Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/OZ9-mPNRhE1usYkZpvn2qMv3QDk.roa
File:                     OZ9-mPNRhE1usYkZpvn2qMv3QDk.roa (raw, json)
Hash identifier:          ZWmoeVI4jO5R+X8FuGPLTue/xp4Sy90REpf01eUorgo=
Subject key identifier:   39:9F:7E:98:F3:51:84:4D:6E:B1:89:19:A6:F9:F6:A8:CB:F7:40:39
Certificate issuer:       /CN=9b8151ae164a5b782b103de7f7c8a8948932aebf
Certificate serial:       18F9A35D
Authority key identifier: 9B:81:51:AE:16:4A:5B:78:2B:10:3D:E7:F7:C8:A8:94:89:32:AE:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/OZ9-mPNRhE1usYkZpvn2qMv3QDk.roa
Signing time:             Sat 01 Jan 2022 05:02:22 +0000
ROA not before:           Sat 01 Jan 2022 05:02:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57707
IP address blocks:        2a03:a900:ffff::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 419013469 (0x18f9a35d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b8151ae164a5b782b103de7f7c8a8948932aebf
        Validity
            Not Before: Jan  1 05:02:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=399f7e98f351844d6eb18919a6f9f6a8cbf74039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:42:89:f8:be:78:03:bf:09:ad:3e:07:3d:8c:
                    0b:2e:e8:1c:09:ab:8f:c7:b6:a0:c9:31:b0:e8:f6:
                    66:2e:5a:87:a9:59:13:73:32:35:26:8d:1f:7a:fc:
                    bd:ae:7e:3f:89:9e:2f:9c:fa:73:a7:c5:9f:b9:bd:
                    80:5e:8d:01:9d:38:42:b9:f7:05:ad:f9:3d:f7:0c:
                    aa:e7:75:ff:81:ad:36:af:2d:be:d5:57:27:32:cd:
                    5d:97:fd:aa:2b:69:a9:51:b1:01:44:5a:af:c8:c7:
                    9f:64:ad:3e:50:f1:86:57:9e:1f:45:c1:5f:1d:d0:
                    ec:b6:24:c5:ca:e0:53:0c:d1:48:80:0f:27:1b:3a:
                    1b:90:da:eb:01:98:31:ab:ff:dd:57:2f:1f:f7:b9:
                    1a:18:d4:73:49:cc:7f:19:34:ba:c8:ad:5e:c6:23:
                    f7:18:54:80:08:b0:71:f3:ef:ad:c5:ec:f1:61:d2:
                    f8:dd:3e:de:1a:bd:58:9f:38:be:ff:47:46:46:60:
                    3b:93:91:d4:fb:35:53:d8:57:b9:16:1b:b4:c8:ce:
                    3b:e6:d9:e0:69:2d:3a:76:33:1b:13:a4:24:72:e1:
                    cd:78:8c:cd:b7:78:1b:f8:6d:63:26:b4:07:91:0d:
                    b3:4f:1a:5a:e7:91:b9:8a:85:e4:6a:8a:42:4a:79:
                    e7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:9F:7E:98:F3:51:84:4D:6E:B1:89:19:A6:F9:F6:A8:CB:F7:40:39
            X509v3 Authority Key Identifier:
                keyid:9B:81:51:AE:16:4A:5B:78:2B:10:3D:E7:F7:C8:A8:94:89:32:AE:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/OZ9-mPNRhE1usYkZpvn2qMv3QDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/m4FRrhZKW3grED3n98iolIkyrr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:a900:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:bb:13:d9:1b:4b:c4:d6:97:c9:3b:35:25:f4:00:73:a7:59:
