Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/9POJBSmnOfsQkr10-bfQfHmxv34.roa
File:                     9POJBSmnOfsQkr10-bfQfHmxv34.roa (raw, json)
Hash identifier:          7niCnZBc/eATg4BUZHi/3eadDXd7+3rmwR9iCco9mu8=
Subject key identifier:   F4:F3:89:05:29:A7:39:FB:10:92:BD:74:F9:B7:D0:7C:79:B1:BF:7E
Certificate issuer:       /CN=0d702c53cb803b14644e67587e5d6fd612b64bcc
Certificate serial:       07AC719B
Authority key identifier: 0D:70:2C:53:CB:80:3B:14:64:4E:67:58:7E:5D:6F:D6:12:B6:4B:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/9POJBSmnOfsQkr10-bfQfHmxv34.roa
Signing time:             Sat 01 Jan 2022 14:02:46 +0000
ROA not before:           Sat 01 Jan 2022 14:02:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58247
IP address blocks:        2a0e:4540:cafe::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 128741787 (0x7ac719b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d702c53cb803b14644e67587e5d6fd612b64bcc
        Validity
            Not Before: Jan  1 14:02:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f4f3890529a739fb1092bd74f9b7d07c79b1bf7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:3b:29:7e:cc:c2:ae:df:17:f1:0f:47:37:15:
                    82:b5:b0:fd:6b:55:73:b0:3b:85:57:9a:3c:58:28:
                    2d:fa:dd:1a:fb:8d:af:80:43:8b:6e:99:7a:9f:d3:
                    c2:77:4b:6c:6f:ed:16:a6:0c:4b:6a:d9:cd:cc:af:
                    91:0f:e9:17:b5:f9:21:7d:98:ad:58:f8:0b:ec:0a:
                    50:37:1a:ef:54:50:17:65:d9:41:7d:8b:86:f3:99:
                    01:fc:f1:5e:89:4e:f6:65:02:be:4d:32:ba:c0:f8:
                    c2:3c:64:2f:98:63:33:e5:2f:cf:bb:66:26:08:29:
                    c3:55:a7:ff:6b:33:15:14:d1:2a:3d:c8:21:64:dc:
                    09:19:a2:84:21:87:04:f0:ec:cb:c3:ea:8b:02:0c:
                    16:dc:05:af:e0:67:f1:3d:98:c8:4e:7a:6d:01:bf:
                    26:bd:3c:6e:c1:87:87:f6:ca:7c:bc:bd:86:2b:b2:
                    c1:0b:88:32:39:22:a8:fe:9a:b6:1a:86:e2:60:6a:
                    25:ed:43:ff:0c:0c:d0:b7:81:3b:b2:0f:6b:97:b5:
                    78:aa:63:45:7b:d2:ac:67:e4:b3:6a:aa:01:b2:fe:
                    cd:c5:8a:fa:18:a6:e3:61:3b:0c:8f:4c:6a:d5:ea:
                    a1:ea:7f:ad:ee:4c:8b:23:52:73:b4:71:ee:4f:14:
                    8a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F3:89:05:29:A7:39:FB:10:92:BD:74:F9:B7:D0:7C:79:B1:BF:7E
            X509v3 Authority Key Identifier:
                keyid:0D:70:2C:53:CB:80:3B:14:64:4E:67:58:7E:5D:6F:D6:12:B6:4B:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/9POJBSmnOfsQkr10-bfQfHmxv34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/DXAsU8uAOxRkTmdYfl1v1hK2S8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4540:cafe::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:33:5f:8f:59:0d:dc:51:2c:33:9f:8e:3b:33:72:9f:6e:75:
