Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/KXf6A_WDSY3CM6spnpnHguY4ZYE.roa
File:                     KXf6A_WDSY3CM6spnpnHguY4ZYE.roa (raw, json)
Hash identifier:          crlJ2gCUrYevqVTbBfRdVRoZ1JTYWCanN2DmLIPXnzo=
Subject key identifier:   29:77:FA:03:F5:83:49:8D:C2:33:AB:29:9E:99:C7:82:E6:38:65:81
Certificate issuer:       /CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
Certificate serial:       079590A5
Authority key identifier: 4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/KXf6A_WDSY3CM6spnpnHguY4ZYE.roa
Signing time:             Sat 01 Jan 2022 16:05:02 +0000
ROA not before:           Sat 01 Jan 2022 16:05:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42905
IP address blocks:        2a02:680:9100::/40 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 127242405 (0x79590a5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
        Validity
            Not Before: Jan  1 16:05:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2977fa03f583498dc233ab299e99c782e6386581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ff:b4:f9:26:46:40:2b:3b:3e:4e:30:95:e0:
                    01:11:ea:8e:23:a4:6d:6b:ce:9e:c3:7b:0d:98:ea:
                    27:b2:1f:53:5e:f6:50:09:b3:04:47:8d:f1:45:44:
                    89:88:ae:c3:55:0b:c3:47:b8:f4:c4:94:d5:29:6a:
                    b3:e1:80:64:15:d2:15:b5:5b:24:90:96:9c:90:d4:
                    45:aa:d1:83:08:43:d1:74:7d:0c:22:bb:f6:55:c6:
                    20:e2:76:82:d6:cd:d6:1d:d6:09:87:86:a1:af:e7:
                    7a:25:30:54:57:f1:4d:93:3f:db:26:32:da:20:85:
                    6c:9f:ad:66:44:eb:0a:90:74:06:0c:4e:03:65:16:
                    84:2a:05:64:d9:1e:2b:fc:53:23:69:f9:0f:4d:b6:
                    3b:38:4a:ad:af:a6:02:3f:62:3f:83:7e:58:f1:fb:
                    73:40:5e:ee:f6:ce:71:5a:5d:5b:90:07:ba:1b:e1:
                    8a:66:92:b8:12:e0:e0:58:4e:93:79:ae:15:c0:b4:
                    3d:34:3c:00:b0:48:96:cf:80:ad:58:cd:7f:5c:a2:
                    a8:2a:6c:d3:2b:4d:8c:05:23:f7:00:24:f1:58:68:
                    34:57:cc:1f:2d:a2:25:99:05:49:14:d6:fe:96:a9:
                    ca:06:a3:85:bd:fc:d4:b5:20:18:d1:26:cc:30:05:
                    c2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:77:FA:03:F5:83:49:8D:C2:33:AB:29:9E:99:C7:82:E6:38:65:81
            X509v3 Authority Key Identifier:
                keyid:4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/KXf6A_WDSY3CM6spnpnHguY4ZYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:680:9100::/40

    Signature Algorithm: sha256WithRSAEncryption
         aa:b3:5a:3e:31:fb:f5:6f:15:95:9f:ab:25:01:ed:4f:7c:a7:
         87:e3:34:f3:b2:d6:44:44:a2:22:38:fa:ae:4d:7e:5b:40:df:
         1f:7c:90:5a:cd:37:4b:6a:d3:19:30:66:50:5d:de:11:e6:b3:
         7a:41:ab:c3:51:dd:70:e1:26:b0:1c:24:60:45:4d:99:2b:17:
         7f:36:9b:c8:f4:9f:ec:d7:dd:29:b1:90:0a:10:c6:ec:19:27:
         ed:f7:2a:2f:09:cc:16:96:e8:82:38:96:e4:96:0c:28:84:26:
         1f:17:a8:b3:bd:e3:94:7d:93:5d:3f:0f:3f:de:4d:34:02:c5:
         79:52:da:2e:b7:58:64:50:2f:8d:ec:8d:68:3a:b6:1c:fc:bd:
         5b:28:a2:df:22:a8:82:c8:a6:5a:f8:36:81:5d:f1:f1:3f:77:
         3a:5a:3e:cb:3f:f2:5f:ad:c8:f7:60:03:ac:38:5c:d9:d2:e3:
         15:e0:de:0a:30:a5:52:24:31:73:57:0f:68:d0:66:72:91:cb:
         ed:07:b2:8f:33:66:f7:1f:73:03:08:a8:33:e6:90:5e:b0:4e:
         43:ed:d2:d4:59:29:07:4c:a4:80:2a:f3:e1:6c:d9:95:79:4f:
         72:9b:47:77:a7:24:20:9b:43:d8:ac:59:62:0c:6b:cf:20:ef:
         f4:f0:00:b5
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEB5WQpTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
YzkxMTMyNGU4NjliYzRjYTVlYzhiYWQwZDNkZGZmNjg1NDQxOTc5MB4XDTIyMDEw
MTE2MDUwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjk3N2ZhMDNmNTgz
NDk4ZGMyMzNhYjI5OWU5OWM3ODJlNjM4NjU4MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALf/tPkmRkArOz5OMJXgARHqjiOkbWvOnsN7DZjqJ7IfU172
UAmzBEeN8UVEiYiuw1ULw0e49MSU1Slqs+GAZBXSFbVbJJCWnJDURarRgwhD0XR9
DCK79lXGIOJ2gtbN1h3WCYeGoa/neiUwVFfxTZM/2yYy2iCFbJ+tZkTrCpB0BgxO
A2UWhCoFZNkeK/xTI2n5D022OzhKra+mAj9iP4N+WPH7c0Be7vbOcVpdW5AHuhvh
imaSuBLg4FhOk3muFcC0PTQ8ALBIls+ArVjNf1yiqCps0ytNjAUj9wAk8VhoNFfM
Hy2iJZkFSRTW/papygajhb381LUgGNEmzDAFwtkCAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBQpd/oD9YNJjcIzqymemceC5jhlgTAfBgNVHSMEGDAWgBRMkRMk6Gm8TKXs
i60NPd/2hUQZeTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RKRVRKT2hwdkV5bDdJdXREVDNmOW9WRUdYay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzkvMmIzOGIzLTEyZjEtNDI0Mi1hZGFlLWI3ZDFjYWM1MWUwYy8x
L0tYZjZBX1dEU1kzQ002c3BucG5IZ3VZNFpZRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkv
MmIzOGIzLTEyZjEtNDI0Mi1hZGFlLWI3ZDFjYWM1MWUwYy8xL1RKRVRKT2hwdkV5
bDdJdXREVDNmOW9WRUdYay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAh
BggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoCBoCRMA0GCSqGSIb3DQEBCwUA
A4IBAQCqs1o+Mfv1bxWVn6slAe1PfKeH4zTzstZERKIiOPquTX5bQN8ffJBazTdL
atMZMGZQXd4R5rN6QavDUd1w4SawHCRgRU2ZKxd/NpvI9J/s190psZAKEMbsGSft
9yovCcwWluiCOJbklgwohCYfF6izveOUfZNdPw8/3k00AsV5Utout1hkUC+N7I1o
OrYc/L1bKKLfIqiCyKZa+DaBXfHxP3c6Wj7LP/Jfrcj3YAOsOFzZ0uMV4N4KMKVS
JDFzVw9o0GZykcvtB7KPM2b3H3MDCKgz5pBesE5D7dLUWSkHTKSAKvPhbNmVeU9y
m0d3pyQgm0PYrFliDGvPIO/08AC1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:44 2024 by rpki-client on console-fra.rpki-client.org