Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/2HcvhPi_ZZZiYAl3i7-StOVHtmA.roa
File:                     2HcvhPi_ZZZiYAl3i7-StOVHtmA.roa (raw, json)
Hash identifier:          +NlM4sZnBr56pmeFaTIIPmjbi0JkIW0sHCflb6B1AWc=
Subject key identifier:   D8:77:2F:84:F8:BF:65:96:62:60:09:77:8B:BF:92:B4:E5:47:B6:60
Certificate issuer:       /CN=593897174f967490dbf6189d479df2c9371bf404
Certificate serial:       018462A3593C900BB9A5C24579E16D0BB86B
Authority key identifier: 59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/2HcvhPi_ZZZiYAl3i7-StOVHtmA.roa
Signing time:             Thu 10 Nov 2022 17:43:03 +0000
ROA not before:           Thu 10 Nov 2022 17:43:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        2a05:bc0::/29 maxlen: 128

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:62:a3:59:3c:90:0b:b9:a5:c2:45:79:e1:6d:0b:b8:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593897174f967490dbf6189d479df2c9371bf404
        Validity
            Not Before: Nov 10 17:43:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d8772f84f8bf6596626009778bbf92b4e547b660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:86:b5:bd:2c:26:94:a3:3a:0d:6f:fa:82:0e:
                    6a:ab:64:26:3d:3c:ae:2c:fe:e6:79:71:a5:b7:70:
                    d0:c4:ab:63:95:eb:72:16:22:5b:53:e6:bf:c1:16:
                    15:ad:d6:55:0a:42:c9:c5:66:6f:46:86:bf:f7:e2:
                    18:ff:3c:01:f7:d8:21:da:e8:fb:a5:5b:92:f8:99:
                    0a:bc:da:f4:18:1c:bd:6e:b3:c2:96:3a:5e:dc:81:
                    8f:89:29:31:25:78:b3:86:85:07:83:2b:d8:bc:b1:
                    fe:7b:57:f4:46:ed:c8:d3:6f:f4:9b:2c:40:05:53:
                    2b:73:ab:84:7a:0a:f3:da:19:15:ea:09:94:e0:f5:
                    f3:a0:82:1a:5d:8e:45:5d:af:4e:de:b4:20:e2:ce:
                    6d:96:31:1f:72:91:1c:0f:3a:86:2c:62:a7:a7:f2:
                    11:4d:29:71:7a:6b:56:e2:e4:ab:e5:f8:4c:c7:21:
                    b8:80:2f:43:6f:16:bd:ad:c2:99:4c:88:e5:77:d0:
                    eb:d0:0a:a2:b8:4c:46:50:37:b6:49:c5:7e:12:03:
                    a4:05:fb:41:49:c6:03:61:8b:2d:10:07:cb:ee:96:
                    89:18:12:c5:7d:b1:40:73:37:eb:fb:5f:ab:b8:14:
                    50:d9:4e:31:d1:1f:c3:2f:17:82:c1:41:2e:81:84:
                    11:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:77:2F:84:F8:BF:65:96:62:60:09:77:8B:BF:92:B4:E5:47:B6:60
            X509v3 Authority Key Identifier:
                keyid:59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/2HcvhPi_ZZZiYAl3i7-StOVHtmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:d3:d7:79:2b:43:ce:2d:c0:4c:29:71:ad:3e:c8:ef:ae:79:
         2f:c8:9b:e0:a2:d9:af:5d:76:d4:64:fb:25:9f:05:5e:4e:31:
         6b:bc:1a:4f:2d:0d:d4:73:2f:f9:51:f4:07:03:7c:da:0f:ba:
         7e:65:97:68:67:71:7c:0b:0b:ec:bd:9a:5c:5c:64:af:96:17:
         1f:19:40:9d:a8:ce:55:a8:32:18:4c:6d:40:1e:31:24:0f:2e:
         a8:5b:41:08:58:47:96:17:89:89:ed:be:91:ca:ee:ba:ee:c8:
         44:2f:28:40:f7:81:c6:4a:92:4e:c4:fe:b7:02:a6:ee:9e:ad:
         4c:28:dc:36:a5:5e:cb:23:9c:3b:d2:af:db:2e:20:2a:46:7f:
         4f:8e:c5:fd:1c:ea:cb:33:de:35:6b:fb:4a:dc:d5:e8:a0:9a:
         ee:b8:c2:d1:37:fa:13:3d:8b:cb:7e:04:26:6b:3f:28:40:8f:
         58:1c:34:3c:e4:42:7f:38:33:16:de:a6:fe:74:67:de:52:78:
         fd:79:22:60:d5:9b:b4:48:7e:49:63:14:f6:71:38:16:09:c4:
         28:ef:2e:fe:e8:d7:02:8e:04:84:fc:dd:bc:3a:6f:f8:a3:58:
         be:44:a5:fd:8c:bc:59:2d:34:7f:30:2c:87:82:e1:d2:b5:12:
         6f:e6:71:72
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYRio1k8kAu5pcJFeeFtC7hrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5Mzg5NzE3NGY5Njc0OTBkYmY2MTg5ZDQ3OWRmMmM5Mzcx
YmY0MDQwHhcNMjIxMTEwMTc0MzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODc3MmY4NGY4YmY2NTk2NjI2MDA5Nzc4YmJmOTJiNGU1NDdiNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioa1vSwmlKM6DW/6gg5qq2QmPTyu
LP7meXGlt3DQxKtjletyFiJbU+a/wRYVrdZVCkLJxWZvRoa/9+IY/zwB99gh2uj7
pVuS+JkKvNr0GBy9brPCljpe3IGPiSkxJXizhoUHgyvYvLH+e1f0Ru3I02/0myxA
BVMrc6uEegrz2hkV6gmU4PXzoIIaXY5FXa9O3rQg4s5tljEfcpEcDzqGLGKnp/IR
TSlxemtW4uSr5fhMxyG4gC9Dbxa9rcKZTIjld9Dr0AqiuExGUDe2ScV+EgOkBftB
ScYDYYstEAfL7paJGBLFfbFAczfr+1+ruBRQ2U4x0R/DLxeCwUEugYQRNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNh3L4T4v2WWYmAJd4u/krTlR7ZgMB8GA1UdIwQY
MBaAFFk4lxdPlnSQ2/YYnUed8sk3G/QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTIt
NWY4ZmM3MDc4MzZhLzEvMkhjdmhQaV9aWlppWUFsM2k3LVN0T1ZIdG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTItNWY4ZmM3MDc4MzZh
LzEvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgULwDAN
BgkqhkiG9w0BAQsFAAOCAQEAZtPXeStDzi3ATClxrT7I7655L8ib4KLZr1121GT7
JZ8FXk4xa7waTy0N1HMv+VH0BwN82g+6fmWXaGdxfAsL7L2aXFxkr5YXHxlAnajO
VagyGExtQB4xJA8uqFtBCFhHlheJie2+kcruuu7IRC8oQPeBxkqSTsT+twKm7p6t
TCjcNqVeyyOcO9Kv2y4gKkZ/T47F/RzqyzPeNWv7StzV6KCa7rjC0Tf6Ez2Ly34E
Jms/KECPWBw0PORCfzgzFt6m/nRn3lJ4/XkiYNWbtEh+SWMU9nE4FgnEKO8u/ujX
Ao4EhPzdvDpv+KNYvkSl/Yy8WS00fzAsh4Lh0rUSb+Zxcg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:38 2024 by rpki-client on console-fra.rpki-client.org