Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uFNgN6zqlJfstyWK9HTb_fIyLkw.roa
File:                     uFNgN6zqlJfstyWK9HTb_fIyLkw.roa (raw, json)
Hash identifier:          R8cRdkaW82wcLLEFbafejmHjJyqqlnxdqXktW3x+n5M=
Subject key identifier:   B8:53:60:37:AC:EA:94:97:EC:B7:25:8A:F4:74:DB:FD:F2:32:2E:4C
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       0898AA87
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uFNgN6zqlJfstyWK9HTb_fIyLkw.roa
Signing time:             Thu 21 Apr 2022 09:18:02 +0000
ROA not before:           Thu 21 Apr 2022 09:18:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7480
IP address blocks:        2a0f:607:1000::/40 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 144222855 (0x898aa87)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Apr 21 09:18:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b8536037acea9497ecb7258af474dbfdf2322e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c0:d3:57:6c:6e:31:06:5c:cb:2a:13:e8:fa:
                    ce:d7:f0:2d:af:52:59:9e:7d:1a:ba:8b:d7:8b:58:
                    9f:a2:d2:d6:72:f1:87:f3:49:8f:c6:22:fc:e6:51:
                    96:fb:d5:77:77:33:1c:90:7a:a0:b5:f8:0b:ff:af:
                    6c:d1:30:bc:05:43:e1:33:47:15:1e:e0:3e:91:8b:
                    fc:87:9a:8c:96:1f:6a:90:7b:86:89:c4:11:07:95:
                    15:7c:96:98:48:9c:4a:32:23:2e:63:3c:af:b7:75:
                    f4:dd:0f:58:88:44:09:e4:b8:93:f6:82:cc:d7:7f:
                    8c:46:23:71:b4:18:ba:3a:31:7a:8a:5f:f6:e0:a0:
                    aa:b8:b3:05:5b:4d:bd:11:e9:3e:9c:4e:47:5e:9e:
                    7d:c7:bc:bb:5b:6b:0a:1c:23:35:d5:f0:09:68:7f:
                    90:68:cd:0d:31:21:d4:6c:32:a7:4a:8e:47:b9:0e:
                    b1:71:40:e3:a4:9e:df:e5:26:3b:bd:a4:0c:25:77:
                    70:cd:3d:0c:e0:37:c9:9b:43:38:63:02:d4:04:6c:
                    e3:95:df:fb:44:12:b3:f4:64:94:5f:97:85:28:0e:
                    29:37:59:64:06:ef:32:4b:5b:24:7a:54:b5:eb:b6:
                    75:be:eb:a8:75:91:15:94:e3:05:74:65:f9:a9:6f:
                    e8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:53:60:37:AC:EA:94:97:EC:B7:25:8A:F4:74:DB:FD:F2:32:2E:4C
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uFNgN6zqlJfstyWK9HTb_fIyLkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:94:f6:a2:dc:40:f6:a6:76:64:18:12:5c:32:41:fd:b7:78:
         37:da:07:70:1f:41:77:59:6e:ab:12:34:bd:a6:45:f3:0f:b3:
         e2:0a:30:a8:51:aa:fe:56:be:49:d0:45:af:9a:e8:0b:f7:69:
         74:99:6c:90:29:6d:3a:50:36:3b:7c:e7:48:6a:1a:fa:5d:70:
         17:4e:58:85:64:6a:91:7b:64:41:f5:57:ab:7c:5c:b0:14:da:
         de:1b:87:b6:a9:b0:fd:14:17:b0:cd:06:05:ba:dc:7e:6d:c8:
         19:09:83:d7:f2:66:e7:27:e8:88:5c:13:ac:9c:3c:88:fd:c4:
         4c:54:df:c8:4a:c9:40:d3:a9:bd:63:d4:e3:6c:ff:8c:b8:22:
         08:6c:72:f0:4f:8b:4f:49:3b:24:53:41:32:9b:cd:25:76:cc:
         30:3e:6b:93:64:98:e2:1e:84:be:d6:9e:95:e8:0a:2b:ab:8a:
         7f:ac:71:e3:20:18:18:0b:b3:75:73:d4:01:d5:15:b9:03:df:
         1a:8b:74:7b:92:d4:ec:59:0f:bb:8a:ad:f1:d4:b0:90:ab:f3:
         28:75:17:f1:88:28:4a:65:21:3e:24:44:24:47:b1:ef:60:02:
         2d:a3:c4:32:fa:f5:10:6e:17:72:db:af:2d:f4:e8:fb:69:b0:
         b3:ae:d2:ac
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIECJiqhzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YzIxYjkyNWI0YzRiY2MzMGY3N2M5YzQxYmE4ZDA0MGFjOTVkZmM2MB4XDTIyMDQy
MTA5MTgwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjg1MzYwMzdhY2Vh
OTQ5N2VjYjcyNThhZjQ3NGRiZmRmMjMyMmU0YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK7A01dsbjEGXMsqE+j6ztfwLa9SWZ59GrqL14tYn6LS1nLx
h/NJj8Yi/OZRlvvVd3czHJB6oLX4C/+vbNEwvAVD4TNHFR7gPpGL/IeajJYfapB7
honEEQeVFXyWmEicSjIjLmM8r7d19N0PWIhECeS4k/aCzNd/jEYjcbQYujoxeopf
9uCgqrizBVtNvRHpPpxOR16efce8u1trChwjNdXwCWh/kGjNDTEh1Gwyp0qOR7kO
sXFA46Se3+UmO72kDCV3cM09DOA3yZtDOGMC1ARs45Xf+0QSs/RklF+XhSgOKTdZ
ZAbvMktbJHpUteu2db7rqHWRFZTjBXRl+alv6HkCAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBS4U2A3rOqUl+y3JYr0dNv98jIuTDAfBgNVHSMEGDAWgBQMIbkltMS8ww93
ycQbqNBArJXfxjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RDRzVKYlRFdk1NUGQ4bkVHNmpRUUt5VjM4WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvYzBiZDY3LWY3ZGQtNGNlMi1hYjdlLWEzNDc1NjQxNThmOC8x
L3VGTmdONnpxbEpmc3R5V0s5SFRiX2ZJeUxrdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
YzBiZDY3LWY3ZGQtNGNlMi1hYjdlLWEzNDc1NjQxNThmOC8xL0RDRzVKYlRFdk1N
UGQ4bkVHNmpRUUt5VjM4WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAh
BggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoPBgcQMA0GCSqGSIb3DQEBCwUA
A4IBAQAylPai3ED2pnZkGBJcMkH9t3g32gdwH0F3WW6rEjS9pkXzD7PiCjCoUar+
Vr5J0EWvmugL92l0mWyQKW06UDY7fOdIahr6XXAXTliFZGqRe2RB9VerfFywFNre
G4e2qbD9FBewzQYFutx+bcgZCYPX8mbnJ+iIXBOsnDyI/cRMVN/ISslA06m9Y9Tj
bP+MuCIIbHLwT4tPSTskU0Eym80ldswwPmuTZJjiHoS+1p6V6Aorq4p/rHHjIBgY
C7N1c9QB1RW5A98ai3R7ktTsWQ+7iq3x1LCQq/ModRfxiChKZSE+JEQkR7HvYAIt
o8Qy+vUQbhdy268t9Oj7abCzrtKs
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:14 2024 by rpki-client on console-fra.rpki-client.org