Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/aYgH67BBtOgMI3KhQ1LjrAkHFQ0.roa
File:                     aYgH67BBtOgMI3KhQ1LjrAkHFQ0.roa (raw, json)
Hash identifier:          V8/2+R+2gmRdFGoAOXBR6eyVrqtYxaBB1PwvOHWTOZU=
Subject key identifier:   69:88:07:EB:B0:41:B4:E8:0C:23:72:A1:43:52:E3:AC:09:07:15:0D
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0182DB4504B34C0FB4C06AC92A48E3DBFA77
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/aYgH67BBtOgMI3KhQ1LjrAkHFQ0.roa
Signing time:             Fri 26 Aug 2022 17:48:29 +0000
ROA not before:           Fri 26 Aug 2022 17:48:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58271
IP address blocks:        213.209.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:db:45:04:b3:4c:0f:b4:c0:6a:c9:2a:48:e3:db:fa:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug 26 17:48:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=698807ebb041b4e80c2372a14352e3ac0907150d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:ef:2e:1e:18:f0:1c:18:c7:11:9f:58:b1:
                    96:71:04:5e:5f:ec:ea:fb:16:d2:8f:28:c8:41:59:
                    9f:17:61:cf:6d:a0:88:36:c9:6f:a8:69:83:5e:db:
                    73:89:31:6b:1b:ba:93:51:80:48:35:43:eb:d2:5b:
                    7d:3c:39:2c:34:7c:aa:ed:a5:43:5a:91:01:35:a1:
                    bb:ae:b3:6b:3d:96:ee:2b:e2:a4:79:1f:54:2a:c3:
                    0c:64:95:bb:d1:64:d7:21:e1:5b:51:a2:17:60:b9:
                    90:61:17:df:ca:99:83:f4:44:89:f3:26:b1:50:26:
                    ed:bd:ab:40:a2:70:a4:0a:3b:fd:14:53:ca:dc:15:
                    69:7a:8c:3b:ba:c0:1f:b8:8e:12:04:bb:df:b2:27:
                    c8:dc:f2:0e:ee:5a:b8:ba:2d:3e:f0:fc:41:75:81:
                    b8:77:19:ee:ba:33:84:13:32:7f:e9:8e:88:b2:bd:
                    39:fb:2b:c7:1e:d4:07:a0:85:ed:38:e1:86:c9:9e:
                    e2:48:34:cc:20:50:04:c4:62:1a:c7:67:1c:78:7b:
                    21:37:0d:98:5f:f5:ea:9e:f1:07:c9:f2:e6:ea:75:
                    b1:8c:4c:06:33:89:6d:9b:d4:0b:c4:f9:84:5d:f6:
                    9b:84:37:3c:8e:a1:06:90:80:e5:e5:1e:91:e2:e8:
                    bb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:88:07:EB:B0:41:B4:E8:0C:23:72:A1:43:52:E3:AC:09:07:15:0D
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/aYgH67BBtOgMI3KhQ1LjrAkHFQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:ba:1a:bb:73:83:7d:fa:7f:62:32:50:cb:32:a9:69:12:61:
         ea:57:02:67:de:c6:43:4c:2a:90:98:b8:e6:db:94:03:d1:72:
         9d:ac:b1:04:4d:9a:93:ff:46:c8:86:a8:ac:6e:e0:d1:9f:d1:
         b3:b9:ee:71:4b:0a:ff:1a:b1:ef:a0:42:55:34:81:36:40:80:
         3c:c1:2c:82:b0:2c:75:77:92:b2:e4:38:be:a6:10:da:90:93:
         1f:6b:ae:06:0e:19:30:74:f3:6a:64:25:54:38:86:79:41:21:
         08:96:60:d3:25:e4:4d:74:3e:4d:b5:9a:8c:22:a5:53:92:87:
         20:b1:20:fc:40:cd:54:73:b1:36:ae:f6:88:ff:c5:a0:1f:30:
         7e:f2:39:f9:a3:3a:9e:92:1c:9d:a4:1b:6a:a6:fe:df:fc:d9:
         46:db:49:cf:f3:8f:a8:c0:d5:f0:ce:85:b9:a8:ab:e9:c4:e5:
         5e:d1:b3:a6:aa:37:f8:38:7d:27:c4:1e:83:2c:1f:e6:6b:bb:
         e7:f6:30:ae:7a:a6:ec:03:02:0e:e2:a6:c3:3c:88:6a:c1:3e:
         4f:e6:bd:35:52:9c:06:a2:3e:46:1a:1f:91:2f:d2:53:ac:3a:
         05:f2:ba:b4:b0:36:01:95:75:fc:a1:17:8e:e2:21:88:89:97:
         54:01:58:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYLbRQSzTA+0wGrJKkjj2/p3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwODI2MTc0ODI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTg4MDdlYmIwNDFiNGU4MGMyMzcyYTE0MzUyZTNhYzA5MDcxNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm7vLh4Y8BwYxxGfWLGWcQReX+zq
+xbSjyjIQVmfF2HPbaCINslvqGmDXttziTFrG7qTUYBINUPr0lt9PDksNHyq7aVD
WpEBNaG7rrNrPZbuK+KkeR9UKsMMZJW70WTXIeFbUaIXYLmQYRffypmD9ESJ8yax
UCbtvatAonCkCjv9FFPK3BVpeow7usAfuI4SBLvfsifI3PIO7lq4ui0+8PxBdYG4
dxnuujOEEzJ/6Y6Isr05+yvHHtQHoIXtOOGGyZ7iSDTMIFAExGIax2cceHshNw2Y
X/XqnvEHyfLm6nWxjEwGM4ltm9QLxPmEXfabhDc8jqEGkIDl5R6R4ui7SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmIB+uwQbToDCNyoUNS46wJBxUNMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvYVlnSDY3QkJ0T2dNSTNLaFExTGpyQWtIRlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGfMA0G
CSqGSIb3DQEBCwUAA4IBAQAGuhq7c4N9+n9iMlDLMqlpEmHqVwJn3sZDTCqQmLjm
25QD0XKdrLEETZqT/0bIhqisbuDRn9Gzue5xSwr/GrHvoEJVNIE2QIA8wSyCsCx1
d5Ky5Di+phDakJMfa64GDhkwdPNqZCVUOIZ5QSEIlmDTJeRNdD5NtZqMIqVTkocg
sSD8QM1Uc7E2rvaI/8WgHzB+8jn5ozqekhydpBtqpv7f/NlG20nP84+owNXwzoW5
qKvpxOVe0bOmqjf4OH0nxB6DLB/ma7vn9jCueqbsAwIO4qbDPIhqwT5P5r01UpwG
oj5GGh+RL9JTrDoF8rq0sDYBlXX8oReO4iGIiZdUAVh8
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:08 2023 by rpki-client on console-ams.rpki-client.org