Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/bbcsfSaMnoRwMBugkWmGtUrOsIA.roa
File:                     bbcsfSaMnoRwMBugkWmGtUrOsIA.roa (raw, json)
Hash identifier:          YO8Ie1VjfM9WIMBGCDmsI0aX5tnEzgwZsvupzbe4vAc=
Subject key identifier:   6D:B7:2C:7D:26:8C:9E:84:70:30:1B:A0:91:69:86:B5:4A:CE:B0:80
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       08668368
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/bbcsfSaMnoRwMBugkWmGtUrOsIA.roa
Signing time:             Sat 01 Jan 2022 15:01:49 +0000
ROA not before:           Sat 01 Jan 2022 15:01:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213253
IP address blocks:        2a0e:e704:42::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 140936040 (0x8668368)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Jan  1 15:01:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6db72c7d268c9e8470301ba0916986b54aceb080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4a:f6:3d:5a:60:12:4d:94:6e:14:40:43:36:
                    7a:47:3f:37:9d:7d:f2:bc:21:02:17:2f:23:90:38:
                    b2:c0:9c:41:68:19:66:5e:44:a7:53:9e:3e:d0:8d:
                    44:e7:66:a6:f3:4f:8d:22:e9:d6:1e:5d:ad:e5:42:
                    40:33:96:b7:2b:8d:3a:6e:65:6e:a9:56:fd:14:10:
                    c5:c4:11:97:6d:d1:5f:b4:09:dc:89:5d:7d:51:05:
                    c3:45:3b:a2:f6:5d:8e:8b:53:83:0e:fd:2f:36:16:
                    6a:b8:9f:b2:04:78:fc:ff:74:33:af:ef:bb:4c:fa:
                    24:a4:ee:26:ef:80:a8:b8:df:28:10:2a:15:11:d6:
                    0c:4a:db:f0:88:73:03:07:1d:9b:d4:02:dc:fd:1f:
                    be:be:f2:ba:bd:b9:18:b8:aa:84:69:73:42:37:c7:
                    45:de:ed:c1:d5:21:b3:94:be:e0:55:9a:cc:a2:3b:
                    06:4e:3c:dc:78:5e:72:e5:45:95:2b:22:d8:ee:72:
                    83:66:35:92:42:17:42:c0:22:9b:ff:ab:6f:0d:16:
                    5e:7c:93:17:68:9d:52:7a:11:5c:47:10:f9:da:77:
                    a9:36:cc:86:aa:2d:da:66:6b:25:ba:91:e5:ec:be:
                    d3:25:e5:9a:cc:3e:d7:e3:97:2c:a1:f6:f1:e7:ac:
                    73:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:B7:2C:7D:26:8C:9E:84:70:30:1B:A0:91:69:86:B5:4A:CE:B0:80
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/bbcsfSaMnoRwMBugkWmGtUrOsIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:42::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:7b:4b:61:38:3c:1f:f3:63:95:5a:de:a5:75:50:aa:b7:37:
         b9:e0:0b:67:0d:91:01:43:45:f7:a8:1d:76:4d:53:74:b4:aa:
         76:58:32:01:db:88:8b:58:bb:46:f7:67:d4:26:43:24:e1:14:
         dd:a0:71:07:79:1c:13:c1:ca:f8:af:4c:5c:e0:f4:a8:4f:ee:
         9a:e2:37:56:df:d5:f0:1e:32:60:e3:8c:68:5c:44:a8:3c:39:
         89:98:25:83:98:5e:0c:58:50:c0:86:81:65:56:5c:27:33:2a:
         6b:69:b0:57:23:9d:33:b5:8a:d5:69:a1:ae:d9:5a:f1:e6:b3:
         77:dd:c5:20:0d:8c:e8:d4:5a:df:3b:bf:5a:d0:74:57:d2:a8:
         d9:b2:18:ae:eb:79:9e:dc:a7:45:50:c0:e0:cf:a8:f5:ab:42:
         fb:56:50:35:99:a7:c9:60:20:6d:fa:77:95:4e:c4:76:c7:08:
         66:3d:b3:3a:58:27:9b:7f:d7:62:14:bc:a0:85:c8:af:3f:34:
         00:35:5e:da:7c:27:f5:a3:56:78:30:53:13:15:63:16:78:ac:
         59:4d:92:2c:92:bb:fc:c8:03:e6:af:59:bb:9f:12:b2:cf:16:
         7e:dc:df:b1:7f:31:5b:09:37:35:f0:1d:cb:ce:67:0c:37:14:
         1d:70:a1:41
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECGaDaDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NjBmNDVmN2NjNGI2OTFmZDRhMzFjMWYxYzBiNGY2MDVkNzdhNmVmMB4XDTIyMDEw
MTE1MDE0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmRiNzJjN2QyNjhj
OWU4NDcwMzAxYmEwOTE2OTg2YjU0YWNlYjA4MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALNK9j1aYBJNlG4UQEM2ekc/N5198rwhAhcvI5A4ssCcQWgZ
Zl5Ep1OePtCNROdmpvNPjSLp1h5dreVCQDOWtyuNOm5lbqlW/RQQxcQRl23RX7QJ
3IldfVEFw0U7ovZdjotTgw79LzYWarifsgR4/P90M6/vu0z6JKTuJu+AqLjfKBAq
FRHWDErb8IhzAwcdm9QC3P0fvr7yur25GLiqhGlzQjfHRd7twdUhs5S+4FWazKI7
Bk483HhecuVFlSsi2O5yg2Y1kkIXQsAim/+rbw0WXnyTF2idUnoRXEcQ+dp3qTbM
hqot2mZrJbqR5ey+0yXlmsw+1+OXLKH28eesc9cCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRttyx9JoyehHAwG6CRaYa1Ss6wgDAfBgNVHSMEGDAWgBTWD0X3zEtpH9Sj
HB8cC09gXXem7zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFnOUY5OHhMYVJfVW94d2ZIQXRQWUYxM3B1OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTIvYWQzMDQ0LWNkY2UtNDZjZi05MmM5LWE5NTRkMDUzOTk0YS8x
L2JiY3NmU2FNbm9Sd01CdWdrV21HdFVyT3NJQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIv
YWQzMDQ0LWNkY2UtNDZjZi05MmM5LWE5NTRkMDUzOTk0YS8xLzFnOUY5OHhMYVJf
VW94d2ZIQXRQWUYxM3B1OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoO5wQAQjANBgkqhkiG9w0BAQsF
AAOCAQEAZntLYTg8H/NjlVrepXVQqrc3ueALZw2RAUNF96gddk1TdLSqdlgyAduI
i1i7Rvdn1CZDJOEU3aBxB3kcE8HK+K9MXOD0qE/umuI3Vt/V8B4yYOOMaFxEqDw5
iZglg5heDFhQwIaBZVZcJzMqa2mwVyOdM7WK1Wmhrtla8eazd93FIA2M6NRa3zu/
WtB0V9Ko2bIYrut5ntynRVDA4M+o9atC+1ZQNZmnyWAgbfp3lU7EdscIZj2zOlgn
m3/XYhS8oIXIrz80ADVe2nwn9aNWeDBTExVjFnisWU2SLJK7/MgD5q9Zu58Sss8W
ftzfsX8xWwk3NfAdy85nDDcUHXChQQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:10 2024 by rpki-client on console-ams.rpki-client.org