Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/PuHJYQ9itiNqPFpfZrG9k9Rg9l8.roa
File:                     PuHJYQ9itiNqPFpfZrG9k9Rg9l8.roa (raw, json)
Hash identifier:          vZ0Xs+7KS24a1llsQJph24d3RQ9JEYEu0gXvIqFcq70=
Subject key identifier:   3E:E1:C9:61:0F:62:B6:23:6A:3C:5A:5F:66:B1:BD:93:D4:60:F6:5F
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       155DAA37
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/PuHJYQ9itiNqPFpfZrG9k9Rg9l8.roa
Signing time:             Sat 01 Jan 2022 08:04:49 +0000
ROA not before:           Sat 01 Jan 2022 08:04:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38001
IP address blocks:        185.92.24.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 358459959 (0x155daa37)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 08:04:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3ee1c9610f62b6236a3c5a5f66b1bd93d460f65f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6d:b8:62:71:d5:dd:38:3c:04:73:af:a6:83:
                    65:0f:9c:04:a2:b8:b2:13:bc:a5:3b:66:49:88:ff:
                    ad:d4:34:f4:6f:b9:69:29:12:af:30:06:75:9c:7e:
                    ed:98:3b:58:65:68:6e:44:b5:59:30:8b:68:2f:2b:
                    b7:71:3b:f5:5c:d0:f3:7d:0a:77:90:a1:ae:ed:53:
                    06:c1:37:f4:de:0d:a0:5c:5f:11:aa:20:57:1b:2c:
                    74:b5:9f:3b:3d:92:b9:1b:9f:f4:17:48:4a:c3:55:
                    d2:fc:a5:21:c8:ba:8c:be:b8:61:0f:36:5a:5e:e6:
                    8c:f9:99:cb:14:d3:a1:50:63:55:c7:f7:fe:15:c2:
                    0f:a0:1b:2b:7f:55:53:41:e1:4a:29:38:39:e5:da:
                    9e:ed:8d:b6:3e:8b:59:b2:1f:82:4b:a9:59:83:73:
                    63:08:3f:97:e8:26:05:3d:40:29:56:e5:82:72:a4:
                    81:39:9f:43:52:5e:f0:7c:f2:47:c8:69:6b:76:f5:
                    2d:53:51:37:f5:e9:32:a5:cc:ff:e4:34:9e:1b:12:
                    9a:26:b7:54:b1:bf:9d:4a:5f:31:b4:c4:24:86:38:
                    d2:8e:d9:1e:06:01:2d:cc:5c:ba:fe:3e:6b:20:07:
                    50:4c:81:80:dd:4d:b9:c3:87:bc:0c:48:98:e9:60:
                    79:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E1:C9:61:0F:62:B6:23:6A:3C:5A:5F:66:B1:BD:93:D4:60:F6:5F
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/PuHJYQ9itiNqPFpfZrG9k9Rg9l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:61:0a:e8:81:6b:9e:70:af:34:87:44:0f:9e:10:f3:d4:ca:
         e6:55:8c:60:8b:a2:e1:b9:80:07:79:26:16:0d:63:11:39:db:
         03:ca:74:6c:1c:32:6b:c7:ac:f5:2f:18:f6:f9:9e:8e:a4:ca:
         83:30:8d:3c:92:36:dd:01:7d:a6:5e:2a:f4:d7:30:38:04:f8:
         31:bd:1e:11:a5:f8:21:de:f2:6d:6a:45:b0:7b:a7:47:68:bd:
         ee:aa:b4:31:7e:ef:08:65:07:5c:67:09:6b:b9:fc:97:e3:ac:
         44:54:13:53:d3:b8:9e:75:b4:c8:df:26:cd:09:94:d1:cd:f9:
         55:5d:b4:9b:8b:97:2c:2e:0b:58:ce:0e:cd:5b:14:a3:13:f4:
         d1:95:3c:0b:04:bb:61:67:d6:79:56:57:88:ac:6c:a8:b2:fd:
         e2:b6:67:75:4c:d8:c0:a6:b0:5a:a6:03:f3:50:e2:85:20:98:
         3e:d7:c8:73:12:92:31:54:72:66:f7:e9:6a:37:ff:87:8d:34:
         aa:f8:ce:c8:d1:2d:37:08:ba:d1:53:f1:86:75:ad:d6:5f:40:
         7d:a6:be:2c:f3:7b:21:66:f3:04:cc:97:cb:7c:74:2c:35:2f:
         ae:90:f6:75:89:80:20:63:2c:89:dd:97:39:36:1d:da:5f:c4:
         62:25:8d:53
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEFV2qNzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZjA3NDM0OTZjN2ZmM2VmZmI4NzA2MDExMzljYWQ5ZDJmMjcxZTEwMB4XDTIyMDEw
MTA4MDQ0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2VlMWM5NjEwZjYy
YjYyMzZhM2M1YTVmNjZiMWJkOTNkNDYwZjY1ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMBtuGJx1d04PARzr6aDZQ+cBKK4shO8pTtmSYj/rdQ09G+5
aSkSrzAGdZx+7Zg7WGVobkS1WTCLaC8rt3E79VzQ830Kd5Chru1TBsE39N4NoFxf
EaogVxssdLWfOz2SuRuf9BdISsNV0vylIci6jL64YQ82Wl7mjPmZyxTToVBjVcf3
/hXCD6AbK39VU0HhSik4OeXanu2Ntj6LWbIfgkupWYNzYwg/l+gmBT1AKVblgnKk
gTmfQ1Je8HzyR8hpa3b1LVNRN/XpMqXM/+Q0nhsSmia3VLG/nUpfMbTEJIY40o7Z
HgYBLcxcuv4+ayAHUEyBgN1NucOHvAxImOlgeZ8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ+4clhD2K2I2o8Wl9msb2T1GD2XzAfBgNVHSMEGDAWgBSfB0NJbH/z7/uH
BgETnK2dLyceEDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L253ZERTV3hfOC1fN2h3WUJFNXl0blM4bkhoQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTUvMjJiN2FiLWZjMTEtNDA3YS1iZDNjLTYzNDExMzY3ZDkwYS8x
L1B1SEpZUTlpdGlOcVBGcGZackc5azlSZzlsOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTUv
MjJiN2FiLWZjMTEtNDA3YS1iZDNjLTYzNDExMzY3ZDkwYS8xL253ZERTV3hfOC1f
N2h3WUJFNXl0blM4bkhoQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlcGDANBgkqhkiG9w0BAQsFAAOC
AQEAWWEK6IFrnnCvNIdED54Q89TK5lWMYIui4bmAB3kmFg1jETnbA8p0bBwya8es
9S8Y9vmejqTKgzCNPJI23QF9pl4q9NcwOAT4Mb0eEaX4Id7ybWpFsHunR2i97qq0
MX7vCGUHXGcJa7n8l+OsRFQTU9O4nnW0yN8mzQmU0c35VV20m4uXLC4LWM4OzVsU
oxP00ZU8CwS7YWfWeVZXiKxsqLL94rZndUzYwKawWqYD81DihSCYPtfIcxKSMVRy
Zvfpajf/h400qvjOyNEtNwi60VPxhnWt1l9Afaa+LPN7IWbzBMyXy3x0LDUvrpD2
dYmAIGMsid2XOTYd2l/EYiWNUw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:15 2023 by rpki-client on console-ams.rpki-client.org