Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/RKguXOeXeGzUA0RqpUVIvKu1iG8.roa
File:                     RKguXOeXeGzUA0RqpUVIvKu1iG8.roa (raw, json)
Hash identifier:          7FDF9UQXryCZmz3jYjmZOljYmhIA4E94jJdoXLKNrzU=
Subject key identifier:   44:A8:2E:5C:E7:97:78:6C:D4:03:44:6A:A5:45:48:BC:AB:B5:88:6F
Certificate issuer:       /CN=a5a56ebf01e00349f673019180560c9a31aea871
Certificate serial:       0183808B7CE6E2585069F1149359D877DAE5
Authority key identifier: A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/RKguXOeXeGzUA0RqpUVIvKu1iG8.roa
Signing time:             Tue 27 Sep 2022 20:02:48 +0000
ROA not before:           Tue 27 Sep 2022 20:02:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399976
IP address blocks:        2a12:c6c1::/32 maxlen: 48
                          2a12:c6c7::/32 maxlen: 48
                          2a12:c6c6::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:80:8b:7c:e6:e2:58:50:69:f1:14:93:59:d8:77:da:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a56ebf01e00349f673019180560c9a31aea871
        Validity
            Not Before: Sep 27 20:02:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=44a82e5ce797786cd403446aa54548bcabb5886f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d3:fb:0d:c9:fc:21:1d:20:a5:e4:86:5f:2d:
                    2f:1c:0d:c1:ad:9a:c1:fd:72:6d:4b:d2:6f:88:48:
                    e6:bb:ef:ae:05:40:b3:dd:22:56:15:01:e3:24:84:
                    b2:0b:88:e6:88:9a:11:d7:53:2b:00:44:ea:96:f3:
                    28:dc:c2:00:3a:da:69:31:70:a6:6d:a6:cd:3a:f1:
                    95:6f:a2:3e:fd:c0:28:5c:51:5c:45:41:60:8e:a4:
                    d5:1b:de:3e:3e:8c:ea:19:e8:c7:f7:82:b6:80:5c:
                    46:f5:1b:2c:8b:b0:d1:26:f9:57:8e:70:a1:5f:e9:
                    6d:4e:13:a8:8b:1d:72:5c:02:88:1a:2a:c2:ac:78:
                    31:ff:08:fd:d2:5e:6c:54:19:52:1f:e5:93:7b:87:
                    9f:09:c4:94:f3:91:b9:05:05:51:73:e7:48:ce:d5:
                    80:b1:77:a1:fe:e8:e3:6a:7f:bb:05:e8:a5:97:e9:
                    a6:91:8f:b6:00:57:71:df:c2:5e:9a:3b:9b:a1:04:
                    c8:6c:06:b3:33:f6:7a:09:08:7b:5f:bb:bc:96:2c:
                    31:3e:87:98:b2:ef:a1:a6:42:83:fa:9e:d3:59:a3:
                    e8:fa:64:89:ab:03:e3:2f:36:84:9d:38:04:f5:d8:
                    9b:2f:a3:d2:af:45:2b:77:e0:77:03:59:58:a1:d5:
                    cf:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A8:2E:5C:E7:97:78:6C:D4:03:44:6A:A5:45:48:BC:AB:B5:88:6F
            X509v3 Authority Key Identifier:
                keyid:A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/RKguXOeXeGzUA0RqpUVIvKu1iG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:c6c1::/32
