Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/e4c435-e6cd-4da0-9e32-a44224fac3ff/1/r9dNAc0xdLTN5KXSVMAJTQuI2XU.roa
File:                     r9dNAc0xdLTN5KXSVMAJTQuI2XU.roa (raw, json)
Hash identifier:          5R45w85H03BpvU60Bz3EzziJSQGbluuH3TuuItMyYEU=
Subject key identifier:   AF:D7:4D:01:CD:31:74:B4:CD:E4:A5:D2:54:C0:09:4D:0B:88:D9:75
Certificate issuer:       /CN=5c110a2b0aeb37f0c932a96bdbbf7ef36c21197c
Certificate serial:       026EE352
Authority key identifier: 5C:11:0A:2B:0A:EB:37:F0:C9:32:A9:6B:DB:BF:7E:F3:6C:21:19:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XBEKKwrrN_DJMqlr279-82whGXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/e4c435-e6cd-4da0-9e32-a44224fac3ff/1/r9dNAc0xdLTN5KXSVMAJTQuI2XU.roa
Signing time:             Sat 01 Jan 2022 08:05:47 +0000
ROA not before:           Sat 01 Jan 2022 08:05:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20625
IP address blocks:        2001:67c:1784::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 40821586 (0x26ee352)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c110a2b0aeb37f0c932a96bdbbf7ef36c21197c
        Validity
            Not Before: Jan  1 08:05:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=afd74d01cd3174b4cde4a5d254c0094d0b88d975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a6:42:ff:fc:1f:d7:69:b9:8d:55:dd:54:00:
                    44:93:fc:fd:0f:1c:df:0e:6c:e5:b1:8e:1f:75:82:
                    4f:49:73:ea:a0:59:30:32:3a:41:b2:21:c0:e6:aa:
                    6a:3c:f4:ac:aa:0e:d2:15:c6:24:49:1c:9a:45:cf:
                    cd:25:88:fc:37:e0:f3:d8:0f:10:7f:1f:60:e6:2c:
                    42:d4:ed:55:7d:16:87:8a:f8:60:ef:90:87:b9:86:
                    45:67:5e:5f:2d:36:92:d6:20:f4:53:9b:d9:e2:a5:
                    14:52:b4:97:74:53:3b:10:79:e7:df:7d:3b:57:6e:
                    87:b6:95:7f:04:d5:0e:aa:ab:9d:ce:7a:4d:5a:9a:
                    cb:4e:bd:7f:69:98:e3:d6:f3:b6:17:58:de:06:7c:
                    8d:5a:81:41:1e:11:17:65:58:e9:37:9a:a8:d2:3e:
                    56:02:7e:90:71:70:f7:f4:7f:c9:60:0d:24:d4:58:
                    d2:6c:27:3b:c7:a9:39:e4:8c:ae:ef:71:22:a1:49:
                    02:7a:de:02:ff:1a:a1:21:00:33:b1:3d:0e:e0:42:
                    05:93:54:5d:4d:31:1d:db:ff:5a:62:44:c0:11:0e:
                    c7:aa:cb:47:2f:ce:78:64:ad:d0:b4:97:4b:af:9d:
                    ae:48:f4:6d:d8:70:05:e8:9c:1a:09:de:4a:32:5b:
                    3b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D7:4D:01:CD:31:74:B4:CD:E4:A5:D2:54:C0:09:4D:0B:88:D9:75
            X509v3 Authority Key Identifier:
                keyid:5C:11:0A:2B:0A:EB:37:F0:C9:32:A9:6B:DB:BF:7E:F3:6C:21:19:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XBEKKwrrN_DJMqlr279-82whGXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e4c435-e6cd-4da0-9e32-a44224fac3ff/1/r9dNAc0xdLTN5KXSVMAJTQuI2XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e4c435-e6cd-4da0-9e32-a44224fac3ff/1/XBEKKwrrN_DJMqlr279-82whGXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1784::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:0c:90:98:59:e9:e2:40:6c:67:b1:37:11:f1:2d:4f:6d:bf:
         c6:23:b0:a5:0b:f7:b5:fd:d5:bc:4e:e1:c7:6c:f0:b8:2a:86:
         c8:fb:de:79:f8:f6:1b:12:59:86:5e:bb:aa:f1:31:93:f9:04:
         56:ec:05:13:63:0b:33:eb:e9:89:4a:21:49:e8:11:84:93:75:
         73:2d:39:29:14:a7:68:be:c6:e9:89:16:30:5d:9d:97:3c:c0:
         16:9f:9d:4d:25:f9:70:3c:36:0b:7b:75:76:6f:4d:b2:95:56:
         ef:77:94:f3:fa:2c:95:56:f3:79:8b:60:33:54:60:d7:38:f0:
         3a:ac:f9:7b:6d:3f:50:74:fe:b2:ef:39:b9:0e:63:e5:a3:6f:
         44:84:d9:68:ee:97:f4:24:83:9c:f3:62:9a:ae:8c:fb:03:55:
         e6:17:44:6d:65:5c:b9:59:a6:74:85:23:5d:ed:d6:73:c1:45:
         1d:fd:22:b3:97:5b:2c:29:fe:55:8b:84:b9:86:a5:a2:18:31:
         d4:e8:fc:ff:fd:05:04:99:fd:f3:c9:aa:43:8a:88:f2:16:bd:
         8e:8e:a2:55:8a:15:db:47:64:80:0c:41:8f:cd:aa:02:39:0b:
         6c:a8:03:aa:fd:17:7b:d4:67:d6:12:9c:92:af:bb:73:99:14:
         7c:44:0b:65
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEAm7jUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
YzExMGEyYjBhZWIzN2YwYzkzMmE5NmJkYmJmN2VmMzZjMjExOTdjMB4XDTIyMDEw
MTA4MDU0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWZkNzRkMDFjZDMx
NzRiNGNkZTRhNWQyNTRjMDA5NGQwYjg4ZDk3NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALCmQv/8H9dpuY1V3VQARJP8/Q8c3w5s5bGOH3WCT0lz6qBZ
MDI6QbIhwOaqajz0rKoO0hXGJEkcmkXPzSWI/Dfg89gPEH8fYOYsQtTtVX0Wh4r4
YO+Qh7mGRWdeXy02ktYg9FOb2eKlFFK0l3RTOxB55999O1duh7aVfwTVDqqrnc56
TVqay069f2mY49bzthdY3gZ8jVqBQR4RF2VY6TeaqNI+VgJ+kHFw9/R/yWANJNRY
0mwnO8epOeSMru9xIqFJAnreAv8aoSEAM7E9DuBCBZNUXU0xHdv/WmJEwBEOx6rL
Ry/OeGSt0LSXS6+drkj0bdhwBeicGgneSjJbOzkCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSv100BzTF0tM3kpdJUwAlNC4jZdTAfBgNVHSMEGDAWgBRcEQorCus38Mky
qWvbv37zbCEZfDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hCRUtLd3JyTl9ESk1xbHIyNzktODJ3aEdYdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTUvZTRjNDM1LWU2Y2QtNGRhMC05ZTMyLWE0NDIyNGZhYzNmZi8x
L3I5ZE5BYzB4ZExUTjVLWFNWTUFKVFF1STJYVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUv
ZTRjNDM1LWU2Y2QtNGRhMC05ZTMyLWE0NDIyNGZhYzNmZi8xL1hCRUtLd3JyTl9E
Sk1xbHIyNzktODJ3aEdYdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwXhDANBgkqhkiG9w0BAQsF
AAOCAQEATQyQmFnp4kBsZ7E3EfEtT22/xiOwpQv3tf3VvE7hx2zwuCqGyPveefj2
GxJZhl67qvExk/kEVuwFE2MLM+vpiUohSegRhJN1cy05KRSnaL7G6YkWMF2dlzzA
Fp+dTSX5cDw2C3t1dm9NspVW73eU8/oslVbzeYtgM1Rg1zjwOqz5e20/UHT+su85
uQ5j5aNvRITZaO6X9CSDnPNimq6M+wNV5hdEbWVcuVmmdIUjXe3Wc8FFHf0is5db
LCn+VYuEuYalohgx1Oj8//0FBJn988mqQ4qI8ha9jo6iVYoV20dkgAxBj82qAjkL
bKgDqv0Xe9Rn1hKckq+7c5kUfEQLZQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:32 2024 by rpki-client on console-fra.rpki-client.org