Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/1-0MhTUtkrsAgMnxd-ZsXPn7FCwg.roa
File:                     1-0MhTUtkrsAgMnxd-ZsXPn7FCwg.roa (raw, json)
Hash identifier:          6u599lCHEd5r7EfAj8W9y+EVyPjg+wNfAwNIg7c1uV4=
Subject key identifier:   FB:43:21:4D:4B:64:AE:C0:20:32:7C:5D:F9:9B:17:3E:7E:C5:0B:08
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       060D913D
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/1-0MhTUtkrsAgMnxd-ZsXPn7FCwg.roa
Signing time:             Sat 01 Jan 2022 16:01:30 +0000
ROA not before:           Sat 01 Jan 2022 16:01:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212963
IP address blocks:        2a0d:f407:1009::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 101552445 (0x60d913d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 16:01:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fb43214d4b64aec020327c5df99b173e7ec50b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:79:3b:6c:88:7c:fe:7e:07:26:97:ea:43:42:
                    3e:ad:8f:a3:09:66:2d:a0:37:2e:bf:77:18:7d:4c:
                    1b:84:e2:20:c9:6c:b8:a0:36:f9:30:dc:b8:d3:07:
                    26:47:f8:7c:07:04:c9:e3:16:0b:e5:20:86:01:3d:
                    96:30:a8:17:fd:a9:75:c0:ef:ee:bd:e0:9b:1c:f1:
                    05:66:06:56:25:db:aa:02:f8:74:55:61:06:7a:3f:
                    83:42:64:fd:ae:1a:f9:66:9b:cb:c2:19:46:b6:a5:
                    9a:24:b0:ff:b9:23:50:d2:2f:06:f2:1f:b0:52:c8:
                    7d:68:25:d2:2c:59:6d:cf:59:2a:a8:94:36:ab:09:
                    4f:0f:cb:e1:ac:43:c8:eb:24:23:d9:e1:47:35:02:
                    06:8f:88:57:0c:72:90:ed:95:8f:f7:ce:14:fb:45:
                    81:55:81:66:ff:09:95:52:df:20:d5:da:fd:ac:db:
                    40:e5:23:00:31:06:d0:fd:99:ff:d5:6d:28:55:11:
                    2e:6f:ee:86:98:8d:6f:1e:f8:5f:5f:55:6e:ce:93:
                    08:ae:ba:fd:6f:0b:13:4d:7b:f7:80:44:7e:0e:6c:
                    21:4e:4d:57:82:ea:23:f0:e7:52:ef:3a:0c:94:36:
                    7d:01:63:dd:ca:f4:1f:57:6c:74:0f:8a:7c:d8:16:
                    f0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:43:21:4D:4B:64:AE:C0:20:32:7C:5D:F9:9B:17:3E:7E:C5:0B:08
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/1-0MhTUtkrsAgMnxd-ZsXPn7FCwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1009::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:b2:24:a9:10:07:eb:e7:ba:4c:cf:08:6e:9e:3a:e5:e0:db:
         89:f4:b5:e9:9f:6b:7b:fa:4b:2f:77:79:07:5a:63:0d:6a:0c:
