Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/vNXwkZACqlBrtRPOHE9RLTKTy5Q.roa
File:                     vNXwkZACqlBrtRPOHE9RLTKTy5Q.roa (raw, json)
Hash identifier:          AZpGuUc8lTHIp4vJxFuGSdH9WmjzB0GcNvV5PXr6J9U=
Subject key identifier:   BC:D5:F0:91:90:02:AA:50:6B:B5:13:CE:1C:4F:51:2D:32:93:CB:94
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       04476375
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/vNXwkZACqlBrtRPOHE9RLTKTy5Q.roa
Signing time:             Sat 01 Jan 2022 13:55:21 +0000
ROA not before:           Sat 01 Jan 2022 13:55:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197328
IP address blocks:        45.14.82.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71787381 (0x4476375)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 13:55:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bcd5f0919002aa506bb513ce1c4f512d3293cb94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fc:54:3f:1a:90:91:97:b0:b1:3f:9e:19:e2:
                    87:75:a5:9c:ff:bf:71:dc:b3:6d:aa:a9:7c:da:ea:
                    0c:4e:79:a3:b0:76:63:3b:10:da:99:d5:9a:bf:f5:
                    ce:02:1d:ed:98:ee:a4:aa:75:68:24:f5:94:a8:16:
                    63:25:68:74:dc:92:f0:4e:bb:e4:23:26:84:53:35:
                    63:b9:85:11:6a:10:0d:e9:05:f7:5a:c0:07:26:f1:
                    32:db:92:f6:60:ac:39:14:e6:e0:fe:37:08:ba:d4:
                    05:4f:c0:c3:a8:a9:14:e8:60:6d:b3:6e:d4:d7:78:
                    85:de:e8:a1:8e:8c:ae:3f:6b:dd:53:db:cf:b7:08:
                    d3:0a:77:3f:d8:a2:84:50:5d:c3:a9:32:e1:f9:8a:
                    70:12:b0:38:e4:c8:69:4f:10:08:94:7d:1e:1d:ce:
                    da:bf:85:08:43:07:79:e1:8b:4f:6e:97:f1:89:f6:
                    48:54:3d:21:8b:82:87:36:7d:6d:bb:f3:bd:b4:1a:
                    5b:74:19:59:0b:64:72:08:d4:38:31:d9:d0:21:52:
                    0f:b8:45:69:81:c2:d1:b6:92:f4:6a:ac:94:99:fd:
                    13:5a:27:ec:c4:6a:3b:3b:5a:21:b7:72:75:4f:03:
                    bf:9b:5a:87:46:c2:01:4c:cc:fd:e7:47:91:8d:cc:
                    7a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:D5:F0:91:90:02:AA:50:6B:B5:13:CE:1C:4F:51:2D:32:93:CB:94
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/vNXwkZACqlBrtRPOHE9RLTKTy5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:72:2a:96:6e:25:d9:d2:b9:80:3f:a1:4d:b1:f3:c7:0f:d4:
         6e:b5:8a:59:dc:63:fa:15:71:6b:51:3a:40:de:b9:e0:28:68:
         f8:78:c6:90:1f:2c:dd:31:71:f9:f3:de:d7:7a:3c:2f:11:1a:
         69:39:8f:a2:60:81:fb:71:b2:af:03:54:8c:bc:3f:2c:f1:bd:
         bd:f1:36:67:ce:ba:7a:46:25:67:91:f6:7c:de:49:d6:9e:fd:
         89:2a:9b:5f:21:9f:65:de:9f:2d:86:d8:e1:64:f2:38:8d:30:
         5f:ca:6d:0b:a9:4c:7b:ab:60:fc:5e:88:fa:9b:0a:b9:24:7e:
         ed:83:88:6e:32:56:32:23:1a:40:b3:86:89:70:61:cb:0a:c6:
         38:09:ae:4a:ac:59:6c:9e:6c:6b:c9:75:29:3a:62:15:ba:fd:
         60:4d:4b:de:7c:ad:bc:49:84:a5:8c:c3:a3:4d:50:9c:6c:4c:
         64:9c:e5:1e:c2:b1:5e:dc:f1:bc:cb:a3:1a:fb:26:29:39:ab:
         3a:83:2e:dd:c2:c7:ca:a4:92:1c:ae:0c:6d:96:85:e1:a9:eb:
         62:8f:02:90:09:f7:a6:9a:64:5d:d5:df:d0:0c:39:8b:08:84:
         d7:04:69:99:3d:c1:e0:73:da:85:68:b0:37:18:44:47:ec:6d:
         b3:15:22:a6
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBEdjdTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NTMzZWY0NjExNmZkOWQyMWJmYjUzM2U0NGJkZTUxNzg5MGMyNGRjMB4XDTIyMDEw
MTEzNTUyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmNkNWYwOTE5MDAy
YWE1MDZiYjUxM2NlMWM0ZjUxMmQzMjkzY2I5NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL78VD8akJGXsLE/nhnih3WlnP+/cdyzbaqpfNrqDE55o7B2
YzsQ2pnVmr/1zgId7ZjupKp1aCT1lKgWYyVodNyS8E675CMmhFM1Y7mFEWoQDekF
91rABybxMtuS9mCsORTm4P43CLrUBU/Aw6ipFOhgbbNu1Nd4hd7ooY6Mrj9r3VPb
z7cI0wp3P9iihFBdw6ky4fmKcBKwOOTIaU8QCJR9Hh3O2r+FCEMHeeGLT26X8Yn2
SFQ9IYuChzZ9bbvzvbQaW3QZWQtkcgjUODHZ0CFSD7hFaYHC0baS9GqslJn9E1on
7MRqOztaIbdydU8Dv5tah0bCAUzM/edHkY3MeqcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBS81fCRkAKqUGu1E84cT1EtMpPLlDAfBgNVHSMEGDAWgBSFM+9GEW/Z0hv7
Uz5EveUXiQwk3DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hUUHZSaEZ2MmRJYi0xTS1STDNsRjRrTUpOdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvZTA0NzJhLTNhZGYtNDNjZC1iZjMwLTczOTIzZGFlZjExNC8x
L3ZOWHdrWkFDcWxCcnRSUE9IRTlSTFRLVHk1US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
ZTA0NzJhLTNhZGYtNDNjZC1iZjMwLTczOTIzZGFlZjExNC8xL2hUUHZSaEZ2MmRJ
Yi0xTS1STDNsRjRrTUpOdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0OUjANBgkqhkiG9w0BAQsFAAOC
AQEAr3Iqlm4l2dK5gD+hTbHzxw/UbrWKWdxj+hVxa1E6QN654Cho+HjGkB8s3TFx
+fPe13o8LxEaaTmPomCB+3GyrwNUjLw/LPG9vfE2Z866ekYlZ5H2fN5J1p79iSqb
XyGfZd6fLYbY4WTyOI0wX8ptC6lMe6tg/F6I+psKuSR+7YOIbjJWMiMaQLOGiXBh
ywrGOAmuSqxZbJ5sa8l1KTpiFbr9YE1L3nytvEmEpYzDo01QnGxMZJzlHsKxXtzx
vMujGvsmKTmrOoMu3cLHyqSSHK4MbZaF4anrYo8CkAn3pppkXdXf0Aw5iwiE1wRp
mT3B4HPahWiwNxhER+xtsxUipg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:45 2023 by rpki-client on console-ams.rpki-client.org