Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/acSegCXZEP8Y6G0QckZpwDq8v0U.roa
File:                     acSegCXZEP8Y6G0QckZpwDq8v0U.roa (raw, json)
Hash identifier:          vS1qw9WUIYbHlP5wXtvEBAyefZDjuc9PebqGEfk3mL8=
Subject key identifier:   69:C4:9E:80:25:D9:10:FF:18:E8:6D:10:72:46:69:C0:3A:BC:BF:45
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       3A65DC38
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/acSegCXZEP8Y6G0QckZpwDq8v0U.roa
Signing time:             Fri 04 Feb 2022 11:24:10 +0000
ROA not before:           Fri 04 Feb 2022 11:24:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12912
IP address blocks:        2001:4190::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 979754040 (0x3a65dc38)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Feb  4 11:24:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=69c49e8025d910ff18e86d10724669c03abcbf45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:34:b9:d3:43:bc:16:6d:c4:b4:5f:68:e5:b7:
                    c3:c7:67:81:75:98:a6:cc:6a:08:ff:f5:78:05:8a:
                    dc:c6:83:a1:40:6a:66:bc:aa:3c:92:3e:5c:14:ee:
                    af:78:98:4d:5a:e5:f8:d2:74:07:e8:d7:d2:ea:0c:
                    ab:c5:fc:f0:72:c3:0c:c1:2a:ac:3f:c4:83:80:8e:
                    9a:09:3b:2c:35:bb:46:92:f9:64:b8:38:92:3d:e5:
                    52:00:a6:3f:44:ed:6e:78:e0:a1:25:31:e8:2f:6b:
                    9c:3b:c1:16:db:d7:68:90:ee:23:c3:b7:be:47:b4:
                    0b:ff:8f:75:c2:89:55:20:06:a0:d8:e7:b3:2c:78:
                    9c:60:48:35:e2:92:4e:40:fc:7f:f2:39:9c:41:8c:
                    a7:c0:15:f8:e8:dd:b0:8c:07:64:b1:ce:39:a2:d9:
                    fb:23:ee:e6:23:ec:0c:da:e6:94:94:1c:e0:29:d9:
                    78:10:36:c7:38:07:95:9c:04:69:58:7c:1d:e8:c5:
                    eb:0e:aa:a2:02:e0:8d:91:08:42:81:ed:71:a4:57:
                    c9:1e:98:c0:25:a0:51:91:f9:6b:42:49:16:68:c0:
                    7a:4b:14:bc:b3:5a:34:a9:40:75:02:b6:12:64:ac:
                    0f:1b:a9:aa:fd:d6:3a:b6:95:03:6c:f8:b7:75:a3:
                    a8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C4:9E:80:25:D9:10:FF:18:E8:6D:10:72:46:69:C0:3A:BC:BF:45
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/acSegCXZEP8Y6G0QckZpwDq8v0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4190::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:64:1e:1d:b6:d9:77:bb:41:5b:46:e0:28:24:46:c7:1b:f4:
         01:36:8b:a0:fb:b6:fc:0e:58:61:de:4d:a1:61:26:48:fc:5e:
         7e:59:36:64:70:79:03:25:28:d3:d0:5c:13:9c:8f:f8:19:5b:
         80:ca:04:24:67:3c:d9:b9:9f:49:1f:2e:5c:dd:fc:2d:95:52:
         63:52:be:f0:12:f9:fc:09:24:65:3c:f2:da:3b:17:53:9f:47:
         0a:86:61:50:7d:ca:3f:28:58:37:d2:4a:a6:f6:ff:16:e3:70:
         c6:cb:42:9d:81:0d:cb:b6:bb:f7:3b:e9:73:e4:eb:37:37:3a:
         9b:b8:fb:d0:bd:76:85:17:77:5f:44:a6:c2:04:5b:bd:dd:26:
         31:e2:4d:5e:cc:e8:f7:ed:5f:69:0e:2d:8a:f0:db:01:77:54:
         98:1d:ac:5a:2b:6a:f5:e8:f5:20:6a:88:2f:ba:9a:f3:0c:af:
         3a:db:48:1b:5c:d6:90:f2:55:21:dc:1f:6e:54:c7:7d:f5:83:
         35:20:20:d3:5f:f3:63:32:a9:d1:c4:a1:f5:5f:db:03:fd:ac:
         20:be:0e:51:db:71:fd:97:06:f7:b9:56:c5:57:e8:53:2d:bd:
         87:93:db:69:b1:f8:02:5c:7d:17:69:e2:8c:18:a8:bb:c8:3b:
         02:34:65:d0
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIEOmXcODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDIw
NDExMjQxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjljNDllODAyNWQ5
MTBmZjE4ZTg2ZDEwNzI0NjY5YzAzYWJjYmY0NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANw0udNDvBZtxLRfaOW3w8dngXWYpsxqCP/1eAWK3MaDoUBq
ZryqPJI+XBTur3iYTVrl+NJ0B+jX0uoMq8X88HLDDMEqrD/Eg4COmgk7LDW7RpL5
ZLg4kj3lUgCmP0TtbnjgoSUx6C9rnDvBFtvXaJDuI8O3vke0C/+PdcKJVSAGoNjn
syx4nGBINeKSTkD8f/I5nEGMp8AV+OjdsIwHZLHOOaLZ+yPu5iPsDNrmlJQc4CnZ
eBA2xzgHlZwEaVh8HejF6w6qogLgjZEIQoHtcaRXyR6YwCWgUZH5a0JJFmjAeksU
vLNaNKlAdQK2EmSsDxupqv3WOraVA2z4t3WjqNsCAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBRpxJ6AJdkQ/xjobRByRmnAOry/RTAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L2FjU2VnQ1haRVA4WTZHMFFja1pwd0RxOHYwVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACABQZAwDQYJKoZIhvcNAQELBQAD
ggEBAGNkHh222Xe7QVtG4CgkRscb9AE2i6D7tvwOWGHeTaFhJkj8Xn5ZNmRweQMl
KNPQXBOcj/gZW4DKBCRnPNm5n0kfLlzd/C2VUmNSvvAS+fwJJGU88to7F1OfRwqG
YVB9yj8oWDfSSqb2/xbjcMbLQp2BDcu2u/c76XPk6zc3Opu4+9C9doUXd19EpsIE
W73dJjHiTV7M6PftX2kOLYrw2wF3VJgdrForavXo9SBqiC+6mvMMrzrbSBtc1pDy
VSHcH25Ux331gzUgINNf82MyqdHEofVf2wP9rCC+DlHbcf2XBve5VsVX6FMtvYeT
22mx+AJcfRdp4owYqLvIOwI0ZdA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:32 2024 by rpki-client on console-ams.rpki-client.org