Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/QOrVnJkux3BTTz9CMOYAI9GWOs4.roa
File:                     QOrVnJkux3BTTz9CMOYAI9GWOs4.roa (raw, json)
Hash identifier:          Fpbt/QvuxVjL3f6A4c7AlCvikGOM6YMJr/UjkF3yTZI=
Subject key identifier:   40:EA:D5:9C:99:2E:C7:70:53:4F:3F:42:30:E6:00:23:D1:96:3A:CE
Certificate issuer:       /CN=4da3711dc5de45f2f5b47901659e956d938272fe
Certificate serial:       0B3AEE24
Authority key identifier: 4D:A3:71:1D:C5:DE:45:F2:F5:B4:79:01:65:9E:95:6D:93:82:72:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/QOrVnJkux3BTTz9CMOYAI9GWOs4.roa
Signing time:             Sat 01 Jan 2022 05:04:26 +0000
ROA not before:           Sat 01 Jan 2022 05:04:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204896
IP address blocks:        2001:67c:1384::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 188411428 (0xb3aee24)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da3711dc5de45f2f5b47901659e956d938272fe
        Validity
            Not Before: Jan  1 05:04:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=40ead59c992ec770534f3f4230e60023d1963ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8b:1f:4b:36:7d:f9:30:8f:ee:7e:77:0f:92:
                    dc:c6:94:7e:2a:63:8c:65:75:f3:4e:21:4a:51:ef:
                    ba:04:8f:1d:7d:35:01:11:eb:dc:a3:9e:0a:85:5f:
                    7c:78:db:92:9a:ca:9c:85:e4:f9:73:de:e2:9a:5b:
                    31:c8:d5:53:8c:f9:94:b5:45:4b:7a:49:99:dc:c7:
                    93:32:20:9a:5c:bf:61:9c:5b:5e:bb:a4:e4:4c:c3:
                    dc:78:e8:8b:ce:51:aa:1a:4e:99:3d:6d:0f:46:fa:
                    23:35:d2:17:15:ad:a7:d9:43:33:c9:7b:52:80:94:
                    50:58:36:df:d5:01:e4:1a:c1:4f:ca:0c:80:96:e3:
                    c3:c9:61:d3:7d:51:35:25:37:6f:84:72:f7:07:bb:
                    92:57:a8:48:20:39:55:61:b2:3f:67:75:52:1b:96:
                    99:52:39:66:27:11:35:37:a3:4b:99:a8:25:29:d8:
                    6a:75:c3:2b:f1:ff:62:c8:c6:a4:f3:6f:ef:10:53:
                    3f:69:9e:60:29:9d:8c:a7:b7:12:40:cd:16:47:29:
                    b7:2e:83:97:42:40:bd:d6:4a:d9:6b:7c:52:43:66:
                    7d:18:9b:76:63:c4:6f:fc:46:bd:47:19:7c:d2:33:
                    21:a2:61:75:1c:82:ba:db:39:ec:f9:ac:07:49:20:
                    1f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:EA:D5:9C:99:2E:C7:70:53:4F:3F:42:30:E6:00:23:D1:96:3A:CE
            X509v3 Authority Key Identifier:
                keyid:4D:A3:71:1D:C5:DE:45:F2:F5:B4:79:01:65:9E:95:6D:93:82:72:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/QOrVnJkux3BTTz9CMOYAI9GWOs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a831c0-457c-4ba8-bec7-e251109bfd19/1/TaNxHcXeRfL1tHkBZZ6VbZOCcv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1384::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:1b:20:d0:e1:1b:2c:dd:51:14:38:a3:29:88:65:8f:05:d9:
         96:29:2c:31:d4:d4:38:99:01:25:56:f2:83:0f:c1:96:a6:c9:
         21:1f:10:76:9b:26:08:04:99:68:7b:7f:54:23:6f:8d:c8:7a:
         e4:58:34:3d:07:96:67:eb:fe:45:66:fa:80:3c:39:18:09:f3:
         d9:1e:5c:a1:94:cf:4b:d9:77:48:09:1a:2f:e4:58:2e:22:80:
         af:bb:37:86:41:96:04:9d:12:3b:9f:7e:de:ac:b2:46:49:d1:
         62:09:e4:cc:7c:18:88:99:b9:3b:2f:bf:3b:b4:5e:80:d4:de:
         c4:c4:e0:c4:3b:0f:25:f4:e5:5f:59:cb:94:1d:d0:ab:a0:1a:
         c9:68:a7:d1:bb:63:66:64:3f:e1:33:ea:ad:7e:e0:93:ad:aa:
         13:89:26:36:b8:aa:7b:bc:f2:f0:30:ed:f8:65:84:c0:f4:3e:
         38:65:15:30:79:2f:39:22:67:cc:e4:a6:4b:d5:bf:fc:0c:66:
         2e:2f:df:bb:0b:95:51:58:9c:f9:bc:1a:50:9b:46:23:5e:4c:
         d7:77:3d:90:e7:be:db:31:4f:94:6e:61:b1:fd:a0:e8:96:01:
         e7:40:c8:fa:b9:68:1d:f4:b5:2e:03:31:a7:91:31:67:03:e2:
         6c:76:bb:ef
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECzruJDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZGEzNzExZGM1ZGU0NWYyZjViNDc5MDE2NTllOTU2ZDkzODI3MmZlMB4XDTIyMDEw
MTA1MDQyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDBlYWQ1OWM5OTJl
Yzc3MDUzNGYzZjQyMzBlNjAwMjNkMTk2M2FjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGLH0s2ffkwj+5+dw+S3MaUfipjjGV1804hSlHvugSPHX01
ARHr3KOeCoVffHjbkprKnIXk+XPe4ppbMcjVU4z5lLVFS3pJmdzHkzIgmly/YZxb
Xruk5EzD3Hjoi85RqhpOmT1tD0b6IzXSFxWtp9lDM8l7UoCUUFg239UB5BrBT8oM
gJbjw8lh031RNSU3b4Ry9we7kleoSCA5VWGyP2d1UhuWmVI5ZicRNTejS5moJSnY
anXDK/H/YsjGpPNv7xBTP2meYCmdjKe3EkDNFkcpty6Dl0JAvdZK2Wt8UkNmfRib
dmPEb/xGvUcZfNIzIaJhdRyCuts57PmsB0kgHxUCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRA6tWcmS7HcFNPP0Iw5gAj0ZY6zjAfBgNVHSMEGDAWgBRNo3Edxd5F8vW0
eQFlnpVtk4Jy/jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RhTnhIY1hlUmZMMXRIa0JaWjZWYlpPQ2N2NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmQvYTgzMWMwLTQ1N2MtNGJhOC1iZWM3LWUyNTExMDliZmQxOS8x
L1FPclZuSmt1eDNCVFR6OUNNT1lBSTlHV09zNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQv
YTgzMWMwLTQ1N2MtNGJhOC1iZWM3LWUyNTExMDliZmQxOS8xL1RhTnhIY1hlUmZM
MXRIa0JaWjZWYlpPQ2N2NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwThDANBgkqhkiG9w0BAQsF
AAOCAQEACRsg0OEbLN1RFDijKYhljwXZliksMdTUOJkBJVbygw/BlqbJIR8Qdpsm
CASZaHt/VCNvjch65Fg0PQeWZ+v+RWb6gDw5GAnz2R5coZTPS9l3SAkaL+RYLiKA
r7s3hkGWBJ0SO59+3qyyRknRYgnkzHwYiJm5Oy+/O7RegNTexMTgxDsPJfTlX1nL
lB3Qq6AayWin0btjZmQ/4TPqrX7gk62qE4kmNriqe7zy8DDt+GWEwPQ+OGUVMHkv
OSJnzOSmS9W//AxmLi/fuwuVUVic+bwaUJtGI15M13c9kOe+2zFPlG5hsf2g6JYB
50DI+rloHfS1LgMxp5ExZwPibHa77w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:57 2024 by rpki-client on console-fra.rpki-client.org