Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/XIiRZyY6aGYQFag6nXwDLsv5c7Q.roa
File:                     XIiRZyY6aGYQFag6nXwDLsv5c7Q.roa (raw, json)
Hash identifier:          AEIJViLiAerZNZRpH83gQ1xXmXh2wDnq3d6tTksNeUk=
Subject key identifier:   5C:88:91:67:26:3A:68:66:10:15:A8:3A:9D:7C:03:2E:CB:F9:73:B4
Certificate issuer:       /CN=940e2a716e5d89895dfea2ef2903081dede99c68
Certificate serial:       036FC314
Authority key identifier: 94:0E:2A:71:6E:5D:89:89:5D:FE:A2:EF:29:03:08:1D:ED:E9:9C:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lA4qcW5diYld_qLvKQMIHe3pnGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/XIiRZyY6aGYQFag6nXwDLsv5c7Q.roa
Signing time:             Sat 01 Jan 2022 06:52:50 +0000
ROA not before:           Sat 01 Jan 2022 06:52:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31317
IP address blocks:        2001:678:970::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57656084 (0x36fc314)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940e2a716e5d89895dfea2ef2903081dede99c68
        Validity
            Not Before: Jan  1 06:52:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c889167263a68661015a83a9d7c032ecbf973b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2d:2c:c4:c6:c3:07:5d:e7:57:b7:83:1c:61:
                    42:64:3f:b9:03:a0:af:f6:73:a7:c4:6c:9f:f4:f9:
                    f3:12:bb:17:b0:75:73:36:e5:ed:09:2c:d3:12:60:
                    6d:8d:b3:7d:3c:d1:ac:6f:0a:51:33:95:1f:65:92:
                    33:14:4e:8e:a0:a8:90:5f:54:50:e2:d6:30:54:19:
                    6c:c6:e1:34:45:ec:4b:d5:58:c2:2f:20:eb:47:42:
                    5f:69:8e:f9:6d:dd:53:87:fd:e1:d8:7f:c2:e2:de:
                    5d:c7:9d:aa:2b:9b:f2:ae:f2:50:e6:2a:e0:3f:72:
                    c8:2a:e6:10:c6:f6:49:65:41:c5:be:cf:5b:19:70:
                    ee:8f:94:c8:f8:90:f7:90:65:7e:78:c6:49:d9:40:
                    53:6c:ac:66:f3:e5:77:d2:ca:1f:08:f3:43:2e:5b:
                    12:a0:0a:a9:f8:7f:a5:d6:ff:c0:6e:91:10:be:98:
                    d0:d6:5b:c2:4b:39:e2:19:f1:7a:0f:04:01:a5:7f:
                    79:bf:bc:20:0a:1c:c8:8c:ee:4c:90:64:cd:76:18:
                    5f:f3:cf:88:d1:2b:3f:86:8d:9b:17:8e:1d:3b:25:
                    22:79:2f:12:b0:09:67:b6:37:2b:93:ea:f9:fa:b8:
                    73:c4:e8:66:61:46:e1:65:cd:e5:c2:15:59:83:f8:
                    a4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:88:91:67:26:3A:68:66:10:15:A8:3A:9D:7C:03:2E:CB:F9:73:B4
            X509v3 Authority Key Identifier:
                keyid:94:0E:2A:71:6E:5D:89:89:5D:FE:A2:EF:29:03:08:1D:ED:E9:9C:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lA4qcW5diYld_qLvKQMIHe3pnGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/XIiRZyY6aGYQFag6nXwDLsv5c7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/lA4qcW5diYld_qLvKQMIHe3pnGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:970::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:69:6e:6b:3c:e8:80:47:3e:68:4a:53:39:86:f3:75:50:98:
         f8:fb:b6:62:28:ee:e7:55:1f:df:f0:a4:1e:e2:ea:5a:5d:fb:
         d5:65:c0:08:19:fc:94:d0:0c:60:45:00:e2:46:1d:3f:37:27:
         90:ff:6d:47:b2:55:1d:88:83:9d:8c:a0:65:23:c7:35:2b:d9:
         e2:d3:91:a2:e9:05:78:d7:00:a6:94:81:12:e1:5b:6c:81:8a:
         fd:bf:cf:d7:40:51:57:fe:84:81:43:6d:14:54:49:f6:b6:2c:
         9d:86:f7:dd:76:15:2c:ba:81:d5:b6:5f:4f:54:20:57:fa:55:
         a5:b7:f1:9e:0f:29:db:0f:9f:5f:aa:4d:86:7e:93:ef:9e:81:
         c8:44:d9:32:74:30:46:50:3e:7a:50:80:43:4f:a3:4f:6f:fe:
         0c:e6:46:21:bb:d3:ed:54:7e:1f:ef:cd:6d:e1:45:54:51:82:
         98:61:14:cd:ca:9b:92:78:b8:47:c5:ab:e4:6a:bc:4a:35:67:
         3b:91:13:33:04:cf:b1:50:22:46:aa:c0:e8:55:25:78:df:8e:
         49:4a:ff:2a:5c:1f:a5:45:90:2a:9c:f9:e8:10:c2:dc:7a:9c:
         3e:65:b1:b1:d5:ef:d1:56:fc:b1:42:54:a8:1a:3b:3a:83:13:
         84:a2:26:b9
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEA2/DFDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDBlMmE3MTZlNWQ4OTg5NWRmZWEyZWYyOTAzMDgxZGVkZTk5YzY4MB4XDTIyMDEw
MTA2NTI1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWM4ODkxNjcyNjNh
Njg2NjEwMTVhODNhOWQ3YzAzMmVjYmY5NzNiNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANEtLMTGwwdd51e3gxxhQmQ/uQOgr/Zzp8Rsn/T58xK7F7B1
czbl7Qks0xJgbY2zfTzRrG8KUTOVH2WSMxROjqCokF9UUOLWMFQZbMbhNEXsS9VY
wi8g60dCX2mO+W3dU4f94dh/wuLeXcedqiub8q7yUOYq4D9yyCrmEMb2SWVBxb7P
Wxlw7o+UyPiQ95BlfnjGSdlAU2ysZvPld9LKHwjzQy5bEqAKqfh/pdb/wG6REL6Y
0NZbwks54hnxeg8EAaV/eb+8IAocyIzuTJBkzXYYX/PPiNErP4aNmxeOHTslInkv
ErAJZ7Y3K5Pq+fq4c8ToZmFG4WXN5cIVWYP4pHUCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRciJFnJjpoZhAVqDqdfAMuy/lztDAfBgNVHSMEGDAWgBSUDipxbl2JiV3+
ou8pAwgd7emcaDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xBNHFjVzVkaVlsZF9xTHZLUU1JSGUzcG5HZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmIvODUxZDY2LWI5NTYtNGJjZS04YmQ2LTU0NTE0NDFlYTYzMy8x
L1hJaVJaeVk2YUdZUUZhZzZuWHdETHN2NWM3US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmIv
ODUxZDY2LWI5NTYtNGJjZS04YmQ2LTU0NTE0NDFlYTYzMy8xL2xBNHFjVzVkaVls
ZF9xTHZLUU1JSGUzcG5HZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngJcDANBgkqhkiG9w0BAQsF
AAOCAQEAMGluazzogEc+aEpTOYbzdVCY+Pu2Yiju51Uf3/CkHuLqWl371WXACBn8
lNAMYEUA4kYdPzcnkP9tR7JVHYiDnYygZSPHNSvZ4tORoukFeNcAppSBEuFbbIGK
/b/P10BRV/6EgUNtFFRJ9rYsnYb33XYVLLqB1bZfT1QgV/pVpbfxng8p2w+fX6pN
hn6T756ByETZMnQwRlA+elCAQ0+jT2/+DOZGIbvT7VR+H+/NbeFFVFGCmGEUzcqb
kni4R8Wr5Gq8SjVnO5ETMwTPsVAiRqrA6FUleN+OSUr/KlwfpUWQKpz56BDC3Hqc
PmWxsdXv0Vb8sUJUqBo7OoMThKImuQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:59 2024 by rpki-client on console-ams.rpki-client.org