Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Zwqa5E2aA3JhzspVQkxnbP7M8OM.roa
File:                     Zwqa5E2aA3JhzspVQkxnbP7M8OM.roa (raw, json)
Hash identifier:          NQz2fufQ3U+shUgjICsPLBMntu2qLuAOcwFUqBJNFyU=
Subject key identifier:   67:0A:9A:E4:4D:9A:03:72:61:CE:CA:55:42:4C:67:6C:FE:CC:F0:E3
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       179B22F1
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Zwqa5E2aA3JhzspVQkxnbP7M8OM.roa
Signing time:             Sat 01 Jan 2022 13:03:25 +0000
ROA not before:           Sat 01 Jan 2022 13:03:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204254
IP address blocks:        2a07:6fc6:2::/48 maxlen: 48
                          2a00:f826:a::/48 maxlen: 48
                          2a07:6fc6::/32 maxlen: 32
                          2a07:6fc6::/40 maxlen: 40
                          2a07:6fc6:200::/40 maxlen: 40
                          2a07:6fc6:100::/40 maxlen: 40
                          2a07:6fc6:1::/48 maxlen: 48
                          2a07:6fc6::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 396042993 (0x179b22f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 13:03:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=670a9ae44d9a037261ceca55424c676cfeccf0e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:91:88:15:4c:3d:b1:96:6a:38:06:13:dd:b5:
                    d4:0f:bb:8b:f6:80:d7:ed:ff:f2:7c:9d:16:cc:fc:
                    55:4b:3f:03:f0:59:cd:0f:ef:6f:70:f4:ad:6d:b8:
                    c2:a1:9d:d8:35:9c:71:8b:9e:36:0c:28:15:6a:2f:
                    27:ec:7b:d1:e1:ea:08:eb:5b:44:0e:dc:a3:c3:bf:
                    02:b6:ef:1d:32:bb:7c:01:4f:ba:f6:ab:40:94:f3:
                    71:57:63:6c:f3:50:c9:a1:8d:55:7a:47:84:2f:af:
                    ce:c4:c6:92:b9:8e:b5:e7:44:10:09:f5:3b:91:0f:
                    be:cf:f0:05:35:ab:bf:34:a2:16:1b:98:c4:76:95:
                    36:ac:ff:08:16:68:dd:42:4b:b3:7c:be:fa:0e:d1:
                    54:ca:e1:e2:2f:66:0b:05:bd:78:25:94:46:13:4f:
                    5f:c0:7c:7a:fb:9a:6d:df:85:4f:25:af:c5:aa:0a:
                    96:a5:70:4c:8f:92:9e:9d:bb:d3:92:42:cf:65:42:
                    74:2a:bb:a9:07:17:51:bf:47:1a:1f:11:13:54:bd:
                    ba:af:f6:ac:5b:67:5e:09:b7:11:4b:58:0e:79:5a:
                    2e:4c:97:74:3e:2f:f8:fb:b3:f1:71:0f:fc:c0:30:
                    1d:e8:70:bd:d1:ee:50:f8:cf:06:a1:40:9d:d4:24:
                    27:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:0A:9A:E4:4D:9A:03:72:61:CE:CA:55:42:4C:67:6C:FE:CC:F0:E3
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Zwqa5E2aA3JhzspVQkxnbP7M8OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f826:a::/48
