Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/bb0480-66ad-4288-b8d3-1004c1e50dfe/1/nKblleLsKHJoM2_q4VuQU6IqCbE.roa
File:                     nKblleLsKHJoM2_q4VuQU6IqCbE.roa (raw, json)
Hash identifier:          qa3pmUMz2ZDqRFKZDKBcgDRskXBCx9SBXAo9n2qg1kU=
Subject key identifier:   9C:A6:E5:95:E2:EC:28:72:68:33:6F:EA:E1:5B:90:53:A2:2A:09:B1
Certificate issuer:       /CN=8ca8a4d42a0196df7cc0e14f597cf5660d63c09f
Certificate serial:       01849FA8466A56E22B0B1DB0D57C468E3FEC
Authority key identifier: 8C:A8:A4:D4:2A:01:96:DF:7C:C0:E1:4F:59:7C:F5:66:0D:63:C0:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jKik1CoBlt98wOFPWXz1Zg1jwJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/bb0480-66ad-4288-b8d3-1004c1e50dfe/1/nKblleLsKHJoM2_q4VuQU6IqCbE.roa
Signing time:             Tue 22 Nov 2022 14:05:16 +0000
ROA not before:           Tue 22 Nov 2022 14:05:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8075
IP address blocks:        46.29.242.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:a8:46:6a:56:e2:2b:0b:1d:b0:d5:7c:46:8e:3f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ca8a4d42a0196df7cc0e14f597cf5660d63c09f
        Validity
            Not Before: Nov 22 14:05:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9ca6e595e2ec287268336feae15b9053a22a09b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c9:ad:f3:2c:29:eb:aa:4d:bc:bf:85:5f:ec:
                    ad:c4:01:60:7c:e5:4f:65:2d:fe:60:3b:28:2d:33:
                    80:42:c7:1b:74:ce:09:e0:ba:7e:7b:c9:fc:23:ae:
                    01:41:03:d4:f5:1e:62:41:22:53:34:e2:49:61:99:
                    e1:a3:25:84:37:36:7d:a5:ba:f7:95:6c:f9:5f:4f:
                    24:c6:e1:6d:d1:13:69:8c:d8:57:4c:26:8f:10:a3:
                    ff:88:de:71:5e:96:7e:39:18:b4:1e:35:86:e4:95:
                    21:e8:cf:52:42:34:32:5a:32:af:eb:1a:a0:55:2b:
                    b5:c6:1f:84:4d:1b:df:a0:3f:27:50:27:6b:63:3d:
                    82:74:b0:18:71:34:c8:40:0a:5d:df:18:f9:f3:d0:
                    df:28:c7:67:03:e4:5f:7c:ac:3b:ec:eb:ad:8f:f9:
                    80:e7:bf:39:ac:8a:c1:a7:4a:f3:e0:dd:3a:80:08:
                    e2:4a:35:74:a7:b2:b2:08:01:da:45:a4:dc:fe:8d:
                    cd:4b:93:7c:11:9c:b1:49:b5:09:fb:e8:54:d9:d1:
                    33:97:ea:a0:24:10:f1:1d:e5:3b:1f:25:96:ad:00:
                    12:df:aa:0d:9d:78:a7:3d:b4:98:71:f1:c8:8b:cb:
                    1b:c2:39:68:12:62:17:c5:d4:6f:b1:72:d4:81:04:
                    ae:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A6:E5:95:E2:EC:28:72:68:33:6F:EA:E1:5B:90:53:A2:2A:09:B1
            X509v3 Authority Key Identifier:
                keyid:8C:A8:A4:D4:2A:01:96:DF:7C:C0:E1:4F:59:7C:F5:66:0D:63:C0:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jKik1CoBlt98wOFPWXz1Zg1jwJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bb0480-66ad-4288-b8d3-1004c1e50dfe/1/nKblleLsKHJoM2_q4VuQU6IqCbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bb0480-66ad-4288-b8d3-1004c1e50dfe/1/jKik1CoBlt98wOFPWXz1Zg1jwJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:39:94:8d:a7:fb:3d:dc:c7:36:9d:47:2b:a8:dc:b6:a2:e7:
         25:f2:72:9e:2d:7a:67:2d:b4:6e:cd:a4:35:51:48:cd:a8:e8:
         c4:af:fa:3b:3a:07:45:d8:8b:5f:af:2c:18:37:9d:fe:6f:60:
         9f:ad:af:91:3a:f7:ac:5d:0a:41:87:34:92:83:0e:f2:af:1e:
         4b:84:af:58:2c:4f:9d:c8:2a:bb:90:5a:9e:2e:49:94:69:9e:
         b0:c9:5b:93:f6:9f:59:77:04:88:0c:51:5f:f0:7f:91:a0:38:
         df:85:4c:9d:ae:ec:a9:77:59:5c:d6:9c:28:20:62:d4:53:2c:
         85:90:76:bf:8a:e8:c4:9f:63:05:ef:37:3a:30:f4:24:f3:2f:
         9b:75:bf:fc:58:38:f2:2d:c5:1e:5d:aa:c7:a6:2c:9f:23:12:
         c0:39:fb:8f:e6:b8:42:90:19:6a:47:e5:94:7e:e2:17:64:e9:
         3b:cd:b2:41:bf:4e:37:9e:4b:73:de:32:98:93:e5:bc:96:b3:
         97:a8:c3:ba:b1:db:6d:f5:02:8a:d2:5a:9c:5e:a0:3b:c5:21:
         17:91:70:64:a2:d5:b7:22:9f:83:0d:c8:65:15:68:70:62:13:
         02:30:56:a1:39:97:53:3e:87:ec:d7:4a:7d:76:95:42:29:be:
         cd:7a:23:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSfqEZqVuIrCx2w1XxGjj/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjYThhNGQ0MmEwMTk2ZGY3Y2MwZTE0ZjU5N2NmNTY2MGQ2
M2MwOWYwHhcNMjIxMTIyMTQwNTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E2ZTU5NWUyZWMyODcyNjgzMzZmZWFlMTViOTA1M2EyMmEwOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMmt8ywp66pNvL+FX+ytxAFgfOVP
ZS3+YDsoLTOAQscbdM4J4Lp+e8n8I64BQQPU9R5iQSJTNOJJYZnhoyWENzZ9pbr3
lWz5X08kxuFt0RNpjNhXTCaPEKP/iN5xXpZ+ORi0HjWG5JUh6M9SQjQyWjKv6xqg
VSu1xh+ETRvfoD8nUCdrYz2CdLAYcTTIQApd3xj589DfKMdnA+RffKw77Outj/mA
5785rIrBp0rz4N06gAjiSjV0p7KyCAHaRaTc/o3NS5N8EZyxSbUJ++hU2dEzl+qg
JBDxHeU7HyWWrQAS36oNnXinPbSYcfHIi8sbwjloEmIXxdRvsXLUgQSuYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJym5ZXi7ChyaDNv6uFbkFOiKgmxMB8GA1UdIwQY
MBaAFIyopNQqAZbffMDhT1l89WYNY8CfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaktpazFDb0JsdDk4d09GUFdYejFaZzFqd0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iYjA0ODAtNjZhZC00Mjg4LWI4ZDMt
MTAwNGMxZTUwZGZlLzEvbktibGxlTHNLSEpvTTJfcTRWdVFVNklxQ2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iYjA0ODAtNjZhZC00Mjg4LWI4ZDMtMTAwNGMxZTUwZGZl
LzEvaktpazFDb0JsdDk4d09GUFdYejFaZzFqd0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh3yMA0G
CSqGSIb3DQEBCwUAA4IBAQCeOZSNp/s93Mc2nUcrqNy2oucl8nKeLXpnLbRuzaQ1
UUjNqOjEr/o7OgdF2ItfrywYN53+b2Cfra+ROvesXQpBhzSSgw7yrx5LhK9YLE+d
yCq7kFqeLkmUaZ6wyVuT9p9ZdwSIDFFf8H+RoDjfhUydruypd1lc1pwoIGLUUyyF
kHa/iujEn2MF7zc6MPQk8y+bdb/8WDjyLcUeXarHpiyfIxLAOfuP5rhCkBlqR+WU
fuIXZOk7zbJBv043nktz3jKYk+W8lrOXqMO6sdtt9QKK0lqcXqA7xSEXkXBkotW3
Ip+DDchlFWhwYhMCMFahOZdTPofs10p9dpVCKb7NeiNS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:17 2024 by rpki-client on console-ams.rpki-client.org