Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/Ltq3qy4D3GHv6SPZsgmtis8gDNs.roa
File:                     Ltq3qy4D3GHv6SPZsgmtis8gDNs.roa (raw, json)
Hash identifier:          JIVwxXKC8K81X7v6ZFdvf/C+elXShRPEKsIgcTQzN7k=
Subject key identifier:   2E:DA:B7:AB:2E:03:DC:61:EF:E9:23:D9:B2:09:AD:8A:CF:20:0C:DB
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       094A3B9B
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/Ltq3qy4D3GHv6SPZsgmtis8gDNs.roa
Signing time:             Tue 21 Jun 2022 17:54:47 +0000
ROA not before:           Tue 21 Jun 2022 17:54:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     949
IP address blocks:        2a09:6::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 155859867 (0x94a3b9b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jun 21 17:54:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2edab7ab2e03dc61efe923d9b209ad8acf200cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:43:29:02:9c:92:8b:a8:25:7c:d7:1d:34:
                    21:c9:ed:26:6b:e4:79:bd:c9:f1:b2:2f:30:83:7a:
                    5f:89:9e:af:e7:ba:08:fa:ae:a8:3e:d6:7b:93:ab:
                    88:91:51:ac:ad:28:3f:ad:f9:cb:80:1b:c7:80:5d:
                    8a:3d:1d:67:ca:1a:d3:d7:15:c5:2d:5b:27:7f:dd:
                    fb:b6:49:08:8a:59:e6:1b:5e:2b:bc:15:b3:9f:f0:
                    95:05:35:14:3c:d7:51:37:38:e9:5b:0f:ba:7e:46:
                    39:18:b9:ea:02:c9:26:db:42:27:55:21:6a:20:e0:
                    83:7b:73:b9:e5:c5:33:74:7e:15:23:30:b3:fc:78:
                    eb:93:cc:c0:a2:16:81:21:89:0f:82:bb:73:e3:9b:
                    86:a8:b1:80:26:0e:91:66:f3:2c:44:78:fd:1e:f1:
                    0e:10:14:74:98:77:6c:74:7d:da:56:b2:87:24:a9:
                    d3:9d:2c:87:d8:ef:1b:82:d1:36:ea:62:f1:59:1a:
                    99:36:e1:65:7c:62:b1:b4:07:be:25:38:67:96:fa:
                    ee:8c:25:cb:c0:fa:e5:84:80:a2:49:2a:85:6c:81:
                    7c:c1:72:84:93:3d:f3:ab:32:e9:a2:34:b1:cf:b6:
                    73:dc:db:3f:a4:61:3e:dc:e7:61:09:ef:2a:8f:b4:
                    9d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DA:B7:AB:2E:03:DC:61:EF:E9:23:D9:B2:09:AD:8A:CF:20:0C:DB
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/Ltq3qy4D3GHv6SPZsgmtis8gDNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:fe:cc:65:9e:c1:38:4a:51:3e:5f:25:89:e9:ba:af:41:d1:
         dd:39:02:ea:b8:33:db:76:c2:f2:69:f0:c0:3f:00:f4:c2:7d:
         54:99:78:6f:cf:4e:ed:fb:56:ee:96:ab:4a:56:68:f3:00:25:
         20:58:f7:8d:97:32:e9:40:ef:eb:17:85:ec:11:de:20:31:fd:
         9b:80:c0:a6:f0:51:26:cf:f9:1f:63:e0:d1:77:4d:ae:50:b7:
         7c:2e:a6:eb:80:24:84:5d:80:2c:64:58:27:9a:58:4b:25:81:
         eb:9f:27:70:5b:8e:1a:5d:3d:ad:75:96:b1:4a:83:1c:1a:d9:
         0a:00:fc:ea:56:6c:8c:bf:c5:10:1e:e0:96:2d:f9:5a:3d:72:
         67:c7:3e:15:c4:92:06:e1:61:cf:1c:4f:59:4e:9e:2c:1c:b2:
         fd:41:6a:05:91:dd:b7:73:56:12:9e:42:ad:4c:09:07:40:44:
         73:41:67:5e:5c:3c:cd:b5:ff:ca:53:09:cf:37:b6:98:21:d9:
         d3:1a:ad:05:79:32:fc:18:b6:25:6e:6b:d4:4d:61:e1:3d:c2:
         81:63:e0:8a:79:8b:94:48:4a:b1:74:c3:90:ea:fb:f7:d5:ee:
         ff:68:c4:fc:31:42:1d:f8:48:b5:b3:0c:08:a6:ed:d7:4b:31:
         fb:31:63:ff
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIECUo7mzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NTc2ZWIyY2M0NjJlNmU0YmYwZGU2OWI5ZjYzNDg3NWRlYmJhYWUyMB4XDTIyMDYy
MTE3NTQ0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmVkYWI3YWIyZTAz
ZGM2MWVmZTkyM2Q5YjIwOWFkOGFjZjIwMGNkYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL1tQykCnJKLqCV81x00IcntJmvkeb3J8bIvMIN6X4mer+e6
CPquqD7We5OriJFRrK0oP635y4Abx4Bdij0dZ8oa09cVxS1bJ3/d+7ZJCIpZ5hte
K7wVs5/wlQU1FDzXUTc46VsPun5GORi56gLJJttCJ1UhaiDgg3tzueXFM3R+FSMw
s/x465PMwKIWgSGJD4K7c+ObhqixgCYOkWbzLER4/R7xDhAUdJh3bHR92layhySp
050sh9jvG4LRNupi8VkamTbhZXxisbQHviU4Z5b67owly8D65YSAokkqhWyBfMFy
hJM986sy6aI0sc+2c9zbP6RhPtznYQnvKo+0nZMCAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBQu2rerLgPcYe/pI9myCa2KzyAM2zAfBgNVHSMEGDAWgBSldussxGLm5L8N
5pufY0h13ruq4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BYYnJMTVJpNXVTX0RlYWJuMk5JZGQ2N3F1SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODcvOTMxOTI3LTlmMzgtNDFiNi04N2ZhLTI1NGFjZDkyYjRlMS8x
L0x0cTNxeTREM0dIdjZTUFpzZ210aXM4Z0ROcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcv
OTMxOTI3LTlmMzgtNDFiNi04N2ZhLTI1NGFjZDkyYjRlMS8xL3BYYnJMTVJpNXVT
X0RlYWJuMk5JZGQ2N3F1SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoJAAYwDQYJKoZIhvcNAQELBQAD
ggEBAGz+zGWewThKUT5fJYnpuq9B0d05Auq4M9t2wvJp8MA/APTCfVSZeG/PTu37
Vu6Wq0pWaPMAJSBY942XMulA7+sXhewR3iAx/ZuAwKbwUSbP+R9j4NF3Ta5Qt3wu
puuAJIRdgCxkWCeaWEslgeufJ3BbjhpdPa11lrFKgxwa2QoA/OpWbIy/xRAe4JYt
+Vo9cmfHPhXEkgbhYc8cT1lOniwcsv1BagWR3bdzVhKeQq1MCQdARHNBZ15cPM21
/8pTCc83tpgh2dMarQV5MvwYtiVua9RNYeE9woFj4Ip5i5RISrF0w5Dq+/fV7v9o
xPwxQh34SLWzDAim7ddLMfsxY/8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:47 2024 by rpki-client on console-fra.rpki-client.org