Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/WT-z2Vq3FhOXFqCF1oh1dRYbkc0.roa
File:                     WT-z2Vq3FhOXFqCF1oh1dRYbkc0.roa (raw, json)
Hash identifier:          pnSFbqba/VmfnZv6dqkb5eeP0uKgbIOoNDN4dztBK6c=
Subject key identifier:   59:3F:B3:D9:5A:B7:16:13:97:16:A0:85:D6:88:75:75:16:1B:91:CD
Certificate issuer:       /CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Certificate serial:       05ED8439
Authority key identifier: FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/WT-z2Vq3FhOXFqCF1oh1dRYbkc0.roa
Signing time:             Sat 01 Jan 2022 06:02:15 +0000
ROA not before:           Sat 01 Jan 2022 06:02:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208942
IP address blocks:        2001:bf7:fc00::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 99451961 (0x5ed8439)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
        Validity
            Not Before: Jan  1 06:02:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=593fb3d95ab716139716a085d6887575161b91cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:63:b2:b7:0f:95:20:60:d1:bc:e4:b2:fb:be:
                    07:16:fe:c0:58:3f:56:0a:2d:cd:2f:32:9e:ca:e9:
                    17:eb:51:21:b3:56:bf:76:17:b5:e9:80:cc:bb:7d:
                    9e:2e:73:95:ad:57:2a:93:5d:1c:bb:60:2d:c2:4e:
                    93:ca:c9:cb:12:e5:a4:a3:9e:13:0d:80:70:a0:92:
                    48:88:f0:ef:24:24:ca:ed:4a:29:e3:3c:99:89:5f:
                    9f:53:cf:a1:77:28:8d:25:4c:3f:84:5e:b7:ac:a3:
                    03:0b:c2:69:88:00:31:23:6e:77:78:cf:52:e2:2c:
                    8c:08:e6:56:08:0b:62:07:77:b4:7d:d2:e7:90:18:
                    98:34:a6:49:ad:1f:2e:85:16:f5:98:89:fb:0a:a8:
                    4b:1d:06:dc:72:74:9c:2d:ed:fb:fb:64:06:d4:0b:
                    56:15:4c:84:e0:7a:da:38:af:f3:28:3c:35:7a:c3:
                    30:d6:8a:3a:b3:ba:d1:bd:63:26:40:d6:00:89:7f:
                    e6:97:e5:f9:e5:1d:49:0d:d6:0f:67:e5:07:21:81:
                    41:fd:94:5d:6d:3c:cd:72:93:64:c8:60:fe:d4:78:
                    34:be:38:c4:67:fb:ee:e7:c0:a7:fc:fb:cb:e8:b7:
                    7b:9a:fe:52:79:db:e7:41:aa:96:95:84:b6:d2:91:
                    25:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:3F:B3:D9:5A:B7:16:13:97:16:A0:85:D6:88:75:75:16:1B:91:CD
            X509v3 Authority Key Identifier:
                keyid:FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/WT-z2Vq3FhOXFqCF1oh1dRYbkc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:bf7:fc00::/44

    Signature Algorithm: sha256WithRSAEncryption
         14:2f:e6:67:06:92:72:a3:1f:24:1f:86:3e:87:16:d2:13:8e:
         4d:26:f8:86:93:13:c8:ed:d4:5f:13:7b:1c:99:44:39:69:e3:
         48:e7:2f:6a:99:b6:c3:7a:03:24:10:93:02:ce:26:be:19:93:
         67:dd:dd:4f:f8:57:e5:0a:f4:99:1a:2f:77:8b:b3:0a:51:09:
         eb:0b:bc:c1:5a:86:79:e0:d8:27:36:90:23:ea:bc:c1:da:d9:
         c9:31:9e:ee:de:97:4c:80:92:92:65:ff:ba:bb:6d:0d:a4:12:
         a1:b3:41:2f:22:96:8e:e5:00:99:00:9c:96:a8:93:ea:e2:86:
         01:43:8e:81:0e:28:9d:b3:52:a3:ea:24:f0:eb:0c:1c:82:80:
         1f:1c:ff:8c:c5:5c:51:78:ce:59:30:77:7e:ab:58:5d:27:f1:
         13:12:8b:1a:66:8c:f1:ce:2f:dd:24:70:a5:e1:9d:67:cd:83:
         4f:d7:fe:e5:3b:1e:09:6a:06:4e:07:62:e8:f5:8f:6a:87:50:
         6e:ee:5f:a7:95:1e:b3:31:df:d4:ef:09:2c:a6:95:f8:43:da:
         7d:54:d8:66:3c:55:3b:7e:ac:fb:58:58:3d:b9:ba:be:f3:52:
         25:0d:f4:dd:87:60:cb:0a:b9:32:ad:a2:7a:72:20:4f:3e:9e:
         85:90:9a:24
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBe2EOTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZjMxNDkyNDczYTc4YzZmZTlmNTM5ZjlmYTdkMjI1MjU2MGEyYjdlMB4XDTIyMDEw
MTA2MDIxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTkzZmIzZDk1YWI3
MTYxMzk3MTZhMDg1ZDY4ODc1NzUxNjFiOTFjZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZjsrcPlSBg0bzksvu+Bxb+wFg/VgotzS8ynsrpF+tRIbNW
v3YXtemAzLt9ni5zla1XKpNdHLtgLcJOk8rJyxLlpKOeEw2AcKCSSIjw7yQkyu1K
KeM8mYlfn1PPoXcojSVMP4Ret6yjAwvCaYgAMSNud3jPUuIsjAjmVggLYgd3tH3S
55AYmDSmSa0fLoUW9ZiJ+wqoSx0G3HJ0nC3t+/tkBtQLVhVMhOB62jiv8yg8NXrD
MNaKOrO60b1jJkDWAIl/5pfl+eUdSQ3WD2flByGBQf2UXW08zXKTZMhg/tR4NL44
xGf77ufAp/z7y+i3e5r+Unnb50GqlpWEttKRJf0CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRZP7PZWrcWE5cWoIXWiHV1FhuRzTAfBgNVHSMEGDAWgBT/MUkkc6eMb+n1
Ofn6fSJSVgorfjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L196RkpKSE9uakdfcDlUbjUtbjBpVWxZS0szNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzMvMWI0MTA1LTM0NzEtNDU5Mi1iZjA3LTczZmQzYmMxOWFhNy8x
L1dULXoyVnEzRmhPWEZxQ0Yxb2gxZFJZYmtjMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMv
MWI0MTA1LTM0NzEtNDU5Mi1iZjA3LTczZmQzYmMxOWFhNy8xL196RkpKSE9uakdf
cDlUbjUtbjBpVWxZS0szNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCABC/f8ADANBgkqhkiG9w0BAQsF
AAOCAQEAFC/mZwaScqMfJB+GPocW0hOOTSb4hpMTyO3UXxN7HJlEOWnjSOcvapm2
w3oDJBCTAs4mvhmTZ93dT/hX5Qr0mRovd4uzClEJ6wu8wVqGeeDYJzaQI+q8wdrZ
yTGe7t6XTICSkmX/urttDaQSobNBLyKWjuUAmQCclqiT6uKGAUOOgQ4onbNSo+ok
8OsMHIKAHxz/jMVcUXjOWTB3fqtYXSfxExKLGmaM8c4v3SRwpeGdZ82DT9f+5Tse
CWoGTgdi6PWPaodQbu5fp5UeszHf1O8JLKaV+EPafVTYZjxVO36s+1hYPbm6vvNS
JQ303Ydgywq5Mq2ienIgTz6ehZCaJA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:40 2024 by rpki-client on console-ams.rpki-client.org