Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/z-FUn4g1DFpmOzW1pf5yNM9wZPA.roa
File:                     z-FUn4g1DFpmOzW1pf5yNM9wZPA.roa (raw, json)
Hash identifier:          JcKoHG5YCNAHSMdmMdn0C6AGyWiZj91o8A4skveP128=
Subject key identifier:   CF:E1:54:9F:88:35:0C:5A:66:3B:35:B5:A5:FE:72:34:CF:70:64:F0
Certificate issuer:       /CN=345ae646ea34ad2688aca2fdd1a6f3340356495e
Certificate serial:       14B98BBA
Authority key identifier: 34:5A:E6:46:EA:34:AD:26:88:AC:A2:FD:D1:A6:F3:34:03:56:49:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NFrmRuo0rSaIrKL90abzNANWSV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/z-FUn4g1DFpmOzW1pf5yNM9wZPA.roa
Signing time:             Wed 13 Apr 2022 15:13:18 +0000
ROA not before:           Wed 13 Apr 2022 15:13:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        185.120.172.0/24 maxlen: 24
                          185.120.173.0/24 maxlen: 24
                          185.120.174.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 347704250 (0x14b98bba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=345ae646ea34ad2688aca2fdd1a6f3340356495e
        Validity
            Not Before: Apr 13 15:13:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cfe1549f88350c5a663b35b5a5fe7234cf7064f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e0:d8:c5:b9:6e:ed:10:b0:5a:78:5a:0a:8b:
                    4e:b9:e3:77:4a:5a:19:da:15:37:1c:09:be:d7:e5:
                    5c:1b:bf:0d:ba:f1:18:35:d4:c5:a9:74:16:76:7d:
                    ce:73:71:9a:5f:ad:15:69:45:59:50:0d:a9:61:7d:
                    49:ea:84:ee:3b:4c:4d:dd:b1:43:8a:e2:95:36:b2:
                    9f:a0:cb:87:6a:84:37:f0:7e:58:a7:ab:10:ab:35:
                    84:c7:92:84:3b:d7:f1:e2:27:11:cc:c3:84:82:b6:
                    50:b2:9d:84:41:a5:a2:14:62:6c:76:9e:68:81:4f:
                    9b:26:13:a4:65:b9:0d:03:ea:a9:a5:35:e2:c6:a4:
                    e4:94:02:62:95:21:66:b7:6e:6a:ba:8f:23:5a:4d:
                    0e:49:a4:01:31:0f:2f:fa:59:36:90:f9:0a:18:ab:
                    97:b8:6a:bd:c4:68:2d:92:fd:00:bd:0f:af:8a:a9:
                    41:66:d5:85:0b:a8:ff:ef:7b:dd:4c:81:93:5e:0e:
                    b5:dd:49:4d:ef:a6:59:58:cc:fc:03:f1:32:bb:04:
                    c5:92:12:5a:3f:57:37:31:c6:2d:e4:30:73:00:19:
                    41:14:d4:e6:c9:4f:49:a6:cd:84:88:8b:f7:09:8f:
                    6e:49:8e:7d:86:4f:71:00:54:45:ba:83:01:f8:d6:
                    30:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E1:54:9F:88:35:0C:5A:66:3B:35:B5:A5:FE:72:34:CF:70:64:F0
            X509v3 Authority Key Identifier:
                keyid:34:5A:E6:46:EA:34:AD:26:88:AC:A2:FD:D1:A6:F3:34:03:56:49:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NFrmRuo0rSaIrKL90abzNANWSV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/z-FUn4g1DFpmOzW1pf5yNM9wZPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/NFrmRuo0rSaIrKL90abzNANWSV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.172.0-185.120.174.255

