Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/NEtsffh7FjJaNG9AScCE12dzeEw.roa
File:                     NEtsffh7FjJaNG9AScCE12dzeEw.roa (raw, json)
Hash identifier:          nf725MW0c7g21XFpXLGJdMw+KbmSZ/gSqVQJ1nDD/JQ=
Subject key identifier:   34:4B:6C:7D:F8:7B:16:32:5A:34:6F:40:49:C0:84:D7:67:73:78:4C
Certificate issuer:       /CN=9416d8e02b5a1a75859f64a05c5a8d77c84c50f1
Certificate serial:       0386AA09
Authority key identifier: 94:16:D8:E0:2B:5A:1A:75:85:9F:64:A0:5C:5A:8D:77:C8:4C:50:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBbY4CtaGnWFn2SgXFqNd8hMUPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/NEtsffh7FjJaNG9AScCE12dzeEw.roa
Signing time:             Sat 01 Jan 2022 12:56:34 +0000
ROA not before:           Sat 01 Jan 2022 12:56:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        2a10:6640:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 59157001 (0x386aa09)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9416d8e02b5a1a75859f64a05c5a8d77c84c50f1
        Validity
            Not Before: Jan  1 12:56:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=344b6c7df87b16325a346f4049c084d76773784c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:10:46:80:a3:08:fe:b7:c4:1e:f3:04:aa:2d:
                    6a:0a:95:cb:2f:d2:31:13:ef:98:cb:36:28:fb:6c:
                    6c:5e:a5:ad:f3:5f:e6:5f:55:4c:9b:a6:b6:f6:d3:
                    e0:3c:dd:a7:6f:05:c6:7f:6f:99:2b:e2:b2:1d:47:
                    a7:6f:a1:49:6f:f2:01:71:a7:71:9d:ac:98:0a:99:
                    e7:b1:53:3e:f0:c7:97:84:eb:15:83:86:6a:88:5d:
                    4f:f2:8c:f3:52:3f:5b:9c:36:3f:0f:1e:fd:d2:66:
                    4a:19:93:97:4a:9c:09:32:38:bc:67:be:30:49:d1:
                    e4:8f:8a:49:a3:36:aa:f2:d0:14:a2:96:2f:3c:84:
                    1f:c5:f2:72:6e:29:d5:e0:84:1d:91:45:fb:39:de:
                    91:52:31:e7:39:e4:09:df:21:a2:64:ad:9a:c1:ba:
                    d8:da:fa:fa:c5:0d:fa:ca:18:6e:16:6e:91:79:5c:
                    42:d0:e9:86:e2:93:70:4e:72:fc:aa:07:aa:96:fd:
                    70:65:a5:7b:20:c4:9c:3b:cc:2e:16:75:2b:cf:a9:
                    19:71:87:6d:18:21:db:fb:4d:d6:f4:d7:bd:86:85:
                    db:90:94:f6:32:5b:1e:3c:67:96:16:b5:ae:58:32:
                    f0:d6:30:e1:72:20:5f:54:e7:22:22:91:af:1c:77:
                    85:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:4B:6C:7D:F8:7B:16:32:5A:34:6F:40:49:C0:84:D7:67:73:78:4C
            X509v3 Authority Key Identifier:
                keyid:94:16:D8:E0:2B:5A:1A:75:85:9F:64:A0:5C:5A:8D:77:C8:4C:50:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBbY4CtaGnWFn2SgXFqNd8hMUPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/NEtsffh7FjJaNG9AScCE12dzeEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/lBbY4CtaGnWFn2SgXFqNd8hMUPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:6640:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:ba:47:38:65:86:aa:15:c4:67:88:26:2e:af:9b:b9:f7:3b:
