Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/jqZpaomxWNX15ih1Rs9HEDfQhLE.roa
File:                     jqZpaomxWNX15ih1Rs9HEDfQhLE.roa (raw, json)
Hash identifier:          9iyXyUFpYBTNXlrHHKrEY6z1vdUjdNejKDey74FTF2U=
Subject key identifier:   8E:A6:69:6A:89:B1:58:D5:F5:E6:28:75:46:CF:47:10:37:D0:84:B1
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       04464D1F
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/jqZpaomxWNX15ih1Rs9HEDfQhLE.roa
Signing time:             Sat 01 Jan 2022 13:55:20 +0000
ROA not before:           Sat 01 Jan 2022 13:55:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     11426
IP address blocks:        45.85.130.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71716127 (0x4464d1f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 13:55:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8ea6696a89b158d5f5e6287546cf471037d084b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6d:e9:4c:e8:cb:9b:a1:e1:58:7b:ae:15:2b:
                    1b:45:9f:c7:ca:19:70:d3:b8:93:cd:0b:15:16:54:
                    90:69:7d:98:94:d4:92:ab:06:e4:fc:5c:8f:bc:1b:
                    26:34:23:77:41:1a:92:fc:6a:9c:5f:da:bf:aa:7d:
                    4a:30:a2:ce:2a:55:d3:c4:71:1b:41:97:03:77:38:
                    b9:19:3e:8f:3d:b0:e7:5f:c5:18:77:6d:63:53:cb:
                    79:17:fe:3d:43:fd:35:50:c1:23:e6:8f:33:71:d4:
                    dd:b1:a3:7a:9b:4d:b8:b1:15:f2:e8:fe:76:30:f9:
                    3a:51:8a:ad:18:7b:b6:fb:cd:fe:d4:2b:22:8b:6b:
                    ac:66:ee:64:41:1c:33:85:2a:c4:2f:d0:3e:a3:52:
                    ae:b1:59:5a:8f:ba:cf:ad:ef:b2:18:1c:ac:05:ad:
                    f9:94:a8:0e:84:ef:31:d4:19:f8:06:ec:d0:6f:07:
                    8c:ca:f4:79:2b:7f:78:2e:38:98:aa:97:11:4c:e4:
                    64:fd:3d:b6:d7:25:a5:a8:25:2a:75:fb:00:ab:e1:
                    ec:b5:d3:17:b8:78:9d:b0:a0:3a:ad:de:5a:31:36:
                    63:cc:c7:b5:26:17:93:ee:f5:25:99:16:55:00:90:
                    75:ea:fa:4d:f3:42:49:ac:06:56:06:c5:b0:21:50:
                    7d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A6:69:6A:89:B1:58:D5:F5:E6:28:75:46:CF:47:10:37:D0:84:B1
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/jqZpaomxWNX15ih1Rs9HEDfQhLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:fa:1a:d4:86:52:8f:1a:6a:b2:d3:8f:6a:72:29:07:a8:2f:
         9d:7d:86:b9:d2:c7:46:b6:27:cd:d2:f8:ef:64:35:e1:20:c0:
         1c:d9:b4:7f:6b:21:6c:d4:d0:e1:c6:32:e6:d3:9f:d0:14:b6:
         a4:e7:b9:1c:f8:5a:f5:27:84:d0:d0:f3:05:58:b9:2f:ed:f9:
         68:58:98:df:82:5b:60:63:b7:6b:d1:bf:70:7d:14:a4:71:31:
         b4:23:83:8f:b3:66:60:b4:ee:96:76:55:d6:9c:ce:47:a8:88:
         56:5a:d1:ba:e7:1a:26:66:49:8e:af:d1:db:cc:03:c8:16:c2:
         74:2b:cf:e6:96:ac:f2:5d:1a:0f:cc:64:70:50:64:22:24:41:
         78:2b:7f:23:0e:da:6b:a7:f4:97:65:27:0c:1c:3d:1f:6e:61:
         1d:b1:d3:fc:f9:26:29:f3:ae:83:5c:eb:ac:97:54:3f:bc:10:
         76:c2:5b:79:8d:86:fb:28:61:f8:99:c8:cc:b2:4d:e2:3d:86:
         b3:46:3d:3f:cb:f6:6c:87:03:71:4b:c4:74:b1:47:0c:b2:f9:
         1e:46:1c:08:20:a3:41:4d:ab:da:86:3a:b0:0f:35:67:c5:bc:
         0b:6d:b9:ee:70:18:85:d2:83:5b:1f:62:10:ee:a8:8e:c6:ac:
         5e:7d:05:3d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBEZNHzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NTMzZWY0NjExNmZkOWQyMWJmYjUzM2U0NGJkZTUxNzg5MGMyNGRjMB4XDTIyMDEw
MTEzNTUyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGVhNjY5NmE4OWIx
NThkNWY1ZTYyODc1NDZjZjQ3MTAzN2QwODRiMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANVt6Uzoy5uh4Vh7rhUrG0Wfx8oZcNO4k80LFRZUkGl9mJTU
kqsG5Pxcj7wbJjQjd0EakvxqnF/av6p9SjCizipV08RxG0GXA3c4uRk+jz2w51/F
GHdtY1PLeRf+PUP9NVDBI+aPM3HU3bGjeptNuLEV8uj+djD5OlGKrRh7tvvN/tQr
IotrrGbuZEEcM4UqxC/QPqNSrrFZWo+6z63vshgcrAWt+ZSoDoTvMdQZ+Abs0G8H
jMr0eSt/eC44mKqXEUzkZP09ttclpaglKnX7AKvh7LXTF7h4nbCgOq3eWjE2Y8zH
tSYXk+71JZkWVQCQder6TfNCSawGVgbFsCFQfV0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSOpmlqibFY1fXmKHVGz0cQN9CEsTAfBgNVHSMEGDAWgBSFM+9GEW/Z0hv7
Uz5EveUXiQwk3DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hUUHZSaEZ2MmRJYi0xTS1STDNsRjRrTUpOdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvZTA0NzJhLTNhZGYtNDNjZC1iZjMwLTczOTIzZGFlZjExNC8x
L2pxWnBhb214V05YMTVpaDFSczlIRURmUWhMRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
ZTA0NzJhLTNhZGYtNDNjZC1iZjMwLTczOTIzZGFlZjExNC8xL2hUUHZSaEZ2MmRJ
Yi0xTS1STDNsRjRrTUpOdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1VgjANBgkqhkiG9w0BAQsFAAOC
AQEAZ/oa1IZSjxpqstOPanIpB6gvnX2GudLHRrYnzdL472Q14SDAHNm0f2shbNTQ
4cYy5tOf0BS2pOe5HPha9SeE0NDzBVi5L+35aFiY34JbYGO3a9G/cH0UpHExtCOD
j7NmYLTulnZV1pzOR6iIVlrRuucaJmZJjq/R28wDyBbCdCvP5pas8l0aD8xkcFBk
IiRBeCt/Iw7aa6f0l2UnDBw9H25hHbHT/PkmKfOug1zrrJdUP7wQdsJbeY2G+yhh
+JnIzLJN4j2Gs0Y9P8v2bIcDcUvEdLFHDLL5HkYcCCCjQU2r2oY6sA81Z8W8C225
7nAYhdKDWx9iEO6ojsasXn0FPQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:42:52 2023 by rpki-client on console-fra.rpki-client.org