         d2:35:eb:e3:3a:d2:ed:2a:2d:0a:03:05:e5:de:41:2e:a7:14:
         9c:21:c1:f8:6d:57:77:4f:3e:08:e4:d7:ba:a1:cf:45:83:bf:
         ec:27:91:07:da:bf:e3:24:91:6f:1c:e0:1e:10:3a:ca:f3:fa:
         b0:1f:c6:30:47:3a:d6:e5:67:f4:1f:a9:27:b2:0a:43:ce:f1:
         81:02:f9:da:94:6b:d3:a6:8e:6a:eb:fe:48:07:23:bc:04:c8:
         e7:b7:d4:84:be:17:aa:3b:56:41:de:e3:ac:62:4c:2d:5c:3a:
         c0:70:c4:36:26:c0:a2:3a:a8:fa:8e:dc:39:bc:d2:92:12:b3:
         ca:cc:9e:32:6b:4f:d1:8e:08:f8:d5:e2:cf:a5:d0:ce:f1:25:
         47:6a:f1:35:75:4a:15:f3:e1:5c:98:39:91:1e:51:4b:e8:0c:
         ef:73:fa:3c:54:24:95:95:7e:24:07:0e:cd:08:85:19:5a:65:
         7b:e9:48:e2:74:6d:48:6b:76:d0:7c:6d:57:48:54:c8:51:03:
         54:ba:ab:b1:6c:a4:1d:81:0d:89:e5:90:ae:cd:f9:3b:ba:65:
         28:6f:cf:96
-----BEGIN CERTIFICATE-----
MIIE8zCCA9ugAwIBAgIEBg2RPTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NjZkOWQ1MGIzYjg5ZDUxYzhhYTI0OTNlN2VmNDcwMWQ2MjUxZGFkMB4XDTIyMDEw
MTE2MDEzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmI0MzIxNGQ0YjY0
YWVjMDIwMzI3YzVkZjk5YjE3M2U3ZWM1MGIwODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMl5O2yIfP5+ByaX6kNCPq2PowlmLaA3Lr93GH1MG4TiIMls
uKA2+TDcuNMHJkf4fAcEyeMWC+UghgE9ljCoF/2pdcDv7r3gmxzxBWYGViXbqgL4
dFVhBno/g0Jk/a4a+Waby8IZRralmiSw/7kjUNIvBvIfsFLIfWgl0ixZbc9ZKqiU
NqsJTw/L4axDyOskI9nhRzUCBo+IVwxykO2Vj/fOFPtFgVWBZv8JlVLfINXa/azb
QOUjADEG0P2Z/9VtKFURLm/uhpiNbx74X19Vbs6TCK66/W8LE01794BEfg5sIU5N
V4LqI/DnUu86DJQ2fQFj3cr0H1dsdA+KfNgW8NcCAwEAAaOCAg0wggIJMB0GA1Ud
DgQWBBT7QyFNS2SuwCAyfF35mxc+fsULCDAfBgNVHSMEGDAWgBTGbZ1Qs7idUciq
JJPn70cB1iUdrTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3htMmRVTE80blZISXFpU1Q1LTlIQWRZbEhhMC5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTUvNGJiNzRiLThkNmQtNDUxNC1hMzljLWI3YzU3OGI3NGUzNS8x
LzEtME1oVFV0a3JzQWdNbnhkLVpzWFBuN0ZDd2cucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E1
LzRiYjc0Yi04ZDZkLTQ1MTQtYTM5Yy1iN2M1NzhiNzRlMzUvMS94bTJkVUxPNG5W
SElxaVNUNS05SEFkWWxIYTAuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqDfQHEAkwDQYJKoZIhvcNAQEL
BQADggEBAKeyJKkQB+vnukzPCG6eOuXg24n0temfa3v6Sy93eQdaYw1qDNI16+M6
0u0qLQoDBeXeQS6nFJwhwfhtV3dPPgjk17qhz0WDv+wnkQfav+MkkW8c4B4QOsrz
+rAfxjBHOtblZ/QfqSeyCkPO8YEC+dqUa9Omjmrr/kgHI7wEyOe31IS+F6o7VkHe
46xiTC1cOsBwxDYmwKI6qPqO3Dm80pISs8rMnjJrT9GOCPjV4s+l0M7xJUdq8TV1
ShXz4VyYOZEeUUvoDO9z+jxUJJWVfiQHDs0IhRlaZXvpSOJ0bUhrdtB8bVdIVMhR
A1S6q7FspB2BDYnlkK7N+Tu6ZShvz5Y=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:36 2024 by rpki-client on console-ams.rpki-client.org