Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/dPYJhJIvfQNSF6WVESVAsGYb9uo.roa
File:                     dPYJhJIvfQNSF6WVESVAsGYb9uo.roa (raw, json)
Hash identifier:          nafj82eDlzGci4yJHPoLfix3Ive3pvXfqIEqfcjVeBo=
Subject key identifier:   74:F6:09:84:92:2F:7D:03:52:17:A5:95:11:25:40:B0:66:1B:F6:EA
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       0FD98267
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/dPYJhJIvfQNSF6WVESVAsGYb9uo.roa
Signing time:             Sat 01 Jan 2022 14:59:37 +0000
ROA not before:           Sat 01 Jan 2022 14:59:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        2a06:e881:73ff::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 265912935 (0xfd98267)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  1 14:59:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=74f60984922f7d035217a595112540b0661bf6ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:21:0e:38:98:0a:9c:97:7b:fa:1d:cb:cc:5b:
                    cd:bd:c9:be:b8:1f:02:50:7b:ce:ae:d2:c7:8e:7f:
                    8e:85:0c:9c:96:66:6b:6f:15:21:ad:b2:73:59:29:
                    49:3b:6d:06:cb:bb:b6:18:2e:c8:23:d0:31:b9:3c:
                    e0:4c:b7:46:41:03:cc:a1:1f:e8:9b:3e:ac:d2:34:
                    29:f2:cd:49:0b:f2:97:12:d6:1c:5d:ea:b7:5a:e6:
                    9f:0e:8d:f8:95:b2:d8:79:a2:cb:f5:0c:b4:34:d8:
                    54:5c:e9:ef:62:92:68:1e:86:6e:b4:16:77:1d:b4:
                    a8:8b:73:3c:9e:4f:3d:23:c5:5e:57:a9:02:bf:05:
                    d8:b2:83:fd:d3:15:f5:8b:d4:4a:11:0f:5c:4b:63:
                    fa:be:59:26:e5:97:5d:92:05:09:aa:ec:34:98:51:
                    64:5c:8d:87:12:4e:bd:0e:69:94:6f:04:02:27:45:
                    5e:c8:dc:14:86:d8:31:3b:e4:8f:48:d8:31:75:af:
                    48:5c:2c:30:c1:29:3d:ec:e5:ab:15:4a:8e:a2:cf:
                    86:40:fc:f5:cb:d4:db:8e:c3:94:ca:62:ef:12:39:
                    37:0e:af:36:04:ec:9b:68:7f:ad:44:64:22:94:f8:
                    d0:53:02:21:03:25:46:85:69:91:f9:9e:19:91:c8:
                    92:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F6:09:84:92:2F:7D:03:52:17:A5:95:11:25:40:B0:66:1B:F6:EA
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/dPYJhJIvfQNSF6WVESVAsGYb9uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:73ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:38:ff:2c:03:94:c5:93:f0:02:b3:d3:44:5e:37:c7:5e:9d:
         ca:85:5b:4a:97:39:25:4c:8d:33:f1:39:83:1b:2f:80:67:88:
         db:51:dc:96:cf:60:79:91:6c:f4:0f:15:7b:4f:11:be:bd:04:
         d5:f8:d9:e9:56:89:29:9e:fa:e9:81:c7:45:59:17:78:9a:ba:
         0c:c7:a3:5b:77:f5:2d:db:24:1f:72:f2:43:1a:75:10:30:b8:
         df:8a:20:cc:5f:81:41:86:e9:d1:5b:16:8c:7a:cb:08:b0:5d:
         07:fb:31:fb:da:2d:2e:0a:d4:93:44:3d:24:da:3b:58:08:e6:
         7d:f8:25:61:90:61:68:e6:f2:75:b9:98:d2:8f:f4:91:ee:7a:
         0c:4e:99:c9:34:5a:7a:63:19:50:18:8d:f5:fc:e8:8c:ac:5c:
         74:1a:51:b3:a1:95:b5:eb:e9:6e:1c:24:c3:9e:d5:a6:52:21:
         41:3d:09:5e:e4:33:8f:20:36:08:5a:63:9a:99:15:0a:0e:f4:
         d9:9f:7d:3e:d7:f1:e0:c8:c5:82:20:98:0d:aa:89:93:bc:9c:
         a0:99:f0:80:a7:38:cb:44:08:6c:79:db:0f:f2:f6:c7:41:b7:
         59:eb:39:78:8b:cf:37:30:44:0b:e4:ec:56:5e:16:43:ce:58:
         cf:27:b5:05
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIED9mCZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ODA3NGI0MTllYWQ0Y2VmZWEyZjJhZDJjMjU5ZDk3OGM1ZWQ3OTU0MB4XDTIyMDEw
MTE0NTkzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzRmNjA5ODQ5MjJm
N2QwMzUyMTdhNTk1MTEyNTQwYjA2NjFiZjZlYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALMhDjiYCpyXe/ody8xbzb3JvrgfAlB7zq7Sx45/joUMnJZm
a28VIa2yc1kpSTttBsu7thguyCPQMbk84Ey3RkEDzKEf6Js+rNI0KfLNSQvylxLW
HF3qt1rmnw6N+JWy2Hmiy/UMtDTYVFzp72KSaB6GbrQWdx20qItzPJ5PPSPFXlep
Ar8F2LKD/dMV9YvUShEPXEtj+r5ZJuWXXZIFCarsNJhRZFyNhxJOvQ5plG8EAidF
XsjcFIbYMTvkj0jYMXWvSFwsMMEpPezlqxVKjqLPhkD89cvU247DlMpi7xI5Nw6v
NgTsm2h/rURkIpT40FMCIQMlRoVpkfmeGZHIkvsCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBR09gmEki99A1IXpZURJUCwZhv26jAfBgNVHSMEGDAWgBS4B0tBnq1M7+ov
KtLCWdl4xe15VDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VBZExRWjZ0VE9fcUx5clN3bG5aZU1YdGVWUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWIvMWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8x
L2RQWUpoSkl2ZlFOU0Y2V1ZFU1ZBc0dZYjl1by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIv
MWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8xL3VBZExRWjZ0VE9f
cUx5clN3bG5aZU1YdGVWUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoG6IFz/zANBgkqhkiG9w0BAQsF
AAOCAQEAtDj/LAOUxZPwArPTRF43x16dyoVbSpc5JUyNM/E5gxsvgGeI21Hcls9g
eZFs9A8Ve08Rvr0E1fjZ6VaJKZ766YHHRVkXeJq6DMejW3f1LdskH3LyQxp1EDC4
34ogzF+BQYbp0VsWjHrLCLBdB/sx+9otLgrUk0Q9JNo7WAjmffglYZBhaObydbmY
0o/0ke56DE6ZyTRaemMZUBiN9fzojKxcdBpRs6GVtevpbhwkw57VplIhQT0JXuQz
jyA2CFpjmpkVCg702Z99Ptfx4MjFgiCYDaqJk7ycoJnwgKc4y0QIbHnbD/L2x0G3
Wes5eIvPNzBEC+TsVl4WQ85Yzye1BQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:38 2024 by rpki-client on console-fra.rpki-client.org