Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/K5CXzjc8mfWlirT2AjX4fFsoZgs.roa
File:                     K5CXzjc8mfWlirT2AjX4fFsoZgs.roa (raw, json)
Hash identifier:          hj+OzgDMzwdDTURbcZv4aWZ+dJzr2m85p/mktVZz/eE=
Subject key identifier:   2B:90:97:CE:37:3C:99:F5:A5:8A:B4:F6:02:35:F8:7C:5B:28:66:0B
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       3420B0FB
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/K5CXzjc8mfWlirT2AjX4fFsoZgs.roa
Signing time:             Sat 01 Jan 2022 09:02:48 +0000
ROA not before:           Sat 01 Jan 2022 09:02:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3356
IP address blocks:        185.84.160.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 874557691 (0x3420b0fb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 09:02:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2b9097ce373c99f5a58ab4f60235f87c5b28660b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:73:36:2a:0e:84:b0:2f:a8:5f:8a:99:14:1e:
                    ca:8f:d1:c4:56:ff:e9:ce:a5:ac:e6:23:87:cc:6a:
                    73:56:08:36:f5:ad:67:a5:08:28:cf:85:a1:6b:d5:
                    4e:cd:07:44:06:08:79:23:19:60:a5:4a:c2:f6:ea:
                    45:09:40:3c:74:11:0a:38:72:11:7d:9e:16:07:3a:
                    03:65:36:29:93:af:c5:8d:cd:b5:52:ae:cc:a3:c2:
                    e0:cb:e3:30:87:ed:45:a5:d5:7f:f3:b3:53:88:cb:
                    65:07:43:48:6d:28:27:ef:47:31:79:85:4b:29:c3:
                    66:ab:de:3f:f2:ca:10:d8:36:66:99:2e:12:62:6b:
                    02:5d:2f:de:00:d2:d3:6d:8b:df:ca:bf:da:dc:ab:
                    db:e4:e7:4e:cd:cc:f3:b2:6a:38:61:46:e7:b9:27:
                    53:c8:62:95:54:a1:0c:cf:a8:fb:ff:f8:3f:9c:4b:
                    41:6f:3f:60:bd:55:89:79:70:ee:20:b3:71:b5:d9:
                    5c:bf:1a:9b:b2:88:0a:e2:a9:85:78:ec:4e:a5:b6:
                    21:10:d6:2a:2f:e6:5e:7b:b2:a6:28:de:ab:6a:8d:
                    3a:ae:32:11:a2:21:fe:5b:52:94:97:83:ee:53:ce:
                    f4:d9:7b:c0:5c:48:a9:51:7c:59:1c:9a:38:36:9b:
                    8a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:90:97:CE:37:3C:99:F5:A5:8A:B4:F6:02:35:F8:7C:5B:28:66:0B
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/K5CXzjc8mfWlirT2AjX4fFsoZgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d8:a7:c9:4c:c4:95:fc:32:a5:b7:56:32:b2:c0:0d:ac:5a:b7:
         85:4f:4a:bf:9d:6d:e1:2e:27:8e:2f:12:ab:1b:b2:f1:30:cf:
         7c:43:ba:b9:61:45:74:0f:7e:be:9c:1c:6f:8d:17:1f:77:38:
         01:72:97:c4:80:62:39:d2:e9:9a:93:17:53:f0:6b:ae:cb:d2:
         e4:25:8d:e3:2c:8b:47:1b:a5:b6:a6:fa:8c:98:9a:4f:95:60:
         9f:9e:34:ad:0d:8a:0e:7b:2e:73:4c:b1:a9:a9:17:76:c5:c0:
         66:a5:b0:d9:4e:7c:ab:ae:12:f1:7c:1b:bf:e8:8d:3f:1a:bc:
         e2:44:14:a6:bd:65:d6:0d:30:0f:a8:b4:9b:14:4c:03:83:03:
         ea:45:f3:cb:ed:95:2b:ee:c7:32:5f:84:60:33:83:2e:6a:47:
         22:28:58:81:d0:f1:55:d5:5c:78:5a:df:d9:9d:ca:7b:7d:01:
         ab:9e:ce:85:b5:64:fb:bb:09:81:e3:71:2e:0e:15:50:db:e5:
         f4:ce:22:39:80:54:1b:d1:5b:af:85:68:fd:c1:d8:0b:07:37:
         6d:b4:17:cc:39:29:65:7e:31:2c:c4:93:4e:16:b2:cb:4a:46:
         7d:86:e4:12:11:ae:94:38:30:c2:ef:b9:ef:3a:1a:ae:10:b5:
         89:73:f5:8f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENCCw+zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MDU2YmNkNDI2ZmQ4N2NkNmY0MTQ3ZTEzMzIxNmQwMzExMmIxODFiMB4XDTIyMDEw
MTA5MDI0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmI5MDk3Y2UzNzNj
OTlmNWE1OGFiNGY2MDIzNWY4N2M1YjI4NjYwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMhzNioOhLAvqF+KmRQeyo/RxFb/6c6lrOYjh8xqc1YINvWt
Z6UIKM+FoWvVTs0HRAYIeSMZYKVKwvbqRQlAPHQRCjhyEX2eFgc6A2U2KZOvxY3N
tVKuzKPC4MvjMIftRaXVf/OzU4jLZQdDSG0oJ+9HMXmFSynDZqveP/LKENg2Zpku
EmJrAl0v3gDS022L38q/2tyr2+TnTs3M87JqOGFG57knU8hilVShDM+o+//4P5xL
QW8/YL1ViXlw7iCzcbXZXL8am7KICuKphXjsTqW2IRDWKi/mXnuypijeq2qNOq4y
EaIh/ltSlJeD7lPO9Nl7wFxIqVF8WRyaODabin0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQrkJfONzyZ9aWKtPYCNfh8WyhmCzAfBgNVHSMEGDAWgBQQVrzUJv2HzW9B
R+EzIW0DESsYGzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VGYTgxQ2I5aDgxdlFVZmhNeUZ0QXhFckdCcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDcvZTZmNGU0LTY4YmItNDQ5Ni05MGM3LWFhODU5ZTE5MmIxNi8x
L0s1Q1h6amM4bWZXbGlyVDJBalg0ZkZzb1pncy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcv
ZTZmNGU0LTY4YmItNDQ5Ni05MGM3LWFhODU5ZTE5MmIxNi8xL0VGYTgxQ2I5aDgx
dlFVZmhNeUZ0QXhFckdCcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlUoDANBgkqhkiG9w0BAQsFAAOC
AQEA2KfJTMSV/DKlt1YyssANrFq3hU9Kv51t4S4nji8Sqxuy8TDPfEO6uWFFdA9+
vpwcb40XH3c4AXKXxIBiOdLpmpMXU/BrrsvS5CWN4yyLRxultqb6jJiaT5Vgn540
rQ2KDnsuc0yxqakXdsXAZqWw2U58q64S8Xwbv+iNPxq84kQUpr1l1g0wD6i0mxRM
A4MD6kXzy+2VK+7HMl+EYDODLmpHIihYgdDxVdVceFrf2Z3Ke30Bq57OhbVk+7sJ
geNxLg4VUNvl9M4iOYBUG9Fbr4Vo/cHYCwc3bbQXzDkpZX4xLMSTThayy0pGfYbk
EhGulDgwwu+57zoarhC1iXP1jw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:01 2023 by rpki-client on console-ams.rpki-client.org