Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/CMHvrNgXTf8JYd3O9CCGPk-eGJo.roa
File:                     CMHvrNgXTf8JYd3O9CCGPk-eGJo.roa (raw, json)
Hash identifier:          XfcBVccdB4EUjoEwfHEtBoIxAL0cT8TQTjP5niX0z+Y=
Subject key identifier:   08:C1:EF:AC:D8:17:4D:FF:09:61:DD:CE:F4:20:86:3E:4F:9E:18:9A
Certificate issuer:       /CN=72b25d859ff06be1ebc97add5dec05d36fcdca2d
Certificate serial:       05E896BF
Authority key identifier: 72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crJdhZ_wa-HryXrdXewF02_Nyi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/CMHvrNgXTf8JYd3O9CCGPk-eGJo.roa
Signing time:             Sat 01 Jan 2022 15:04:53 +0000
ROA not before:           Sat 01 Jan 2022 15:04:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35675
IP address blocks:        2001:678:980::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 99129023 (0x5e896bf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b25d859ff06be1ebc97add5dec05d36fcdca2d
        Validity
            Not Before: Jan  1 15:04:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=08c1efacd8174dff0961ddcef420863e4f9e189a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a4:0a:5d:00:12:f7:81:2a:29:98:53:23:d2:
                    8b:d4:9e:20:cb:af:d9:0e:af:ec:16:15:8c:8f:db:
                    69:b5:46:77:67:6f:53:a6:14:ab:f8:3f:cb:6e:04:
                    b9:61:32:75:f1:02:f7:8b:e8:23:63:69:28:50:c3:
                    ce:2e:ff:a4:96:d7:a9:c2:af:bc:37:ac:7a:54:7b:
                    b2:ad:30:22:86:75:6d:ae:24:c8:81:4f:e5:7a:75:
                    68:c6:1e:8e:a2:e3:e3:d0:f4:f1:c4:bd:12:79:2a:
                    17:5d:ce:92:db:cf:58:7e:74:4d:f5:ad:9f:78:a3:
                    0e:bc:60:75:d4:d7:3c:53:1b:9f:bc:9a:4c:25:48:
                    7b:3d:70:87:c5:1b:73:bc:0c:76:eb:21:a2:ad:cf:
                    1b:aa:9b:7b:ff:1e:8e:15:16:ea:9f:05:e4:4b:3a:
                    b5:76:62:fe:d9:8b:52:fa:4e:c4:9e:96:5e:75:f9:
                    2c:c0:36:34:40:91:6c:2f:f6:60:ab:f9:39:cd:ff:
                    29:f0:64:c6:25:90:c5:64:c1:60:6a:23:fb:f8:f1:
                    fa:22:9b:51:a8:10:48:d7:c8:7e:11:6b:3e:36:df:
                    33:41:76:18:dd:08:3c:13:1d:2b:6b:5d:4e:b4:a1:
                    18:6d:f0:82:e1:0b:f1:62:16:71:cc:0b:f8:75:57:
                    0f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C1:EF:AC:D8:17:4D:FF:09:61:DD:CE:F4:20:86:3E:4F:9E:18:9A
            X509v3 Authority Key Identifier:
                keyid:72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crJdhZ_wa-HryXrdXewF02_Nyi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/CMHvrNgXTf8JYd3O9CCGPk-eGJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:980::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:18:30:bd:24:a7:88:3c:45:6e:b8:4f:e9:97:bb:c5:c6:0d:
         df:d2:49:10:ef:01:da:43:23:ad:50:9c:6d:c4:83:16:e3:f3:
         c6:7f:0d:40:04:8b:7c:2f:35:d8:63:51:36:4a:27:7a:6d:d6:
         e3:1f:28:73:1e:d0:cb:47:d4:b3:89:66:c4:f6:bf:45:ea:da:
         07:cd:6c:1a:59:78:b8:53:e8:45:a0:72:7f:df:d5:c8:ac:ff:
         1e:29:81:4a:f1:34:a3:c1:38:15:22:43:a0:59:d4:e3:e4:53:
         bf:fc:99:30:8d:30:52:49:79:13:1f:bb:e1:87:a6:aa:3c:f9:
         f6:90:20:5e:15:57:43:6a:9e:db:6f:52:05:27:46:f6:d8:82:
         d8:2a:7f:f3:53:b5:cc:82:b8:a9:c1:1b:ba:53:dc:ea:75:e0:
         cf:d2:26:9e:5f:5e:7d:c6:dc:f4:30:8d:6c:e4:16:6b:67:31:
         03:76:04:34:23:bd:1a:31:27:8f:a9:b1:b3:e6:c6:44:16:ac:
         ed:5f:94:5c:6a:96:f3:de:88:fc:a1:ee:01:42:fd:ad:1b:7f:
         5a:92:af:43:6c:6a:7c:57:f2:cf:61:2d:b7:11:3f:15:6d:c5:
         60:13:f3:15:d8:1e:bb:03:ce:3b:c1:11:5f:78:08:d1:57:8f:
         e6:ad:28:d5
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBeiWvzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MmIyNWQ4NTlmZjA2YmUxZWJjOTdhZGQ1ZGVjMDVkMzZmY2RjYTJkMB4XDTIyMDEw
MTE1MDQ1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDhjMWVmYWNkODE3
NGRmZjA5NjFkZGNlZjQyMDg2M2U0ZjllMTg5YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALykCl0AEveBKimYUyPSi9SeIMuv2Q6v7BYVjI/babVGd2dv
U6YUq/g/y24EuWEydfEC94voI2NpKFDDzi7/pJbXqcKvvDeselR7sq0wIoZ1ba4k
yIFP5Xp1aMYejqLj49D08cS9EnkqF13OktvPWH50TfWtn3ijDrxgddTXPFMbn7ya
TCVIez1wh8Ubc7wMdushoq3PG6qbe/8ejhUW6p8F5Es6tXZi/tmLUvpOxJ6WXnX5
LMA2NECRbC/2YKv5Oc3/KfBkxiWQxWTBYGoj+/jx+iKbUagQSNfIfhFrPjbfM0F2
GN0IPBMdK2tdTrShGG3wguEL8WIWccwL+HVXD38CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQIwe+s2BdN/wlh3c70IIY+T54YmjAfBgNVHSMEGDAWgBRysl2Fn/Br4evJ
et1d7AXTb83KLTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NySmRoWl93YS1IcnlYcmRYZXdGMDJfTnlpMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTYvMmY4MzNmLWE3ZTgtNGY5ZC1hMzgzLTEyM2ZhMmFiOTQwOC8x
L0NNSHZyTmdYVGY4SllkM085Q0NHUGstZUdKby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTYv
MmY4MzNmLWE3ZTgtNGY5ZC1hMzgzLTEyM2ZhMmFiOTQwOC8xL2NySmRoWl93YS1I
cnlYcmRYZXdGMDJfTnlpMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngJgDANBgkqhkiG9w0BAQsF
AAOCAQEArxgwvSSniDxFbrhP6Ze7xcYN39JJEO8B2kMjrVCcbcSDFuPzxn8NQASL
fC812GNRNkonem3W4x8ocx7Qy0fUs4lmxPa/ReraB81sGll4uFPoRaByf9/VyKz/
HimBSvE0o8E4FSJDoFnU4+RTv/yZMI0wUkl5Ex+74Yemqjz59pAgXhVXQ2qe229S
BSdG9tiC2Cp/81O1zIK4qcEbulPc6nXgz9Imnl9efcbc9DCNbOQWa2cxA3YENCO9
GjEnj6mxs+bGRBas7V+UXGqW896I/KHuAUL9rRt/WpKvQ2xqfFfyz2EttxE/FW3F
YBPzFdgeuwPOO8ERX3gI0VeP5q0o1Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:45 2024 by rpki-client on console-ams.rpki-client.org