                  2a12:c6c6::/31

    Signature Algorithm: sha256WithRSAEncryption
         86:b0:39:0f:e3:22:b8:46:26:43:07:7f:87:af:cc:4b:33:88:
         ca:41:13:50:a6:ba:6b:f9:18:14:09:e3:42:f0:4a:fc:a8:22:
         6a:68:e6:a6:40:51:ea:9d:98:53:b2:ab:eb:23:a5:2b:3d:df:
         c7:4e:30:b8:e7:f0:a7:0b:8b:13:14:52:29:c3:b1:ab:30:70:
         1c:b2:2c:41:44:35:c2:d6:dd:b7:c8:f7:ba:aa:70:63:b8:f8:
         72:d9:f0:1b:cc:d4:c4:6b:a8:19:53:b4:bb:af:6e:56:23:5c:
         76:68:44:3e:d7:76:42:51:87:7a:66:09:ec:38:c2:f3:cf:25:
         0b:02:30:19:13:2b:56:34:c0:de:07:9f:c3:94:3c:ba:2f:df:
         d8:97:1e:9e:5b:6f:dc:f8:04:28:d5:98:58:09:93:c6:e8:4d:
         66:7a:8c:aa:ee:b8:06:bd:8e:87:54:8c:6b:5c:ce:21:df:d5:
         15:1b:4b:f5:d6:1f:28:12:29:d0:d5:52:c2:c2:99:3f:32:64:
         1e:1d:41:af:8b:b5:12:fe:80:29:3e:b6:76:93:62:0f:9e:d6:
         6b:ee:96:6f:8a:89:18:a7:4d:7e:1c:b8:ef:ef:fa:11:c5:9a:
         42:4f:4d:4e:f9:ea:9c:b1:b8:19:aa:7a:74:29:e8:f5:c8:67:
         5e:76:64:c9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYOAi3zm4lhQafEUk1nYd9rlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTU2ZWJmMDFlMDAzNDlmNjczMDE5MTgwNTYwYzlhMzFh
ZWE4NzEwHhcNMjIwOTI3MjAwMjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE4MmU1Y2U3OTc3ODZjZDQwMzQ0NmFhNTQ1NDhiY2FiYjU4ODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndP7Dcn8IR0gpeSGXy0vHA3BrZrB
/XJtS9JviEjmu++uBUCz3SJWFQHjJISyC4jmiJoR11MrAETqlvMo3MIAOtppMXCm
babNOvGVb6I+/cAoXFFcRUFgjqTVG94+PozqGejH94K2gFxG9Rssi7DRJvlXjnCh
X+ltThOoix1yXAKIGirCrHgx/wj90l5sVBlSH+WTe4efCcSU85G5BQVRc+dIztWA
sXeh/ujjan+7Beill+mmkY+2AFdx38JemjuboQTIbAazM/Z6CQh7X7u8liwxPoeY
su+hpkKD+p7TWaPo+mSJqwPjLzaEnTgE9dibL6PSr0Urd+B3A1lYodXP2QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFESoLlznl3hs1ANEaqVFSLyrtYhvMB8GA1UdIwQY
MBaAFKWlbr8B4ANJ9nMBkYBWDJoxrqhxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQt
MmQ0NmQzMGRhY2JmLzEvUktndVhPZVhlR3pVQTBScXBVVkl2S3UxaUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQtMmQ0NmQzMGRhY2Jm
LzEvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhLGwQMF
ASoSxsYwDQYJKoZIhvcNAQELBQADggEBAIawOQ/jIrhGJkMHf4evzEsziMpBE1Cm
umv5GBQJ40LwSvyoImpo5qZAUeqdmFOyq+sjpSs938dOMLjn8KcLixMUUinDsasw
cByyLEFENcLW3bfI97qqcGO4+HLZ8BvM1MRrqBlTtLuvblYjXHZoRD7XdkJRh3pm
Cew4wvPPJQsCMBkTK1Y0wN4Hn8OUPLov39iXHp5bb9z4BCjVmFgJk8boTWZ6jKru
uAa9jodUjGtcziHf1RUbS/XWHygSKdDVUsLCmT8yZB4dQa+LtRL+gCk+tnaTYg+e
1mvulm+KiRinTX4cuO/v+hHFmkJPTU756pyxuBmqenQp6PXIZ152ZMk=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:56 2023 by rpki-client on console-fra.rpki-client.org