         ee:28:da:18:c0:5a:0f:e5:cc:0c:35:2b:45:e7:95:38:d0:c5:
         c9:36:11:0e:ed:03:f7:ef:35:42:22:9f:ab:78:f8:9b:2a:b6:
         49:55:e8:24:13:43:d4:92:9e:9c:54:f8:1a:c9:b3:3b:b7:3d:
         ee:81:31:ca:a0:18:f7:c7:fc:aa:e8:b4:d7:a2:4a:0c:49:65:
         6c:2a:11:0a:83:fa:d2:ef:70:19:3f:d5:56:e4:31:c9:5c:4b:
         ce:ba:fe:77:38:30:a8:71:63:68:e5:a6:0d:68:97:14:65:48:
         40:b6:eb:ec:9c:54:51:e3:0d:20:e1:cc:3f:b7:f6:1f:bc:58:
         a9:19:a4:6c:10:e4:46:eb:9a:6e:b8:fa:49:74:6a:8c:02:b7:
         b5:ff:4f:0f:67:73:a0:07:91:34:9c:3f:55:33:4a:7e:68:7c:
         9b:6f:b2:64:55:f8:e5:64:eb:fc:31:fa:28:61:97:8c:68:bf:
         e2:80:ef:cc:d2:42:51:b4:92:1e:da:c1:f7:98:00:85:26:3b:
         82:d7:31:db:51:72:f2:10:b3:dd:69:4f:0d:86:ae:20:18:16:
         cd:cd:cb:44:3c:e2:0e:d4:4f:33:09:56:ee:f0:8a:d7:88:4a:
         e1:a4:74:d5
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEGPmjXTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YjgxNTFhZTE2NGE1Yjc4MmIxMDNkZTdmN2M4YTg5NDg5MzJhZWJmMB4XDTIyMDEw
MTA1MDIyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzk5ZjdlOThmMzUx
ODQ0ZDZlYjE4OTE5YTZmOWY2YThjYmY3NDAzOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKhCifi+eAO/Ca0+Bz2MCy7oHAmrj8e2oMkxsOj2Zi5ah6lZ
E3MyNSaNH3r8va5+P4meL5z6c6fFn7m9gF6NAZ04Qrn3Ba35PfcMqud1/4GtNq8t
vtVXJzLNXZf9qitpqVGxAURar8jHn2StPlDxhleeH0XBXx3Q7LYkxcrgUwzRSIAP
Jxs6G5Da6wGYMav/3VcvH/e5GhjUc0nMfxk0usitXsYj9xhUgAiwcfPvrcXs8WHS
+N0+3hq9WJ84vv9HRkZgO5OR1Ps1U9hXuRYbtMjOO+bZ4GktOnYzGxOkJHLhzXiM
zbd4G/htYya0B5ENs08aWueRuYqF5GqKQkp552cCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQ5n36Y81GETW6xiRmm+faoy/dAOTAfBgNVHSMEGDAWgBSbgVGuFkpbeCsQ
Pef3yKiUiTKuvzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L200RlJyaFpLVzNnckVEM245OGlvbElreXJyOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTgvNmI2ZDFmLTU0MjEtNDhiOS1iN2ViLWRhMWZlOWViZWU4ZS8x
L09aOS1tUE5SaEUxdXNZa1pwdm4ycU12M1FEay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgv
NmI2ZDFmLTU0MjEtNDhiOS1iN2ViLWRhMWZlOWViZWU4ZS8xL200RlJyaFpLVzNn
ckVEM245OGlvbElreXJyOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoDqQD//zANBgkqhkiG9w0BAQsF
AAOCAQEAUrsT2RtLxNaXyTs1JfQAc6dZ7ijaGMBaD+XMDDUrReeVONDFyTYRDu0D
9+81QiKfq3j4myq2SVXoJBND1JKenFT4GsmzO7c97oExyqAY98f8qui016JKDEll
bCoRCoP60u9wGT/VVuQxyVxLzrr+dzgwqHFjaOWmDWiXFGVIQLbr7JxUUeMNIOHM
P7f2H7xYqRmkbBDkRuuabrj6SXRqjAK3tf9PD2dzoAeRNJw/VTNKfmh8m2+yZFX4
5WTr/DH6KGGXjGi/4oDvzNJCUbSSHtrB95gAhSY7gtcx21Fy8hCz3WlPDYauIBgW
zc3LRDziDtRPMwlW7vCK14hK4aR01Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:09 2024 by rpki-client on console-fra.rpki-client.org