Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c8e8cf-13da-407e-bb5c-38975ffa8263/1/QgmyDY1ZdOxFOiK2AGv82_6xOAw.roa
File:                     QgmyDY1ZdOxFOiK2AGv82_6xOAw.roa (raw, json)
Hash identifier:          hgPt0Eh9QXGQfby9mvtk7tCAABjiVJZd9kxnKvJOyVI=
Subject key identifier:   42:09:B2:0D:8D:59:74:EC:45:3A:22:B6:00:6B:FC:DB:FE:B1:38:0C
Certificate issuer:       /CN=76a36089d917ec2396baa45944e5d4f312bdad67
Certificate serial:       E1EDD9
Authority key identifier: 76:A3:60:89:D9:17:EC:23:96:BA:A4:59:44:E5:D4:F3:12:BD:AD:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqNgidkX7COWuqRZROXU8xK9rWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c8e8cf-13da-407e-bb5c-38975ffa8263/1/QgmyDY1ZdOxFOiK2AGv82_6xOAw.roa
Signing time:             Sat 01 Jan 2022 12:59:35 +0000
ROA not before:           Sat 01 Jan 2022 12:59:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210310
IP address blocks:        91.205.108.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14806489 (0xe1edd9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a36089d917ec2396baa45944e5d4f312bdad67
        Validity
            Not Before: Jan  1 12:59:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4209b20d8d5974ec453a22b6006bfcdbfeb1380c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e5:d0:34:87:a9:7e:94:e5:6c:8e:ca:fb:53:
                    c7:dc:95:7d:70:b6:13:8e:3c:99:f1:73:8a:cf:6a:
                    42:76:54:cf:66:b8:bd:73:29:52:8e:3a:35:a7:8c:
                    00:db:60:86:c2:ff:dd:94:36:6b:59:b2:76:94:da:
                    2b:35:10:1e:6a:03:5e:fd:38:10:3d:4b:92:4c:65:
                    7e:9a:06:86:92:21:4c:7d:e0:d7:5b:27:53:55:e7:
                    fc:bb:fc:4c:ff:c3:fc:58:7b:dc:31:3a:24:7e:94:
                    f4:6c:df:d3:7a:f2:d0:0d:d6:f4:07:c2:f3:42:f4:
                    0c:59:76:08:52:41:72:9a:83:d4:75:bb:93:44:a1:
                    02:c8:11:79:c3:49:aa:c1:f0:61:f9:00:3b:9b:85:
                    ce:79:73:6f:f8:4e:5f:45:60:fa:f8:76:43:8f:ec:
                    fc:d3:cf:d7:57:f1:29:cb:22:4e:de:19:b7:fd:bb:
                    89:65:3d:be:db:32:98:24:79:ac:8a:6c:64:d0:7b:
                    b0:a6:25:4c:14:d4:df:92:21:e9:7e:9e:83:28:ba:
                    0f:02:ea:a7:59:ec:ed:54:cd:4b:6d:1a:91:18:09:
                    78:ba:a5:fa:73:d6:79:03:5e:a8:dd:6d:97:ce:56:
                    9b:ec:bb:07:d1:bb:ac:9b:33:ef:86:9c:d0:e5:4f:
                    fa:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:09:B2:0D:8D:59:74:EC:45:3A:22:B6:00:6B:FC:DB:FE:B1:38:0C
            X509v3 Authority Key Identifier:
                keyid:76:A3:60:89:D9:17:EC:23:96:BA:A4:59:44:E5:D4:F3:12:BD:AD:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqNgidkX7COWuqRZROXU8xK9rWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c8e8cf-13da-407e-bb5c-38975ffa8263/1/QgmyDY1ZdOxFOiK2AGv82_6xOAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c8e8cf-13da-407e-bb5c-38975ffa8263/1/dqNgidkX7COWuqRZROXU8xK9rWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:02:4c:80:41:9f:d9:05:7a:78:bf:b4:ab:25:29:8d:a5:88:
         28:dc:99:73:82:ed:c7:4a:da:30:42:69:fc:c3:ce:83:cc:fb:
         54:3f:2b:b8:dc:63:0b:26:bf:b0:c4:04:25:55:f3:27:aa:b9:
         58:04:dd:d4:8a:dd:07:c9:2f:58:5c:04:78:64:28:31:11:51:
         97:ae:d4:90:03:6c:84:be:51:8a:d8:d9:43:53:89:c7:e3:59:
         8a:b1:cc:5a:a5:3f:ae:b8:c7:2b:58:18:0e:92:e0:c9:b3:cd:
         d9:3c:83:58:74:0e:72:07:a4:85:68:66:69:ef:ea:73:e1:69:
         b8:15:dd:f7:d4:fc:f4:ad:67:b2:4b:38:95:f2:6f:89:ae:9d:
         83:e9:91:c9:0b:92:fd:17:6f:45:ab:68:68:fa:7a:7d:d5:40:
         09:15:bf:4b:38:4f:18:2c:d1:9f:22:45:73:bd:e2:f6:81:4c:
         25:4a:bb:16:5e:38:de:45:4c:6c:83:eb:56:ff:f6:e6:8d:dd:
         81:4a:7f:c7:37:e7:8e:de:a4:91:53:65:f8:29:e9:e9:f6:8c:
         04:97:e8:e1:a8:ba:8e:f2:47:ef:72:37:1a:38:99:a4:96:6b:
         93:d0:2d:01:87:b3:8e:4b:52:f7:33:7c:d2:35:9a:9f:f9:20:
         70:26:b4:60
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAOHt2TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NmEzNjA4OWQ5MTdlYzIzOTZiYWE0NTk0NGU1ZDRmMzEyYmRhZDY3MB4XDTIyMDEw
MTEyNTkzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDIwOWIyMGQ4ZDU5
NzRlYzQ1M2EyMmI2MDA2YmZjZGJmZWIxMzgwYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANPl0DSHqX6U5WyOyvtTx9yVfXC2E448mfFzis9qQnZUz2a4
vXMpUo46NaeMANtghsL/3ZQ2a1mydpTaKzUQHmoDXv04ED1LkkxlfpoGhpIhTH3g
11snU1Xn/Lv8TP/D/Fh73DE6JH6U9Gzf03ry0A3W9AfC80L0DFl2CFJBcpqD1HW7
k0ShAsgRecNJqsHwYfkAO5uFznlzb/hOX0Vg+vh2Q4/s/NPP11fxKcsiTt4Zt/27
iWU9vtsymCR5rIpsZNB7sKYlTBTU35Ih6X6egyi6DwLqp1ns7VTNS20akRgJeLql
+nPWeQNeqN1tl85Wm+y7B9G7rJsz74ac0OVP+vMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRCCbINjVl07EU6IrYAa/zb/rE4DDAfBgNVHSMEGDAWgBR2o2CJ2RfsI5a6
pFlE5dTzEr2tZzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RxTmdpZGtYN0NPV3VxUlpST1hVOHhLOXJXYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDAvYzhlOGNmLTEzZGEtNDA3ZS1iYjVjLTM4OTc1ZmZhODI2My8x
L1FnbXlEWTFaZE94Rk9pSzJBR3Y4Ml82eE9Bdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAv
YzhlOGNmLTEzZGEtNDA3ZS1iYjVjLTM4OTc1ZmZhODI2My8xL2RxTmdpZGtYN0NP
V3VxUlpST1hVOHhLOXJXYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlvNbDANBgkqhkiG9w0BAQsFAAOC
AQEAcAJMgEGf2QV6eL+0qyUpjaWIKNyZc4Ltx0raMEJp/MPOg8z7VD8ruNxjCya/
sMQEJVXzJ6q5WATd1IrdB8kvWFwEeGQoMRFRl67UkANshL5RitjZQ1OJx+NZirHM
WqU/rrjHK1gYDpLgybPN2TyDWHQOcgekhWhmae/qc+FpuBXd99T89K1nsks4lfJv
ia6dg+mRyQuS/RdvRatoaPp6fdVACRW/SzhPGCzRnyJFc73i9oFMJUq7Fl443kVM
bIPrVv/25o3dgUp/xzfnjt6kkVNl+Cnp6faMBJfo4ai6jvJH73I3GjiZpJZrk9At
AYezjktS9zN80jWan/kgcCa0YA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:41:52 2023 by rpki-client on console-fra.rpki-client.org