Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/wIotj7o3gsDap92Ahz6F7-HwYW4.roa
File:                     wIotj7o3gsDap92Ahz6F7-HwYW4.roa (raw, json)
Hash identifier:          Znr/G0EbElqUCrvbNR1qY0VEFC7koRCzkNppcmlY7Tw=
Subject key identifier:   C0:8A:2D:8F:BA:37:82:C0:DA:A7:DD:80:87:3E:85:EF:E1:F0:61:6E
Certificate issuer:       /CN=d447813ce52a823ea1efc9a0f4933c5d3353ee2b
Certificate serial:       019947
Authority key identifier: D4:47:81:3C:E5:2A:82:3E:A1:EF:C9:A0:F4:93:3C:5D:33:53:EE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1EeBPOUqgj6h78mg9JM8XTNT7is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/wIotj7o3gsDap92Ahz6F7-HwYW4.roa
Signing time:             Fri 18 Mar 2022 10:43:16 +0000
ROA not before:           Fri 18 Mar 2022 10:43:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208976
IP address blocks:        2a12:66c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104775 (0x19947)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d447813ce52a823ea1efc9a0f4933c5d3353ee2b
        Validity
            Not Before: Mar 18 10:43:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c08a2d8fba3782c0daa7dd80873e85efe1f0616e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ad:3a:f3:d3:33:f7:80:7b:9d:34:78:f8:54:
                    14:f6:b5:5e:45:c1:84:63:8a:a8:a8:60:16:cc:e2:
                    ba:82:56:c7:15:47:bb:d7:2d:3f:ce:7e:c8:e4:f2:
                    5a:c4:93:35:9f:06:73:63:e1:6b:40:46:7c:dd:7b:
                    cd:22:0e:08:26:0c:47:d2:79:ee:5c:5e:a0:34:12:
                    b8:df:70:5d:a3:0f:7d:14:3a:9c:da:59:93:3e:ff:
                    24:05:b7:ff:67:28:73:5a:9f:c9:a7:44:db:b7:2a:
                    85:fa:73:4d:4e:4b:d4:60:d4:c6:92:9b:0c:55:65:
                    74:7a:ff:3c:29:77:28:b1:b9:7e:63:b8:58:a5:dc:
                    26:32:69:d5:f3:ef:a6:16:0b:01:22:6b:d1:40:bc:
                    34:fe:dc:56:01:4d:fd:df:31:43:4b:69:55:82:e5:
                    c3:20:d3:b1:51:89:b4:ef:ae:82:19:db:72:08:43:
                    ec:4d:f8:3d:e5:9b:ce:e0:c2:95:bc:7e:63:a5:47:
                    64:a8:dd:81:97:7b:d8:27:fa:d4:ba:75:96:e7:23:
                    71:ec:00:a3:b1:91:fa:99:02:c0:e6:ac:75:fc:d9:
                    ab:c7:94:08:55:92:45:58:46:d0:c6:fa:d0:d2:49:
                    db:83:e6:fb:e6:db:83:48:9c:26:2a:8d:1a:06:6d:
                    4c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8A:2D:8F:BA:37:82:C0:DA:A7:DD:80:87:3E:85:EF:E1:F0:61:6E
            X509v3 Authority Key Identifier:
                keyid:D4:47:81:3C:E5:2A:82:3E:A1:EF:C9:A0:F4:93:3C:5D:33:53:EE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1EeBPOUqgj6h78mg9JM8XTNT7is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/wIotj7o3gsDap92Ahz6F7-HwYW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/1EeBPOUqgj6h78mg9JM8XTNT7is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:66c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:93:6b:e8:44:38:bc:86:83:78:ac:7b:32:2e:4d:cd:5f:c3:
         e4:36:b3:4f:3f:55:ab:8d:ee:0e:43:f7:61:b9:3f:fa:75:98:
         d2:52:28:34:ab:53:6a:98:28:bd:df:1e:40:38:18:68:7c:9f:
         2b:eb:f3:92:60:cb:b8:38:55:94:5d:5a:98:ba:ac:9b:da:0c:
         5e:a6:32:80:ca:1b:90:2b:ab:80:76:c2:d3:56:f7:43:26:b1:
         c3:83:a2:62:26:8e:4b:e6:ba:0c:50:d0:cb:7e:4b:15:52:83:
         88:b3:12:40:02:b7:a0:53:7e:24:24:3e:e9:21:8a:66:da:b5:
         b5:b8:34:01:9b:52:e0:7e:54:70:4f:fd:3d:5f:1e:99:c8:76:
         36:88:b4:6a:a4:c8:91:e1:19:33:c7:81:d1:1d:c3:97:ca:27:
         13:56:ea:14:6d:23:5a:2a:40:66:5a:98:cc:c3:b3:41:4d:3d:
         34:f4:90:0f:d7:79:9c:03:3d:76:b6:6f:7c:4b:ac:8d:c4:c9:
         4e:c6:31:7c:7f:5e:2d:6b:31:17:71:6b:87:9e:67:7b:24:63:
         d8:f0:b2:49:1c:8f:39:47:4e:59:15:b7:80:cb:d6:46:ad:e3:
         dd:53:e2:58:98:68:cd:da:4a:ec:31:56:73:57:0c:46:d7:9d:
         e8:34:73:a9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIDAZlHMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGQ0
NDc4MTNjZTUyYTgyM2VhMWVmYzlhMGY0OTMzYzVkMzM1M2VlMmIwHhcNMjIwMzE4
MTA0MzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjMDhhMmQ4ZmJhMzc4
MmMwZGFhN2RkODA4NzNlODVlZmUxZjA2MTZlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApq0689Mz94B7nTR4+FQU9rVeRcGEY4qoqGAWzOK6glbHFUe7
1y0/zn7I5PJaxJM1nwZzY+FrQEZ83XvNIg4IJgxH0nnuXF6gNBK433Bdow99FDqc
2lmTPv8kBbf/ZyhzWp/Jp0TbtyqF+nNNTkvUYNTGkpsMVWV0ev88KXcosbl+Y7hY
pdwmMmnV8++mFgsBImvRQLw0/txWAU393zFDS2lVguXDINOxUYm0766CGdtyCEPs
Tfg95ZvO4MKVvH5jpUdkqN2Bl3vYJ/rUunWW5yNx7ACjsZH6mQLA5qx1/Nmrx5QI
VZJFWEbQxvrQ0knbg+b75tuDSJwmKo0aBm1MPwIDAQABo4ICCjCCAgYwHQYDVR0O
BBYEFMCKLY+6N4LA2qfdgIc+he/h8GFuMB8GA1UdIwQYMBaAFNRHgTzlKoI+oe/J
oPSTPF0zU+4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
MUVlQlBPVXFnajZoNzhtZzlKTThYVE5UN2lzLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kMy9mYTc3ZDMtY2VkYi00NTlkLTk1Y2YtZGM3ZTEyNmNhMjM0LzEv
d0lvdGo3bzNnc0RhcDkyQWh6NkY3LUh3WVc0LnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9m
YTc3ZDMtY2VkYi00NTlkLTk1Y2YtZGM3ZTEyNmNhMjM0LzEvMUVlQlBPVXFnajZo
NzhtZzlKTThYVE5UN2lzLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAG
CCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJmwDANBgkqhkiG9w0BAQsFAAOC
AQEAHpNr6EQ4vIaDeKx7Mi5NzV/D5DazTz9Vq43uDkP3Ybk/+nWY0lIoNKtTapgo
vd8eQDgYaHyfK+vzkmDLuDhVlF1amLqsm9oMXqYygMobkCurgHbC01b3Qyaxw4Oi
YiaOS+a6DFDQy35LFVKDiLMSQAK3oFN+JCQ+6SGKZtq1tbg0AZtS4H5UcE/9PV8e
mch2Noi0aqTIkeEZM8eB0R3Dl8onE1bqFG0jWipAZlqYzMOzQU09NPSQD9d5nAM9
drZvfEusjcTJTsYxfH9eLWsxF3Frh55neyRj2PCySRyPOUdOWRW3gMvWRq3j3VPi
WJhozdpK7DFWc1cMRted6DRzqQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:16 2024 by rpki-client on console-fra.rpki-client.org