Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/220113-44f1-4dc5-b0bc-a656058c531f/1/cjZcIx92d68D7CXsDyWMJYLbPz4.roa
File:                     cjZcIx92d68D7CXsDyWMJYLbPz4.roa (raw, json)
Hash identifier:          0LFX7oMIMDoEh6+dVwsBN60gm39E32dV89xA1KXMOxw=
Subject key identifier:   72:36:5C:23:1F:76:77:AF:03:EC:25:EC:0F:25:8C:25:82:DB:3F:3E
Certificate issuer:       /CN=ffe4146018a763a42a51556359bf15bf85e39ac6
Certificate serial:       086070BD
Authority key identifier: FF:E4:14:60:18:A7:63:A4:2A:51:55:63:59:BF:15:BF:85:E3:9A:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_-QUYBinY6QqUVVjWb8Vv4XjmsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/220113-44f1-4dc5-b0bc-a656058c531f/1/cjZcIx92d68D7CXsDyWMJYLbPz4.roa
Signing time:             Sat 01 Jan 2022 07:00:36 +0000
ROA not before:           Sat 01 Jan 2022 07:00:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:67c:10e4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 140538045 (0x86070bd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffe4146018a763a42a51556359bf15bf85e39ac6
        Validity
            Not Before: Jan  1 07:00:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=72365c231f7677af03ec25ec0f258c2582db3f3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:24:c1:e9:ff:1b:18:c1:95:df:22:ab:0c:f2:
                    c4:08:e1:88:07:f0:d3:4f:66:21:16:88:ee:b0:92:
                    da:c9:ba:d5:0a:c9:18:44:a8:3f:ca:9b:15:6e:6c:
                    0d:6b:00:39:31:d2:4b:5e:70:1e:08:35:a5:7a:1f:
                    dc:e9:3d:a8:39:16:7a:30:a7:c9:e7:24:bd:6e:3b:
                    49:b3:94:df:cb:f0:2f:40:c9:b6:b9:70:9e:36:20:
                    6e:98:0f:1a:cd:60:29:fb:e8:5c:51:f6:ca:ec:02:
                    28:b2:eb:fb:c2:be:db:08:6a:fc:f1:71:54:df:7c:
                    12:15:e2:dc:2a:7f:53:f4:fe:c1:5b:33:c6:47:4f:
                    bd:b4:3a:9c:fb:27:89:d5:2d:36:4a:81:7e:8a:58:
                    51:42:18:41:4f:07:a0:b1:d1:69:b5:a7:29:54:73:
                    ab:32:13:2f:59:4c:0d:fc:76:15:c3:0e:b6:3f:6a:
                    5a:6a:f8:88:34:6b:82:57:65:8e:3e:9d:7d:41:a3:
                    e6:bc:8a:5e:6f:c1:8a:a2:3c:66:d5:60:91:f1:d5:
                    01:0c:4e:bd:24:2b:e7:af:96:a8:f3:e0:cd:80:55:
                    48:43:7c:d1:a0:f8:78:d1:53:7f:60:b2:8f:8c:e3:
                    be:0a:71:57:f8:dd:24:e6:a2:25:c1:08:17:16:a3:
                    3c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:36:5C:23:1F:76:77:AF:03:EC:25:EC:0F:25:8C:25:82:DB:3F:3E
            X509v3 Authority Key Identifier:
                keyid:FF:E4:14:60:18:A7:63:A4:2A:51:55:63:59:BF:15:BF:85:E3:9A:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_-QUYBinY6QqUVVjWb8Vv4XjmsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/220113-44f1-4dc5-b0bc-a656058c531f/1/cjZcIx92d68D7CXsDyWMJYLbPz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/220113-44f1-4dc5-b0bc-a656058c531f/1/_-QUYBinY6QqUVVjWb8Vv4XjmsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:10e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:53:99:12:84:af:cd:26:79:09:16:9f:ee:88:76:01:28:03:
         62:aa:be:05:f8:3f:7b:e7:c5:f0:08:ce:f1:41:03:0a:8d:28:
         5c:90:97:1e:0e:16:50:24:10:f3:56:93:3b:84:45:16:f3:d6:
         54:1b:36:f6:f9:01:c7:23:f7:e5:4d:ad:66:47:cd:20:e8:a6:
         17:32:4c:02:8c:a3:95:27:4a:a2:ab:0e:64:e8:5a:18:7c:9f:
         c7:3d:5f:e2:9a:35:b8:37:d6:5e:58:cb:fb:f6:e6:cb:9d:a9:
         ac:7f:5d:e0:c7:49:14:a8:fb:1e:de:0a:b8:87:a2:38:7e:47:
         19:4c:15:ce:90:2b:f1:e7:4a:2b:a6:f4:e5:7c:1b:cd:c5:0d:
         cc:21:7a:b2:bc:08:cc:4d:68:44:21:40:00:a2:f3:09:46:50:
         33:37:fa:2a:11:72:65:cc:f0:f9:26:b9:da:5e:8a:cf:32:e8:
         c1:a9:50:88:37:83:67:8d:12:fe:8b:af:c8:c4:43:bd:cb:45:
         62:9c:d0:e6:e7:8a:f2:1b:cb:1a:69:33:3d:b6:7a:96:8d:a3:
         75:0c:79:71:12:2f:22:53:54:7e:44:27:7b:90:3a:1a:bc:14:
         72:d4:28:4d:7c:ee:3b:4e:d6:65:63:83:a0:2e:66:30:20:34:
         97:04:1c:b5
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECGBwvTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZmU0MTQ2MDE4YTc2M2E0MmE1MTU1NjM1OWJmMTViZjg1ZTM5YWM2MB4XDTIyMDEw
MTA3MDAzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzIzNjVjMjMxZjc2
NzdhZjAzZWMyNWVjMGYyNThjMjU4MmRiM2YzZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKckwen/GxjBld8iqwzyxAjhiAfw009mIRaI7rCS2sm61QrJ
GESoP8qbFW5sDWsAOTHSS15wHgg1pXof3Ok9qDkWejCnyeckvW47SbOU38vwL0DJ
trlwnjYgbpgPGs1gKfvoXFH2yuwCKLLr+8K+2whq/PFxVN98EhXi3Cp/U/T+wVsz
xkdPvbQ6nPsnidUtNkqBfopYUUIYQU8HoLHRabWnKVRzqzITL1lMDfx2FcMOtj9q
Wmr4iDRrgldljj6dfUGj5ryKXm/BiqI8ZtVgkfHVAQxOvSQr56+WqPPgzYBVSEN8
0aD4eNFTf2Cyj4zjvgpxV/jdJOaiJcEIFxajPC0CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRyNlwjH3Z3rwPsJewPJYwlgts/PjAfBgNVHSMEGDAWgBT/5BRgGKdjpCpR
VWNZvxW/heOaxjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L18tUVVZQmluWTZRcVVWVmpXYjhWdjRYam1zWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzAvMjIwMTEzLTQ0ZjEtNGRjNS1iMGJjLWE2NTYwNThjNTMxZi8x
L2NqWmNJeDkyZDY4RDdDWHNEeVdNSllMYlB6NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAv
MjIwMTEzLTQ0ZjEtNGRjNS1iMGJjLWE2NTYwNThjNTMxZi8xL18tUVVZQmluWTZR
cVVWVmpXYjhWdjRYam1zWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwQ5DANBgkqhkiG9w0BAQsF
AAOCAQEAlFOZEoSvzSZ5CRaf7oh2ASgDYqq+Bfg/e+fF8AjO8UEDCo0oXJCXHg4W
UCQQ81aTO4RFFvPWVBs29vkBxyP35U2tZkfNIOimFzJMAoyjlSdKoqsOZOhaGHyf
xz1f4po1uDfWXljL+/bmy52prH9d4MdJFKj7Ht4KuIeiOH5HGUwVzpAr8edKK6b0
5XwbzcUNzCF6srwIzE1oRCFAAKLzCUZQMzf6KhFyZczw+Sa52l6KzzLowalQiDeD
Z40S/ouvyMRDvctFYpzQ5ueK8hvLGmkzPbZ6lo2jdQx5cRIvIlNUfkQne5A6GrwU
ctQoTXzuO07WZWODoC5mMCA0lwQctQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:01 2024 by rpki-client on console-ams.rpki-client.org