Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/wKx4RG82D8NYlidpTbIEoRwtJa8.roa
File:                     wKx4RG82D8NYlidpTbIEoRwtJa8.roa (raw, json)
Hash identifier:          /xAouOJ8ppTzv631MQc6WTZOFLbhMcpfmeCrv2u7mO8=
Subject key identifier:   C0:AC:78:44:6F:36:0F:C3:58:96:27:69:4D:B2:04:A1:1C:2D:25:AF
Certificate issuer:       /CN=386ab970bfb6947597e97cefb916ec76a0c56858
Certificate serial:       1088A755
Authority key identifier: 38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/wKx4RG82D8NYlidpTbIEoRwtJa8.roa
Signing time:             Sat 01 Jan 2022 14:08:38 +0000
ROA not before:           Sat 01 Jan 2022 14:08:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206725
IP address blocks:        2001:678:134::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 277391189 (0x1088a755)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=386ab970bfb6947597e97cefb916ec76a0c56858
        Validity
            Not Before: Jan  1 14:08:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c0ac78446f360fc3589627694db204a11c2d25af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7f:7c:91:ad:5b:ca:d1:94:61:46:63:2b:3f:
                    c7:06:dd:da:2f:69:eb:c9:68:c1:e6:87:62:73:08:
                    73:51:b4:8e:aa:e0:38:74:69:a8:45:91:d2:7e:2f:
                    b1:00:19:86:b6:10:4a:35:c3:22:52:c8:dd:63:6e:
                    cc:bb:6a:de:93:22:83:81:12:c2:67:1f:79:d0:58:
                    bc:fc:20:23:a7:5c:2c:42:60:c2:2e:03:ae:47:4c:
                    91:3b:2a:89:55:48:bc:29:14:45:ab:65:a3:ac:d6:
                    f2:c7:36:a7:66:1b:b7:e2:7d:ba:eb:c4:87:74:f5:
                    6d:6a:dd:49:19:ee:e4:39:e5:5e:64:26:6c:ed:f3:
                    3c:0f:d9:21:dc:37:1b:4d:42:cc:e2:95:b0:96:66:
                    ea:07:97:c2:81:9c:d7:f1:ae:bd:74:2a:69:37:36:
                    44:9f:68:5c:ed:e6:e9:ff:4e:31:bb:ca:3a:10:67:
                    39:2f:a9:59:eb:8f:86:07:db:c9:c8:c2:a8:17:79:
                    29:22:1c:5b:08:0c:18:59:23:89:45:03:f0:9b:fa:
                    7a:2b:85:26:22:c9:b5:e7:0d:ac:00:0f:24:4a:31:
                    61:a7:5b:39:46:c2:40:80:99:22:e6:9a:1b:a1:23:
                    36:a8:21:74:4f:11:0c:a8:c7:97:34:75:f1:70:3f:
                    75:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:AC:78:44:6F:36:0F:C3:58:96:27:69:4D:B2:04:A1:1C:2D:25:AF
            X509v3 Authority Key Identifier:
                keyid:38:6A:B9:70:BF:B6:94:75:97:E9:7C:EF:B9:16:EC:76:A0:C5:68:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OGq5cL-2lHWX6XzvuRbsdqDFaFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/wKx4RG82D8NYlidpTbIEoRwtJa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/41fda9-9702-458d-982f-8d11257d4af6/1/OGq5cL-2lHWX6XzvuRbsdqDFaFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:134::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:3c:bb:8b:3c:bb:83:6d:8e:0c:59:1d:58:f8:35:65:fd:99:
         49:1e:57:f9:77:0a:3d:ea:59:d9:83:28:dd:f9:ee:f8:7a:d5:
         f9:fe:46:f8:85:48:c4:68:07:b2:77:b3:e6:5b:eb:ca:37:03:
         e5:15:aa:f7:1b:d5:dd:ec:0e:24:b4:fc:44:12:5d:81:8f:bc:
         fc:3a:14:b4:d5:8e:b3:92:26:d0:9f:07:d1:bc:ac:f1:fa:6a:
         c4:a4:71:20:a1:96:fa:9c:c6:dd:06:37:3b:eb:6a:88:ee:b0:
         91:d7:52:53:58:60:91:fa:92:00:fb:ce:34:ad:16:3e:8d:44:
         91:16:e4:22:ea:ae:b1:00:64:77:7f:db:00:69:64:ba:66:32:
         a6:15:c0:93:19:b6:ed:27:35:d3:e5:37:01:8e:0c:d9:a3:44:
         bd:ff:b9:4c:c3:31:9c:78:b3:64:4f:60:67:8e:17:29:12:0d:
         6c:1c:32:69:1c:44:22:34:7a:d9:fe:f2:4c:9a:b5:f9:b3:88:
         ca:a3:74:c6:18:8b:0d:a8:6b:7f:ba:0a:df:5b:d4:47:1e:96:
         4f:d6:a9:39:b3:61:b9:29:16:e3:02:9b:4b:b9:b5:a2:51:5a:
         97:da:b8:1b:17:82:91:4b:6e:2c:e6:3e:ab:ee:c8:01:57:6f:
         19:a1:3c:47
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEEIinVTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ODZhYjk3MGJmYjY5NDc1OTdlOTdjZWZiOTE2ZWM3NmEwYzU2ODU4MB4XDTIyMDEw
MTE0MDgzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzBhYzc4NDQ2ZjM2
MGZjMzU4OTYyNzY5NGRiMjA0YTExYzJkMjVhZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM5/fJGtW8rRlGFGYys/xwbd2i9p68loweaHYnMIc1G0jqrg
OHRpqEWR0n4vsQAZhrYQSjXDIlLI3WNuzLtq3pMig4ESwmcfedBYvPwgI6dcLEJg
wi4DrkdMkTsqiVVIvCkURatlo6zW8sc2p2Ybt+J9uuvEh3T1bWrdSRnu5DnlXmQm
bO3zPA/ZIdw3G01CzOKVsJZm6geXwoGc1/GuvXQqaTc2RJ9oXO3m6f9OMbvKOhBn
OS+pWeuPhgfbycjCqBd5KSIcWwgMGFkjiUUD8Jv6eiuFJiLJtecNrAAPJEoxYadb
OUbCQICZIuaaG6EjNqghdE8RDKjHlzR18XA/de0CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTArHhEbzYPw1iWJ2lNsgShHC0lrzAfBgNVHSMEGDAWgBQ4arlwv7aUdZfp
fO+5Fux2oMVoWDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09HcTVjTC0ybEhXWDZYenZ1UmJzZHFERmFGZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmQvNDFmZGE5LTk3MDItNDU4ZC05ODJmLThkMTEyNTdkNGFmNi8x
L3dLeDRSRzgyRDhOWWxpZHBUYklFb1J3dEphOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQv
NDFmZGE5LTk3MDItNDU4ZC05ODJmLThkMTEyNTdkNGFmNi8xL09HcTVjTC0ybEhX
WDZYenZ1UmJzZHFERmFGZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngBNDANBgkqhkiG9w0BAQsF
AAOCAQEAFzy7izy7g22ODFkdWPg1Zf2ZSR5X+XcKPepZ2YMo3fnu+HrV+f5G+IVI
xGgHsnez5lvryjcD5RWq9xvV3ewOJLT8RBJdgY+8/DoUtNWOs5Im0J8H0bys8fpq
xKRxIKGW+pzG3QY3O+tqiO6wkddSU1hgkfqSAPvONK0WPo1EkRbkIuqusQBkd3/b
AGlkumYyphXAkxm27Sc10+U3AY4M2aNEvf+5TMMxnHizZE9gZ44XKRINbBwyaRxE
IjR62f7yTJq1+bOIyqN0xhiLDahrf7oK31vURx6WT9apObNhuSkW4wKbS7m1olFa
l9q4GxeCkUtuLOY+q+7IAVdvGaE8Rw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:22 2024 by rpki-client on console-ams.rpki-client.org