Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/eb1cd5-c871-4d4f-ac3f-4b599d08ed1c/1/gr9Z4grgYiiqtszlzvJfWzuZ8YU.roa
File:                     gr9Z4grgYiiqtszlzvJfWzuZ8YU.roa (raw, json)
Hash identifier:          5Z7K6/NRXahFk/uvwPoWAtReLIlfnoohGXb1uk+tyKc=
Subject key identifier:   82:BF:59:E2:0A:E0:62:28:AA:B6:CC:E5:CE:F2:5F:5B:3B:99:F1:85
Certificate issuer:       /CN=cafd3133df47ce2bb07c472fbe6bb4e9178c6233
Certificate serial:       D55D80
Authority key identifier: CA:FD:31:33:DF:47:CE:2B:B0:7C:47:2F:BE:6B:B4:E9:17:8C:62:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yv0xM99HziuwfEcvvmu06ReMYjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/eb1cd5-c871-4d4f-ac3f-4b599d08ed1c/1/gr9Z4grgYiiqtszlzvJfWzuZ8YU.roa
Signing time:             Sat 01 Jan 2022 11:56:38 +0000
ROA not before:           Sat 01 Jan 2022 11:56:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        37.72.133.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13983104 (0xd55d80)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cafd3133df47ce2bb07c472fbe6bb4e9178c6233
        Validity
            Not Before: Jan  1 11:56:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=82bf59e20ae06228aab6cce5cef25f5b3b99f185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b3:d8:c6:33:e2:25:b5:d6:c7:fa:85:ca:89:
                    66:3d:67:75:b3:09:86:13:ca:22:b9:cb:2a:b4:e3:
                    34:fa:a9:d4:d3:0a:07:c5:96:2f:67:85:12:5c:96:
                    bc:8d:3a:c9:51:7e:dd:88:38:e3:2d:c8:b0:87:55:
                    61:57:be:06:8d:42:06:7d:99:bb:f3:f9:e1:5b:98:
                    43:86:0e:42:81:8d:8a:c3:7a:23:bc:d4:ef:6c:3d:
                    93:ae:8e:f1:55:92:9b:09:20:7b:fa:17:65:5a:fa:
                    82:d8:19:64:e9:a6:b1:bf:a5:8a:0d:ad:61:86:fb:
                    24:f3:19:f6:dd:71:74:26:e5:4d:71:51:4a:de:92:
                    47:df:e2:26:d2:d4:c0:ea:fe:fb:12:c9:66:5c:0f:
                    f3:bc:f7:80:36:16:32:26:b4:15:35:87:08:be:35:
                    d7:c1:65:bb:0e:ba:96:db:b3:6f:1d:a1:09:61:3c:
                    23:e1:5e:ee:73:c9:01:5e:6e:53:9a:7f:d2:3d:25:
                    48:a7:06:7f:8c:ae:a1:69:89:8a:27:91:70:78:1d:
                    2f:3d:e2:f8:c1:97:c6:03:f7:51:40:16:2f:d3:11:
                    bc:ad:68:c9:08:36:04:d2:78:68:af:b4:ed:36:3e:
                    d1:52:7c:ed:5c:f7:b6:ad:c6:6b:65:12:2c:39:34:
                    d9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:BF:59:E2:0A:E0:62:28:AA:B6:CC:E5:CE:F2:5F:5B:3B:99:F1:85
            X509v3 Authority Key Identifier:
                keyid:CA:FD:31:33:DF:47:CE:2B:B0:7C:47:2F:BE:6B:B4:E9:17:8C:62:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yv0xM99HziuwfEcvvmu06ReMYjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/eb1cd5-c871-4d4f-ac3f-4b599d08ed1c/1/gr9Z4grgYiiqtszlzvJfWzuZ8YU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/eb1cd5-c871-4d4f-ac3f-4b599d08ed1c/1/yv0xM99HziuwfEcvvmu06ReMYjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:d4:0f:7a:72:a8:d4:8a:dc:59:0c:48:3b:9b:15:c0:73:77:
         0b:80:bb:e5:85:06:22:5f:1f:c9:e6:7c:8c:47:fc:85:b4:a7:
         56:da:d0:d2:6f:44:b5:e9:0d:33:03:dd:cc:a6:43:e0:6d:12:
         9d:6a:ea:5d:02:d3:a7:ab:76:d6:d6:26:f0:f9:f4:d9:0c:52:
         09:6b:91:48:51:64:c1:ec:22:ea:2d:90:12:4e:d7:5f:0c:fa:
         6e:15:5c:c5:ae:90:c9:84:0e:61:82:e2:ef:ef:fa:0b:7a:4e:
         99:cd:d7:77:11:0f:81:af:0e:40:6e:32:de:ef:6e:4c:f2:ac:
         4b:9f:63:21:0d:83:23:0d:a2:eb:79:14:9a:26:c4:88:18:6b:
         90:5b:74:ee:41:aa:35:62:08:c5:bd:46:86:bf:ef:af:cc:be:
         7f:2d:6a:9b:75:54:85:5a:5d:45:7d:6d:8d:1d:a7:ac:69:2c:
         70:48:fa:13:40:95:6f:02:cc:02:7a:4c:0d:7a:2f:85:d8:92:
         0e:07:99:f2:67:50:88:fe:2b:27:42:2a:f8:2f:57:3e:f8:47:
         b5:b2:b6:88:a1:c2:e3:92:f4:91:80:4b:d7:3b:f4:42:23:d6:
         03:3b:5d:db:a5:4d:96:da:ec:a8:4e:86:12:90:5a:1d:f5:83:
         41:f7:8a:65
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEANVdgDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YWZkMzEzM2RmNDdjZTJiYjA3YzQ3MmZiZTZiYjRlOTE3OGM2MjMzMB4XDTIyMDEw
MTExNTYzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODJiZjU5ZTIwYWUw
NjIyOGFhYjZjY2U1Y2VmMjVmNWIzYjk5ZjE4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMKz2MYz4iW11sf6hcqJZj1ndbMJhhPKIrnLKrTjNPqp1NMK
B8WWL2eFElyWvI06yVF+3Yg44y3IsIdVYVe+Bo1CBn2Zu/P54VuYQ4YOQoGNisN6
I7zU72w9k66O8VWSmwkge/oXZVr6gtgZZOmmsb+lig2tYYb7JPMZ9t1xdCblTXFR
St6SR9/iJtLUwOr++xLJZlwP87z3gDYWMia0FTWHCL4118Fluw66ltuzbx2hCWE8
I+Fe7nPJAV5uU5p/0j0lSKcGf4yuoWmJiieRcHgdLz3i+MGXxgP3UUAWL9MRvK1o
yQg2BNJ4aK+07TY+0VJ87Vz3tq3Ga2USLDk02YsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSCv1niCuBiKKq2zOXO8l9bO5nxhTAfBgNVHSMEGDAWgBTK/TEz30fOK7B8
Ry++a7TpF4xiMzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3l2MHhNOTlIeml1d2ZFY3Z2bXUwNlJlTVlqTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDAvZWIxY2Q1LWM4NzEtNGQ0Zi1hYzNmLTRiNTk5ZDA4ZWQxYy8x
L2dyOVo0Z3JnWWlpcXRzemx6dkpmV3p1WjhZVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAv
ZWIxY2Q1LWM4NzEtNGQ0Zi1hYzNmLTRiNTk5ZDA4ZWQxYy8xL3l2MHhNOTlIeml1
d2ZFY3Z2bXUwNlJlTVlqTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACVIhTANBgkqhkiG9w0BAQsFAAOC
AQEAm9QPenKo1IrcWQxIO5sVwHN3C4C75YUGIl8fyeZ8jEf8hbSnVtrQ0m9EtekN
MwPdzKZD4G0SnWrqXQLTp6t21tYm8Pn02QxSCWuRSFFkwewi6i2QEk7XXwz6bhVc
xa6QyYQOYYLi7+/6C3pOmc3XdxEPga8OQG4y3u9uTPKsS59jIQ2DIw2i63kUmibE
iBhrkFt07kGqNWIIxb1Ghr/vr8y+fy1qm3VUhVpdRX1tjR2nrGkscEj6E0CVbwLM
AnpMDXovhdiSDgeZ8mdQiP4rJ0Iq+C9XPvhHtbK2iKHC45L0kYBL1zv0QiPWAztd
26VNltrsqE6GEpBaHfWDQfeKZQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:16 2023 by rpki-client on console-ams.rpki-client.org