Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/T-ArJckIqUgmn0MpLQZxvpC3ROw.roa
File:                     T-ArJckIqUgmn0MpLQZxvpC3ROw.roa (raw, json)
Hash identifier:          e9XMGr8lc2krNAPzHwU+pIxheHf/vaKHgAjTBbfbb9A=
Subject key identifier:   4F:E0:2B:25:C9:08:A9:48:26:9F:43:29:2D:06:71:BE:90:B7:44:EC
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       0896DE49
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/T-ArJckIqUgmn0MpLQZxvpC3ROw.roa
Signing time:             Thu 21 Apr 2022 09:13:51 +0000
ROA not before:           Thu 21 Apr 2022 09:13:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8095
IP address blocks:        2a0f:607:105a::/47 maxlen: 47

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 144105033 (0x896de49)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Apr 21 09:13:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4fe02b25c908a948269f43292d0671be90b744ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:10:32:90:36:41:11:ee:4b:42:8d:d8:04:73:
                    07:2e:1b:5c:46:8b:df:d3:da:80:27:7a:cc:fb:49:
                    88:5d:e8:1d:9d:00:b0:2f:e3:47:97:13:df:20:38:
                    21:7f:c3:a8:4e:0e:46:cc:7d:86:20:75:7f:46:40:
                    bf:2f:d3:ca:f0:4d:18:58:1c:63:e0:67:66:f7:a2:
                    51:8d:08:a3:19:7c:39:03:84:2d:b6:7d:87:aa:ff:
                    81:b1:7e:ae:8f:67:90:ac:dd:b7:74:44:00:a0:cc:
                    18:c0:e0:0b:b6:a7:ff:f6:72:55:d2:a2:fe:b2:3f:
                    d7:66:f3:a1:f8:0a:e9:b3:86:79:ac:aa:e3:4f:e1:
                    1a:a1:bc:40:15:80:23:da:76:36:04:12:6b:a4:a8:
                    22:90:10:79:dc:9d:c5:fe:53:c0:02:25:7f:d9:c4:
                    af:d7:09:f8:5b:21:94:f1:45:b5:a3:65:86:f3:2a:
                    60:8b:74:dc:54:80:94:8d:6e:37:71:7f:6c:b8:f1:
                    3a:c7:35:5e:25:f4:be:1c:6a:52:d5:8a:b6:1b:ef:
                    b8:fd:87:36:d6:64:05:67:bc:df:e6:7c:31:a3:b1:
                    37:27:fc:09:24:10:87:61:10:04:f8:84:c1:11:9a:
                    dd:3d:eb:c8:8c:66:58:65:5a:72:5f:21:94:69:1b:
                    bb:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E0:2B:25:C9:08:A9:48:26:9F:43:29:2D:06:71:BE:90:B7:44:EC
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/T-ArJckIqUgmn0MpLQZxvpC3ROw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:105a::/47

    Signature Algorithm: sha256WithRSAEncryption
         41:2a:76:83:bf:e2:e3:1e:a0:71:77:0b:e2:eb:b4:e4:d8:3c:
         b8:dc:2f:dc:62:2d:ab:4e:8b:35:d5:65:c6:f1:28:f3:00:dd:
         73:7f:d4:34:e9:15:54:7a:ef:27:51:e8:17:02:c4:7d:09:b3:
         d9:fe:0c:15:1e:3c:ed:56:65:1b:59:33:74:28:62:25:12:f7:
         1f:fd:74:13:64:b7:1a:89:03:a5:46:a1:87:b7:8f:c4:2f:c4:
         29:78:94:bd:59:d9:9c:c0:18:58:9a:8e:ed:1a:97:27:60:18:
         a1:c5:86:83:b2:19:5b:da:4a:cd:8d:2a:a0:76:fd:fa:50:f8:
         45:43:97:eb:c1:cd:80:8d:80:cf:95:3a:37:b5:c9:10:4b:e1:
         04:7f:61:e8:ab:86:5c:56:7e:4b:3e:ca:e8:c0:1c:a4:58:85:
         b8:1b:1c:b5:77:47:99:43:d1:99:e6:54:f3:84:cb:52:1c:94:
         13:c4:cb:84:d8:20:3b:74:76:c9:ed:5d:90:f0:77:f4:dd:f0:
         5e:84:02:15:32:48:b1:fc:95:2f:3c:f1:5f:14:d2:7d:a7:94:
         33:e1:30:97:1c:02:1d:b0:bd:7a:b6:8f:7b:13:e0:54:3c:78:
         ca:bd:ee:c3:c9:64:41:b1:b1:bc:a2:b5:e5:70:47:2d:fe:38:
         26:49:2d:c2
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECJbeSTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YzIxYjkyNWI0YzRiY2MzMGY3N2M5YzQxYmE4ZDA0MGFjOTVkZmM2MB4XDTIyMDQy
MTA5MTM1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGZlMDJiMjVjOTA4
YTk0ODI2OWY0MzI5MmQwNjcxYmU5MGI3NDRlYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALgQMpA2QRHuS0KN2ARzBy4bXEaL39PagCd6zPtJiF3oHZ0A
sC/jR5cT3yA4IX/DqE4ORsx9hiB1f0ZAvy/TyvBNGFgcY+BnZveiUY0Ioxl8OQOE
LbZ9h6r/gbF+ro9nkKzdt3REAKDMGMDgC7an//ZyVdKi/rI/12bzofgK6bOGeayq
40/hGqG8QBWAI9p2NgQSa6SoIpAQedydxf5TwAIlf9nEr9cJ+FshlPFFtaNlhvMq
YIt03FSAlI1uN3F/bLjxOsc1XiX0vhxqUtWKthvvuP2HNtZkBWe83+Z8MaOxNyf8
CSQQh2EQBPiEwRGa3T3ryIxmWGVacl8hlGkbuzMCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRP4CslyQipSCafQyktBnG+kLdE7DAfBgNVHSMEGDAWgBQMIbkltMS8ww93
ycQbqNBArJXfxjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RDRzVKYlRFdk1NUGQ4bkVHNmpRUUt5VjM4WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvYzBiZDY3LWY3ZGQtNGNlMi1hYjdlLWEzNDc1NjQxNThmOC8x
L1QtQXJKY2tJcVVnbW4wTXBMUVp4dnBDM1JPdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
YzBiZDY3LWY3ZGQtNGNlMi1hYjdlLWEzNDc1NjQxNThmOC8xL0RDRzVKYlRFdk1N
UGQ4bkVHNmpRUUt5VjM4WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASoPBgcQWjANBgkqhkiG9w0BAQsF
AAOCAQEAQSp2g7/i4x6gcXcL4uu05Ng8uNwv3GItq06LNdVlxvEo8wDdc3/UNOkV
VHrvJ1HoFwLEfQmz2f4MFR487VZlG1kzdChiJRL3H/10E2S3GokDpUahh7ePxC/E
KXiUvVnZnMAYWJqO7RqXJ2AYocWGg7IZW9pKzY0qoHb9+lD4RUOX68HNgI2Az5U6
N7XJEEvhBH9h6KuGXFZ+Sz7K6MAcpFiFuBsctXdHmUPRmeZU84TLUhyUE8TLhNgg
O3R2ye1dkPB39N3wXoQCFTJIsfyVLzzxXxTSfaeUM+EwlxwCHbC9eraPexPgVDx4
yr3uw8lkQbGxvKK15XBHLf44Jkktwg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:12 2024 by rpki-client on console-ams.rpki-client.org