Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/QWPEaLCSHovzJreCX0WvAlnqxzU.roa
File:                     QWPEaLCSHovzJreCX0WvAlnqxzU.roa (raw, json)
Hash identifier:          qaaTqKYXl9pCZF3A0hkChlssNeLq21U2WEjSce6pSvQ=
Subject key identifier:   41:63:C4:68:B0:92:1E:8B:F3:26:B7:82:5F:45:AF:02:59:EA:C7:35
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       0182508AB3291568651EC4F476FD011B078E
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/QWPEaLCSHovzJreCX0WvAlnqxzU.roa
Signing time:             Sat 30 Jul 2022 19:17:23 +0000
ROA not before:           Sat 30 Jul 2022 19:17:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399641
IP address blocks:        87.248.149.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:50:8a:b3:29:15:68:65:1e:c4:f4:76:fd:01:1b:07:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jul 30 19:17:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4163c468b0921e8bf326b7825f45af0259eac735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:59:7a:4b:29:6a:11:06:40:c7:e0:6d:16:87:
                    3c:e6:d4:b9:35:e5:68:4d:81:71:a7:50:f0:6b:40:
                    18:d0:59:7d:bd:88:85:6b:37:91:30:81:fa:57:6e:
                    ab:0f:d2:10:43:45:4e:fc:b9:4a:94:e2:76:47:dd:
                    1b:2b:87:54:19:20:71:f4:f9:fa:cb:e5:43:0a:fa:
                    2d:ed:f9:ee:53:c7:24:39:40:03:05:bf:da:a3:ab:
                    90:6d:fa:dd:d9:b2:de:af:8a:22:42:f4:a2:e3:e3:
                    c9:84:35:e5:2e:10:51:cc:e6:da:75:59:54:95:55:
                    73:33:40:bd:6c:06:16:d5:08:93:ca:5f:fa:76:e8:
                    4d:8c:85:26:09:9d:fe:12:91:81:79:dc:02:aa:f1:
                    9d:a4:5d:9c:91:5e:ba:0a:cf:ce:a0:2e:25:08:1b:
                    c7:f5:18:8a:ed:17:b2:96:56:e5:11:ab:23:b7:2c:
                    15:56:f6:1f:59:1d:6a:b6:47:b4:76:a3:68:ce:b1:
                    33:03:43:c1:b1:1d:08:16:23:f9:50:71:b2:1a:66:
                    2f:41:18:a8:52:1d:46:fc:63:d3:47:a6:c4:6e:b6:
                    50:5f:ae:3a:e7:2e:eb:ea:01:14:5a:19:6a:c8:33:
                    1e:b9:d8:3a:c9:f3:36:c1:4d:95:52:17:6a:7f:05:
                    19:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:63:C4:68:B0:92:1E:8B:F3:26:B7:82:5F:45:AF:02:59:EA:C7:35
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/QWPEaLCSHovzJreCX0WvAlnqxzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:0d:39:c0:f5:8e:7a:eb:46:b9:1d:51:5a:94:57:e8:2e:b1:
         a1:ed:c0:53:ab:42:f0:61:87:7d:1a:6f:f8:37:d4:f6:2a:85:
         89:7e:f5:5c:92:ad:5f:46:0a:7b:61:4e:95:e2:7a:1f:3c:f5:
         ed:c9:9b:93:6c:e8:ae:9d:c5:46:23:b1:03:61:8d:f1:e2:8c:
         6a:1d:58:b1:73:c6:59:78:51:f6:dd:7e:01:56:aa:43:56:b6:
         98:a7:91:b7:2d:ca:22:f1:1e:f6:cd:5e:d0:63:79:6a:ea:10:
         b4:fa:d0:6a:82:70:94:64:b3:07:a8:02:02:11:87:cc:e8:6c:
         6e:e9:e4:e3:be:5f:cb:82:61:31:3f:4d:6c:f9:3f:2a:e9:ec:
         16:b6:7e:e0:ad:53:45:c6:17:f1:1f:e1:22:8b:6f:06:86:80:
         28:0d:76:af:fb:59:99:e8:3d:55:a5:60:78:79:e6:44:b5:cc:
         74:c2:4f:8c:1b:73:81:22:8f:81:3d:fd:14:09:ac:46:85:cb:
         ad:32:6d:d9:02:88:8b:a6:39:25:db:36:81:bd:71:a1:cb:ab:
         75:05:8b:37:bc:53:22:42:50:9a:3e:1d:50:8e:5f:b2:14:3b:
         2a:46:05:31:b6:b3:67:ed:23:a5:dd:c4:8e:0c:20:f6:98:6f:
         98:f2:d5:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYJQirMpFWhlHsT0dv0BGweOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjIwNzMwMTkxNzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTYzYzQ2OGIwOTIxZThiZjMyNmI3ODI1ZjQ1YWYwMjU5ZWFjNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFl6SylqEQZAx+BtFoc85tS5NeVo
TYFxp1Dwa0AY0Fl9vYiFazeRMIH6V26rD9IQQ0VO/LlKlOJ2R90bK4dUGSBx9Pn6
y+VDCvot7fnuU8ckOUADBb/ao6uQbfrd2bLer4oiQvSi4+PJhDXlLhBRzObadVlU
lVVzM0C9bAYW1QiTyl/6duhNjIUmCZ3+EpGBedwCqvGdpF2ckV66Cs/OoC4lCBvH
9RiK7ReyllblEasjtywVVvYfWR1qtke0dqNozrEzA0PBsR0IFiP5UHGyGmYvQRio
Uh1G/GPTR6bEbrZQX6465y7r6gEUWhlqyDMeudg6yfM2wU2VUhdqfwUZZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFjxGiwkh6L8ya3gl9FrwJZ6sc1MB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvUVdQRWFMQ1NIb3Z6SnJlQ1gwV3ZBbG5xeHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iVMA0G
CSqGSIb3DQEBCwUAA4IBAQAZDTnA9Y5660a5HVFalFfoLrGh7cBTq0LwYYd9Gm/4
N9T2KoWJfvVckq1fRgp7YU6V4nofPPXtyZuTbOiuncVGI7EDYY3x4oxqHVixc8ZZ
eFH23X4BVqpDVraYp5G3Lcoi8R72zV7QY3lq6hC0+tBqgnCUZLMHqAICEYfM6Gxu
6eTjvl/LgmExP01s+T8q6ewWtn7grVNFxhfxH+Eii28GhoAoDXav+1mZ6D1VpWB4
eeZEtcx0wk+MG3OBIo+BPf0UCaxGhcutMm3ZAoiLpjkl2zaBvXGhy6t1BYs3vFMi
QlCaPh1Qjl+yFDsqRgUxtrNn7SOl3cSODCD2mG+Y8tVy
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:09 2023 by rpki-client on console-ams.rpki-client.org