Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/FNqLRuc3DPY092GZVLxtfsDe4e0.roa
File:                     FNqLRuc3DPY092GZVLxtfsDe4e0.roa (raw, json)
Hash identifier:          xlqaLajeTEHO9qsJuGuYgvHxW5Ij5Ki/yYyyqRQUpk8=
Subject key identifier:   14:DA:8B:46:E7:37:0C:F6:34:F7:61:99:54:BC:6D:7E:C0:DE:E1:ED
Certificate issuer:       /CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
Certificate serial:       0B914A52
Authority key identifier: 9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/FNqLRuc3DPY092GZVLxtfsDe4e0.roa
Signing time:             Wed 20 Apr 2022 09:07:44 +0000
ROA not before:           Wed 20 Apr 2022 09:07:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        2a05:9bc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 194071122 (0xb914a52)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
        Validity
            Not Before: Apr 20 09:07:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=14da8b46e7370cf634f7619954bc6d7ec0dee1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ab:c8:dd:a9:7b:41:82:db:49:ad:f4:63:19:
                    e2:05:0b:12:53:e8:7b:13:13:e7:4e:62:c2:de:03:
                    aa:be:78:1e:3b:96:4a:a3:c7:83:71:5b:d4:0d:ba:
                    bf:21:70:e0:b9:a2:5b:8f:11:59:1d:a5:74:f1:59:
                    74:b5:53:30:86:e6:d5:c7:e6:0a:a6:ab:f0:f3:21:
                    63:16:0b:d6:e3:17:18:c0:5b:9a:01:5a:c2:32:88:
                    b1:c6:05:9d:73:fe:69:e1:62:7c:f6:f0:85:6e:c9:
                    ba:00:41:0f:30:12:f7:72:a3:30:51:0b:bd:14:c0:
                    76:11:e9:94:bb:ec:89:4c:fc:7e:6e:fe:e7:c5:43:
                    8c:b9:4b:85:f9:d5:ec:4d:05:f5:a0:bf:a3:da:04:
                    dc:1e:62:cd:ca:cc:20:97:0d:85:71:76:84:44:dd:
                    81:e3:8e:03:91:53:68:c4:3c:c4:a9:27:cd:78:96:
                    d5:4f:54:08:e3:3b:0d:5b:72:e3:98:6c:b7:06:f3:
                    a6:5a:43:8d:66:00:d5:d3:a0:12:d7:8a:dd:0c:6c:
                    ed:36:d7:56:f4:48:1a:00:ba:94:c2:89:5f:e7:3e:
                    d9:ae:78:56:85:16:98:a4:9b:ba:6a:f9:83:34:98:
                    95:5e:ba:5f:59:7b:d7:c8:ab:84:32:33:0b:4e:24:
                    f0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DA:8B:46:E7:37:0C:F6:34:F7:61:99:54:BC:6D:7E:C0:DE:E1:ED
            X509v3 Authority Key Identifier:
                keyid:9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/FNqLRuc3DPY092GZVLxtfsDe4e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/nVE44frPe2XbtXX6fUckDCeLNN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:ae:76:e2:9c:40:5d:fc:1a:1a:f7:22:73:3d:55:57:f3:8d:
         2c:14:ee:28:c8:c9:11:17:a4:75:17:14:7e:40:31:5b:2e:be:
         2e:3b:e3:33:0d:d9:9f:eb:dc:c9:32:34:51:fd:f3:0f:b7:4c:
         0d:25:08:03:23:e1:53:4e:af:5b:9f:96:65:75:17:15:86:56:
         2a:fc:57:78:60:f2:3e:69:57:1a:10:9c:7f:8e:ab:be:2e:f8:
         87:a1:ce:dd:d1:70:7a:ae:e4:51:20:12:aa:26:1b:54:ce:dd:
         bd:7d:05:1c:dc:a9:39:67:dc:63:ab:0e:63:c0:35:fe:18:3b:
         14:11:19:50:99:45:da:b0:ad:c4:62:ac:c8:63:f7:c1:6e:fd:
         6a:54:de:7f:b0:ad:11:42:56:6f:85:d1:67:77:e4:92:bb:95:
         67:c6:b9:4d:32:b1:38:f8:d3:f9:ab:35:27:0a:12:e0:57:7a:
         a3:4f:4c:c9:da:ba:1e:19:c1:dc:25:2a:b0:26:18:7b:78:63:
         76:12:6a:d5:30:75:f5:76:b7:d0:01:73:71:70:09:0f:8a:ca:
         f3:3d:3b:14:ea:3a:a7:fa:88:31:d2:0a:8d:3d:21:16:07:b8:
         15:60:c3:9d:b3:0d:80:00:10:a5:81:d7:f0:f8:a2:c0:b9:e6:
         1b:fc:44:63
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIEC5FKUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZDUxMzhlMWZhY2Y3YjY1ZGJiNTc1ZmE3ZDQ3MjQwYzI3OGIzNGRmMB4XDTIyMDQy
MDA5MDc0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTRkYThiNDZlNzM3
MGNmNjM0Zjc2MTk5NTRiYzZkN2VjMGRlZTFlZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN2ryN2pe0GC20mt9GMZ4gULElPoexMT505iwt4Dqr54HjuW
SqPHg3Fb1A26vyFw4LmiW48RWR2ldPFZdLVTMIbm1cfmCqar8PMhYxYL1uMXGMBb
mgFawjKIscYFnXP+aeFifPbwhW7JugBBDzAS93KjMFELvRTAdhHplLvsiUz8fm7+
58VDjLlLhfnV7E0F9aC/o9oE3B5izcrMIJcNhXF2hETdgeOOA5FTaMQ8xKknzXiW
1U9UCOM7DVty45hstwbzplpDjWYA1dOgEteK3Qxs7TbXVvRIGgC6lMKJX+c+2a54
VoUWmKSbumr5gzSYlV66X1l718irhDIzC04k8EsCAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBQU2otG5zcM9jT3YZlUvG1+wN7h7TAfBgNVHSMEGDAWgBSdUTjh+s97Zdu1
dfp9RyQMJ4s03zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25WRTQ0ZnJQZTJYYnRYWDZmVWNrRENlTE5OOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTMvZDAwMWZmLTgzMjMtNGI4OS1iZTNkLWMyZWZlYjNiMzJhNS8x
L0ZOcUxSdWMzRFBZMDkyR1pWTHh0ZnNEZTRlMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMv
ZDAwMWZmLTgzMjMtNGI4OS1iZTNkLWMyZWZlYjNiMzJhNS8xL25WRTQ0ZnJQZTJY
YnRYWDZmVWNrRENlTE5OOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoFm8AwDQYJKoZIhvcNAQELBQAD
ggEBACeuduKcQF38Ghr3InM9VVfzjSwU7ijIyREXpHUXFH5AMVsuvi474zMN2Z/r
3MkyNFH98w+3TA0lCAMj4VNOr1uflmV1FxWGVir8V3hg8j5pVxoQnH+Oq74u+Ieh
zt3RcHqu5FEgEqomG1TO3b19BRzcqTln3GOrDmPANf4YOxQRGVCZRdqwrcRirMhj
98Fu/WpU3n+wrRFCVm+F0Wd35JK7lWfGuU0ysTj40/mrNScKEuBXeqNPTMnauh4Z
wdwlKrAmGHt4Y3YSatUwdfV2t9ABc3FwCQ+KyvM9OxTqOqf6iDHSCo09IRYHuBVg
w52zDYAAEKWB1/D4osC55hv8RGM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:00 2024 by rpki-client on console-fra.rpki-client.org