Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/5b0494-5ad6-4ea4-95fa-a83d9d920d31/1/9kwx8r22awocbnWV15tS_EKwkh4.roa
File:                     9kwx8r22awocbnWV15tS_EKwkh4.roa (raw, json)
Hash identifier:          tXBYmD3AruNQnHnj0MbjmFe3nbwnfGlY6chyWd2Q6bY=
Subject key identifier:   F6:4C:31:F2:BD:B6:6B:0A:1C:6E:75:95:D7:9B:52:FC:42:B0:92:1E
Certificate issuer:       /CN=9a4fa9a60a5a24ffe614b6dfb58813d925a3b318
Certificate serial:       01843CC8B94388BC9E4018A230142374740D
Authority key identifier: 9A:4F:A9:A6:0A:5A:24:FF:E6:14:B6:DF:B5:88:13:D9:25:A3:B3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mk-ppgpaJP_mFLbftYgT2SWjsxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/5b0494-5ad6-4ea4-95fa-a83d9d920d31/1/9kwx8r22awocbnWV15tS_EKwkh4.roa
Signing time:             Thu 03 Nov 2022 09:18:18 +0000
ROA not before:           Thu 03 Nov 2022 09:18:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56515
IP address blocks:        2a04:2b40::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:3c:c8:b9:43:88:bc:9e:40:18:a2:30:14:23:74:74:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a4fa9a60a5a24ffe614b6dfb58813d925a3b318
        Validity
            Not Before: Nov  3 09:18:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f64c31f2bdb66b0a1c6e7595d79b52fc42b0921e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:63:37:c4:ae:7c:c8:13:58:83:11:de:ac:1c:
                    a1:27:4e:a8:2d:6d:89:6c:7b:e8:60:14:ce:97:a6:
                    d2:54:b0:c7:80:8c:1d:ba:ea:3f:28:8b:4c:67:6b:
                    b1:06:8e:4a:63:8f:69:3f:06:9b:37:b3:96:33:bd:
                    31:07:f3:f0:52:0c:15:69:d3:79:83:3f:c8:ae:03:
                    a9:4a:ad:a4:bb:89:8d:4f:27:c9:48:71:69:9a:3b:
                    c4:bd:36:10:a0:4e:14:b3:de:3f:07:c1:65:93:b9:
                    f2:f0:4c:b2:a4:24:e8:cb:66:41:b5:b6:53:2b:b3:
                    1c:a0:d5:f2:93:34:ea:e2:d7:6f:e5:d7:e9:20:4d:
                    b6:51:77:f5:d5:72:25:85:ad:b9:03:be:5e:aa:ff:
                    ce:e3:d4:97:c1:ca:b1:8a:94:c7:07:52:95:6d:f5:
                    fc:40:9c:95:3c:24:10:b7:fd:12:b2:65:8e:ce:69:
                    1b:87:21:9e:8e:15:47:44:01:9a:01:3a:50:23:ed:
                    f9:9f:56:a0:cb:82:76:e2:4b:0b:61:d1:0d:35:41:
                    2a:7a:17:04:0d:38:6b:78:8d:5a:09:1e:17:a9:3c:
                    a7:40:9c:96:fa:bb:fa:29:8d:e7:34:37:23:ef:de:
                    54:45:34:bf:61:35:b3:7b:7c:af:76:c4:5f:03:6a:
                    ab:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:4C:31:F2:BD:B6:6B:0A:1C:6E:75:95:D7:9B:52:FC:42:B0:92:1E
            X509v3 Authority Key Identifier:
