Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/cX8KCCwq-nGXKuWni0Hkw_F7UnA.roa
File:                     cX8KCCwq-nGXKuWni0Hkw_F7UnA.roa (raw, json)
Hash identifier:          0UQGqhTrapghIIAzx4hi825FrufyfuLTcFgE3BP+1lE=
Subject key identifier:   71:7F:0A:08:2C:2A:FA:71:97:2A:E5:A7:8B:41:E4:C3:F1:7B:52:70
Certificate issuer:       /CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
Certificate serial:       0B803BF2
Authority key identifier: B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/cX8KCCwq-nGXKuWni0Hkw_F7UnA.roa
Signing time:             Sat 01 Jan 2022 12:05:54 +0000
ROA not before:           Sat 01 Jan 2022 12:05:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50384
IP address blocks:        2a00:1b30::/33 maxlen: 33

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 192953330 (0xb803bf2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
        Validity
            Not Before: Jan  1 12:05:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=717f0a082c2afa71972ae5a78b41e4c3f17b5270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6b:00:aa:50:dc:b1:33:18:db:7e:e4:fb:a1:
                    20:94:c8:d9:ce:6c:1a:f6:b4:6e:6c:cf:c8:10:fa:
                    bc:be:b2:f4:61:7c:d4:a6:7c:ad:ba:90:6a:55:54:
                    96:2e:fe:ec:ab:25:5a:fd:2c:bb:e1:b7:5b:fb:83:
                    13:ba:59:49:59:7b:5f:62:7f:ce:93:ff:1d:52:89:
                    fd:8d:45:d0:01:e6:03:e6:8d:ef:f8:38:c7:e2:6e:
                    4c:e9:a5:4c:9d:20:8a:9c:b5:97:cf:20:81:17:0d:
                    2a:f6:9a:aa:f5:e1:10:22:db:f9:dd:69:1e:50:5a:
                    35:52:f3:dd:ec:87:42:10:13:29:ae:17:92:40:e3:
                    05:f5:dd:a7:8b:d2:e0:6b:f3:dc:dc:86:8a:9c:eb:
                    7f:c4:76:38:48:14:8e:b3:3a:63:07:6d:2e:aa:3a:
                    0a:fe:24:fe:2e:df:4e:73:34:69:04:8d:2e:f2:d2:
                    32:c4:d6:ac:0a:fb:5c:c3:3b:ba:29:06:cb:9d:b1:
                    a5:13:11:9d:04:34:51:83:b8:3b:3f:d2:f0:79:84:
                    2b:40:72:7b:b9:bb:42:1f:bc:22:0d:01:5e:09:4e:
                    e5:dd:a0:9f:7a:73:5a:b6:50:46:36:15:05:2f:35:
                    0d:d4:0f:cb:87:f9:ab:85:55:e6:e1:56:0a:0d:f4:
                    72:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:7F:0A:08:2C:2A:FA:71:97:2A:E5:A7:8B:41:E4:C3:F1:7B:52:70
            X509v3 Authority Key Identifier:
                keyid:B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/cX8KCCwq-nGXKuWni0Hkw_F7UnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1b30::/33

    Signature Algorithm: sha256WithRSAEncryption
         a4:9a:6c:7b:28:d5:5f:dd:02:3c:c8:f2:33:43:c6:6a:78:f1:
