA not before:           Sat 01 Jan 2022 12:57:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208970
IP address blocks:        2a09:e440:100::/40 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 140133415 (0x85a4427)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 12:57:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=571fe9826ba5ca4548681ef1d9de53087dbd4869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:30:46:a7:54:11:c1:60:4a:f7:d7:b9:7a:2d:
                    41:0c:61:c7:d8:eb:38:4b:f7:88:ce:ce:fe:aa:51:
                    8b:32:56:61:fb:e0:03:d2:87:81:18:eb:33:a4:60:
                    64:8e:0f:68:df:bd:76:40:ee:a7:3c:9b:84:25:b7:
                    fb:0c:bc:2c:bf:4c:44:3e:a3:a9:ae:2b:6c:c3:c8:
                    11:f7:32:ed:7f:be:10:dc:6b:62:70:0a:de:1e:ea:
                    fc:86:83:57:77:4f:87:7b:0a:74:e8:c5:fb:ed:f0:
                    19:e9:21:03:ed:87:1f:e8:6a:19:7a:d3:cc:c8:35:
                    a9:ba:aa:3e:34:37:38:f7:88:f7:c0:1c:a3:b0:5b:
                    76:9d:3f:75:31:d5:86:6a:17:53:2b:3a:4a:b5:d2:
                    2c:27:93:0a:0d:08:9a:79:a8:08:74:af:8c:a7:5d:
                    b0:59:d3:9e:3a:1c:ea:70:84:e1:22:2c:7c:d0:aa:
                    5d:47:a7:2c:27:29:fc:b9:76:16:d3:4d:15:1b:95:
                    ab:d7:69:1e:17:19:c4:0c:6c:b8:17:56:a7:a1:fc:
                    3f:72:e4:9c:00:00:bf:4f:cf:bf:27:bd:ca:eb:d6:
                    0e:ff:50:8d:9a:e6:73:d8:06:e4:46:f9:c2:ef:bd:
                    8c:93:92:bc:c4:d5:f3:ae:f8:13:c1:ec:c0:0c:7e:
                    05:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:1F:E9:82:6B:A5:CA:45:48:68:1E:F1:D9:DE:53:08:7D:BD:48:69
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/Vx_pgmulykVIaB7x2d5TCH29SGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e440:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         44:ae:10:de:d4:72:56:b3:37:c0:09:34:79:44:06:5b:e7:25:
         1b:da:83:94:43:00:65:c2:81:00:f1:23:fc:b7:86:b5:a5:52:
         5a:e4:f5:67:50:35:d4:4e:38:d0:ba:7a:20:3f:50:5a:83:56:
         ff:8b:a2:35:37:83:e3:5d:24:d5:f6:05:94:2c:54:f0:2d:b0:
         d4:11:50:97:58:9f:be:5f:e0:02:d3:ff:e6:e0:d4:eb:a8:ca:
         8a:20:34:8a:99:e9:d4:fc:56:33:a7:81:02:c2:fa:f4:df:db:
         e0:1d:79:87:2e:c2:70:8b:7c:bc:60:37:56:d1:ba:c3:81:68:
         fd:35:67:63:2c:89:53:29:13:82:a2:c3:92:a6:b7:bb:fe:01:
         d0:02:6e:7d:fa:78:26:5e:3e:47:59:7e:8e:b6:48:0f:ad:9e:
         fb:cb:96:03:f0:6d:8d:11:57:dc:98:65:6d:1d:98:90:03:f1:
         e8:56:69:56:ad:e9:34:51:36:da:c8:6f:51:98:eb:d7:ab:93:
         25:00:38:66:ed:bf:e0:81:2f:fc:a1:27:96:1c:ea:ef:e5:63:
         cd:01:42:27:28:2d:2d:59:ce:00:1e:86:83:c5:3e:28:62:a3:
         62:c9:2c:0e:8d:c9:dc:55:ab:9f:be:42:36:fd:38:5e:ad:0c:
         78:82:19:8e
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIECFpEJzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTYwYTRkODc0ZDk2MDFjODE0MmMzNTJmODBjNTZhNDMyNzZjZDQ3MB4XDTIyMDEw
MTEyNTczOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTcxZmU5ODI2YmE1
Y2E0NTQ4NjgxZWYxZDlkZTUzMDg3ZGJkNDg2OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJwwRqdUEcFgSvfXuXotQQxhx9jrOEv3iM7O/qpRizJWYfvg
A9KHgRjrM6RgZI4PaN+9dkDupzybhCW3+wy8LL9MRD6jqa4rbMPIEfcy7X++ENxr
YnAK3h7q/IaDV3dPh3sKdOjF++3wGekhA+2HH+hqGXrTzMg1qbqqPjQ3OPeI98Ac
o7Bbdp0/dTHVhmoXUys6SrXSLCeTCg0ImnmoCHSvjKddsFnTnjoc6nCE4SIsfNCq
XUenLCcp/Ll2FtNNFRuVq9dpHhcZxAxsuBdWp6H8P3LknAAAv0/Pvye9yuvWDv9Q
jZrmc9gG5Eb5wu+9jJOSvMTV8674E8HswAx+Bd0CAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBRXH+mCa6XKRUhoHvHZ3lMIfb1IaTAfBgNVHSMEGDAWgBS6YKTYdNlgHIFC
w1L4DFakMnbNRzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VtQ2sySFRaWUJ5QlFzTlMtQXhXcERKMnpVYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTgvMjhjYjVjLTI5OGYtNGQ4Yi04MTViLWU1YTM3NzhiZTNhZC8x
L1Z4X3BnbXVseWtWSWFCN3gyZDVUQ0gyOVNHay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgv
MjhjYjVjLTI5OGYtNGQ4Yi04MTViLWU1YTM3NzhiZTNhZC8xL3VtQ2sySFRaWUJ5
QlFzTlMtQXhXcERKMnpVYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAh
BggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoJ5EABMA0GCSqGSIb3DQEBCwUA
A4IBAQBErhDe1HJWszfACTR5RAZb5yUb2oOUQwBlwoEA8SP8t4a1pVJa5PVnUDXU
TjjQunogP1Bag1b/i6I1N4PjXSTV9gWULFTwLbDUEVCXWJ++X+AC0//m4NTrqMqK
IDSKmenU/FYzp4ECwvr039vgHXmHLsJwi3y8YDdW0brDgWj9NWdjLIlTKROCosOS
pre7/gHQAm59+ngmXj5HWX6OtkgPrZ77y5YD8G2NEVfcmGVtHZiQA/HoVmlWrek0
UTbayG9RmOvXq5MlADhm7b/ggS/8oSeWHOrv5WPNAUInKC0tWc4AHoaDxT4oYqNi
ySwOjcncVaufvkI2/TherQx4ghmO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:08 2024 by rpki-client on console-fra.rpki-client.org