Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CnSU6sZzsjpIwh2Ad71EsGsGbF0.roa
File:                     CnSU6sZzsjpIwh2Ad71EsGsGbF0.roa (raw, json)
Hash identifier:          33+trKx6660bmm2hg5VrdK3WhL5Pkrzje5Ohr6W+Jgk=
Subject key identifier:   0A:74:94:EA:C6:73:B2:3A:48:C2:1D:80:77:BD:44:B0:6B:06:6C:5D
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0182C6F49FACC74BFE58C75B75007321A49D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CnSU6sZzsjpIwh2Ad71EsGsGbF0.roa
Signing time:             Mon 22 Aug 2022 19:08:16 +0000
ROA not before:           Mon 22 Aug 2022 19:08:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        188.255.212.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c6:f4:9f:ac:c7:4b:fe:58:c7:5b:75:00:73:21:a4:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug 22 19:08:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a7494eac673b23a48c21d8077bd44b06b066c5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:68:d2:c7:47:f3:47:92:bf:f1:44:98:62:c7:
                    8b:70:69:1e:03:30:4f:53:8f:a3:a7:3d:c1:ee:dc:
                    31:3b:fb:21:e4:12:82:93:03:f1:32:17:73:44:5d:
                    bc:39:b5:14:f1:8b:a8:71:63:d0:60:91:79:a3:31:
                    4f:37:bb:13:fd:60:eb:bd:88:eb:df:21:37:50:88:
                    16:4e:45:a7:1d:7f:9b:ad:71:1b:68:47:db:c1:d7:
                    92:2c:12:21:6f:f0:ea:b8:09:0a:c9:a0:cc:ff:38:
                    f3:51:26:c8:03:e2:65:e1:27:e7:21:5d:67:4e:17:
                    c2:65:74:ab:37:b0:04:3a:5f:1b:0a:f7:51:d6:9b:
                    4e:c8:03:f9:a7:ac:c0:d7:fe:d4:97:c6:2e:eb:fb:
                    78:6e:b7:f2:bf:8b:c6:42:9a:6a:19:c8:25:1d:8b:
                    42:bb:87:c2:50:ba:9e:72:f3:60:d2:ab:94:ef:50:
                    b6:3b:75:be:8d:b1:2b:fc:2b:8c:3f:1d:c2:cc:25:
                    cd:58:ea:2d:ba:b7:d9:1d:65:49:ce:02:c5:0e:4a:
                    bf:df:e1:6c:94:fc:3f:ad:08:3c:38:13:a5:30:7f:
                    08:47:7b:65:a3:f7:6b:fe:af:a9:aa:b9:b3:fc:df:
                    01:0b:54:9b:e1:ea:ef:12:30:e1:b8:d0:4b:e1:19:
                    fe:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:74:94:EA:C6:73:B2:3A:48:C2:1D:80:77:BD:44:B0:6B:06:6C:5D
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CnSU6sZzsjpIwh2Ad71EsGsGbF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.33.0/24
                  109.121.37.0/24
                  109.121.39.0/24
                  109.121.42.0/24
                  109.121.45.0/24
                  109.121.47.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:44:0b:62:d4:38:41:2a:9c:52:e1:b2:1e:f9:0b:e1:a1:b7:
         84:bf:b9:b4:cc:1c:d1:e2:6a:46:2a:dc:8f:e3:86:a7:5c:0b:
         99:04:21:63:f9:c7:f8:6f:1e:12:01:ed:e1:8c:13:28:30:88:
         a5:78:43:e7:30:02:d0:22:aa:9c:ab:a5:9f:cf:47:b3:f1:2c:
         04:0e:bc:53:f7:68:19:9c:9f:e5:2e:a0:76:bf:b8:d7:c0:96:
         e8:c7:0a:cb:fe:9f:22:96:d5:21:1b:91:cd:ee:65:9b:48:8e:
         52:48:84:af:b7:b6:f3:59:12:20:98:47:c0:23:bb:ed:7f:46:
         1c:76:cd:83:9c:0e:74:52:46:71:7a:ae:95:bc:b7:8a:41:cb:
         b5:e2:59:49:e3:80:47:63:0f:d6:8c:18:55:07:54:79:73:b3:
         ae:81:ca:23:92:aa:97:fc:ed:4e:7b:d6:35:7c:35:10:1c:83:
         e7:15:91:98:ef:df:b3:be:eb:b2:e0:80:67:e4:37:0d:e3:c5:
         5e:c0:58:29:91:05:f9:9f:e7:e3:b5:f8:2e:15:48:8d:0c:a5:
         87:0a:71:f3:a7:0f:1b:dd:4b:08:51:fe:2f:7b:dc:57:97:c0:
         bf:35:90:fd:dc:aa:42:fc:71:fa:f5:c6:79:f7:78:6a:70:70:
         79:69:47:74
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYLG9J+sx0v+WMdbdQBzIaSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIwODIyMTkwODE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTc0OTRlYWM2NzNiMjNhNDhjMjFkODA3N2JkNDRiMDZiMDY2YzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmjSx0fzR5K/8USYYseLcGkeAzBP
U4+jpz3B7twxO/sh5BKCkwPxMhdzRF28ObUU8YuocWPQYJF5ozFPN7sT/WDrvYjr
3yE3UIgWTkWnHX+brXEbaEfbwdeSLBIhb/DquAkKyaDM/zjzUSbIA+Jl4SfnIV1n
ThfCZXSrN7AEOl8bCvdR1ptOyAP5p6zA1/7Ul8Yu6/t4brfyv4vGQppqGcglHYtC
u4fCULqecvNg0quU71C2O3W+jbEr/CuMPx3CzCXNWOoturfZHWVJzgLFDkq/3+Fs
lPw/rQg8OBOlMH8IR3tlo/dr/q+pqrmz/N8BC1Sb4ervEjDhuNBL4Rn+lQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAp0lOrGc7I6SMIdgHe9RLBrBmxdMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQ25TVTZzWnpzanBJd2gyQWQ3MUVzR3NHYkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAbXkhAwQA
bXklAwQAbXknAwQAbXkqAwQAbXktAwQAbXkvAwQAvP/UAwQA1EULMA0GCSqGSIb3
DQEBCwUAA4IBAQB/RAti1DhBKpxS4bIe+QvhobeEv7m0zBzR4mpGKtyP44anXAuZ
BCFj+cf4bx4SAe3hjBMoMIileEPnMALQIqqcq6Wfz0ez8SwEDrxT92gZnJ/lLqB2
v7jXwJboxwrL/p8iltUhG5HN7mWbSI5SSISvt7bzWRIgmEfAI7vtf0Ycds2DnA50
UkZxeq6VvLeKQcu14llJ44BHYw/WjBhVB1R5c7OugcojkqqX/O1Oe9Y1fDUQHIPn
FZGY79+zvuuy4IBn5DcN48VewFgpkQX5n+fjtfguFUiNDKWHCnHzpw8b3UsIUf4v
e9xXl8C/NZD93KpC/HH69cZ593hqcHB5aUd0
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:19 2023 by rpki-client on console-ams.rpki-client.org