                keyid:9A:4F:A9:A6:0A:5A:24:FF:E6:14:B6:DF:B5:88:13:D9:25:A3:B3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mk-ppgpaJP_mFLbftYgT2SWjsxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5b0494-5ad6-4ea4-95fa-a83d9d920d31/1/9kwx8r22awocbnWV15tS_EKwkh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5b0494-5ad6-4ea4-95fa-a83d9d920d31/1/mk-ppgpaJP_mFLbftYgT2SWjsxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:55:e5:db:60:88:fa:13:e3:b9:fa:7d:61:18:29:e9:77:9e:
         6a:3b:b3:bb:4d:ea:2f:3d:15:00:90:eb:36:3e:eb:37:6a:dd:
         a5:8e:ef:c9:68:be:1f:db:b6:50:48:7c:96:28:46:df:ae:ad:
         fe:90:02:57:8f:57:23:ed:f1:48:85:29:00:fe:04:fe:80:39:
         53:38:1b:16:55:f1:3b:10:0d:67:25:d7:65:f9:cd:04:fb:92:
         5f:bf:23:0e:79:85:2f:dc:5b:76:34:85:13:3e:b0:e9:e1:32:
         61:11:85:1e:fc:15:89:50:4e:b6:b3:25:a3:f2:22:38:7f:8e:
         bc:58:9c:59:4f:52:8a:a6:7b:af:85:4b:c0:b7:b2:07:11:56:
         25:36:17:0a:60:93:29:be:59:1c:f1:90:c2:98:bc:0c:2d:53:
         e9:37:76:44:ea:53:5a:c2:97:8f:a4:2e:0d:f5:d0:90:f1:35:
         e2:80:ec:3c:e2:24:8b:77:e4:88:52:77:08:9c:50:0c:86:84:
         ff:3d:bb:1b:69:f3:99:56:1a:a2:a5:2b:71:25:e2:9a:49:0c:
         b5:22:86:70:4b:e9:f1:5f:de:2d:a4:a7:c8:8f:6c:20:3d:65:
         cd:51:24:b6:b8:03:e3:e6:7c:14:11:26:a8:49:6d:95:38:10:
         35:19:25:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYQ8yLlDiLyeQBiiMBQjdHQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNGZhOWE2MGE1YTI0ZmZlNjE0YjZkZmI1ODgxM2Q5MjVh
M2IzMTgwHhcNMjIxMTAzMDkxODE4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjRjMzFmMmJkYjY2YjBhMWM2ZTc1OTVkNzliNTJmYzQyYjA5MjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGM3xK58yBNYgxHerByhJ06oLW2J
bHvoYBTOl6bSVLDHgIwduuo/KItMZ2uxBo5KY49pPwabN7OWM70xB/PwUgwVadN5
gz/IrgOpSq2ku4mNTyfJSHFpmjvEvTYQoE4Us94/B8Flk7ny8EyypCToy2ZBtbZT
K7McoNXykzTq4tdv5dfpIE22UXf11XIlha25A75eqv/O49SXwcqxipTHB1KVbfX8
QJyVPCQQt/0SsmWOzmkbhyGejhVHRAGaATpQI+35n1agy4J24ksLYdENNUEqehcE
DThreI1aCR4XqTynQJyW+rv6KY3nNDcj795URTS/YTWze3yvdsRfA2qrVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPZMMfK9tmsKHG51ldebUvxCsJIeMB8GA1UdIwQY
MBaAFJpPqaYKWiT/5hS237WIE9klo7MYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWstcHBncGFKUF9tRkxiZnRZZ1QyU1dqc3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC81YjA0OTQtNWFkNi00ZWE0LTk1ZmEt
YTgzZDlkOTIwZDMxLzEvOWt3eDhyMjJhd29jYm5XVjE1dFNfRUt3a2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC81YjA0OTQtNWFkNi00ZWE0LTk1ZmEtYTgzZDlkOTIwZDMx
LzEvbWstcHBncGFKUF9tRkxiZnRZZ1QyU1dqc3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgQrQDAN
BgkqhkiG9w0BAQsFAAOCAQEAo1Xl22CI+hPjufp9YRgp6Xeeajuzu03qLz0VAJDr
Nj7rN2rdpY7vyWi+H9u2UEh8lihG366t/pACV49XI+3xSIUpAP4E/oA5UzgbFlXx
OxANZyXXZfnNBPuSX78jDnmFL9xbdjSFEz6w6eEyYRGFHvwViVBOtrMlo/IiOH+O
vFicWU9SiqZ7r4VLwLeyBxFWJTYXCmCTKb5ZHPGQwpi8DC1T6Td2ROpTWsKXj6Qu
DfXQkPE14oDsPOIki3fkiFJ3CJxQDIaE/z27G2nzmVYaoqUrcSXimkkMtSKGcEvp
8V/eLaSnyI9sID1lzVEktrgD4+Z8FBEmqEltlTgQNRklGg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:54 2024 by rpki-client on console-fra.rpki-client.org