Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/OcA3qAg4pfVtrfMWknIiOUxPkRs.roa
File:                     OcA3qAg4pfVtrfMWknIiOUxPkRs.roa (raw, json)
Hash identifier:          HIBQTIajgYnLu+NFgWW2emJ9lrrSYCpCpf2F0bfv6SE=
Subject key identifier:   39:C0:37:A8:08:38:A5:F5:6D:AD:F3:16:92:72:22:39:4C:4F:91:1B
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       08F4E98C
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/OcA3qAg4pfVtrfMWknIiOUxPkRs.roa
Signing time:             Fri 04 Mar 2022 13:37:44 +0000
ROA not before:           Fri 04 Mar 2022 13:37:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210683
IP address blocks:        2a0e:e704:47::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 150268300 (0x8f4e98c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Mar  4 13:37:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=39c037a80838a5f56dadf316927222394c4f911b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:34:97:78:ac:78:62:6e:4f:2f:1a:5a:19:77:
                    11:8c:b5:82:f2:fe:59:96:76:31:37:39:40:c1:c7:
                    2e:85:21:41:d5:ac:af:68:48:6d:99:a1:1e:3f:1a:
                    0e:f7:4e:2f:78:da:18:cb:40:44:2d:ac:c1:a6:7d:
                    6a:31:f5:cb:b1:5e:14:be:06:61:71:87:7a:26:ce:
                    c0:a0:f8:c2:9b:db:c0:49:da:3a:d9:a5:c9:d1:41:
                    ab:c9:fd:39:fc:e5:41:21:28:09:ef:39:3c:fa:6f:
                    5b:c2:1d:9e:fe:13:9f:33:ff:38:ab:21:42:27:dd:
                    1d:58:d9:63:4b:b7:eb:2d:79:17:6a:9e:57:d1:0d:
                    a2:21:be:e6:e4:7d:f3:52:1d:45:15:75:1c:6c:40:
                    0a:d1:d4:e6:06:68:2d:d3:5f:f8:c4:d5:65:4c:84:
                    6b:fd:d6:5c:e8:51:f2:a1:bc:7a:eb:d4:52:be:c1:
                    75:7d:af:6b:81:29:b2:16:b8:28:3d:a9:fe:6c:00:
                    5d:00:76:0b:89:8e:09:0f:3e:90:f2:7e:0d:af:17:
                    66:14:f7:46:3d:1b:06:b6:1c:1d:d3:ff:9b:ad:a6:
                    37:94:ae:2a:06:db:1e:32:42:37:fc:f1:a4:6b:79:
                    25:93:2d:96:d1:11:cb:72:f9:8a:83:4e:d8:14:7c:
                    c9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C0:37:A8:08:38:A5:F5:6D:AD:F3:16:92:72:22:39:4C:4F:91:1B
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/OcA3qAg4pfVtrfMWknIiOUxPkRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:47::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:f4:5d:00:e0:a4:ed:ce:bf:3d:81:c5:05:76:5d:bb:2e:78:
         07:d7:67:8e:a5:25:d1:90:54:bc:43:79:7e:c3:af:1e:f3:e1:
         0e:7f:d8:61:49:76:77:44:ba:de:5b:6b:49:03:83:0f:a6:0f:
         ed:ea:41:c0:33:88:1e:8d:5b:0a:6b:24:08:ab:76:75:42:a6:
         df:b0:52:ea:c3:fa:5b:35:e8:72:33:57:49:95:c2:f2:13:c4:
         6b:d7:28:6e:f1:ef:fa:36:81:08:4b:12:66:dc:84:42:60:93:
         f0:67:1a:6a:64:71:98:b9:13:e8:67:4d:14:97:9b:a9:43:a7:
         5f:c3:e0:d3:f2:70:f0:6f:eb:87:9f:67:b0:e0:59:a1:d7:46:
         fb:92:f2:e8:de:c1:75:42:54:90:bb:28:d5:f5:6b:34:88:c4:
         2f:3c:9b:4f:1a:1e:27:74:e0:16:1b:32:cd:10:83:0a:65:08:
         67:b6:f6:8f:f2:a4:35:0c:f9:ee:33:2f:5b:11:9b:ed:9d:b6:
         82:92:79:ae:6f:ab:e6:a7:03:bc:c7:b2:7a:ce:9b:4d:d7:2b:
         0c:42:2f:d9:9e:5c:e8:c2:2e:98:04:8b:67:d7:75:ac:8f:6e:
         f5:4d:34:94:5e:75:a0:a2:81:5f:55:7d:4b:cd:23:ee:0d:c1:
         6f:a2:56:fd
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECPTpjDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NjBmNDVmN2NjNGI2OTFmZDRhMzFjMWYxYzBiNGY2MDVkNzdhNmVmMB4XDTIyMDMw
NDEzMzc0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzljMDM3YTgwODM4
YTVmNTZkYWRmMzE2OTI3MjIyMzk0YzRmOTExYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALM0l3iseGJuTy8aWhl3EYy1gvL+WZZ2MTc5QMHHLoUhQdWs
r2hIbZmhHj8aDvdOL3jaGMtARC2swaZ9ajH1y7FeFL4GYXGHeibOwKD4wpvbwEna
OtmlydFBq8n9OfzlQSEoCe85PPpvW8Idnv4TnzP/OKshQifdHVjZY0u36y15F2qe
V9ENoiG+5uR981IdRRV1HGxACtHU5gZoLdNf+MTVZUyEa/3WXOhR8qG8euvUUr7B
dX2va4Epsha4KD2p/mwAXQB2C4mOCQ8+kPJ+Da8XZhT3Rj0bBrYcHdP/m62mN5Su
KgbbHjJCN/zxpGt5JZMtltERy3L5ioNO2BR8yfECAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQ5wDeoCDil9W2t8xaSciI5TE+RGzAfBgNVHSMEGDAWgBTWD0X3zEtpH9Sj
HB8cC09gXXem7zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFnOUY5OHhMYVJfVW94d2ZIQXRQWUYxM3B1OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTIvYWQzMDQ0LWNkY2UtNDZjZi05MmM5LWE5NTRkMDUzOTk0YS8x
L09jQTNxQWc0cGZWdHJmTVdrbklpT1V4UGtScy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIv
YWQzMDQ0LWNkY2UtNDZjZi05MmM5LWE5NTRkMDUzOTk0YS8xLzFnOUY5OHhMYVJf
VW94d2ZIQXRQWUYxM3B1OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoO5wQARzANBgkqhkiG9w0BAQsF
AAOCAQEAWPRdAOCk7c6/PYHFBXZduy54B9dnjqUl0ZBUvEN5fsOvHvPhDn/YYUl2
d0S63ltrSQODD6YP7epBwDOIHo1bCmskCKt2dUKm37BS6sP6WzXocjNXSZXC8hPE
a9cobvHv+jaBCEsSZtyEQmCT8GcaamRxmLkT6GdNFJebqUOnX8Pg0/Jw8G/rh59n
sOBZoddG+5Ly6N7BdUJUkLso1fVrNIjELzybTxoeJ3TgFhsyzRCDCmUIZ7b2j/Kk
NQz57jMvWxGb7Z22gpJ5rm+r5qcDvMeyes6bTdcrDEIv2Z5c6MIumASLZ9d1rI9u
9U00lF51oKKBX1V9S80j7g3Bb6JW/Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:10 2024 by rpki-client on console-ams.rpki-client.org