Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/R0wJm-Wa0DGCA1ldNBstdom60ss.roa
File:                     R0wJm-Wa0DGCA1ldNBstdom60ss.roa (raw, json)
Hash identifier:          2DSw4hexPb0m2MBlmAQXy+sF17FbqHjfX0gApzNfgE0=
Subject key identifier:   47:4C:09:9B:E5:9A:D0:31:82:03:59:5D:34:1B:2D:76:89:BA:D2:CB
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       05D9FCF0
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/R0wJm-Wa0DGCA1ldNBstdom60ss.roa
Signing time:             Fri 08 Apr 2022 10:04:25 +0000
ROA not before:           Fri 08 Apr 2022 10:04:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210075
IP address blocks:        2a06:1e00:27::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 98172144 (0x5d9fcf0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Apr  8 10:04:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=474c099be59ad0318203595d341b2d7689bad2cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e9:5f:be:f1:6d:57:f0:9b:d2:73:e7:a2:91:
                    71:8b:ac:7e:6b:b4:53:0b:19:0c:c9:6a:e2:72:26:
                    2d:39:42:27:ad:d2:da:41:3d:df:27:d0:30:23:e7:
                    fa:d0:ac:38:6d:2a:e4:64:c1:e3:e7:49:5d:af:3f:
                    c5:74:eb:10:82:ee:5a:fa:3d:78:04:e5:d5:00:e5:
                    ed:bb:5e:ae:3b:04:b8:81:8c:0a:37:6e:9d:0d:10:
                    8b:15:06:b2:e7:1b:ce:66:f6:7f:ac:ff:3a:e7:ad:
                    a3:c5:fb:92:d0:8b:d2:85:cd:3e:43:18:e0:34:ff:
                    2a:b4:8d:e9:5a:83:c7:79:fa:02:dd:a1:a1:b2:12:
                    fa:2d:83:b6:8b:dc:d0:f1:9a:df:71:a9:bc:18:37:
                    9b:da:d4:1e:0d:8c:ad:a0:d4:f8:69:7b:2b:71:9c:
                    9a:ff:d2:be:27:f3:4c:18:5a:f7:d7:c9:83:f7:43:
                    1b:c7:7e:4b:13:33:61:f2:e8:98:53:bf:70:dd:b8:
                    73:05:85:51:2a:63:39:46:ef:56:f2:f2:27:1f:9b:
                    3f:3e:56:c1:0c:f6:ea:3e:ff:61:46:91:31:da:2e:
                    84:25:4a:a7:ce:bf:61:dd:25:22:03:08:66:3c:0d:
                    2e:70:eb:b8:06:1e:50:35:c8:24:4a:8d:40:92:41:
                    8f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:4C:09:9B:E5:9A:D0:31:82:03:59:5D:34:1B:2D:76:89:BA:D2:CB
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/R0wJm-Wa0DGCA1ldNBstdom60ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1e00:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:71:0d:f2:b7:33:24:13:da:40:af:02:90:fe:2c:47:48:55:
         63:0b:a3:ae:2d:e9:e7:22:63:45:c4:78:eb:f8:50:ba:41:71:
         cf:ec:cf:69:51:85:55:20:cf:88:a6:4e:d7:90:31:0e:cb:53:
         b7:76:82:77:2d:e7:e7:70:31:2f:8b:a5:1e:0a:10:12:6e:6e:
         74:38:95:3f:50:15:5b:fc:c8:72:2c:a1:7e:30:05:d7:2d:0e:
         97:7c:5d:b1:16:22:cc:cf:db:f4:42:e8:4f:1e:62:18:0b:33:
         90:78:0b:f9:d6:22:58:04:24:1a:58:d1:5a:10:9f:b4:b8:7e:
         15:4a:54:71:e3:b3:fc:e9:7e:e0:a8:9d:95:67:cd:02:4b:a2:
         62:8e:df:5a:c4:fb:69:78:ed:92:77:f2:76:86:98:cd:44:7d:
         a0:f9:a7:cd:22:d6:34:68:25:95:83:5d:48:39:aa:d5:3f:ce:
         33:ef:e7:76:92:9a:ae:87:5a:89:6d:3c:0e:68:7f:d2:c9:a6:
         46:35:b2:5a:8a:3c:03:d8:69:58:c6:3e:cd:63:de:cd:a4:a4:
         f5:2b:d8:d0:db:50:fc:2a:1d:b1:c1:07:25:ff:79:af:47:8f:
         a2:4a:e3:0d:7b:5d:be:9f:bf:8b:d5:9f:6a:f9:2c:80:12:21:
         5e:6c:05:15
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEBdn88DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MTFkNjgxNDM3NTI3MWQxYTNjYmQxMjE1NWRiMTFkMmJkNDFhOGQzMB4XDTIyMDQw
ODEwMDQyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDc0YzA5OWJlNTlh
ZDAzMTgyMDM1OTVkMzQxYjJkNzY4OWJhZDJjYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMHpX77xbVfwm9Jz56KRcYusfmu0UwsZDMlq4nImLTlCJ63S
2kE93yfQMCPn+tCsOG0q5GTB4+dJXa8/xXTrEILuWvo9eATl1QDl7bterjsEuIGM
CjdunQ0QixUGsucbzmb2f6z/Oueto8X7ktCL0oXNPkMY4DT/KrSN6VqDx3n6At2h
obIS+i2Dtovc0PGa33GpvBg3m9rUHg2MraDU+Gl7K3Gcmv/SvifzTBha99fJg/dD
G8d+SxMzYfLomFO/cN24cwWFUSpjOUbvVvLyJx+bPz5WwQz26j7/YUaRMdouhCVK
p86/Yd0lIgMIZjwNLnDruAYeUDXIJEqNQJJBj/UCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRHTAmb5ZrQMYIDWV00Gy12ibrSyzAfBgNVHSMEGDAWgBQRHWgUN1Jx0aPL
0SFV2xHSvUGo0zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VSMW9GRGRTY2RHank5RWhWZHNSMHIxQnFOTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjEvYThiMTRiLWZiMjUtNDdmOC04YjBkLTI3MWQyNWUyMDU3NC8x
L1Iwd0ptLVdhMERHQ0ExbGROQnN0ZG9tNjBzcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEv
YThiMTRiLWZiMjUtNDdmOC04YjBkLTI3MWQyNWUyMDU3NC8xL0VSMW9GRGRTY2RH
ank5RWhWZHNSMHIxQnFOTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoGHgAAJzANBgkqhkiG9w0BAQsF
AAOCAQEAGHEN8rczJBPaQK8CkP4sR0hVYwujri3p5yJjRcR46/hQukFxz+zPaVGF
VSDPiKZO15AxDstTt3aCdy3n53AxL4ulHgoQEm5udDiVP1AVW/zIciyhfjAF1y0O
l3xdsRYizM/b9ELoTx5iGAszkHgL+dYiWAQkGljRWhCftLh+FUpUceOz/Ol+4Kid
lWfNAkuiYo7fWsT7aXjtknfydoaYzUR9oPmnzSLWNGgllYNdSDmq1T/OM+/ndpKa
rodaiW08Dmh/0smmRjWyWoo8A9hpWMY+zWPezaSk9SvY0NtQ/CodscEHJf95r0eP
okrjDXtdvp+/i9WfavksgBIhXmwFFQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:17 2024 by rpki-client on console-fra.rpki-client.org