Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/q4cN1Ixzstg_SxE7rv6M9c_STv4.roa
File:                     q4cN1Ixzstg_SxE7rv6M9c_STv4.roa (raw, json)
Hash identifier:          V1tEt1TA3AplY9qJNqIINtGpMKCKhxbUO57nPM+nlwA=
Subject key identifier:   AB:87:0D:D4:8C:73:B2:D8:3F:4B:11:3B:AE:FE:8C:F5:CF:D2:4E:FE
Certificate issuer:       /CN=4f3bd56e8b54e6da27bbe6622dac67cbf02a81ea
Certificate serial:       0BB7A9A2
Authority key identifier: 4F:3B:D5:6E:8B:54:E6:DA:27:BB:E6:62:2D:AC:67:CB:F0:2A:81:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzvVbotU5tonu-ZiLaxny_Aqgeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/q4cN1Ixzstg_SxE7rv6M9c_STv4.roa
Signing time:             Sat 01 Jan 2022 11:56:50 +0000
ROA not before:           Sat 01 Jan 2022 11:56:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34081
IP address blocks:        2a0c:8fc1::/32 maxlen: 48
                          2a0c:8fc2::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 196585890 (0xbb7a9a2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f3bd56e8b54e6da27bbe6622dac67cbf02a81ea
        Validity
            Not Before: Jan  1 11:56:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ab870dd48c73b2d83f4b113baefe8cf5cfd24efe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:60:c5:fa:33:02:0f:fd:64:2d:50:3d:8b:f5:
                    ef:78:87:9e:f2:26:50:9c:6e:73:1c:f1:27:e7:6b:
                    19:2f:a5:ed:cc:95:21:81:ef:20:03:4d:56:76:80:
                    ad:52:1b:a9:6d:80:41:1d:e1:5d:a5:62:09:33:15:
                    76:32:bc:7c:c7:89:f1:14:e5:b1:1c:6e:8c:3f:9a:
                    d2:ca:a3:ce:d6:7d:18:0a:2c:a1:c6:93:40:c2:66:
                    6e:9a:7e:21:26:6d:62:00:ef:33:f5:fc:25:e3:18:
                    d9:fa:77:e0:f1:4a:ae:3c:49:3e:9e:2a:cc:4f:3b:
                    fe:ec:b6:67:9c:3d:ab:85:9b:c8:88:45:f9:11:e0:
                    32:84:09:27:91:7e:50:9d:c1:34:f2:21:88:dd:06:
                    04:2d:fe:e5:ba:55:6a:00:8a:2a:93:fb:ad:b2:0b:
                    0c:6d:50:28:61:46:49:b6:a4:1d:82:bf:b8:48:29:
                    ec:40:8b:da:9a:a2:fa:f7:f8:08:8d:91:43:0c:7f:
                    47:4a:3b:8f:c3:29:0a:01:13:38:9c:a6:bc:d1:ef:
                    8d:e5:75:13:a9:e6:93:10:9f:73:cb:cb:de:95:a0:
                    14:d2:6f:d8:d4:0b:65:a0:2f:df:b2:e4:88:4e:8e:
                    e2:75:ad:a4:94:3f:03:83:8e:14:16:a3:b5:c3:00:
                    c3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:87:0D:D4:8C:73:B2:D8:3F:4B:11:3B:AE:FE:8C:F5:CF:D2:4E:FE
            X509v3 Authority Key Identifier:
                keyid:4F:3B:D5:6E:8B:54:E6:DA:27:BB:E6:62:2D:AC:67:CB:F0:2A:81:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzvVbotU5tonu-ZiLaxny_Aqgeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/q4cN1Ixzstg_SxE7rv6M9c_STv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/TzvVbotU5tonu-ZiLaxny_Aqgeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:8fc1::-2a0c:8fc2:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0a:7f:50:75:1a:1d:25:de:57:2b:3e:44:15:61:00:7c:b1:57:
         33:d9:bc:1d:1b:f7:2f:51:52:a1:4d:22:47:fa:f6:e0:4a:27:
         e2:46:61:a8:4d:bb:cc:c0:f7:2d:a2:a0:2b:b8:a2:bd:c6:b6:
         dc:20:b2:a2:b2:66:8e:bd:ea:3a:2d:6d:81:99:23:ef:a6:e2:
         a6:05:1a:70:06:90:59:65:ee:9a:5c:1b:71:dc:76:ba:04:0b:
         63:d2:92:98:4d:c1:60:f8:b9:8a:8f:d6:f5:01:37:24:8f:56:
         ba:dd:9a:0d:04:39:4a:2d:13:10:8c:1a:e9:95:7d:58:b5:41:
         2d:73:39:8f:48:79:bf:4b:20:90:6d:69:65:1e:1b:93:a6:cd:
         44:ed:90:8d:7e:47:fc:10:f5:e0:18:24:e7:79:3f:9b:fd:11:
         b7:27:ef:cd:fe:8b:c3:dc:04:3d:80:a3:d6:e6:42:7f:03:53:
         85:13:36:b1:56:b5:c7:25:41:26:46:ef:38:c7:ed:ad:db:ac:
         ef:21:9a:a6:c8:38:8d:7b:9b:53:06:07:6e:3c:1a:f3:f4:76:
         69:46:28:ca:0a:71:2c:bf:18:fd:8e:8d:29:d5:b5:54:8c:e2:
         c8:0b:5e:49:39:23:06:a0:11:f5:41:a3:ac:2f:c5:29:5e:e5:
         da:7a:63:e8
-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgIEC7epojANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZjNiZDU2ZThiNTRlNmRhMjdiYmU2NjIyZGFjNjdjYmYwMmE4MWVhMB4XDTIyMDEw
MTExNTY1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWI4NzBkZDQ4Yzcz
YjJkODNmNGIxMTNiYWVmZThjZjVjZmQyNGVmZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALlgxfozAg/9ZC1QPYv173iHnvImUJxucxzxJ+drGS+l7cyV
IYHvIANNVnaArVIbqW2AQR3hXaViCTMVdjK8fMeJ8RTlsRxujD+a0sqjztZ9GAos
ocaTQMJmbpp+ISZtYgDvM/X8JeMY2fp34PFKrjxJPp4qzE87/uy2Z5w9q4WbyIhF
+RHgMoQJJ5F+UJ3BNPIhiN0GBC3+5bpVagCKKpP7rbILDG1QKGFGSbakHYK/uEgp
7ECL2pqi+vf4CI2RQwx/R0o7j8MpCgETOJymvNHvjeV1E6nmkxCfc8vL3pWgFNJv
2NQLZaAv37LkiE6O4nWtpJQ/A4OOFBajtcMAw6kCAwEAAaOCAhMwggIPMB0GA1Ud
DgQWBBSrhw3UjHOy2D9LETuu/oz1z9JO/jAfBgNVHSMEGDAWgBRPO9Vui1Tm2ie7
5mItrGfL8CqB6jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1R6dlZib3RVNXRvbnUtWmlMYXhueV9BcWdlby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWEvNmZlMTQ5LThhNzItNDdmZC04NzM1LTdkYzViZGRmOTFiNS8x
L3E0Y04xSXh6c3RnX1N4RTdydjZNOWNfU1R2NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWEv
NmZlMTQ5LThhNzItNDdmZC04NzM1LTdkYzViZGRmOTFiNS8xL1R6dlZib3RVNXRv
bnUtWmlMYXhueV9BcWdlby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAp
BggrBgEFBQcBBwEB/wQaMBgwFgQCAAIwEDAOAwUAKgyPwQMFACoMj8IwDQYJKoZI
hvcNAQELBQADggEBAAp/UHUaHSXeVys+RBVhAHyxVzPZvB0b9y9RUqFNIkf69uBK
J+JGYahNu8zA9y2ioCu4or3GttwgsqKyZo696jotbYGZI++m4qYFGnAGkFll7ppc
G3HcdroEC2PSkphNwWD4uYqP1vUBNySPVrrdmg0EOUotExCMGumVfVi1QS1zOY9I
eb9LIJBtaWUeG5OmzUTtkI1+R/wQ9eAYJOd5P5v9Ebcn783+i8PcBD2Ao9bmQn8D
U4UTNrFWtcclQSZG7zjH7a3brO8hmqbIOI17m1MGB248GvP0dmlGKMoKcSy/GP2O
jSnVtVSM4sgLXkk5IwagEfVBo6wvxSle5dp6Y+g=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:20 2024 by rpki-client on console-fra.rpki-client.org