Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/yHOxHHvcfz0623LDLtiwGI0PhQ0.roa
File:                     yHOxHHvcfz0623LDLtiwGI0PhQ0.roa (raw, json)
Hash identifier:          +VjhpZzkObkkIXMZkGtQbzcl5JQhHnlK4QJ2rPrHqTA=
Subject key identifier:   C8:73:B1:1C:7B:DC:7F:3D:3A:DB:72:C3:2E:D8:B0:18:8D:0F:85:0D
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       101AF532
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/yHOxHHvcfz0623LDLtiwGI0PhQ0.roa
Signing time:             Mon 10 Jan 2022 08:17:57 +0000
ROA not before:           Mon 10 Jan 2022 08:17:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     149422
IP address blocks:        2a06:e881:8400::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 270202162 (0x101af532)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan 10 08:17:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c873b11c7bdc7f3d3adb72c32ed8b0188d0f850d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0f:41:b6:26:ca:8b:d9:94:65:19:3d:9d:48:
                    8d:3f:cc:12:eb:5e:51:c9:43:3b:c5:56:11:fe:78:
                    ad:56:85:0d:4a:93:e9:5a:4f:c2:68:1d:a3:10:36:
                    8c:01:22:e9:fa:22:df:01:82:ab:c6:81:2c:85:39:
                    6a:fe:e6:bb:12:e5:ff:ea:2e:b0:68:60:da:40:f1:
                    54:8d:a8:34:1a:87:ef:0c:1d:d2:38:91:16:e9:a4:
                    f2:a9:76:32:bd:34:70:9a:05:cd:7a:96:45:32:d5:
                    a6:3d:8d:40:4f:5b:db:3e:b7:bd:0b:48:d6:b5:12:
                    b2:e0:01:be:c6:43:24:2e:fb:67:46:5c:63:53:64:
                    a4:87:21:99:4c:17:11:30:12:51:e8:a9:18:85:60:
                    a0:5d:6c:53:93:77:c4:a3:39:ed:d2:81:9f:3b:86:
                    31:00:b5:a1:72:00:6b:30:8f:ef:1a:ca:50:20:fe:
                    b6:b4:54:2c:64:86:94:f0:71:83:c7:4c:8d:81:68:
                    8f:2a:98:01:f9:68:d3:29:ca:51:eb:31:a0:46:05:
                    6f:85:b1:d3:50:04:08:51:20:e0:c2:5a:8e:16:4e:
                    90:ce:50:0b:ef:ec:4e:ce:b0:5e:96:80:c1:8c:7f:
                    75:03:58:a2:4f:dc:b3:96:9a:f6:8d:4c:8a:94:9a:
                    68:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:73:B1:1C:7B:DC:7F:3D:3A:DB:72:C3:2E:D8:B0:18:8D:0F:85:0D
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/yHOxHHvcfz0623LDLtiwGI0PhQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:8400::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:53:99:37:ca:ec:58:82:64:03:9c:a3:fb:71:93:22:e8:ad:
         aa:4b:59:a7:5c:92:a1:e3:45:45:c2:cd:1b:23:2e:b2:4c:62:
         5f:5e:d9:62:14:01:14:79:51:e0:29:e0:a0:f8:69:1d:09:c1:
         37:54:77:be:ca:62:d9:d5:ad:8d:c8:c0:03:12:58:f5:aa:ba:
         52:9e:11:e7:f4:d8:b1:b5:22:4a:13:29:b4:57:9a:df:09:c7:
         2a:33:60:34:c1:8f:11:48:65:00:2f:7a:02:d4:a2:2f:95:9f:
         c2:7d:1b:54:9a:c9:3c:0a:da:71:a4:67:f3:b4:11:37:fd:0e:
         33:a6:07:2d:cc:bf:f7:e6:ea:f9:92:95:9c:54:13:24:bc:eb:
         08:24:be:60:e4:bd:d6:6d:74:57:5c:df:ec:21:86:d3:f7:42:
         91:f1:76:7f:81:3f:8a:3d:68:d9:a1:b7:20:86:aa:6c:cc:22:
         18:a9:45:16:8b:22:ae:55:bc:86:30:d7:0c:62:87:a5:51:aa:
         08:02:10:ba:ea:db:eb:72:e0:9c:a8:df:b0:71:31:3b:b1:b6:
         12:61:a6:03:f4:76:5a:b7:e4:e2:a0:61:99:74:d2:d6:ec:ff:
         37:48:87:70:21:be:51:fe:da:5a:91:27:12:89:0b:3d:a1:39:
         ed:8e:d1:a1
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEEBr1MjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ODA3NGI0MTllYWQ0Y2VmZWEyZjJhZDJjMjU5ZDk3OGM1ZWQ3OTU0MB4XDTIyMDEx
MDA4MTc1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzg3M2IxMWM3YmRj
N2YzZDNhZGI3MmMzMmVkOGIwMTg4ZDBmODUwZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALcPQbYmyovZlGUZPZ1IjT/MEuteUclDO8VWEf54rVaFDUqT
6VpPwmgdoxA2jAEi6foi3wGCq8aBLIU5av7muxLl/+ousGhg2kDxVI2oNBqH7wwd
0jiRFumk8ql2Mr00cJoFzXqWRTLVpj2NQE9b2z63vQtI1rUSsuABvsZDJC77Z0Zc
Y1NkpIchmUwXETASUeipGIVgoF1sU5N3xKM57dKBnzuGMQC1oXIAazCP7xrKUCD+
trRULGSGlPBxg8dMjYFojyqYAflo0ynKUesxoEYFb4Wx01AECFEg4MJajhZOkM5Q
C+/sTs6wXpaAwYx/dQNYok/cs5aa9o1MipSaaNkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTIc7Ece9x/PTrbcsMu2LAYjQ+FDTAfBgNVHSMEGDAWgBS4B0tBnq1M7+ov
KtLCWdl4xe15VDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VBZExRWjZ0VE9fcUx5clN3bG5aZU1YdGVWUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWIvMWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8x
L3lIT3hISHZjZnowNjIzTERMdGl3R0kwUGhRMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIv
MWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8xL3VBZExRWjZ0VE9f
cUx5clN3bG5aZU1YdGVWUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoG6IGEADANBgkqhkiG9w0BAQsF
AAOCAQEAW1OZN8rsWIJkA5yj+3GTIuitqktZp1ySoeNFRcLNGyMuskxiX17ZYhQB
FHlR4CngoPhpHQnBN1R3vspi2dWtjcjAAxJY9aq6Up4R5/TYsbUiShMptFea3wnH
KjNgNMGPEUhlAC96AtSiL5Wfwn0bVJrJPAracaRn87QRN/0OM6YHLcy/9+bq+ZKV
nFQTJLzrCCS+YOS91m10V1zf7CGG0/dCkfF2f4E/ij1o2aG3IIaqbMwiGKlFFosi
rlW8hjDXDGKHpVGqCAIQuurb63LgnKjfsHExO7G2EmGmA/R2Wrfk4qBhmXTS1uz/
N0iHcCG+Uf7aWpEnEokLPaE57Y7RoQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:40 2024 by rpki-client on console-ams.rpki-client.org