Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/mDDaL_X6QgtMWzVPPspHpBqUNJM.roa
File:                     mDDaL_X6QgtMWzVPPspHpBqUNJM.roa (raw, json)
Hash identifier:          ahqNlcnSCJq4JNjscZMvaX+msOqRcieFo9czCjRYQtc=
Subject key identifier:   98:30:DA:2F:F5:FA:42:0B:4C:5B:35:4F:3E:CA:47:A4:1A:94:34:93
Certificate issuer:       /CN=0a23e2f0b064087fd84f048b1fa9997023d599e1
Certificate serial:       09FECF52
Authority key identifier: 0A:23:E2:F0:B0:64:08:7F:D8:4F:04:8B:1F:A9:99:70:23:D5:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CiPi8LBkCH_YTwSLH6mZcCPVmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/mDDaL_X6QgtMWzVPPspHpBqUNJM.roa
Signing time:             Sat 01 Jan 2022 10:59:54 +0000
ROA not before:           Sat 01 Jan 2022 10:59:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208272
IP address blocks:        2a0b:7980::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 167694162 (0x9fecf52)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a23e2f0b064087fd84f048b1fa9997023d599e1
        Validity
            Not Before: Jan  1 10:59:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9830da2ff5fa420b4c5b354f3eca47a41a943493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ad:ae:06:6f:3d:ad:49:b0:b4:f8:4e:be:75:
                    e3:8d:e4:09:ec:0d:f7:f1:9f:09:db:c7:fd:4f:bc:
                    f8:76:63:69:33:99:83:b7:f8:6d:27:b5:75:bb:cf:
                    04:1e:46:84:a9:ea:74:fc:8c:2b:3a:80:90:12:a6:
                    be:d7:ee:ca:d0:ad:3a:39:a3:fd:86:0a:35:91:a1:
                    ed:73:4f:d1:5d:ee:c4:04:f4:5b:ad:97:1f:bb:65:
                    d4:8c:f2:78:88:e7:5d:18:32:ea:02:fd:0e:60:11:
                    f6:d5:4c:a9:a0:b4:bc:6d:23:3e:3a:84:19:57:c5:
                    a6:81:76:0c:bf:c8:e0:0e:5f:c5:7f:24:20:65:7a:
                    06:b5:ad:97:91:d6:5b:0a:80:55:42:ba:b6:6f:d0:
                    35:ad:e4:cd:b5:7f:a5:71:7b:d8:d2:0e:a8:db:d0:
                    bf:54:e4:e2:84:65:9f:18:0b:ef:17:2e:cb:aa:8c:
                    e0:d5:5f:66:46:0b:ee:1b:64:00:33:3b:88:89:16:
                    3e:c2:3d:f4:96:6f:73:99:4e:72:66:f7:fc:10:da:
                    5d:5f:df:ed:c9:c1:6b:fb:fc:ce:d9:b9:10:8d:e4:
                    2e:bc:f2:bc:1d:34:b0:9b:f4:c0:3e:34:30:c1:21:
                    70:60:5a:32:ef:cc:57:89:66:38:81:1a:b7:76:13:
                    99:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:30:DA:2F:F5:FA:42:0B:4C:5B:35:4F:3E:CA:47:A4:1A:94:34:93
            X509v3 Authority Key Identifier:
                keyid:0A:23:E2:F0:B0:64:08:7F:D8:4F:04:8B:1F:A9:99:70:23:D5:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CiPi8LBkCH_YTwSLH6mZcCPVmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/mDDaL_X6QgtMWzVPPspHpBqUNJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/CiPi8LBkCH_YTwSLH6mZcCPVmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7980::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:25:7c:ba:fc:90:11:75:09:57:38:d5:d8:ad:ba:64:38:47:
