Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/DmmN2IJYqbdHIX1PnaOiy-W2k20.roa
File:                     DmmN2IJYqbdHIX1PnaOiy-W2k20.roa (raw, json)
Hash identifier:          +Z674R9h8YuDUv9CGXeQhfQp6WYaIv91M0lpRSfGBZw=
Subject key identifier:   0E:69:8D:D8:82:58:A9:B7:47:21:7D:4F:9D:A3:A2:CB:E5:B6:93:6D
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       05932AAD
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/DmmN2IJYqbdHIX1PnaOiy-W2k20.roa
Signing time:             Sat 01 Jan 2022 06:05:26 +0000
ROA not before:           Sat 01 Jan 2022 06:05:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     40676
IP address blocks:        193.25.201.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 93530797 (0x5932aad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Jan  1 06:05:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0e698dd88258a9b747217d4f9da3a2cbe5b6936d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:52:fa:c8:a6:e0:21:78:09:9f:b7:19:bb:cc:
                    65:ab:7c:42:6a:97:36:7d:0d:ac:73:4a:2a:2d:3a:
                    fe:90:29:a3:d3:12:c5:7e:60:db:61:e7:ea:5b:6b:
                    5f:5f:90:c7:c0:53:28:be:05:ec:9a:48:81:42:4e:
                    b2:a2:42:ff:4b:3b:85:a7:dc:83:ab:0f:90:b5:09:
                    d3:8a:19:96:66:fd:fc:cb:09:2b:ba:b1:bb:a9:5a:
                    79:e1:e5:62:71:53:67:ba:47:7e:43:a2:3d:a7:8d:
                    e5:27:1f:5c:6f:25:4c:ba:13:9a:dc:69:2e:62:67:
                    18:b9:36:64:3d:2a:91:0c:88:ab:99:48:48:d3:8e:
                    96:e6:90:1e:24:4e:3f:cd:22:c9:66:c5:b5:f5:18:
                    57:36:2b:e5:2f:d5:39:3a:b0:7d:6c:19:53:5e:21:
                    6f:e8:72:1f:fc:b3:c7:68:44:3e:39:b6:c8:65:43:
                    96:61:9e:8e:98:37:b9:c4:b2:ad:83:56:6d:1d:d5:
                    a5:5c:7d:a5:c0:2b:1e:48:61:d5:01:b8:25:79:46:
                    59:db:58:0f:b3:ab:e6:f5:aa:13:a3:7c:cc:ce:fc:
                    a3:68:56:f1:71:45:21:a5:f3:9d:ff:df:45:fc:be:
                    16:a8:9d:bd:d1:d0:15:b4:1a:3f:d7:51:c2:8c:2b:
                    d2:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:69:8D:D8:82:58:A9:B7:47:21:7D:4F:9D:A3:A2:CB:E5:B6:93:6D
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/DmmN2IJYqbdHIX1PnaOiy-W2k20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:88:50:82:0e:5d:16:b8:59:aa:da:1a:38:8d:17:1f:bb:84:
         fa:75:0e:7f:d0:b1:d7:c8:60:88:0d:ca:08:b1:41:4b:1b:eb:
         28:98:23:13:9f:68:c1:8f:3a:d3:ee:d0:08:6f:a6:f3:0d:b0:
         ca:94:eb:8e:6d:fe:01:fe:5f:a3:21:4b:5d:d9:af:54:7c:6b:
         91:b5:c2:78:22:24:27:27:d6:4c:b3:72:16:7a:b3:85:c6:6b:
         61:ef:0e:21:ff:30:29:0a:1d:56:2f:8c:a1:25:18:99:04:a7:
         d1:b7:fa:44:50:07:da:64:ab:6a:55:b8:73:7a:a5:07:5a:3b:
         fd:35:4d:bd:ec:bb:5f:ef:75:26:f9:7c:9d:f6:b3:3a:67:85:
         02:bf:c0:dc:7e:09:93:c8:94:d7:db:77:7f:8b:bf:aa:d8:31:
         06:f5:f2:e8:39:78:f8:a4:90:b0:00:48:85:18:bc:a1:5d:06:
         76:8c:38:17:af:76:fa:3d:3b:f5:a7:c0:8e:4d:40:fd:ca:ba:
         f5:dc:bc:5c:11:64:63:01:49:19:34:e3:03:51:bb:d6:ea:30:
         dc:81:82:91:f2:c6:53:25:3f:89:dc:90:f6:59:4f:d0:c6:43:
         50:80:4c:06:a1:52:99:07:20:05:b6:0a:f8:a5:18:f8:6c:ff:
         7f:8a:dd:95
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBZMqrTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
YTM3NmM4MDA4ZDZhYmQ5NjIzNDE1NjNkZDJhNGRjY2FmMTUzY2JhMB4XDTIyMDEw
MTA2MDUyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGU2OThkZDg4MjU4
YTliNzQ3MjE3ZDRmOWRhM2EyY2JlNWI2OTM2ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI5S+sim4CF4CZ+3GbvMZat8QmqXNn0NrHNKKi06/pApo9MS
xX5g22Hn6ltrX1+Qx8BTKL4F7JpIgUJOsqJC/0s7hafcg6sPkLUJ04oZlmb9/MsJ
K7qxu6laeeHlYnFTZ7pHfkOiPaeN5ScfXG8lTLoTmtxpLmJnGLk2ZD0qkQyIq5lI
SNOOluaQHiROP80iyWbFtfUYVzYr5S/VOTqwfWwZU14hb+hyH/yzx2hEPjm2yGVD
lmGejpg3ucSyrYNWbR3VpVx9pcArHkhh1QG4JXlGWdtYD7Or5vWqE6N8zM78o2hW
8XFFIaXznf/fRfy+FqidvdHQFbQaP9dRwowr0gsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQOaY3Yglipt0chfU+do6LL5baTbTAfBgNVHSMEGDAWgBRaN2yACNar2WI0
FWPdKk3MrxU8ujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dqZHNnQWpXcTlsaU5CVmozU3BOeks4VlBMby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDIvY2FhNzQzLTFjMTMtNGEyNS05ZjZhLTY1YmU1NTAzMTY1ZC8x
L0RtbU4ySUpZcWJkSElYMVBuYU9peS1XMmsyMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIv
Y2FhNzQzLTFjMTMtNGEyNS05ZjZhLTY1YmU1NTAzMTY1ZC8xL1dqZHNnQWpXcTls
aU5CVmozU3BOeks4VlBMby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEZyTANBgkqhkiG9w0BAQsFAAOC
AQEATIhQgg5dFrhZqtoaOI0XH7uE+nUOf9Cx18hgiA3KCLFBSxvrKJgjE59owY86
0+7QCG+m8w2wypTrjm3+Af5foyFLXdmvVHxrkbXCeCIkJyfWTLNyFnqzhcZrYe8O
If8wKQodVi+MoSUYmQSn0bf6RFAH2mSralW4c3qlB1o7/TVNvey7X+91Jvl8nfaz
OmeFAr/A3H4Jk8iU19t3f4u/qtgxBvXy6Dl4+KSQsABIhRi8oV0Gdow4F692+j07
9afAjk1A/cq69dy8XBFkYwFJGTTjA1G71uow3IGCkfLGUyU/idyQ9llP0MZDUIBM
BqFSmQcgBbYK+KUY+Gz/f4rdlQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:10 2023 by rpki-client on console-fra.rpki-client.org