Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/llU7H14SONq_hkN8V0FYv-0f6LQ.roa
File:                     llU7H14SONq_hkN8V0FYv-0f6LQ.roa (raw, json)
Hash identifier:          3XWZKiWccfLPhLA/uxHyn2f6O35MO8uahoYZs9oJDKE=
Subject key identifier:   96:55:3B:1F:5E:12:38:DA:BF:86:43:7C:57:41:58:BF:ED:1F:E8:B4
Certificate issuer:       /CN=25c5fbdc722057a65fa9dbb117fc4bdf72edc0a7
Certificate serial:       05839CC4
Authority key identifier: 25:C5:FB:DC:72:20:57:A6:5F:A9:DB:B1:17:FC:4B:DF:72:ED:C0:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JcX73HIgV6ZfqduxF_xL33LtwKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/llU7H14SONq_hkN8V0FYv-0f6LQ.roa
Signing time:             Sat 01 Jan 2022 06:52:22 +0000
ROA not before:           Sat 01 Jan 2022 06:52:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        193.37.132.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 92511428 (0x5839cc4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25c5fbdc722057a65fa9dbb117fc4bdf72edc0a7
        Validity
            Not Before: Jan  1 06:52:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=96553b1f5e1238dabf86437c574158bfed1fe8b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:89:8d:7d:9b:54:b4:8f:eb:43:b8:01:78:97:
                    59:e7:ab:48:6c:3b:ec:47:12:34:89:ba:1b:c2:0f:
                    27:37:8e:35:bb:e0:e2:b2:79:f4:f1:7f:bc:ed:c1:
                    dc:79:41:58:5a:14:27:8b:8f:e1:06:d6:e9:aa:bc:
                    7b:0b:fc:45:e0:31:ee:f9:04:b2:0d:9d:15:51:38:
                    20:7d:af:77:0c:78:16:0f:06:4a:06:a6:7e:82:9d:
                    34:47:99:ac:e4:90:41:8f:de:2f:df:61:a5:69:62:
                    fe:b0:9c:a7:07:33:2a:0a:cb:0a:07:10:d1:06:00:
                    c0:70:a7:94:d9:14:33:e3:d7:a9:87:4d:12:1f:9c:
                    47:04:3a:82:84:92:c9:37:e2:6b:9d:be:91:50:38:
                    5f:b5:11:5c:98:f0:83:74:fa:25:83:1e:46:ac:a9:
                    0b:28:aa:a5:5d:86:71:b0:24:d3:cc:b8:62:9a:da:
                    3e:16:01:fa:ff:b9:62:f7:a7:22:b2:bf:04:35:67:
                    df:9c:e7:03:9c:27:98:a1:af:09:50:7e:bf:a0:d7:
                    6f:54:c9:7a:e7:a1:cb:7a:17:0b:b5:41:2a:83:6d:
                    df:81:89:1c:d3:9f:4f:08:20:c8:91:2a:49:29:5d:
                    5d:bb:d4:b3:40:2e:4e:06:97:8a:41:c1:c1:4f:2a:
                    24:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:55:3B:1F:5E:12:38:DA:BF:86:43:7C:57:41:58:BF:ED:1F:E8:B4
            X509v3 Authority Key Identifier:
                keyid:25:C5:FB:DC:72:20:57:A6:5F:A9:DB:B1:17:FC:4B:DF:72:ED:C0:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JcX73HIgV6ZfqduxF_xL33LtwKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/llU7H14SONq_hkN8V0FYv-0f6LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/01cfc4-a39f-4b3b-90be-ce69556761bd/1/JcX73HIgV6ZfqduxF_xL33LtwKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:93:97:7d:b8:55:7c:45:72:4f:7d:9a:df:79:d9:7c:e5:49:
         8e:4d:56:43:2c:d8:15:0a:f5:c1:ee:45:95:cd:01:5a:9d:2c:
         93:11:78:34:ec:cf:c1:03:a8:93:ac:75:50:eb:3e:5a:62:13:
         23:81:a5:46:74:22:c7:48:04:c9:cc:58:6c:64:d1:6f:88:e9:
         07:29:e5:e3:8d:6c:2d:c4:ff:0e:73:b1:bc:85:ef:8c:04:5a:
         96:c7:f9:a2:7c:b0:22:4b:aa:71:ce:b2:18:f9:58:a3:07:46:
         dd:46:7c:c3:29:e4:81:44:dc:be:6d:d7:a6:89:6c:af:de:10:
         0d:23:28:99:7d:bc:40:8e:80:ae:ea:77:62:74:87:54:d6:c2:
         2a:ce:59:f8:bb:9c:15:01:65:87:e0:06:22:0c:16:c5:c8:5b:
         13:7c:08:60:a1:aa:99:f6:59:7a:29:79:83:4c:53:8c:2b:c5:
         c3:a5:75:64:2c:b7:be:c6:13:d8:6e:88:5d:ec:9f:2b:59:1b:
         8d:7a:97:24:cc:67:3a:3b:62:7f:1c:e3:39:ec:6a:11:da:99:
         d4:4d:18:5a:6b:a7:92:15:7e:01:c3:9f:c1:6a:af:b3:f8:94:
         77:36:f3:f0:7a:8d:2d:99:22:a3:c4:86:25:b6:2b:dd:92:fd:
         22:2d:b3:c2
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBYOcxDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NWM1ZmJkYzcyMjA1N2E2NWZhOWRiYjExN2ZjNGJkZjcyZWRjMGE3MB4XDTIyMDEw
MTA2NTIyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTY1NTNiMWY1ZTEy
MzhkYWJmODY0MzdjNTc0MTU4YmZlZDFmZThiNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL2JjX2bVLSP60O4AXiXWeerSGw77EcSNIm6G8IPJzeONbvg
4rJ59PF/vO3B3HlBWFoUJ4uP4QbW6aq8ewv8ReAx7vkEsg2dFVE4IH2vdwx4Fg8G
SgamfoKdNEeZrOSQQY/eL99hpWli/rCcpwczKgrLCgcQ0QYAwHCnlNkUM+PXqYdN
Eh+cRwQ6goSSyTfia52+kVA4X7URXJjwg3T6JYMeRqypCyiqpV2GcbAk08y4Ypra
PhYB+v+5YvenIrK/BDVn35znA5wnmKGvCVB+v6DXb1TJeuehy3oXC7VBKoNt34GJ
HNOfTwggyJEqSSldXbvUs0AuTgaXikHBwU8qJN0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSWVTsfXhI42r+GQ3xXQVi/7R/otDAfBgNVHSMEGDAWgBQlxfvcciBXpl+p
27EX/Evfcu3ApzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pjWDczSElnVjZaZnFkdXhGX3hMMzNMdHdLYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGQvMDFjZmM0LWEzOWYtNGIzYi05MGJlLWNlNjk1NTY3NjFiZC8x
L2xsVTdIMTRTT05xX2hrTjhWMEZZdi0wZjZMUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGQv
MDFjZmM0LWEzOWYtNGIzYi05MGJlLWNlNjk1NTY3NjFiZC8xL0pjWDczSElnVjZa
ZnFkdXhGX3hMMzNMdHdLYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMElhDANBgkqhkiG9w0BAQsFAAOC
AQEAdZOXfbhVfEVyT32a33nZfOVJjk1WQyzYFQr1we5Flc0BWp0skxF4NOzPwQOo
k6x1UOs+WmITI4GlRnQix0gEycxYbGTRb4jpBynl441sLcT/DnOxvIXvjARalsf5
onywIkuqcc6yGPlYowdG3UZ8wynkgUTcvm3Xpolsr94QDSMomX28QI6Arup3YnSH
VNbCKs5Z+LucFQFlh+AGIgwWxchbE3wIYKGqmfZZeil5g0xTjCvFw6V1ZCy3vsYT
2G6IXeyfK1kbjXqXJMxnOjtifxzjOexqEdqZ1E0YWmunkhV+AcOfwWqvs/iUdzbz
8HqNLZkio8SGJbYr3ZL9Ii2zwg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:43:40 2023 by rpki-client on console-fra.rpki-client.org