Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/BH09vu8hg-X44GQH_hzbUKjvCoc.roa
File:                     BH09vu8hg-X44GQH_hzbUKjvCoc.roa (raw, json)
Hash identifier:          Jj3H7JYPr1Wp6LFZqzx7kODCpB/iKGjVVaEGKdnplw0=
Subject key identifier:   04:7D:3D:BE:EF:21:83:E5:F8:E0:64:07:FE:1C:DB:50:A8:EF:0A:87
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       0997452D
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/BH09vu8hg-X44GQH_hzbUKjvCoc.roa
Signing time:             Tue 22 Mar 2022 12:24:49 +0000
ROA not before:           Tue 22 Mar 2022 12:24:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     36268
IP address blocks:        2a09:b280:ff90::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 160908589 (0x997452d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Mar 22 12:24:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=047d3dbeef2183e5f8e06407fe1cdb50a8ef0a87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e4:de:51:e2:87:dc:80:ed:6a:94:87:3a:f1:
                    52:a5:4f:24:b5:01:41:07:b4:98:46:59:6f:9f:a2:
                    d4:34:40:72:14:df:56:da:54:1a:58:37:6e:ff:83:
                    0f:b7:12:d8:b3:c9:f5:8d:a3:b8:8d:3b:ca:33:a2:
                    d0:ea:e3:5d:ee:0a:53:96:16:78:40:b4:40:dd:d1:
                    a9:40:db:eb:66:c4:59:a8:87:df:42:d0:0b:9f:a4:
                    d7:54:70:3d:90:78:fe:96:7a:76:46:9f:cd:a8:c3:
                    fb:10:fc:6b:7c:4f:d3:7a:d9:53:9c:24:2b:ae:97:
                    17:23:3a:d7:b0:16:21:31:49:7c:22:0a:25:57:99:
                    69:22:cf:09:67:96:24:9a:c7:d6:d0:1e:92:73:a8:
                    1d:76:35:21:5a:65:9c:65:32:b2:22:e8:2a:43:34:
                    45:d1:2b:df:e2:d4:b7:c4:80:ea:28:e9:fa:e7:0c:
                    03:e1:a9:b6:96:e2:eb:44:06:37:cb:24:e8:0d:eb:
                    c3:0a:89:f1:63:2d:3f:5e:75:27:9e:5c:f6:e6:be:
                    b6:18:3f:e7:9a:00:d1:85:94:e4:22:6d:19:cc:74:
                    8d:16:bd:6f:d2:71:d3:d0:b8:35:04:ea:0f:bb:7a:
                    d4:a0:57:5f:5b:88:ca:9b:91:a1:4c:26:be:5a:9a:
                    44:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:7D:3D:BE:EF:21:83:E5:F8:E0:64:07:FE:1C:DB:50:A8:EF:0A:87
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/BH09vu8hg-X44GQH_hzbUKjvCoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b280:ff90::/44

    Signature Algorithm: sha256WithRSAEncryption
         51:71:14:32:b7:79:31:2b:02:c0:5a:bc:33:09:1c:12:92:4a:
         cc:2b:e3:dc:b7:82:55:21:d8:58:08:c1:b3:9c:a4:5c:f4:7b:
         0d:38:3b:69:55:47:81:a8:c8:41:be:7e:d6:a6:cc:22:16:ba:
         d4:9b:07:ea:8d:db:68:07:92:7f:8b:e5:81:cb:6e:34:99:0f:
         12:aa:14:fc:4d:b2:91:2c:6a:38:45:24:7a:b5:99:85:d4:e2:
         db:38:b2:81:42:91:cb:69:62:fe:97:c9:54:68:d6:1f:28:90:
         37:88:42:02:04:ed:36:f0:3f:f2:66:2e:e7:9c:55:3e:ee:48:
         12:2a:6b:0c:7b:48:77:8b:15:74:09:74:d2:89:94:37:2d:d2:
         9f:8e:d4:d6:85:19:ec:60:ee:13:88:3a:ec:84:e0:be:50:fd:
         23:a9:64:5b:35:7c:09:35:b7:e0:78:59:9a:65:28:0d:90:19:
         22:93:b6:cc:6d:35:f7:fe:af:b9:8f:4a:0b:fb:75:08:a1:6b:
         8e:b9:e6:31:75:c5:ec:13:f7:6f:97:a2:4a:fd:79:e4:33:11:
         a4:3d:83:40:76:6c:ac:ab:32:a6:a0:20:85:55:23:5e:37:ba:
         69:51:4a:8e:3a:24:66:d7:12:7d:91:68:c0:cd:11:4d:41:91:
         f3:41:35:70
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECZdFLTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MjUwOGZiNzgxY2E2ZGJkODIyMWYyYzJmOTU0YTNhNzQ0NmIyYjQyMB4XDTIyMDMy
MjEyMjQ0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDQ3ZDNkYmVlZjIx
ODNlNWY4ZTA2NDA3ZmUxY2RiNTBhOGVmMGE4NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM3k3lHih9yA7WqUhzrxUqVPJLUBQQe0mEZZb5+i1DRAchTf
VtpUGlg3bv+DD7cS2LPJ9Y2juI07yjOi0OrjXe4KU5YWeEC0QN3RqUDb62bEWaiH
30LQC5+k11RwPZB4/pZ6dkafzajD+xD8a3xP03rZU5wkK66XFyM617AWITFJfCIK
JVeZaSLPCWeWJJrH1tAeknOoHXY1IVplnGUysiLoKkM0RdEr3+LUt8SA6ijp+ucM
A+Gptpbi60QGN8sk6A3rwwqJ8WMtP151J55c9ua+thg/55oA0YWU5CJtGcx0jRa9
b9Jx09C4NQTqD7t61KBXX1uIypuRoUwmvlqaRNcCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQEfT2+7yGD5fjgZAf+HNtQqO8KhzAfBgNVHSMEGDAWgBQyUI+3gcptvYIh
8sL5VKOnRGsrQjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01sQ1B0NEhLYmIyQ0lmTEMtVlNqcDBSckswSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjIvNmMyMDNkLTYyMjEtNDYwYS1hZjQ5LWMxMjIxODc2NTE1NC8x
L0JIMDl2dThoZy1YNDRHUUhfaHpiVUtqdkNvYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIv
NmMyMDNkLTYyMjEtNDYwYS1hZjQ5LWMxMjIxODc2NTE1NC8xL01sQ1B0NEhLYmIy
Q0lmTEMtVlNqcDBSckswSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoJsoD/kDANBgkqhkiG9w0BAQsF
AAOCAQEAUXEUMrd5MSsCwFq8MwkcEpJKzCvj3LeCVSHYWAjBs5ykXPR7DTg7aVVH
gajIQb5+1qbMIha61JsH6o3baAeSf4vlgctuNJkPEqoU/E2ykSxqOEUkerWZhdTi
2ziygUKRy2li/pfJVGjWHyiQN4hCAgTtNvA/8mYu55xVPu5IEiprDHtId4sVdAl0
0omUNy3Sn47U1oUZ7GDuE4g67ITgvlD9I6lkWzV8CTW34HhZmmUoDZAZIpO2zG01
9/6vuY9KC/t1CKFrjrnmMXXF7BP3b5eiSv155DMRpD2DQHZsrKsypqAghVUjXje6
aVFKjjokZtcSfZFowM0RTUGR80E1cA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:19 2024 by rpki-client on console-ams.rpki-client.org