         86:06:35:04:2a:4b:d9:e2:cd:c1:41:2d:25:8c:3b:5b:26:e6:
         eb:84:10:aa:e6:4f:74:42:df:f7:8a:7a:22:f7:47:23:f6:74:
         c8:08:0a:8f:55:ae:e8:ce:57:68:2f:73:b0:b9:9c:4f:c9:67:
         0c:6a:d1:6b:4a:9b:28:68:69:54:f1:66:88:9d:78:b7:78:d3:
         6e:0b:38:08:af:1d:93:d9:3f:05:2b:ae:82:96:20:9e:02:1d:
         26:5b:c7:75:23:f5:fb:40:3c:a8:7a:b1:0f:ab:f0:10:65:62:
         9d:d5:89:f7:1e:55:69:c9:a4:43:7b:b1:f0:9e:84:92:f9:7c:
         05:54:0f:d5:55:3f:34:c6:50:e1:c4:d0:73:ba:86:a4:08:13:
         82:d5:e9:41:7e:cb:f3:ae:59:b1:63:a7:a1:c5:d9:f3:13:ba:
         bc:43:e1:e5:f8:86:0c:31:2e:41:90:a1:7f:b6:af:1a:b7:ef:
         ba:52:0e:55:8f:ff:f9:9c:c7:fa:6d:f8:35:1f:a0:dd:90:c0:
         87:14:2b:ac:da:52:88:aa:e7:aa:d4:9b:9a:b8:f8:0f:fa:87:
         ee:dd:3e:96:e7:71:da:33:b8:00:72:6f:d3:15:f1:0c:8e:9c:
         0f:09:a6:f1
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEA4aqCTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2ZDhlMDJiNWExYTc1ODU5ZjY0YTA1YzVhOGQ3N2M4NGM1MGYxMB4XDTIyMDEw
MTEyNTYzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzQ0YjZjN2RmODdi
MTYzMjVhMzQ2ZjQwNDljMDg0ZDc2NzczNzg0YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ4QRoCjCP63xB7zBKotagqVyy/SMRPvmMs2KPtsbF6lrfNf
5l9VTJumtvbT4Dzdp28Fxn9vmSvish1Hp2+hSW/yAXGncZ2smAqZ57FTPvDHl4Tr
FYOGaohdT/KM81I/W5w2Pw8e/dJmShmTl0qcCTI4vGe+MEnR5I+KSaM2qvLQFKKW
LzyEH8Xycm4p1eCEHZFF+znekVIx5znkCd8homStmsG62Nr6+sUN+soYbhZukXlc
QtDphuKTcE5y/KoHqpb9cGWleyDEnDvMLhZ1K8+pGXGHbRgh2/tN1vTXvYaF25CU
9jJbHjxnlha1rlgy8NYw4XIgX1TnIiKRrxx3hfECAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQ0S2x9+HsWMlo0b0BJwITXZ3N4TDAfBgNVHSMEGDAWgBSUFtjgK1oadYWf
ZKBcWo13yExQ8TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCYlk0Q3RhR25XRm4yU2dYRnFOZDhoTVVQRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGYvMDEzYzk5LTdkN2EtNDgyYi1iYjUxLWViNGUxM2JlNTA2YS8x
L05FdHNmZmg3RmpKYU5HOUFTY0NFMTJkemVFdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYv
MDEzYzk5LTdkN2EtNDgyYi1iYjUxLWViNGUxM2JlNTA2YS8xL2xCYlk0Q3RhR25X
Rm4yU2dYRnFOZDhoTVVQRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoQZkAAATANBgkqhkiG9w0BAQsF
AAOCAQEAabpHOGWGqhXEZ4gmLq+bufc7hgY1BCpL2eLNwUEtJYw7Wybm64QQquZP
dELf94p6IvdHI/Z0yAgKj1Wu6M5XaC9zsLmcT8lnDGrRa0qbKGhpVPFmiJ14t3jT
bgs4CK8dk9k/BSuugpYgngIdJlvHdSP1+0A8qHqxD6vwEGVindWJ9x5VacmkQ3ux
8J6Ekvl8BVQP1VU/NMZQ4cTQc7qGpAgTgtXpQX7L865ZsWOnocXZ8xO6vEPh5fiG
DDEuQZChf7avGrfvulIOVY//+ZzH+m34NR+g3ZDAhxQrrNpSiKrnqtSbmrj4D/qH
7t0+ludx2jO4AHJv0xXxDI6cDwmm8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:38 2024 by rpki-client on console-fra.rpki-client.org