Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/3626dc-221f-4b9a-bb68-3e3812ffa147/1/thPV6HZtYnrBVGfO7mR5mxVUlpQ.roa
File:                     thPV6HZtYnrBVGfO7mR5mxVUlpQ.roa (raw, json)
Hash identifier:          uNNILXOSzbWxSzIVvbOXwdMbjOS8XIYJQwAPl1JPW1A=
Subject key identifier:   B6:13:D5:E8:76:6D:62:7A:C1:54:67:CE:EE:64:79:9B:15:54:96:94
Certificate issuer:       /CN=3d92bc045ab9cc9f017e8bf7ffe423da804a614f
Certificate serial:       0298C998
Authority key identifier: 3D:92:BC:04:5A:B9:CC:9F:01:7E:8B:F7:FF:E4:23:DA:80:4A:61:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PZK8BFq5zJ8Bfov3_-Qj2oBKYU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/3626dc-221f-4b9a-bb68-3e3812ffa147/1/thPV6HZtYnrBVGfO7mR5mxVUlpQ.roa
Signing time:             Sun 12 Jun 2022 11:02:09 +0000
ROA not before:           Sun 12 Jun 2022 11:02:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42831
IP address blocks:        2a11:1680:6::/48 maxlen: 48
                          2a11:1680:1e::/48 maxlen: 48
                          2a11:1680:9::/48 maxlen: 48
                          2a11:1680:7::/48 maxlen: 48
                          2a11:1680:10::/48 maxlen: 48
                          2a11:1680:8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 43567512 (0x298c998)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d92bc045ab9cc9f017e8bf7ffe423da804a614f
        Validity
            Not Before: Jun 12 11:02:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b613d5e8766d627ac15467ceee64799b15549694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d8:43:89:6b:eb:36:7b:a9:48:7f:93:e0:48:
                    b8:02:34:17:ba:f0:e2:9f:f5:99:c4:92:be:47:c7:
                    84:8f:fc:d2:49:f0:8c:32:c6:36:a8:a5:7e:36:31:
                    5d:cc:f0:a0:24:d9:d0:9d:2a:c5:0f:10:9e:b1:03:
                    ac:6f:78:ad:d3:2d:da:38:ff:d7:c5:42:20:1a:24:
                    70:da:1c:12:6f:5e:0e:f4:dc:b6:09:09:83:14:cf:
                    01:e4:d2:c4:5c:68:be:d1:87:26:9a:c7:9a:e7:c3:
                    b3:ac:0a:11:d1:66:67:5a:b7:73:77:70:87:d1:61:
                    4e:de:01:75:32:a4:bf:94:b1:fc:ee:5b:3a:1c:a2:
                    d2:53:44:e2:e0:54:04:03:31:89:99:61:69:f8:9c:
                    09:82:29:70:7c:ca:79:3b:80:74:ca:4b:7d:b7:d8:
                    0a:10:df:a8:7e:d5:af:75:f6:0d:ca:50:4c:c6:f7:
                    7e:0c:2a:43:cf:ac:84:fd:26:75:77:74:8c:b6:ed:
                    4d:72:1a:2e:1a:71:7d:5c:be:2a:00:0f:3c:7a:ab:
                    50:c6:c0:31:8c:09:b0:55:37:62:35:30:d3:55:c1:
                    97:3e:5d:b9:d4:24:09:c2:ef:b7:23:af:b2:1a:9c:
                    9f:dd:e0:71:f3:8a:ca:a4:b3:bc:b6:66:12:46:37:
                    60:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:13:D5:E8:76:6D:62:7A:C1:54:67:CE:EE:64:79:9B:15:54:96:94
            X509v3 Authority Key Identifier:
                keyid:3D:92:BC:04:5A:B9:CC:9F:01:7E:8B:F7:FF:E4:23:DA:80:4A:61:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PZK8BFq5zJ8Bfov3_-Qj2oBKYU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/3626dc-221f-4b9a-bb68-3e3812ffa147/1/thPV6HZtYnrBVGfO7mR5mxVUlpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/3626dc-221f-4b9a-bb68-3e3812ffa147/1/PZK8BFq5zJ8Bfov3_-Qj2oBKYU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1680:6::-2a11:1680:9:ffff:ffff:ffff:ffff:ffff
                  2a11:1680:10::/48
                  2a11:1680:1e::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:9a:53:bb:fc:b9:5f:81:d3:0e:5b:2e:f9:f3:dd:20:6e:dd:
         d7:ea:32:21:17:d0:be:9e:0d:e0:e2:f7:47:0e:2e:df:0b:1d:
         3e:6c:1f:17:65:89:84:1e:0b:f6:62:cb:02:15:21:ca:bb:75:
         f3:f9:30:23:0e:08:a0:16:01:90:fe:98:38:07:09:da:60:7c:
         fa:e9:ea:86:2e:3d:3f:c7:3a:93:10:ce:d6:09:37:75:87:61:
         45:35:ca:c7:96:5d:87:63:de:40:71:4e:89:38:70:eb:e1:c1:
         d5:32:09:e4:54:58:ca:db:74:69:a3:9d:d5:ba:0f:63:b7:64:
         25:9a:f4:f3:03:85:e6:8c:ff:67:66:a9:3b:c6:78:87:4e:88:
         6d:b1:a7:a8:5c:c9:b4:72:a5:27:04:a2:b1:a3:77:e4:d7:71:
         9b:49:79:22:2d:da:ff:79:54:5b:61:5d:75:a8:04:e4:e6:c2:
         1c:8b:5f:6c:09:0f:0b:64:c8:bb:c9:d8:5e:fe:d8:9e:5e:36:
         ad:29:9d:da:8e:c4:ee:0a:37:dc:22:95:e6:f7:d3:b6:40:67:
         7f:61:aa:96:6f:69:62:06:de:ec:dc:53:cc:a2:40:15:86:2b:
         1e:b8:d1:cf:07:b0:0b:85:95:80:1e:2f:ae:40:cc:19:50:73:
         37:31:9c:43
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEApjJmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZDkyYmMwNDVhYjljYzlmMDE3ZThiZjdmZmU0MjNkYTgwNGE2MTRmMB4XDTIyMDYx
MjExMDIwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjYxM2Q1ZTg3NjZk
NjI3YWMxNTQ2N2NlZWU2NDc5OWIxNTU0OTY5NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJrYQ4lr6zZ7qUh/k+BIuAI0F7rw4p/1mcSSvkfHhI/80knw
jDLGNqilfjYxXczwoCTZ0J0qxQ8QnrEDrG94rdMt2jj/18VCIBokcNocEm9eDvTc
tgkJgxTPAeTSxFxovtGHJprHmufDs6wKEdFmZ1q3c3dwh9FhTt4BdTKkv5Sx/O5b
Ohyi0lNE4uBUBAMxiZlhaficCYIpcHzKeTuAdMpLfbfYChDfqH7Vr3X2DcpQTMb3
fgwqQ8+shP0mdXd0jLbtTXIaLhpxfVy+KgAPPHqrUMbAMYwJsFU3YjUw01XBlz5d
udQkCcLvtyOvshqcn93gcfOKyqSzvLZmEkY3YNcCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBS2E9Xodm1iesFUZ87uZHmbFVSWlDAfBgNVHSMEGDAWgBQ9krwEWrnMnwF+
i/f/5CPagEphTzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BaSzhCRnE1eko4QmZvdjNfLVFqMm9CS1lVOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvMzYyNmRjLTIyMWYtNGI5YS1iYjY4LTNlMzgxMmZmYTE0Ny8x
L3RoUFY2SFp0WW5yQlZHZk83bVI1bXhWVWxwUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
MzYyNmRjLTIyMWYtNGI5YS1iYjY4LTNlMzgxMmZmYTE0Ny8xL1BaSzhCRnE1eko4
QmZvdjNfLVFqMm9CS1lVOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAIwJjASAwcBKhEWgAAGAwcBKhEWgAAIAwcA
KhEWgAAQAwcAKhEWgAAeMA0GCSqGSIb3DQEBCwUAA4IBAQApmlO7/LlfgdMOWy75
890gbt3X6jIhF9C+ng3g4vdHDi7fCx0+bB8XZYmEHgv2YssCFSHKu3Xz+TAjDgig
FgGQ/pg4BwnaYHz66eqGLj0/xzqTEM7WCTd1h2FFNcrHll2HY95AcU6JOHDr4cHV
MgnkVFjK23Rpo53Vug9jt2QlmvTzA4XmjP9nZqk7xniHTohtsaeoXMm0cqUnBKKx
o3fk13GbSXkiLdr/eVRbYV11qATk5sIci19sCQ8LZMi7ydhe/tieXjatKZ3ajsTu
CjfcIpXm99O2QGd/YaqWb2liBt7s3FPMokAVhiseuNHPB7ALhZWAHi+uQMwZUHM3
MZxD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:03 2024 by rpki-client on console-ams.rpki-client.org