Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/sUd-7dQPBjzHH9xNydzLsSBOHIU.roa
File:                     sUd-7dQPBjzHH9xNydzLsSBOHIU.roa (raw, json)
Hash identifier:          tGzdPRPpSqZ9CfWnKWKhQ/f8nj4/1DcTmnlpjnwkJF8=
Subject key identifier:   B1:47:7E:ED:D4:0F:06:3C:C7:1F:DC:4D:C9:DC:CB:B1:20:4E:1C:85
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       013DF59F
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/sUd-7dQPBjzHH9xNydzLsSBOHIU.roa
Signing time:             Sat 01 Jan 2022 11:03:11 +0000
ROA not before:           Sat 01 Jan 2022 11:03:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        185.213.193.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20837791 (0x13df59f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  1 11:03:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1477eedd40f063cc71fdc4dc9dccbb1204e1c85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e4:be:d4:c3:75:33:47:f0:7e:8b:b8:6c:0e:
                    27:8f:75:dd:59:53:38:f7:d8:08:75:24:d9:04:32:
                    b3:ac:5d:a3:9a:ac:88:fe:9e:ea:b4:6d:d9:63:86:
                    42:7a:67:52:e0:bb:02:1b:45:61:c7:0c:a3:05:4a:
                    ce:a6:25:bc:79:f7:87:ba:82:4e:07:bc:df:03:13:
                    ba:8c:8b:8c:3d:4f:5f:58:04:fe:89:b5:82:fb:97:
                    3c:06:57:28:81:7e:51:ef:08:45:49:1e:2b:91:da:
                    9e:24:bc:e7:fe:5d:da:90:e4:05:5e:bd:b3:13:36:
                    0b:2e:fc:d1:73:dc:04:98:22:bf:ca:d6:b5:29:09:
                    29:a7:b2:e0:94:eb:8a:9f:ea:75:6e:21:05:1a:b5:
                    80:4b:ac:dc:0e:ab:12:ae:48:8d:ce:52:61:45:fc:
                    80:cb:1e:c3:f4:80:62:d7:fa:55:6a:0a:85:a5:1e:
                    cd:5c:33:ef:fa:2b:a8:2e:d3:3b:88:02:6d:47:fa:
                    fd:7f:64:b8:1f:26:f4:61:b0:45:4e:66:5d:f7:90:
                    a5:dd:a5:92:8e:19:fc:d9:67:88:31:f2:95:78:d3:
                    07:17:b9:ba:c9:cd:0f:d7:39:a1:86:9d:27:17:f0:
                    9f:fb:18:d2:81:48:4b:99:62:e0:db:3e:83:8a:07:
                    e7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:47:7E:ED:D4:0F:06:3C:C7:1F:DC:4D:C9:DC:CB:B1:20:4E:1C:85
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/sUd-7dQPBjzHH9xNydzLsSBOHIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:e3:7a:e6:9d:56:31:5f:0a:58:1d:84:b0:65:d8:87:ff:7a:
         a4:40:2e:4d:8a:ec:c5:ff:42:8e:3c:f7:f9:e5:0e:21:3c:ea:
         a2:fa:ba:1d:9e:d4:93:a3:4e:ff:8b:a7:85:d1:d3:00:fb:41:
         92:b0:b4:c3:9b:72:7d:d4:31:dd:55:58:9d:bb:89:0f:8d:3d:
         38:d2:d2:c2:82:98:0b:85:aa:13:92:91:37:e8:8f:ef:c6:bd:
         d3:f6:61:c8:a1:d0:ef:3a:84:db:83:1f:93:4e:a7:17:a1:07:
         bd:23:d6:f8:4e:fd:3b:62:ed:72:fc:85:de:6a:a3:44:6a:ac:
         b4:e0:84:4e:b1:95:fc:0b:61:ca:56:3f:97:21:3a:9c:96:87:
         11:ea:8a:04:af:4d:eb:fa:9a:60:b1:ec:fd:c5:9d:df:70:7a:
         5c:00:48:49:c8:2c:f1:51:3d:dc:27:e4:3d:af:81:87:ca:f3:
         18:73:d7:5c:d1:bf:4b:57:c9:98:cd:43:29:eb:6f:d3:25:ad:
         f3:65:d9:1e:ad:e6:b6:65:0b:f1:a0:93:65:8f:35:01:c0:cd:
         3b:95:fb:fd:23:09:e0:d8:d0:0b:c7:43:d6:78:50:0c:0b:8f:
         f3:0d:bb:00:d7:dd:a6:54:18:c2:17:33:f1:3b:a3:07:75:cf:
         74:a0:f7:1e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAT31nzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NjdmM2JkNGJmYmQzMDcxYzM4Y2Q0ZDcwOTJiZDM0OTA5MjBjM2Q5MB4XDTIyMDEw
MTExMDMxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjE0NzdlZWRkNDBm
MDYzY2M3MWZkYzRkYzlkY2NiYjEyMDRlMWM4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMPkvtTDdTNH8H6LuGwOJ4913VlTOPfYCHUk2QQys6xdo5qs
iP6e6rRt2WOGQnpnUuC7AhtFYccMowVKzqYlvHn3h7qCTge83wMTuoyLjD1PX1gE
/om1gvuXPAZXKIF+Ue8IRUkeK5HaniS85/5d2pDkBV69sxM2Cy780XPcBJgiv8rW
tSkJKaey4JTrip/qdW4hBRq1gEus3A6rEq5Ijc5SYUX8gMsew/SAYtf6VWoKhaUe
zVwz7/orqC7TO4gCbUf6/X9kuB8m9GGwRU5mXfeQpd2lko4Z/NlniDHylXjTBxe5
usnND9c5oYadJxfwn/sY0oFIS5li4Ns+g4oH5zECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSxR37t1A8GPMcf3E3J3MuxIE4chTAfBgNVHSMEGDAWgBR2fzvUv70wccOM
1NcJK9NJCSDD2TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RuODcxTC05TUhIRGpOVFhDU3ZUU1FrZ3c5ay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDYvZmY1Y2M2LThmNjEtNDQ3Yi1iNjU4LTRmYjU1OWIzYjliMy8x
L3NVZC03ZFFQQmp6SEg5eE55ZHpMc1NCT0hJVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYv
ZmY1Y2M2LThmNjEtNDQ3Yi1iNjU4LTRmYjU1OWIzYjliMy8xL2RuODcxTC05TUhI
RGpOVFhDU3ZUU1FrZ3c5ay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnVwTANBgkqhkiG9w0BAQsFAAOC
AQEAc+N65p1WMV8KWB2EsGXYh/96pEAuTYrsxf9Cjjz3+eUOITzqovq6HZ7Uk6NO
/4unhdHTAPtBkrC0w5tyfdQx3VVYnbuJD409ONLSwoKYC4WqE5KRN+iP78a90/Zh
yKHQ7zqE24Mfk06nF6EHvSPW+E79O2LtcvyF3mqjRGqstOCETrGV/AthylY/lyE6
nJaHEeqKBK9N6/qaYLHs/cWd33B6XABIScgs8VE93CfkPa+Bh8rzGHPXXNG/S1fJ
mM1DKetv0yWt82XZHq3mtmUL8aCTZY81AcDNO5X7/SMJ4NjQC8dD1nhQDAuP8w27
ANfdplQYwhcz8TujB3XPdKD3Hg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:43:04 2023 by rpki-client on console-fra.rpki-client.org