Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/0KB398hgVeP_dfjdmY54B16AQWs.roa
File:                     0KB398hgVeP_dfjdmY54B16AQWs.roa (raw, json)
Hash identifier:          rF1XoLFWwwZQm+BtMDy94nopjG9a0S3Hpe9w79XhM9w=
Subject key identifier:   D0:A0:77:F7:C8:60:55:E3:FF:75:F8:DD:99:8E:78:07:5E:80:41:6B
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       015A0889
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/0KB398hgVeP_dfjdmY54B16AQWs.roa
Signing time:             Tue 15 Feb 2022 06:41:31 +0000
ROA not before:           Tue 15 Feb 2022 06:41:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212238
IP address blocks:        2a0a:eb00::/29 maxlen: 29
                          2a07:4a80::/29 maxlen: 29
                          2a11:3bc0::/29 maxlen: 29
                          2a0f:c840::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22677641 (0x15a0889)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Feb 15 06:41:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d0a077f7c86055e3ff75f8dd998e78075e80416b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1e:29:fe:fd:64:d2:ed:29:68:3f:a0:8a:b3:
                    30:fd:d1:31:0c:bc:e9:8d:8a:3e:4a:80:c7:10:52:
                    58:e6:1c:d8:4a:a5:21:e5:2b:92:ff:15:4b:75:48:
                    f9:2f:b0:6e:ba:ec:47:57:29:61:f6:e7:db:6e:06:
                    ac:4b:ba:97:a5:ff:3e:92:cc:fd:1a:af:b8:30:a5:
                    55:3a:c8:21:a8:88:26:9d:96:ff:bc:3f:a3:c2:c8:
                    f0:28:73:0f:8d:0e:6f:ec:17:7f:4e:94:d5:04:5b:
                    12:c2:41:8a:d1:5e:c6:63:91:97:0d:8c:b1:09:c0:
                    2c:39:d3:4c:33:e3:1b:36:3c:f8:bd:d7:a6:aa:4b:
                    6f:1f:4a:08:8a:56:cd:7f:71:07:44:c4:49:1f:c2:
                    67:55:6b:e1:89:e1:1b:55:c6:0b:d6:24:cc:32:3a:
                    c6:69:6b:82:b1:dd:c9:49:0f:e5:f1:10:e2:fe:79:
                    2e:68:12:ed:4f:b8:8a:1b:0b:11:b7:78:0e:52:cd:
                    ee:bd:4a:c2:cb:35:0c:ae:09:05:11:5c:ee:84:1c:
                    c8:8e:8f:5c:5f:f1:b6:48:88:95:79:a4:07:39:70:
                    2f:d8:7f:d1:af:0e:79:ee:cb:00:c8:6d:40:08:5c:
                    9f:2a:2d:eb:93:01:25:a1:6c:51:ef:01:db:3a:4c:
                    0b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A0:77:F7:C8:60:55:E3:FF:75:F8:DD:99:8E:78:07:5E:80:41:6B
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/0KB398hgVeP_dfjdmY54B16AQWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4a80::/29
                  2a0a:eb00::/29
                  2a0f:c840::/29
                  2a11:3bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:27:49:56:fc:e1:48:c0:cb:98:97:ff:d9:e9:da:b6:07:05:
         86:72:7e:13:26:3a:f8:49:83:d5:15:88:b3:24:83:53:74:11:
         cd:0d:16:38:50:33:88:15:85:11:5b:a8:e6:53:76:72:b0:ad:
         b6:1e:45:dd:85:aa:ba:10:35:c5:77:ac:5e:91:0f:fa:77:c6:
         30:6b:f1:d7:28:44:e4:2f:3c:38:8a:e5:ac:b1:7f:85:ab:93:
         01:77:c8:9f:51:1d:94:10:9a:fa:79:98:4f:bf:4b:e7:25:ee:
         f3:77:c9:eb:d9:64:f1:2d:e6:d5:6d:5e:ab:86:84:d9:43:69:
         5f:7d:07:82:8a:1c:be:66:91:6d:d7:6d:8a:bf:3d:d8:d1:52:
         fa:04:cf:6e:72:37:86:08:32:a2:7f:63:96:6c:ec:0a:44:b9:
         10:6a:a0:74:91:bc:7d:a3:51:03:02:f1:e4:a3:c9:93:b6:e7:
         d4:c2:a4:d9:18:f7:78:ba:6a:10:bb:34:2a:5e:07:3a:fe:a7:
         b6:f8:75:39:55:25:8a:fb:e0:a2:a8:35:4a:35:bf:00:e3:09:
         66:32:73:0d:4f:ec:65:d6:8d:37:f0:67:88:ca:af:b8:4a:3c:
         05:06:11:4b:1d:6d:7a:d8:2c:55:31:32:dc:e7:b1:01:0b:75:
         11:0e:2e:99
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIEAVoIiTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
NWZiMzJkMjI2NmIxZjliY2U1N2NhYzk4YmMwMjQ3ZjJjOTE5N2YyMB4XDTIyMDIx
NTA2NDEzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDBhMDc3ZjdjODYw
NTVlM2ZmNzVmOGRkOTk4ZTc4MDc1ZTgwNDE2YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALMeKf79ZNLtKWg/oIqzMP3RMQy86Y2KPkqAxxBSWOYc2Eql
IeUrkv8VS3VI+S+wbrrsR1cpYfbn224GrEu6l6X/PpLM/RqvuDClVTrIIaiIJp2W
/7w/o8LI8ChzD40Ob+wXf06U1QRbEsJBitFexmORlw2MsQnALDnTTDPjGzY8+L3X
pqpLbx9KCIpWzX9xB0TESR/CZ1Vr4YnhG1XGC9YkzDI6xmlrgrHdyUkP5fEQ4v55
LmgS7U+4ihsLEbd4DlLN7r1Kwss1DK4JBRFc7oQcyI6PXF/xtkiIlXmkBzlwL9h/
0a8Oee7LAMhtQAhcnyot65MBJaFsUe8B2zpMC5ECAwEAAaOCAh8wggIbMB0GA1Ud
DgQWBBTQoHf3yGBV4/91+N2ZjngHXoBBazAfBgNVHSMEGDAWgBT1+zLSJmsfm85X
ysmLwCR/LJGX8jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
Lzlmc3kwaVpySDV2T1Y4ckppOEFrZnl5UmxfSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvZmI0MmVjLTEwYjQtNGRjZi1iZWYwLTJkMTQzZDdiODUzYy8x
LzBLQjM5OGhnVmVQX2RmamRtWTU0QjE2QVFXcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
ZmI0MmVjLTEwYjQtNGRjZi1iZWYwLTJkMTQzZDdiODUzYy8xLzlmc3kwaVpySDV2
T1Y4ckppOEFrZnl5UmxfSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1
BggrBgEFBQcBBwEB/wQmMCQwIgQCAAIwHAMFAyoHSoADBQMqCusAAwUDKg/IQAMF
AyoRO8AwDQYJKoZIhvcNAQELBQADggEBAEMnSVb84UjAy5iX/9np2rYHBYZyfhMm
OvhJg9UViLMkg1N0Ec0NFjhQM4gVhRFbqOZTdnKwrbYeRd2FqroQNcV3rF6RD/p3
xjBr8dcoROQvPDiK5ayxf4WrkwF3yJ9RHZQQmvp5mE+/S+cl7vN3yevZZPEt5tVt
XquGhNlDaV99B4KKHL5mkW3XbYq/PdjRUvoEz25yN4YIMqJ/Y5Zs7ApEuRBqoHSR
vH2jUQMC8eSjyZO259TCpNkY93i6ahC7NCpeBzr+p7b4dTlVJYr74KKoNUo1vwDj
CWYycw1P7GXWjTfwZ4jKr7hKPAUGEUsdbXrYLFUxMtznsQELdREOLpk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:57 2024 by rpki-client on console-fra.rpki-client.org