         f5:8e:5e:fe:8b:cc:51:d1:d7:b7:ec:11:04:16:f8:29:d9:d0:
         f1:b7:f6:52:f7:49:ae:9e:bb:1f:b6:a1:ac:21:60:5e:17:f1:
         c2:15:1e:8b:bf:2d:9c:bc:d8:dc:cd:72:b5:da:ac:26:a1:c9:
         b2:19:cb:ba:d0:75:4b:e9:8e:ce:49:24:46:a5:e3:ad:3b:98:
         a6:55:3a:f7:1e:bb:bb:c0:53:63:4f:e9:af:c4:e6:04:4f:0d:
         44:96:1b:ac:db:4d:b9:60:20:0c:27:a5:d2:39:20:fa:a7:45:
         51:9d:15:d4:ea:b8:c5:86:c5:4f:f1:77:f6:49:f5:25:61:8d:
         b7:2e:9d:9f:37:b4:f2:dd:f3:84:dc:da:ba:75:a1:c7:2c:5c:
         95:31:7e:a4:72:f5:40:7b:f2:c5:03:44:01:85:27:10:bc:9e:
         33:73:8b:af:82:09:f7:dd:b2:ee:9d:be:c8:1a:88:85:9d:23:
         78:80:35:d4:ca:2b:ac:3a:6d:4a:f2:16:f1:db:0e:7b:24:23:
         0c:f2:cf:e4:c9:2f:53:97:44:dd:37:3a:29:a1:8f:e9:22:cf:
         19:38:da:4a:fa:b8:d0:c4:6a:f3:2b:7e:1a:ec:e6:f9:b7:5e:
         58:fb:32:dc
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEC4A78jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTQzZmE3MDNmYmVlMDRiYmQ5MWNlNjNhMzIxNDhiMzZiOGU1NWFhMB4XDTIyMDEw
MTEyMDU1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzE3ZjBhMDgyYzJh
ZmE3MTk3MmFlNWE3OGI0MWU0YzNmMTdiNTI3MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL9rAKpQ3LEzGNt+5PuhIJTI2c5sGva0bmzPyBD6vL6y9GF8
1KZ8rbqQalVUli7+7KslWv0su+G3W/uDE7pZSVl7X2J/zpP/HVKJ/Y1F0AHmA+aN
7/g4x+JuTOmlTJ0gipy1l88ggRcNKvaaqvXhECLb+d1pHlBaNVLz3eyHQhATKa4X
kkDjBfXdp4vS4Gvz3NyGipzrf8R2OEgUjrM6YwdtLqo6Cv4k/i7fTnM0aQSNLvLS
MsTWrAr7XMM7uikGy52xpRMRnQQ0UYO4Oz/S8HmEK0Bye7m7Qh+8Ig0BXglO5d2g
n3pzWrZQRjYVBS81DdQPy4f5q4VV5uFWCg30ck0CAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBRxfwoILCr6cZcq5aeLQeTD8XtScDAfBgNVHSMEGDAWgBSxQ/pwP77gS72R
zmOjIUiza45VqjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NVUDZjRC0tNEV1OWtjNWpveUZJczJ1T1Zhby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmEvYjkzNDJmLTU5MTYtNDY0NC1iMWFhLTAwZDFlN2ExNzBhMi8x
L2NYOEtDQ3dxLW5HWEt1V25pMEhrd19GN1VuQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEv
YjkzNDJmLTU5MTYtNDY0NC1iMWFhLTAwZDFlN2ExNzBhMi8xL3NVUDZjRC0tNEV1
OWtjNWpveUZJczJ1T1Zhby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAh
BggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGByoAGzAAMA0GCSqGSIb3DQEBCwUA
A4IBAQCkmmx7KNVf3QI8yPIzQ8ZqePH1jl7+i8xR0de37BEEFvgp2dDxt/ZS90mu
nrsftqGsIWBeF/HCFR6Lvy2cvNjczXK12qwmocmyGcu60HVL6Y7OSSRGpeOtO5im
VTr3Hru7wFNjT+mvxOYETw1Elhus2025YCAMJ6XSOSD6p0VRnRXU6rjFhsVP8Xf2
SfUlYY23Lp2fN7Ty3fOE3Nq6daHHLFyVMX6kcvVAe/LFA0QBhScQvJ4zc4uvggn3
3bLunb7IGoiFnSN4gDXUyiusOm1K8hbx2w57JCMM8s/kyS9Tl0TdNzopoY/pIs8Z
ONpK+rjQxGrzK34a7Ob5t15Y+zLc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:53 2024 by rpki-client on console-ams.rpki-client.org