Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c15e99-2965-476f-9aef-8a273f4ad15d/1/zqPY-gmMpr2Z84ushcAo2vbXKCg.roa
File:                     zqPY-gmMpr2Z84ushcAo2vbXKCg.roa (raw, json)
Hash identifier:          4unkopWdkK6TmDqwCBbA3Cm55PdT79CymseJaeYc08A=
Subject key identifier:   CE:A3:D8:FA:09:8C:A6:BD:99:F3:8B:AC:85:C0:28:DA:F6:D7:28:28
Certificate issuer:       /CN=fa7eb1115130fac94091061e31462a565226885a
Certificate serial:       0184C805497FA63BFB15A995818F6926CF25
Authority key identifier: FA:7E:B1:11:51:30:FA:C9:40:91:06:1E:31:46:2A:56:52:26:88:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-n6xEVEw-slAkQYeMUYqVlImiFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/c15e99-2965-476f-9aef-8a273f4ad15d/1/zqPY-gmMpr2Z84ushcAo2vbXKCg.roa
Signing time:             Wed 30 Nov 2022 10:11:40 +0000
ROA not before:           Wed 30 Nov 2022 10:11:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202647
IP address blocks:        2a13:bc2:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c8:05:49:7f:a6:3b:fb:15:a9:95:81:8f:69:26:cf:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa7eb1115130fac94091061e31462a565226885a
        Validity
            Not Before: Nov 30 10:11:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cea3d8fa098ca6bd99f38bac85c028daf6d72828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:11:c3:13:a6:f7:ac:90:cd:12:88:f4:e2:1e:
                    3e:4c:8a:dc:05:73:95:25:62:ef:92:fb:3b:0d:53:
                    5e:f7:ef:4f:79:f6:fc:66:69:0d:d1:1f:d3:b3:7c:
                    a6:a2:6c:37:5c:92:b3:20:85:f0:aa:45:57:af:86:
                    1e:3c:3f:06:fe:2c:89:f0:c3:16:23:9f:e3:bf:50:
                    00:0f:b1:e4:d5:bb:71:bd:5e:09:e7:8f:67:13:33:
                    63:b3:3d:61:ba:a6:af:63:01:7f:88:78:c9:77:24:
                    b3:7f:09:94:c5:8f:de:30:93:0f:3a:42:93:87:4b:
                    ff:da:48:c7:86:41:6b:96:04:71:fa:3b:1d:c8:a6:
                    19:dd:d0:d4:e7:2c:49:74:53:96:0f:aa:9d:53:d7:
                    fa:e4:3e:d2:6a:ab:87:9f:81:fc:17:44:ed:28:57:
                    3e:78:d9:56:97:04:b0:8e:84:58:0c:38:a0:cb:c8:
                    e1:db:63:54:85:56:47:45:1b:b4:f6:e8:32:5b:e9:
                    25:a3:10:1e:7f:c4:87:24:12:bd:14:ae:04:10:31:
                    86:01:08:28:df:65:b0:fb:c3:60:60:28:24:07:04:
                    d5:a4:d3:2e:4e:29:11:d8:66:29:bb:c8:0d:b6:ab:
                    f9:7c:1a:15:a0:91:48:06:45:42:6d:55:8c:67:10:
                    bd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A3:D8:FA:09:8C:A6:BD:99:F3:8B:AC:85:C0:28:DA:F6:D7:28:28
            X509v3 Authority Key Identifier:
                keyid:FA:7E:B1:11:51:30:FA:C9:40:91:06:1E:31:46:2A:56:52:26:88:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-n6xEVEw-slAkQYeMUYqVlImiFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c15e99-2965-476f-9aef-8a273f4ad15d/1/zqPY-gmMpr2Z84ushcAo2vbXKCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c15e99-2965-476f-9aef-8a273f4ad15d/1/1-n6xEVEw-slAkQYeMUYqVlImiFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bc2:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:a4:f4:e5:ab:b3:c2:dc:e4:a0:26:1b:3c:12:f7:73:15:b2:
         8e:db:4b:e1:b9:da:ee:82:ce:4f:f0:a8:b7:22:0b:31:57:ab:
         44:ef:52:c4:ad:59:7e:c8:53:99:ea:45:76:3e:ef:85:83:1f:
         13:5a:16:31:4e:da:61:a8:d8:d5:ce:86:dd:5c:d9:7b:d8:67:
         8f:90:72:c2:bd:b9:49:18:cb:b9:51:5a:c6:dc:b0:4c:9e:86:
         d3:c3:0f:d8:87:38:41:37:05:a1:17:04:0d:1c:7b:e9:05:c5:
         56:39:89:80:ff:eb:21:0b:d9:22:3e:b2:6b:b3:ae:4a:15:2b:
         ca:ed:f3:f6:74:03:36:83:66:97:d4:49:73:ca:39:c6:54:24:
         21:72:5b:b6:d3:ea:a4:4b:16:d1:53:2a:24:39:ef:af:39:23:
         cf:13:ef:52:30:5d:06:1b:1e:16:d8:a4:ba:bb:d4:ec:1c:9a:
         b2:7e:1b:94:4f:7d:21:49:36:89:a3:62:86:9e:c8:79:f7:79:
         e5:da:cf:e7:70:55:3c:d8:b2:3a:3c:1a:4d:5d:22:70:39:5c:
         4c:af:80:aa:77:37:07:3d:2a:98:5e:45:d0:a3:d9:f1:7c:1f:
         71:e1:76:53:54:94:38:e2:5c:a6:a8:22:f4:e1:d1:8e:50:97:
         c5:e2:4f:d8
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYTIBUl/pjv7FamVgY9pJs8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhN2ViMTExNTEzMGZhYzk0MDkxMDYxZTMxNDYyYTU2NTIy
Njg4NWEwHhcNMjIxMTMwMTAxMTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWEzZDhmYTA5OGNhNmJkOTlmMzhiYWM4NWMwMjhkYWY2ZDcyODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RHDE6b3rJDNEoj04h4+TIrcBXOV
JWLvkvs7DVNe9+9Pefb8ZmkN0R/Ts3ymomw3XJKzIIXwqkVXr4YePD8G/iyJ8MMW
I5/jv1AAD7Hk1btxvV4J549nEzNjsz1huqavYwF/iHjJdySzfwmUxY/eMJMPOkKT
h0v/2kjHhkFrlgRx+jsdyKYZ3dDU5yxJdFOWD6qdU9f65D7SaquHn4H8F0TtKFc+
eNlWlwSwjoRYDDigy8jh22NUhVZHRRu09ugyW+kloxAef8SHJBK9FK4EEDGGAQgo
32Ww+8NgYCgkBwTVpNMuTikR2GYpu8gNtqv5fBoVoJFIBkVCbVWMZxC9GwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFM6j2PoJjKa9mfOLrIXAKNr21ygoMB8GA1UdIwQY
MBaAFPp+sRFRMPrJQJEGHjFGKlZSJohaMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1uNnhFVkV3LXNsQWtRWWVNVVlxVmxJbWlGby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMvYzE1ZTk5LTI5NjUtNDc2Zi05YWVm
LThhMjczZjRhZDE1ZC8xL3pxUFktZ21NcHIyWjg0dXNoY0FvMnZiWEtDZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmMvYzE1ZTk5LTI5NjUtNDc2Zi05YWVmLThhMjczZjRhZDE1
ZC8xLzEtbjZ4RVZFdy1zbEFrUVllTVVZcVZsSW1pRm8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqEwvC
AAEwDQYJKoZIhvcNAQELBQADggEBAAWk9OWrs8Lc5KAmGzwS93MVso7bS+G52u6C
zk/wqLciCzFXq0TvUsStWX7IU5nqRXY+74WDHxNaFjFO2mGo2NXOht1c2XvYZ4+Q
csK9uUkYy7lRWsbcsEyehtPDD9iHOEE3BaEXBA0ce+kFxVY5iYD/6yEL2SI+smuz
rkoVK8rt8/Z0AzaDZpfUSXPKOcZUJCFyW7bT6qRLFtFTKiQ57685I88T71IwXQYb
HhbYpLq71OwcmrJ+G5RPfSFJNomjYoaeyHn3eeXaz+dwVTzYsjo8Gk1dInA5XEyv
gKp3Nwc9KpheRdCj2fF8H3HhdlNUlDjiXKaoIvTh0Y5Ql8XiT9g=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:50 2024 by rpki-client on console-fra.rpki-client.org