Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/zFcnSWQIsiDoDZj1XwhG-y7FB_g.roa
File:                     zFcnSWQIsiDoDZj1XwhG-y7FB_g.roa (raw, json)
Hash identifier:          N7jRuu3D8/Uf22S4C02uK7MErP0B3DdImIHZr8Yr6cU=
Subject key identifier:   CC:57:27:49:64:08:B2:20:E8:0D:98:F5:5F:08:46:FB:2E:C5:07:F8
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       43424BFD
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/zFcnSWQIsiDoDZj1XwhG-y7FB_g.roa
Signing time:             Sat 01 Jan 2022 07:59:52 +0000
ROA not before:           Sat 01 Jan 2022 07:59:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     33891
IP address blocks:        2a03:f85:4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1128418301 (0x43424bfd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 07:59:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cc5727496408b220e80d98f55f0846fb2ec507f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:5a:a8:7a:2f:19:92:47:ee:98:64:42:0b:f2:
                    1b:2c:c8:6f:db:0f:a1:1e:bf:0a:a7:3b:9d:e3:22:
                    20:67:3d:4a:35:8b:a9:07:4e:0a:c8:7e:b6:71:50:
                    79:37:be:98:58:af:7f:17:7d:84:e5:f0:42:2b:07:
                    70:8c:c5:0a:b5:53:53:8f:62:7e:4f:cc:77:c6:e2:
                    a3:20:f1:64:c7:5f:28:9b:b9:31:b7:80:54:f1:47:
                    51:eb:38:2e:29:20:df:1d:f2:91:e2:36:6e:b6:89:
                    bf:22:f9:07:50:a5:84:a9:b7:0f:8b:13:68:51:86:
                    a6:ae:1e:b6:7d:78:50:d9:b0:34:55:d9:b8:78:fc:
                    33:fb:6d:ee:70:44:c4:2d:0d:39:47:f4:50:72:14:
                    0b:b0:7a:72:84:28:4a:00:1d:e9:e0:be:38:37:22:
                    b5:31:b7:3f:89:62:b7:d8:b2:f6:aa:3f:23:83:19:
                    5c:9f:ae:87:94:e6:94:b5:4d:c0:5e:7c:12:47:f7:
                    60:a8:73:f3:60:28:4a:db:90:73:9b:b6:ce:0a:8e:
                    8a:97:0a:9f:ad:e3:ea:f7:b1:f1:a7:44:fb:98:b7:
                    c0:2c:47:cc:08:b6:f3:92:d6:fe:e9:85:1e:cd:52:
                    a2:be:d4:41:8e:ce:39:29:e4:96:71:01:ad:1f:15:
                    fd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:57:27:49:64:08:B2:20:E8:0D:98:F5:5F:08:46:FB:2E:C5:07:F8
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/zFcnSWQIsiDoDZj1XwhG-y7FB_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:95:08:cd:0e:13:ba:8a:80:8d:f9:02:1f:43:5e:65:d7:b4:
         e8:13:bb:25:4c:31:e4:52:70:55:f3:91:ff:6e:44:21:57:40:
         af:28:d2:cd:04:23:32:7d:cf:ac:7b:97:42:3a:a7:d9:7b:5b:
         b3:e9:c4:f4:bb:10:42:ca:a9:69:95:e6:de:f2:e5:20:13:0e:
         d3:a3:57:c1:4a:1c:d0:a6:55:91:bb:da:ea:4f:75:4e:c4:e4:
         1f:87:a6:de:1d:cb:cb:bb:00:d9:d0:b8:6b:23:19:ce:6d:8b:
         61:5a:a1:0a:9b:1a:8e:f9:7d:b5:d1:a6:7a:c4:d9:ba:8f:c0:
         e3:5e:99:83:ca:97:40:ac:68:e8:b7:01:f3:10:58:cb:08:75:
         b0:4e:70:3d:55:38:8b:af:b2:0a:80:f1:4c:c2:15:ce:c7:3e:
         fb:4d:80:ce:6d:32:37:46:50:c2:90:69:72:ce:a1:a8:6c:4d:
         4f:8d:bb:dc:5e:5f:2a:9f:50:a9:09:b9:78:cf:2a:d5:ff:04:
         49:3b:97:9a:4f:b6:31:53:9d:27:7e:48:01:c3:de:df:d3:0d:
         4e:ed:c0:05:c3:c3:5a:82:43:f2:01:fa:45:c9:8f:24:b2:dc:
         b3:4f:ba:e7:8c:03:b0:a4:89:f9:f6:f1:7a:70:a2:7d:a4:c4:
         49:15:2a:f1
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEQ0JL/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MjE3YjQ3MmM4NDFjMWQ2ODU1MGEyNGYxOTM2ZDI5Y2M2YzI4ZjZhMB4XDTIyMDEw
MTA3NTk1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2M1NzI3NDk2NDA4
YjIyMGU4MGQ5OGY1NWYwODQ2ZmIyZWM1MDdmODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPJaqHovGZJH7phkQgvyGyzIb9sPoR6/Cqc7neMiIGc9SjWL
qQdOCsh+tnFQeTe+mFivfxd9hOXwQisHcIzFCrVTU49ifk/Md8bioyDxZMdfKJu5
MbeAVPFHUes4Likg3x3ykeI2braJvyL5B1ClhKm3D4sTaFGGpq4etn14UNmwNFXZ
uHj8M/tt7nBExC0NOUf0UHIUC7B6coQoSgAd6eC+ODcitTG3P4lit9iy9qo/I4MZ
XJ+uh5TmlLVNwF58Ekf3YKhz82AoStuQc5u2zgqOipcKn63j6vex8adE+5i3wCxH
zAi285LW/umFHs1Sor7UQY7OOSnklnEBrR8V/a8CAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTMVydJZAiyIOgNmPVfCEb7LsUH+DAfBgNVHSMEGDAWgBTSF7RyyEHB1oVQ
ok8ZNtKcxsKPajAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBoZTBjc2hCd2RhRlVLSlBHVGJTbk1iQ2oyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvMjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8x
L3pGY25TV1FJc2lEb0RaajFYd2hHLXk3RkJfZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
MjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8xLzBoZTBjc2hCd2Rh
RlVLSlBHVGJTbk1iQ2oyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoDD4UABDANBgkqhkiG9w0BAQsF
AAOCAQEAwJUIzQ4TuoqAjfkCH0NeZde06BO7JUwx5FJwVfOR/25EIVdAryjSzQQj
Mn3PrHuXQjqn2Xtbs+nE9LsQQsqpaZXm3vLlIBMO06NXwUoc0KZVkbva6k91TsTk
H4em3h3Ly7sA2dC4ayMZzm2LYVqhCpsajvl9tdGmesTZuo/A416Zg8qXQKxo6LcB
8xBYywh1sE5wPVU4i6+yCoDxTMIVzsc++02Azm0yN0ZQwpBpcs6hqGxNT4273F5f
Kp9QqQm5eM8q1f8ESTuXmk+2MVOdJ35IAcPe39MNTu3ABcPDWoJD8gH6RcmPJLLc
s0+654wDsKSJ+fbxenCifaTESRUq8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:53:51 2024 by rpki-client on console-ams.rpki-client.org