Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/xq91huQszjNQaPJVjF14Bwf6vDY.roa
File:                     xq91huQszjNQaPJVjF14Bwf6vDY.roa (raw, json)
Hash identifier:          kwwqHeO693xcQ2RFOZgM+sCgYTKtg5De4tgDnDWHn7s=
Subject key identifier:   C6:AF:75:86:E4:2C:CE:33:50:68:F2:55:8C:5D:78:07:07:FA:BC:36
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0184BFBDD987539B6DD4B4182A0CA3065D4F
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/xq91huQszjNQaPJVjF14Bwf6vDY.roa
Signing time:             Mon 28 Nov 2022 19:36:40 +0000
ROA not before:           Mon 28 Nov 2022 19:36:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62240
IP address blocks:        2a09:9447::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:bf:bd:d9:87:53:9b:6d:d4:b4:18:2a:0c:a3:06:5d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Nov 28 19:36:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6af7586e42cce335068f2558c5d780707fabc36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:cc:47:13:17:d3:95:75:51:15:39:a9:86:49:
                    0d:15:9d:d3:d3:ed:29:da:f2:66:6f:ec:5f:98:04:
                    58:ab:33:03:4f:4c:ab:52:c3:be:13:79:77:e1:77:
                    b4:2e:42:77:0c:8b:12:d2:8b:8d:6c:ce:8c:f5:45:
                    73:e4:6c:13:f0:8d:7d:8b:67:55:84:04:3e:0f:af:
                    24:1a:5c:80:e5:de:2f:89:bf:4e:63:2a:bc:e6:ba:
                    4c:9e:25:5f:e3:37:58:48:f9:2e:8b:32:b1:d6:e5:
                    7a:47:8f:a9:16:5e:53:ad:7e:d6:a8:4a:b9:99:5a:
                    66:55:3d:81:3c:e0:cb:bf:eb:08:9f:80:b5:0f:ca:
                    d3:8b:0e:b3:b9:e9:35:5a:cf:86:90:67:ec:ee:c9:
                    f3:54:4d:3f:a2:1a:03:02:4f:c0:1b:ce:89:39:6d:
                    54:2e:01:4f:a4:f1:55:26:52:68:13:ba:91:ff:13:
                    7a:1e:5a:ac:2f:b1:37:ed:7e:f3:da:2e:8c:e9:f2:
                    7f:aa:50:a7:a5:2e:f2:73:6b:24:c0:5b:5b:65:d8:
                    c7:6a:6d:27:91:72:be:24:c1:f1:54:ff:e3:b1:cd:
                    bb:02:10:8b:f5:6b:1d:89:23:18:55:59:19:bf:43:
                    ca:b3:50:0a:59:b3:04:f5:d5:6c:de:6b:61:03:6a:
                    1a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:AF:75:86:E4:2C:CE:33:50:68:F2:55:8C:5D:78:07:07:FA:BC:36
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/xq91huQszjNQaPJVjF14Bwf6vDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:9447::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:ec:fd:bb:c0:43:2a:11:cb:e0:03:d2:37:0f:de:e9:44:c5:
         d8:3a:b9:e1:e4:9d:84:93:6d:f1:6e:db:86:54:e3:43:f1:13:
         5c:22:91:1b:f1:a9:6a:6d:7f:08:03:4e:b3:42:0e:ed:de:2c:
         3d:59:36:84:4e:de:3a:2c:b2:67:6d:d9:6a:6d:1e:a3:53:19:
         00:67:5a:5e:24:3c:a0:aa:1f:5d:c5:5f:44:d7:30:9d:66:ec:
         0b:3a:e9:05:d3:f2:fc:d3:f0:1b:74:cf:63:58:ae:12:fa:44:
         86:7a:38:5d:a0:70:92:1e:86:54:30:7f:55:59:64:ab:c5:18:
         b9:45:52:12:64:10:1a:4a:31:96:10:a6:3c:e0:80:d0:08:d1:
         46:53:dd:4f:33:b5:91:73:57:aa:98:54:0f:28:66:7c:32:1a:
         7b:e3:18:c3:4f:01:72:6d:21:73:ef:41:71:9a:e4:1f:1f:58:
         bf:76:25:1b:6a:2f:36:55:61:e3:d8:a1:75:d2:52:30:ce:3a:
         42:87:87:b1:16:51:57:e8:a1:eb:45:23:5f:07:df:b4:0e:8f:
         a0:d3:9f:78:29:5e:22:4a:03:58:49:7a:18:b5:8d:11:10:01:
         27:d2:4e:5d:ab:72:d1:b3:96:b2:56:7f:fa:eb:af:ef:ee:14:
         fa:8d:4b:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYS/vdmHU5tt1LQYKgyjBl1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjIxMTI4MTkzNjQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmFmNzU4NmU0MmNjZTMzNTA2OGYyNTU4YzVkNzgwNzA3ZmFiYzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcxHExfTlXVRFTmphkkNFZ3T0+0p
2vJmb+xfmARYqzMDT0yrUsO+E3l34Xe0LkJ3DIsS0ouNbM6M9UVz5GwT8I19i2dV
hAQ+D68kGlyA5d4vib9OYyq85rpMniVf4zdYSPkuizKx1uV6R4+pFl5TrX7WqEq5
mVpmVT2BPODLv+sIn4C1D8rTiw6zuek1Ws+GkGfs7snzVE0/ohoDAk/AG86JOW1U
LgFPpPFVJlJoE7qR/xN6HlqsL7E37X7z2i6M6fJ/qlCnpS7yc2skwFtbZdjHam0n
kXK+JMHxVP/jsc27AhCL9WsdiSMYVVkZv0PKs1AKWbME9dVs3mthA2oaFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMavdYbkLM4zUGjyVYxdeAcH+rw2MB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEveHE5MWh1UXN6ak5RYVBKVmpGMTRCd2Y2dkRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgmURzAN
BgkqhkiG9w0BAQsFAAOCAQEAuez9u8BDKhHL4APSNw/e6UTF2Dq54eSdhJNt8W7b
hlTjQ/ETXCKRG/Gpam1/CANOs0IO7d4sPVk2hE7eOiyyZ23Zam0eo1MZAGdaXiQ8
oKofXcVfRNcwnWbsCzrpBdPy/NPwG3TPY1iuEvpEhno4XaBwkh6GVDB/VVlkq8UY
uUVSEmQQGkoxlhCmPOCA0AjRRlPdTzO1kXNXqphUDyhmfDIae+MYw08Bcm0hc+9B
cZrkHx9Yv3YlG2ovNlVh49ihddJSMM46QoeHsRZRV+ih60UjXwfftA6PoNOfeCle
IkoDWEl6GLWNERABJ9JOXaty0bOWslZ/+uuv7+4U+o1Lyg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org