    Signature Algorithm: sha256WithRSAEncryption
         08:f5:a0:79:be:51:80:22:43:dc:20:15:96:6a:76:3c:72:5f:
         06:11:45:37:b4:d4:b4:15:c2:8a:d2:db:f2:c7:27:51:c1:dc:
         70:78:11:b0:7f:8a:ea:0a:83:7b:74:b8:60:52:06:33:d3:51:
         9b:fa:7e:1a:52:f8:01:58:d7:4a:44:6b:8d:ec:46:d1:89:7a:
         03:96:11:56:ca:32:21:a9:12:ad:83:c1:ba:f8:7e:a0:20:54:
         f9:24:05:3e:01:11:cb:60:d8:ae:0e:a8:82:f0:29:78:00:40:
         a5:53:80:21:f9:6e:96:9e:c9:48:6b:db:05:be:64:39:a7:43:
         b5:ef:6a:40:39:73:71:c8:6e:8a:2c:cf:01:6a:ed:e8:2f:4e:
         4c:bc:72:3d:a2:ae:fa:f7:4a:61:bb:33:88:fb:63:14:76:a9:
         78:38:76:58:29:94:7c:76:95:f1:44:0e:94:1f:68:c1:5d:2c:
         73:51:08:bf:7b:21:31:b1:14:66:fb:18:80:83:d8:b1:e7:6f:
         f8:4e:dc:bc:37:d5:4a:ac:bd:9c:ee:a2:9e:89:64:2a:86:4e:
         c8:91:18:d0:cb:f6:56:b8:52:c0:9e:13:0b:66:64:f4:58:af:
         3d:9f:2c:d7:0f:20:8c:9b:3f:ed:36:40:41:2d:f2:ab:50:04:
         5e:96:ef:fd
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEFLmLujANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NDVhZTY0NmVhMzRhZDI2ODhhY2EyZmRkMWE2ZjMzNDAzNTY0OTVlMB4XDTIyMDQx
MzE1MTMxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2ZlMTU0OWY4ODM1
MGM1YTY2M2IzNWI1YTVmZTcyMzRjZjcwNjRmMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKjg2MW5bu0QsFp4WgqLTrnjd0paGdoVNxwJvtflXBu/Dbrx
GDXUxal0FnZ9znNxml+tFWlFWVANqWF9SeqE7jtMTd2xQ4rilTayn6DLh2qEN/B+
WKerEKs1hMeShDvX8eInEczDhIK2ULKdhEGlohRibHaeaIFPmyYTpGW5DQPqqaU1
4sak5JQCYpUhZrduarqPI1pNDkmkATEPL/pZNpD5Chirl7hqvcRoLZL9AL0Pr4qp
QWbVhQuo/+973UyBk14Otd1JTe+mWVjM/APxMrsExZISWj9XNzHGLeQwcwAZQRTU
5slPSabNhIiL9wmPbkmOfYZPcQBURbqDAfjWMNsCAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBTP4VSfiDUMWmY7NbWl/nI0z3Bk8DAfBgNVHSMEGDAWgBQ0WuZG6jStJois
ov3RpvM0A1ZJXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05Gcm1SdW8wclNhSXJLTDkwYWJ6TkFOV1NWNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDMvM2NjMTM1LWYxNjYtNDJlYi04MjAzLWY0OTEyMGJlZDUxYy8x
L3otRlVuNGcxREZwbU96VzFwZjV5Tk05d1pQQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDMv
M2NjMTM1LWYxNjYtNDJlYi04MjAzLWY0OTEyMGJlZDUxYy8xL05Gcm1SdW8wclNh
SXJLTDkwYWJ6TkFOV1NWNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQCuXisAwQAuXiuMA0GCSqGSIb3
DQEBCwUAA4IBAQAI9aB5vlGAIkPcIBWWanY8cl8GEUU3tNS0FcKK0tvyxydRwdxw
eBGwf4rqCoN7dLhgUgYz01Gb+n4aUvgBWNdKRGuN7EbRiXoDlhFWyjIhqRKtg8G6
+H6gIFT5JAU+ARHLYNiuDqiC8Cl4AEClU4Ah+W6WnslIa9sFvmQ5p0O172pAOXNx
yG6KLM8Bau3oL05MvHI9oq7690phuzOI+2MUdql4OHZYKZR8dpXxRA6UH2jBXSxz
UQi/eyExsRRm+xiAg9ix52/4Tty8N9VKrL2c7qKeiWQqhk7IkRjQy/ZWuFLAnhML
ZmT0WK89nyzXDyCMmz/tNkBBLfKrUARelu/9
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:54 2023 by rpki-client on console-ams.rpki-client.org