         e5:22:86:9e:e1:ed:83:1c:8e:1b:e1:86:58:04:ab:f9:5b:07:
         2c:f2:59:7f:c6:ec:8c:3e:20:b4:6f:a3:0d:dd:4a:47:a4:7a:
         05:91:ac:91:35:2c:9a:48:1d:ab:de:5d:a0:c7:17:81:ff:96:
         89:24:2d:77:1d:38:11:7c:dd:9e:9b:31:4e:25:ee:4a:35:a5:
         12:b9:df:b9:63:eb:51:fa:c0:59:1f:b6:5a:d4:94:4e:1f:ca:
         2a:aa:5e:65:95:5b:c5:ab:64:4a:ef:26:57:70:cf:71:72:61:
         8b:22:15:85:67:d4:fd:9a:a3:93:e3:43:95:a7:9e:84:10:3d:
         f8:33:4e:96:73:68:33:f9:62:90:fe:41:88:d9:ff:53:4e:9c:
         26:50:7a:cd:81:26:9c:73:b5:b8:2c:57:f5:6f:29:7f:9f:4c:
         17:5b:6b:21:b9:c6:6d:bc:a5:1c:e6:5e:34:3f:fc:5c:62:01:
         d8:66:71:61:72:19:44:06:8e:ee:e5:3a:e0:d8:91:c9:02:b3:
         01:6e:7d:06:b8:28:2e:92:34:d2:4a:ad:98:de:e7:5c:e9:db:
         af:a3:98:26:01:8b:a8:75:d9:27:44:8d:53:87:0b:11:54:f2:
         eb:3b:6a:4b
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEB6xxmzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZDcwMmM1M2NiODAzYjE0NjQ0ZTY3NTg3ZTVkNmZkNjEyYjY0YmNjMB4XDTIyMDEw
MTE0MDI0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjRmMzg5MDUyOWE3
MzlmYjEwOTJiZDc0ZjliN2QwN2M3OWIxYmY3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPk7KX7Mwq7fF/EPRzcVgrWw/WtVc7A7hVeaPFgoLfrdGvuN
r4BDi26Zep/TwndLbG/tFqYMS2rZzcyvkQ/pF7X5IX2YrVj4C+wKUDca71RQF2XZ
QX2LhvOZAfzxXolO9mUCvk0yusD4wjxkL5hjM+Uvz7tmJggpw1Wn/2szFRTRKj3I
IWTcCRmihCGHBPDsy8PqiwIMFtwFr+Bn8T2YyE56bQG/Jr08bsGHh/bKfLy9hiuy
wQuIMjkiqP6athqG4mBqJe1D/wwM0LeBO7IPa5e1eKpjRXvSrGfks2qqAbL+zcWK
+him42E7DI9MatXqoep/re5MiyNSc7Rx7k8UiiMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBT084kFKac5+xCSvXT5t9B8ebG/fjAfBgNVHSMEGDAWgBQNcCxTy4A7FGRO
Z1h+XW/WErZLzDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RYQXNVOHVBT3hSa1RtZFlmbDF2MWhLMlM4dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWUvZDNkMTA1LWY5NzItNGM3Yy1iZmVhLTNmMjUzOTJkZTdmOS8x
LzlQT0pCU21uT2ZzUWtyMTAtYmZRZkhteHYzNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUv
ZDNkMTA1LWY5NzItNGM3Yy1iZmVhLTNmMjUzOTJkZTdmOS8xL0RYQXNVOHVBT3hS
a1RtZFlmbDF2MWhLMlM4dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoORUDK/jANBgkqhkiG9w0BAQsF
AAOCAQEAjjNfj1kN3FEsM5+OOzNyn2515SKGnuHtgxyOG+GGWASr+VsHLPJZf8bs
jD4gtG+jDd1KR6R6BZGskTUsmkgdq95doMcXgf+WiSQtdx04EXzdnpsxTiXuSjWl
ErnfuWPrUfrAWR+2WtSUTh/KKqpeZZVbxatkSu8mV3DPcXJhiyIVhWfU/Zqjk+ND
laeehBA9+DNOlnNoM/likP5BiNn/U06cJlB6zYEmnHO1uCxX9W8pf59MF1trIbnG
bbylHOZeND/8XGIB2GZxYXIZRAaO7uU64NiRyQKzAW59BrgoLpI00kqtmN7nXOnb
r6OYJgGLqHXZJ0SNU4cLEVTy6ztqSw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:27 2024 by rpki-client on console-ams.rpki-client.org