Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/j4PhdOnwe0JmjKIa0gNBPUDGOi4.roa
File:                     j4PhdOnwe0JmjKIa0gNBPUDGOi4.roa (raw, json)
Hash identifier:          5srY2Mz6Ow3nDcc8znk0V2swdF5ci27AxbS+73KPEjQ=
Subject key identifier:   8F:83:E1:74:E9:F0:7B:42:66:8C:A2:1A:D2:03:41:3D:40:C6:3A:2E
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       199EFD5B
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/j4PhdOnwe0JmjKIa0gNBPUDGOi4.roa
Signing time:             Sat 01 Jan 2022 05:52:35 +0000
ROA not before:           Sat 01 Jan 2022 05:52:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51783
IP address blocks:        2a04:ac00:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 429849947 (0x199efd5b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  1 05:52:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8f83e174e9f07b42668ca21ad203413d40c63a2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:31:e3:eb:42:d7:71:68:b4:c6:c4:6d:02:62:
                    86:2b:f5:c1:fb:f1:8f:4e:40:80:d6:6f:d1:7f:7b:
                    48:ce:51:59:18:81:4a:02:38:e3:57:96:61:c4:0b:
                    fd:89:11:f8:52:5c:92:18:41:15:4a:4a:09:44:ca:
                    2d:2e:f5:a0:c1:30:e7:4f:5d:da:3b:67:4f:8b:81:
                    13:52:d7:91:a9:23:08:c3:aa:27:9a:e4:24:33:0c:
                    ca:1f:4b:0f:7c:90:46:55:16:88:ea:f2:38:81:d0:
                    d1:5b:d8:87:75:01:29:d7:38:b1:5d:11:f7:ee:08:
                    e8:c5:f9:2a:f5:b6:e5:20:40:27:e3:87:c1:06:4e:
                    6a:03:bd:83:95:ea:26:41:a3:59:04:17:5c:0f:c8:
                    b8:c5:48:5f:5d:cd:9e:1b:17:4a:3f:67:cb:07:16:
                    21:0f:0d:aa:30:7f:4d:1c:32:01:eb:57:ea:fe:9f:
                    eb:02:28:24:45:56:d0:e4:0e:2f:21:58:79:5e:65:
                    eb:51:41:53:f0:b9:d0:f5:b0:1f:d1:bb:94:4e:f7:
                    70:e7:11:8f:7f:b6:4e:ec:c7:5c:48:e3:b7:31:a4:
                    3d:d3:ef:a8:0a:13:db:d3:40:26:10:88:a6:35:99:
                    76:7a:ea:54:87:5e:d8:05:41:a2:bc:b4:7c:cc:ea:
                    8f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:83:E1:74:E9:F0:7B:42:66:8C:A2:1A:D2:03:41:3D:40:C6:3A:2E
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/j4PhdOnwe0JmjKIa0gNBPUDGOi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac00:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:f4:d1:dd:4c:60:35:cf:93:00:2e:08:b4:1e:23:4e:92:b3:
         1e:33:b8:07:e2:a7:57:04:bd:97:77:18:be:e8:d1:a0:c3:2b:
         c8:d0:f8:af:fb:cd:88:a8:50:fa:1b:53:30:17:2d:01:eb:11:
         75:14:95:1b:cd:c4:ca:96:d7:60:2a:34:7b:2b:06:a8:40:48:
         2e:a2:e1:4a:09:ac:a6:ff:b3:e6:a9:6a:04:16:10:1d:76:b9:
         26:0d:aa:da:50:c2:5c:e3:66:ea:32:12:d6:fb:82:a7:55:bf:
         d2:b2:5a:ed:35:69:a1:07:e6:af:35:64:89:36:cf:1f:e4:43:
         87:26:58:46:95:7b:86:31:19:37:f9:14:ee:90:87:06:31:d9:
         a6:ce:21:b4:e5:35:6d:9d:b0:6b:8f:2b:d6:49:bf:88:b4:38:
         d4:6d:9e:9e:e4:15:97:21:ea:de:23:39:90:00:6d:ec:95:74:
         b0:75:c0:b2:c2:3c:66:55:e9:ae:e5:2e:69:b2:9a:a8:18:57:
         9d:0a:d1:ac:ec:26:04:8d:10:8d:34:39:b8:ef:d8:c9:4d:e8:
         e7:cf:02:d8:79:a9:c5:e1:09:45:3e:85:40:ac:91:f5:45:22:
         74:36:12:44:db:0d:d3:17:4c:c0:74:ee:1a:2d:99:fa:ca:ff:
         50:1e:06:da
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEGZ79WzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZDgzMTNlNDFlNjQ2YTA5Y2QwMWUyZTZmNDczOWQzYmQyMzZjNGZmMB4XDTIyMDEw
MTA1NTIzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGY4M2UxNzRlOWYw
N2I0MjY2OGNhMjFhZDIwMzQxM2Q0MGM2M2EyZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMkx4+tC13FotMbEbQJihiv1wfvxj05AgNZv0X97SM5RWRiB
SgI441eWYcQL/YkR+FJckhhBFUpKCUTKLS71oMEw509d2jtnT4uBE1LXkakjCMOq
J5rkJDMMyh9LD3yQRlUWiOryOIHQ0VvYh3UBKdc4sV0R9+4I6MX5KvW25SBAJ+OH
wQZOagO9g5XqJkGjWQQXXA/IuMVIX13NnhsXSj9nywcWIQ8NqjB/TRwyAetX6v6f
6wIoJEVW0OQOLyFYeV5l61FBU/C50PWwH9G7lE73cOcRj3+2TuzHXEjjtzGkPdPv
qAoT29NAJhCIpjWZdnrqVIde2AVBory0fMzqj3kCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBSPg+F06fB7QmaMohrSA0E9QMY6LjAfBgNVHSMEGDAWgBTNgxPkHmRqCc0B
4ub0c5070jbE/zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pZTVQ1QjVrYWduTkFlTG05SE9kTzlJMnhQOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMzQ2NWYzLTAzYzItNGVhYS1hNjc0LTg4NjJiNTE3MzE3Yy8x
L2o0UGhkT253ZTBKbWpLSWEwZ05CUFVER09pNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MzQ2NWYzLTAzYzItNGVhYS1hNjc0LTg4NjJiNTE3MzE3Yy8xL3pZTVQ1QjVrYWdu
TkFlTG05SE9kTzlJMnhQOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoErAAAAzANBgkqhkiG9w0BAQsF
AAOCAQEAX/TR3UxgNc+TAC4ItB4jTpKzHjO4B+KnVwS9l3cYvujRoMMryND4r/vN
iKhQ+htTMBctAesRdRSVG83EypbXYCo0eysGqEBILqLhSgmspv+z5qlqBBYQHXa5
Jg2q2lDCXONm6jIS1vuCp1W/0rJa7TVpoQfmrzVkiTbPH+RDhyZYRpV7hjEZN/kU
7pCHBjHZps4htOU1bZ2wa48r1km/iLQ41G2enuQVlyHq3iM5kABt7JV0sHXAssI8
ZlXpruUuabKaqBhXnQrRrOwmBI0QjTQ5uO/YyU3o588C2HmpxeEJRT6FQKyR9UUi
dDYSRNsN0xdMwHTuGi2Z+sr/UB4G2g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:02 2024 by rpki-client on console-fra.rpki-client.org