                  2a07:6fc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:25:d3:a2:63:12:92:9b:cf:f6:98:a9:ea:b1:05:b2:3c:60:
         a5:4a:8e:ca:34:96:99:23:04:11:45:85:6b:ed:cb:24:70:94:
         0f:0b:d5:21:bd:02:ba:cb:be:06:36:ff:c0:5f:e7:67:37:cb:
         f9:95:76:e7:1e:72:e1:6d:ac:6e:f6:7a:bf:d4:0f:1b:4b:f3:
         9d:d2:1b:e8:4d:8a:53:20:5d:d5:a5:4a:e3:a4:1b:bb:66:f5:
         12:b1:3c:22:c7:5f:2a:2b:43:fd:5b:12:94:00:14:52:6b:08:
         df:2c:6e:87:97:69:37:61:40:61:62:d3:69:69:6b:fd:77:b4:
         c6:2f:92:f3:18:93:ae:89:fd:01:58:70:d6:34:78:6b:23:9f:
         9b:f7:a5:db:6c:50:e6:c2:64:5b:88:04:47:4c:51:94:33:99:
         bf:14:d5:38:5f:11:83:9e:db:08:f8:32:3a:db:4f:46:33:7e:
         5a:dd:b3:52:6c:53:66:b4:b0:92:d1:93:68:68:e6:93:2a:4d:
         6e:4b:ea:1e:5b:38:49:4e:4b:99:47:17:6f:f5:4e:25:91:d4:
         50:60:0b:fb:49:9d:63:04:f5:4c:d0:76:3e:cf:da:77:71:44:
         57:01:0c:fd:13:30:35:b7:9e:ca:f1:14:82:f7:e3:2d:4e:b6:
         e7:54:d9:8b
-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgIEF5si8TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NDI1M2M0ZjIzM2NlOTg0NzY5OWFlNjhlY2JmNWQ3NTE0YjBmYWRiMB4XDTIyMDEw
MTEzMDMyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjcwYTlhZTQ0ZDlh
MDM3MjYxY2VjYTU1NDI0YzY3NmNmZWNjZjBlMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKuRiBVMPbGWajgGE9211A+7i/aA1+3/8nydFsz8VUs/A/BZ
zQ/vb3D0rW24wqGd2DWccYueNgwoFWovJ+x70eHqCOtbRA7co8O/ArbvHTK7fAFP
uvarQJTzcVdjbPNQyaGNVXpHhC+vzsTGkrmOtedEEAn1O5EPvs/wBTWrvzSiFhuY
xHaVNqz/CBZo3UJLs3y++g7RVMrh4i9mCwW9eCWURhNPX8B8evuabd+FTyWvxaoK
lqVwTI+Snp2705JCz2VCdCq7qQcXUb9HGh8RE1S9uq/2rFtnXgm3EUtYDnlaLkyX
dD4v+Puz8XEP/MAwHehwvdHuUPjPBqFAndQkJ+MCAwEAAaOCAhMwggIPMB0GA1Ud
DgQWBBRnCprkTZoDcmHOylVCTGds/szw4zAfBgNVHSMEGDAWgBS0JTxPIzzphHaZ
rmjsv111FLD62zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RDVThUeU04NllSMm1hNW83TDlkZFJTdy10cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDFkNmUxLTVjYWQtNDBkYi05NzczLTU4YjM4ZjVhYzgwYi8x
L1p3cWE1RTJhQTNKaHpzcFZRa3huYlA3TThPTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDFkNmUxLTVjYWQtNDBkYi05NzczLTU4YjM4ZjVhYzgwYi8xL3RDVThUeU04NllS
Mm1hNW83TDlkZFJTdy10cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAp
BggrBgEFBQcBBwEB/wQaMBgwFgQCAAIwEAMHACoA+CYACgMFACoHb8YwDQYJKoZI
hvcNAQELBQADggEBAJ8l06JjEpKbz/aYqeqxBbI8YKVKjso0lpkjBBFFhWvtyyRw
lA8L1SG9ArrLvgY2/8Bf52c3y/mVducecuFtrG72er/UDxtL853SG+hNilMgXdWl
SuOkG7tm9RKxPCLHXyorQ/1bEpQAFFJrCN8sboeXaTdhQGFi02lpa/13tMYvkvMY
k66J/QFYcNY0eGsjn5v3pdtsUObCZFuIBEdMUZQzmb8U1ThfEYOe2wj4MjrbT0Yz
flrds1JsU2a0sJLRk2ho5pMqTW5L6h5bOElOS5lHF2/1TiWR1FBgC/tJnWME9UzQ
dj7P2ndxRFcBDP0TMDW3nsrxFIL34y1OtudU2Ys=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org