Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zfpJSK25-XC7HqKOtk0B3NjNMjU.roa
File:                     zfpJSK25-XC7HqKOtk0B3NjNMjU.roa (raw, json)
Hash identifier:          PMkMUZKFPwrM06vc8kj4m60PGSW6VQKc/bIJ0QSWvRg=
Subject key identifier:   CD:FA:49:48:AD:B9:F9:70:BB:1E:A2:8E:B6:4D:01:DC:D8:CD:32:35
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       10FCEC55
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zfpJSK25-XC7HqKOtk0B3NjNMjU.roa
Signing time:             Sat 01 Jan 2022 09:06:02 +0000
ROA not before:           Sat 01 Jan 2022 09:06:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213383
IP address blocks:        2a0e:b107:800::/44 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 285011029 (0x10fcec55)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  1 09:06:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cdfa4948adb9f970bb1ea28eb64d01dcd8cd3235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e1:27:a8:c8:8a:38:ce:78:dc:ea:97:ca:25:
                    be:2d:d9:ef:dc:24:4b:6d:11:3b:60:3b:c8:c1:7d:
                    b3:c2:5d:0a:5d:86:b9:05:b2:00:13:16:a4:c5:8c:
                    77:28:09:fd:a3:13:e3:64:18:9e:54:10:ee:fb:e1:
                    af:8a:39:8a:61:d1:9f:56:b8:f7:d3:61:f1:02:77:
                    12:89:56:0b:f2:f7:59:2e:88:18:c3:3e:2c:bd:c1:
                    b1:88:6e:a0:12:21:dd:d8:c1:f5:42:41:ba:73:ad:
                    59:f7:6c:71:d3:90:57:da:20:27:1a:6e:db:af:32:
                    da:2a:30:85:1c:cc:95:b3:54:d7:6c:99:67:dd:c4:
                    a9:86:ee:8a:91:5d:8b:45:6b:d2:2c:e2:1f:dd:fd:
                    ab:9f:de:de:fd:a7:99:f4:8e:69:be:c2:db:ff:55:
                    8b:4f:ab:23:40:06:25:30:b1:13:07:6b:5f:3d:08:
                    b9:20:ba:80:06:85:a3:36:fe:06:56:89:aa:54:f5:
                    c5:c1:d9:44:23:6c:44:b8:7f:77:d0:06:0c:83:c8:
                    5c:2c:06:d8:79:15:80:57:3a:51:82:6e:57:0b:f9:
                    62:4b:3a:76:bf:91:01:cd:30:f9:9d:d6:9b:ca:a1:
                    8a:06:4e:3a:0b:ab:03:a8:f5:23:b9:ca:14:1e:56:
                    52:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FA:49:48:AD:B9:F9:70:BB:1E:A2:8E:B6:4D:01:DC:D8:CD:32:35
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zfpJSK25-XC7HqKOtk0B3NjNMjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:800::/44

    Signature Algorithm: sha256WithRSAEncryption
         28:23:3e:3a:3f:ff:27:7b:df:54:41:05:94:11:59:f7:e5:59:
         2b:9b:79:1f:57:b6:5d:e3:8d:ce:cd:cf:4c:02:d2:90:1d:96:
         f2:7f:73:b4:eb:25:ee:3e:55:b7:12:90:61:f6:04:6b:62:28:
         f9:66:4c:ab:47:af:a2:61:45:4c:33:7c:f3:4c:36:ff:9b:01:
         b2:5c:ff:9e:37:62:b4:6d:bc:93:c8:77:38:ff:7d:3b:f0:ce:
         28:4d:17:98:aa:74:14:e4:83:af:2a:3e:24:2a:09:bd:4e:bb:
         f1:a2:d4:f2:24:01:52:89:d2:5a:a7:ca:41:b4:84:73:6a:19:
         ee:e7:42:c5:93:32:2d:83:a9:ca:d9:a4:a7:c2:85:ab:cd:11:
         dd:56:1a:71:dc:a9:d3:57:9d:52:56:40:76:68:3b:33:8d:98:
         02:8d:b0:89:35:c4:10:62:b5:98:1a:ae:1c:19:01:52:ed:14:
         ca:94:82:db:5f:4f:72:21:53:67:71:7c:95:25:24:cf:0e:bd:
         d6:95:18:ff:d2:bd:5e:ea:77:82:e2:09:05:78:a9:91:aa:ed:
         15:03:76:66:4f:a6:bf:d7:00:9f:ce:74:86:f4:6a:70:e1:67:
         27:d7:08:85:47:a5:8e:2d:63:0b:e3:a7:74:5a:09:81:c8:eb:
         9d:3c:1c:60
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEEPzsVTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDEw
MTA5MDYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2RmYTQ5NDhhZGI5
Zjk3MGJiMWVhMjhlYjY0ZDAxZGNkOGNkMzIzNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALjhJ6jIijjOeNzql8olvi3Z79wkS20RO2A7yMF9s8JdCl2G
uQWyABMWpMWMdygJ/aMT42QYnlQQ7vvhr4o5imHRn1a499Nh8QJ3EolWC/L3WS6I
GMM+LL3BsYhuoBIh3djB9UJBunOtWfdscdOQV9ogJxpu268y2iowhRzMlbNU12yZ
Z93EqYbuipFdi0Vr0iziH939q5/e3v2nmfSOab7C2/9Vi0+rI0AGJTCxEwdrXz0I
uSC6gAaFozb+BlaJqlT1xcHZRCNsRLh/d9AGDIPIXCwG2HkVgFc6UYJuVwv5Yks6
dr+RAc0w+Z3Wm8qhigZOOgurA6j1I7nKFB5WUmUCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBTN+klIrbn5cLseoo62TQHc2M0yNTAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L3pmcEpTSzI1LVhDN0hxS090azBCM05qTk1qVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOsQcIADANBgkqhkiG9w0BAQsF
AAOCAQEAKCM+Oj//J3vfVEEFlBFZ9+VZK5t5H1e2XeONzs3PTALSkB2W8n9ztOsl
7j5VtxKQYfYEa2Io+WZMq0evomFFTDN880w2/5sBslz/njditG28k8h3OP99O/DO
KE0XmKp0FOSDryo+JCoJvU678aLU8iQBUonSWqfKQbSEc2oZ7udCxZMyLYOpytmk
p8KFq80R3VYacdyp01edUlZAdmg7M42YAo2wiTXEEGK1mBquHBkBUu0UypSC219P
ciFTZ3F8lSUkzw691pUY/9K9Xup3guIJBXipkartFQN2Zk+mv9cAn850hvRqcOFn
J9cIhUelji1jC+OndFoJgcjrnTwcYA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:41 2024 by rpki-client on console-fra.rpki-client.org