         58:d2:d3:26:07:4f:67:4d:82:8f:ea:8c:2e:18:2e:6a:d7:ef:
         80:6e:db:c1:62:8a:0c:5e:9e:f0:e4:c3:95:70:b4:4f:74:1c:
         69:9c:48:ed:7a:da:f5:ed:34:7f:f5:04:79:0e:2c:85:92:88:
         8b:d8:ec:04:ca:e3:7d:25:8e:16:33:a6:cc:29:b3:29:f3:08:
         0a:94:66:5c:66:13:f5:c7:ee:61:dd:fa:12:dc:da:a0:f3:d0:
         b1:7d:f6:e5:11:ee:c7:cb:86:f2:f6:f5:3b:b7:81:90:95:9d:
         2e:95:87:6b:cf:e2:1c:45:bc:53:1c:29:9e:26:47:e1:64:54:
         93:ea:24:36:32:69:6d:e0:72:7f:da:e5:91:9e:73:ea:d8:8c:
         68:d3:4d:a1:15:ce:0e:76:a1:96:53:dc:9d:5a:a8:57:8b:52:
         e0:cf:13:ed:72:1a:2e:e4:de:55:a4:ae:5f:bd:3a:be:e6:84:
         54:2f:ee:13:1c:dd:3a:bd:11:97:f8:0d:16:e1:68:08:1a:c4:
         75:b5:c3:e7:7c:d9:89:b3:2e:f8:b1:d0:ca:c1:99:e3:bb:81:
         5a:a8:d1:9f:31:d9:61:c1:95:15:78:3a:f7:91:1d:44:b8:22:
         81:02:03:29
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIECf7PUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YTIzZTJmMGIwNjQwODdmZDg0ZjA0OGIxZmE5OTk3MDIzZDU5OWUxMB4XDTIyMDEw
MTEwNTk1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTgzMGRhMmZmNWZh
NDIwYjRjNWIzNTRmM2VjYTQ3YTQxYTk0MzQ5MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALKtrgZvPa1JsLT4Tr51443kCewN9/GfCdvH/U+8+HZjaTOZ
g7f4bSe1dbvPBB5GhKnqdPyMKzqAkBKmvtfuytCtOjmj/YYKNZGh7XNP0V3uxAT0
W62XH7tl1IzyeIjnXRgy6gL9DmAR9tVMqaC0vG0jPjqEGVfFpoF2DL/I4A5fxX8k
IGV6BrWtl5HWWwqAVUK6tm/QNa3kzbV/pXF72NIOqNvQv1Tk4oRlnxgL7xcuy6qM
4NVfZkYL7htkADM7iIkWPsI99JZvc5lOcmb3/BDaXV/f7cnBa/v8ztm5EI3kLrzy
vB00sJv0wD40MMEhcGBaMu/MV4lmOIEat3YTmSECAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBSYMNov9fpCC0xbNU8+ykekGpQ0kzAfBgNVHSMEGDAWgBQKI+LwsGQIf9hP
BIsfqZlwI9WZ4TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NpUGk4TEJrQ0hfWVR3U0xINm1aY0NQVm1lRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTgvYzk4M2FhLWI2MWUtNGVkOC04ZTgxLWJjMWU1NWM2OTc1NS8x
L21ERGFMX1g2UWd0TVd6VlBQc3BIcEJxVU5KTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgv
Yzk4M2FhLWI2MWUtNGVkOC04ZTgxLWJjMWU1NWM2OTc1NS8xL0NpUGk4TEJrQ0hf
WVR3U0xINm1aY0NQVm1lRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoLeYAwDQYJKoZIhvcNAQELBQAD
ggEBAAElfLr8kBF1CVc41ditumQ4R1jS0yYHT2dNgo/qjC4YLmrX74Bu28Fiigxe
nvDkw5VwtE90HGmcSO162vXtNH/1BHkOLIWSiIvY7ATK430ljhYzpswpsynzCAqU
ZlxmE/XH7mHd+hLc2qDz0LF99uUR7sfLhvL29Tu3gZCVnS6Vh2vP4hxFvFMcKZ4m
R+FkVJPqJDYyaW3gcn/a5ZGec+rYjGjTTaEVzg52oZZT3J1aqFeLUuDPE+1yGi7k
3lWkrl+9Or7mhFQv7hMc3Tq9EZf4DRbhaAgaxHW1w+d82YmzLvix0MrBmeO7gVqo
0Z8x2WHBlRV4OveRHUS4IoECAyk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:09 2024 by rpki-client on console-ams.rpki-client.org