Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/ZLfbL4FV4F-aCyo_r5U_wGXHQ7I.roa
File:                     ZLfbL4FV4F-aCyo_r5U_wGXHQ7I.roa (raw, json)
Hash identifier:          mmz9vugnZn/JsOoJeabb1QJ29T0xJRSjkvLsfJ7EDug=
Subject key identifier:   64:B7:DB:2F:81:55:E0:5F:9A:0B:2A:3F:AF:95:3F:C0:65:C7:43:B2
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       0151B53F
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/ZLfbL4FV4F-aCyo_r5U_wGXHQ7I.roa
Signing time:             Sat 01 Jan 2022 03:56:32 +0000
ROA not before:           Sat 01 Jan 2022 03:56:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207613
IP address blocks:        2a09:11c0:200::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22132031 (0x151b53f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jan  1 03:56:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=64b7db2f8155e05f9a0b2a3faf953fc065c743b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:04:0a:6b:21:a8:10:e2:c4:e0:8b:58:c5:aa:
                    35:53:5d:8f:8a:6d:9e:1b:74:0b:29:6e:55:45:25:
                    2d:b7:f1:87:e9:80:ea:25:89:2d:aa:2e:87:6f:73:
                    e2:99:51:08:78:b6:cb:a7:5e:04:b4:0f:00:35:e1:
                    65:b0:95:ea:03:a2:a9:94:4c:98:8d:38:e6:da:d5:
                    a9:b3:b5:2d:88:b0:55:56:0f:09:d6:f9:cc:c3:b8:
                    59:b4:d0:6b:04:c1:0a:41:f2:bc:77:d7:43:9b:f0:
                    20:d0:74:79:45:5d:fb:a2:41:05:70:0f:88:45:1e:
                    bf:6c:7b:49:48:15:8e:f6:d9:da:4f:47:32:a9:16:
                    23:d8:5c:d3:3a:cf:06:a2:b4:cd:28:ef:be:81:32:
                    5c:c1:c6:fa:b3:8a:66:73:34:d7:2d:e1:52:e7:58:
                    da:4e:96:ad:a4:55:e5:30:28:06:0b:0b:32:e6:c9:
                    0a:b9:1d:88:fa:f0:e4:ae:70:44:c1:2e:01:5c:53:
                    98:e1:e3:c0:3a:7e:7f:ee:63:bc:8f:db:2b:8a:f3:
                    30:11:f6:c7:6b:de:7d:26:3e:a7:57:bb:f9:02:15:
                    53:85:99:b2:83:83:34:ca:11:3a:2a:d5:b3:1b:4c:
                    71:26:aa:6f:f8:5f:88:5f:49:b5:83:52:11:a7:78:
                    87:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B7:DB:2F:81:55:E0:5F:9A:0B:2A:3F:AF:95:3F:C0:65:C7:43:B2
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/ZLfbL4FV4F-aCyo_r5U_wGXHQ7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:11c0:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:3e:82:66:59:25:ea:18:01:9f:71:94:da:a6:54:df:55:45:
         26:dc:db:ba:98:f3:2c:cd:f5:33:5e:8c:fa:53:0c:6f:fb:94:
         90:ae:bf:91:5f:92:8b:ca:90:23:5b:86:57:71:ca:10:7d:56:
         7a:df:03:50:33:e0:45:2a:3f:b8:ec:e6:f1:9d:a9:44:fe:42:
         a9:65:d1:c1:55:3d:d8:c9:88:d4:2d:5e:c3:35:72:ed:ca:1d:
         eb:75:91:5d:8b:4b:37:2e:7c:e3:95:92:81:4c:78:03:5b:6e:
         27:4e:53:80:96:ea:91:6e:c7:ab:09:f8:83:b0:3f:08:50:54:
         13:ae:31:92:fc:8b:c9:f1:be:04:02:9b:14:03:2a:9d:5d:e4:
         a3:7c:08:6f:d8:08:0e:02:4f:e8:74:b5:3e:a6:47:7a:35:4b:
         5c:5c:ab:39:da:6b:7c:6f:5f:77:30:8b:6a:d5:55:4c:31:5e:
         32:5d:59:81:8a:d6:47:78:0f:58:f1:ce:7a:cd:94:5a:ac:51:
         25:b1:a9:20:78:6f:1d:48:1a:0e:30:7e:c1:f3:14:fa:ec:d3:
         3a:ef:11:3c:d7:0d:59:70:c1:9b:db:26:8d:e6:02:40:4f:cf:
         9e:90:a0:2d:34:43:d7:17:af:5f:4c:3b:cd:6e:3f:22:71:15:
         fb:77:5c:e4
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEAVG1PzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MDRlYjIwNGYzNTgwMDQ3ODgyMjRlMmZiMThlNGQ1ZTc0YmViZjhkMB4XDTIyMDEw
MTAzNTYzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjRiN2RiMmY4MTU1
ZTA1ZjlhMGIyYTNmYWY5NTNmYzA2NWM3NDNiMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK0ECmshqBDixOCLWMWqNVNdj4ptnht0CyluVUUlLbfxh+mA
6iWJLaouh29z4plRCHi2y6deBLQPADXhZbCV6gOiqZRMmI045trVqbO1LYiwVVYP
Cdb5zMO4WbTQawTBCkHyvHfXQ5vwINB0eUVd+6JBBXAPiEUev2x7SUgVjvbZ2k9H
MqkWI9hc0zrPBqK0zSjvvoEyXMHG+rOKZnM01y3hUudY2k6WraRV5TAoBgsLMubJ
CrkdiPrw5K5wRMEuAVxTmOHjwDp+f+5jvI/bK4rzMBH2x2vefSY+p1e7+QIVU4WZ
soODNMoROirVsxtMcSaqb/hfiF9JtYNSEad4h7kCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRkt9svgVXgX5oLKj+vlT/AZcdDsjAfBgNVHSMEGDAWgBTwTrIE81gAR4gi
Ti+xjk1edL6/jTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhFNnlCUE5ZQUVlSUlrNHZzWTVOWG5TLXY0MC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOWFiNDJhLWRmOTItNGU0Mi05ZTMzLTVjNTg5MmFmYTQ4Ny8x
L1pMZmJMNEZWNEYtYUN5b19yNVVfd0dYSFE3SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OWFiNDJhLWRmOTItNGU0Mi05ZTMzLTVjNTg5MmFmYTQ4Ny8xLzhFNnlCUE5ZQUVl
SUlrNHZzWTVOWG5TLXY0MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoJEcACADANBgkqhkiG9w0BAQsF
AAOCAQEAJT6CZlkl6hgBn3GU2qZU31VFJtzbupjzLM31M16M+lMMb/uUkK6/kV+S
i8qQI1uGV3HKEH1Wet8DUDPgRSo/uOzm8Z2pRP5CqWXRwVU92MmI1C1ewzVy7cod
63WRXYtLNy5845WSgUx4A1tuJ05TgJbqkW7Hqwn4g7A/CFBUE64xkvyLyfG+BAKb
FAMqnV3ko3wIb9gIDgJP6HS1PqZHejVLXFyrOdprfG9fdzCLatVVTDFeMl1ZgYrW
R3gPWPHOes2UWqxRJbGpIHhvHUgaDjB+wfMU+uzTOu8RPNcNWXDBm9smjeYCQE/P
npCgLTRD1xevX0w7zW4/InEV+3dc5A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:09 2024 by rpki-client on console-fra.rpki-client.org