Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/fa17f3-2d73-4584-afac-1e2273f5eb19/1/ZeTcJlsnVWgxQdYQZlJInj4n-fI.roa
File:                     ZeTcJlsnVWgxQdYQZlJInj4n-fI.roa (raw, json)
Hash identifier:          REKI3PB8HzdzF9ULkKaK0wQYL/bZB8VSCqdXaQCObzY=
Subject key identifier:   65:E4:DC:26:5B:27:55:68:31:41:D6:10:66:52:48:9E:3E:27:F9:F2
Certificate issuer:       /CN=4dd5017171cb486228461ca078591bacac24b6cd
Certificate serial:       88CE1C
Authority key identifier: 4D:D5:01:71:71:CB:48:62:28:46:1C:A0:78:59:1B:AC:AC:24:B6:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdUBcXHLSGIoRhygeFkbrKwkts0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/fa17f3-2d73-4584-afac-1e2273f5eb19/1/ZeTcJlsnVWgxQdYQZlJInj4n-fI.roa
Signing time:             Sat 01 Jan 2022 02:01:38 +0000
ROA not before:           Sat 01 Jan 2022 02:01:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        2a12:2400::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8965660 (0x88ce1c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd5017171cb486228461ca078591bacac24b6cd
        Validity
            Not Before: Jan  1 02:01:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=65e4dc265b2755683141d6106652489e3e27f9f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7f:6f:9d:65:e0:bc:66:c1:4d:33:68:8f:d7:
                    89:e5:a4:c9:2e:80:c5:f5:63:4c:2f:e0:93:5a:67:
                    e0:a7:1a:6e:7c:5a:f2:60:ce:e1:b3:45:04:d4:5d:
                    ff:a0:63:62:63:f1:e3:66:a1:86:4d:91:1a:28:92:
                    e3:97:40:58:16:f2:bf:c4:a4:5f:d4:9b:97:cd:2f:
                    78:9b:68:35:8e:74:5f:2c:fc:fb:5e:82:9d:67:9c:
                    d7:15:c8:19:c3:6f:95:28:93:bf:28:82:41:b7:2c:
                    c3:30:f1:56:51:ef:2b:77:84:3a:dc:b8:28:f8:5e:
                    a9:86:22:bb:72:c3:f1:ba:2f:cb:a8:ae:cd:1e:55:
                    96:c0:16:32:fd:95:22:b8:31:6a:fd:79:0a:09:fc:
                    9e:12:9c:ee:88:78:48:6d:ac:86:dd:8a:5e:7f:b4:
                    f3:16:7c:b8:c5:ba:61:0e:2f:74:78:11:e9:8a:ed:
                    b1:e7:41:85:10:cd:60:8b:be:e6:fe:b1:9d:43:7a:
                    7f:66:f3:e8:2f:ac:72:53:46:71:20:39:71:1a:84:
                    1d:52:91:f0:eb:19:9b:89:4b:e0:b8:20:be:5a:12:
                    ca:52:af:4b:fe:46:5f:96:21:81:c4:9a:bf:c4:fa:
                    2d:76:a1:59:c0:52:45:7d:72:0b:7b:99:cb:61:d7:
                    0d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E4:DC:26:5B:27:55:68:31:41:D6:10:66:52:48:9E:3E:27:F9:F2
            X509v3 Authority Key Identifier:
                keyid:4D:D5:01:71:71:CB:48:62:28:46:1C:A0:78:59:1B:AC:AC:24:B6:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdUBcXHLSGIoRhygeFkbrKwkts0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/fa17f3-2d73-4584-afac-1e2273f5eb19/1/ZeTcJlsnVWgxQdYQZlJInj4n-fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/fa17f3-2d73-4584-afac-1e2273f5eb19/1/TdUBcXHLSGIoRhygeFkbrKwkts0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:2400::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:48:d5:85:f3:35:f3:70:c7:2e:29:b3:de:52:38:5c:5e:8e:
         36:56:35:16:96:af:97:b4:b1:9e:6e:f0:10:a7:5f:04:71:a8:
         b3:83:3b:3a:b2:21:7c:a7:7d:f3:13:05:40:02:76:dd:27:db:
         e5:55:94:a3:08:5c:0a:a0:51:f4:0d:1e:1b:5f:36:81:4b:29:
         89:a5:9b:74:f7:7c:46:b1:bb:99:6a:b4:b1:07:05:03:bb:92:
         84:76:d6:00:ff:fb:76:83:a6:7e:10:7f:b2:d2:26:ca:69:a6:
         90:57:c1:d4:28:a5:6b:c3:89:ec:ec:d6:66:a2:77:5b:8a:45:
         d8:78:db:95:3d:d7:98:87:ce:69:30:c6:1f:4a:89:9f:95:83:
         93:18:ae:7d:5b:39:4b:28:6b:14:82:9c:44:77:a9:a6:5c:de:
         de:9a:27:d2:03:5d:00:26:6e:b7:ff:12:7a:80:18:c4:b3:c3:
         5f:e6:d0:69:ed:60:ef:5f:5e:c4:e5:17:87:3b:af:23:c3:a8:
         43:ae:1a:13:61:91:6f:27:ac:41:ff:0e:1f:58:f6:e1:f6:f0:
         98:71:73:f2:b8:3e:cc:ef:26:6a:d0:a9:36:4a:68:ec:60:6b:
         3e:c6:6d:40:f0:cf:22:a1:f1:89:18:bd:c4:a7:7f:15:bd:d4:
         4b:29:22:c8
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIEAIjOHDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZGQ1MDE3MTcxY2I0ODYyMjg0NjFjYTA3ODU5MWJhY2FjMjRiNmNkMB4XDTIyMDEw
MTAyMDEzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjVlNGRjMjY1YjI3
NTU2ODMxNDFkNjEwNjY1MjQ4OWUzZTI3ZjlmMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANV/b51l4LxmwU0zaI/XieWkyS6AxfVjTC/gk1pn4Kcabnxa
8mDO4bNFBNRd/6BjYmPx42ahhk2RGiiS45dAWBbyv8SkX9Sbl80veJtoNY50Xyz8
+16CnWec1xXIGcNvlSiTvyiCQbcswzDxVlHvK3eEOty4KPheqYYiu3LD8bovy6iu
zR5VlsAWMv2VIrgxav15Cgn8nhKc7oh4SG2sht2KXn+08xZ8uMW6YQ4vdHgR6Yrt
sedBhRDNYIu+5v6xnUN6f2bz6C+sclNGcSA5cRqEHVKR8OsZm4lL4LggvloSylKv
S/5GX5YhgcSav8T6LXahWcBSRX1yC3uZy2HXDS0CAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBRl5NwmWydVaDFB1hBmUkiePif58jAfBgNVHSMEGDAWgBRN1QFxcctIYihG
HKB4WRusrCS2zTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RkVUJjWEhMU0dJb1JoeWdlRmtickt3a3RzMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvZmExN2YzLTJkNzMtNDU4NC1hZmFjLTFlMjI3M2Y1ZWIxOS8x
L1plVGNKbHNuVldneFFkWVFabEpJbmo0bi1mSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYv
ZmExN2YzLTJkNzMtNDU4NC1hZmFjLTFlMjI3M2Y1ZWIxOS8xL1RkVUJjWEhMU0dJ
b1JoeWdlRmtickt3a3RzMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoSJAAwDQYJKoZIhvcNAQELBQAD
ggEBAENI1YXzNfNwxy4ps95SOFxejjZWNRaWr5e0sZ5u8BCnXwRxqLODOzqyIXyn
ffMTBUACdt0n2+VVlKMIXAqgUfQNHhtfNoFLKYmlm3T3fEaxu5lqtLEHBQO7koR2
1gD/+3aDpn4Qf7LSJsppppBXwdQopWvDiezs1maid1uKRdh425U915iHzmkwxh9K
iZ+Vg5MYrn1bOUsoaxSCnER3qaZc3t6aJ9IDXQAmbrf/EnqAGMSzw1/m0GntYO9f
XsTlF4c7ryPDqEOuGhNhkW8nrEH/Dh9Y9uH28Jhxc/K4PszvJmrQqTZKaOxgaz7G
bUDwzyKh8YkYvcSnfxW91EspIsg=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:57 2023 by rpki-client on console-ams.rpki-client.org