Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/GfflIQPgip2-6bjOVlc8Hu48SJ0.roa
File:                     GfflIQPgip2-6bjOVlc8Hu48SJ0.roa (raw, json)
Hash identifier:          vXClyDEKEzDR+PQp455VF4T1sO1YsXERkfD9bAT4uek=
Subject key identifier:   19:F7:E5:21:03:E0:8A:9D:BE:E9:B8:CE:56:57:3C:1E:EE:3C:48:9D
Certificate issuer:       /CN=ad80679b96ca322bfa85500cab206c6d47412edf
Certificate serial:       0AD923F5
Authority key identifier: AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/GfflIQPgip2-6bjOVlc8Hu48SJ0.roa
Signing time:             Sat 01 Jan 2022 11:01:56 +0000
ROA not before:           Sat 01 Jan 2022 11:01:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        195.42.240.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 182002677 (0xad923f5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad80679b96ca322bfa85500cab206c6d47412edf
        Validity
            Not Before: Jan  1 11:01:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=19f7e52103e08a9dbee9b8ce56573c1eee3c489d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:da:1c:75:e0:bd:d0:ca:f1:18:3e:7c:0a:5d:
                    a1:6b:93:1b:be:3d:9e:eb:2e:d4:1f:91:21:d8:48:
                    38:13:85:d4:d3:ff:cb:a9:ea:32:1f:6d:9d:18:1c:
                    56:9e:eb:00:f2:c3:3f:68:c9:b5:7e:cd:61:a8:0a:
                    6c:e6:bd:bf:a1:a3:05:88:d5:75:e6:66:f0:47:f6:
                    46:06:b0:65:74:42:71:82:4a:1b:71:af:d3:7c:45:
                    40:59:ee:a6:e5:9e:3d:ec:a5:21:71:6f:78:64:13:
                    86:19:f1:e4:ba:e7:d9:9f:e1:07:6a:73:94:20:23:
                    31:ce:05:da:ee:e2:f1:c0:9b:12:5d:aa:6f:9a:99:
                    71:b5:67:fd:47:9b:0c:44:d1:9b:e9:d0:80:b9:03:
                    2c:48:b5:63:53:92:76:3f:86:3f:0a:71:f9:2d:fa:
                    18:7d:03:61:0e:23:3b:15:f8:1d:d4:61:76:87:82:
                    5e:99:77:db:e0:3f:4b:a5:75:dc:58:6a:e4:49:85:
                    fb:04:4a:02:01:12:19:ca:55:e8:04:74:06:b8:72:
                    fb:cc:da:f3:52:28:45:97:47:d2:49:81:90:a8:87:
                    f1:79:22:6e:e6:7a:46:6c:97:f2:f3:72:98:3a:9f:
                    60:e4:97:18:86:70:9b:e8:32:e3:ad:1d:c8:12:15:
                    7a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F7:E5:21:03:E0:8A:9D:BE:E9:B8:CE:56:57:3C:1E:EE:3C:48:9D
            X509v3 Authority Key Identifier:
                keyid:AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/GfflIQPgip2-6bjOVlc8Hu48SJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:65:dc:31:da:fd:2e:68:35:03:82:8f:b3:fe:1f:35:ce:df:
         75:14:86:53:ff:a5:95:ff:80:a8:f0:0b:a9:db:bd:de:3f:21:
         48:ae:49:e1:59:9f:cc:72:a4:a9:25:74:6b:6b:24:e8:7c:c5:
         8b:52:9c:09:20:a3:b3:b6:d0:a3:bb:2e:ef:7d:c4:ea:2b:4f:
         a4:8d:38:09:b4:87:73:7c:2b:4a:e3:fd:4d:ae:a7:58:3e:51:
         3c:a4:9d:41:c7:71:d6:90:26:5b:d7:3e:ff:e5:3e:2e:3c:47:
         25:d7:f3:92:fc:ce:ea:90:5f:e0:21:ee:98:50:99:7b:19:14:
         18:bd:4d:ab:67:5f:9f:98:0f:cc:a8:e5:67:eb:d7:89:2b:3b:
         5d:12:4b:dc:46:8d:c9:48:28:af:98:24:64:7a:53:9a:99:9d:
         c2:b4:2e:b8:06:84:82:26:43:5e:2f:d0:be:5e:89:77:4b:5e:
         78:ca:1c:8b:02:0c:e2:e2:af:fb:26:eb:94:67:f9:bb:3d:ec:
         10:35:1f:f3:6c:50:d6:03:b2:ca:a0:42:d9:ca:d2:40:16:30:
         b5:9e:b3:14:3d:af:3d:ec:76:33:e3:cd:f2:fd:a3:ad:e8:39:
         f1:30:18:e8:83:fd:98:33:9c:f2:4d:1d:2b:59:0c:8d:de:2a:
         8f:cf:e9:a4
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECtkj9TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZDgwNjc5Yjk2Y2EzMjJiZmE4NTUwMGNhYjIwNmM2ZDQ3NDEyZWRmMB4XDTIyMDEw
MTExMDE1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTlmN2U1MjEwM2Uw
OGE5ZGJlZTliOGNlNTY1NzNjMWVlZTNjNDg5ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKjaHHXgvdDK8Rg+fApdoWuTG749nusu1B+RIdhIOBOF1NP/
y6nqMh9tnRgcVp7rAPLDP2jJtX7NYagKbOa9v6GjBYjVdeZm8Ef2RgawZXRCcYJK
G3Gv03xFQFnupuWePeylIXFveGQThhnx5Lrn2Z/hB2pzlCAjMc4F2u7i8cCbEl2q
b5qZcbVn/UebDETRm+nQgLkDLEi1Y1OSdj+GPwpx+S36GH0DYQ4jOxX4HdRhdoeC
Xpl32+A/S6V13Fhq5EmF+wRKAgESGcpV6AR0Brhy+8za81IoRZdH0kmBkKiH8Xki
buZ6RmyX8vNymDqfYOSXGIZwm+gy460dyBIVen0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQZ9+UhA+CKnb7puM5WVzwe7jxInTAfBgNVHSMEGDAWgBStgGeblsoyK/qF
UAyrIGxtR0Eu3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JZQm5tNWJLTWl2NmhWQU1xeUJzYlVkQkx0OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjgvYTEzOTlhLWVhNmItNGEwOS04YjQwLTkwYzBiZGUwOTg2OS8x
L0dmZmxJUVBnaXAyLTZiak9WbGM4SHU0OFNKMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjgv
YTEzOTlhLWVhNmItNGEwOS04YjQwLTkwYzBiZGUwOTg2OS8xL3JZQm5tNWJLTWl2
NmhWQU1xeUJzYlVkQkx0OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMq8DANBgkqhkiG9w0BAQsFAAOC
AQEAHWXcMdr9Lmg1A4KPs/4fNc7fdRSGU/+llf+AqPALqdu93j8hSK5J4VmfzHKk
qSV0a2sk6HzFi1KcCSCjs7bQo7su733E6itPpI04CbSHc3wrSuP9Ta6nWD5RPKSd
Qcdx1pAmW9c+/+U+LjxHJdfzkvzO6pBf4CHumFCZexkUGL1Nq2dfn5gPzKjlZ+vX
iSs7XRJL3EaNyUgor5gkZHpTmpmdwrQuuAaEgiZDXi/Qvl6Jd0teeMociwIM4uKv
+ybrlGf5uz3sEDUf82xQ1gOyyqBC2crSQBYwtZ6zFD2vPex2M+PN8v2jreg58TAY
6IP9mDOc8k0dK1kMjd4qj8/ppA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:23 2023 by rpki-client on console-ams.rpki-client.org