Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/sh-W9YOhBmi8D--grjn0GclJ6OI.roa
File:                     sh-W9YOhBmi8D--grjn0GclJ6OI.roa (raw, json)
Hash identifier:          6P1mZF9o2xCVoLsyZQxqqHDRYX8RfgBpa7Cz/2T6s4s=
Subject key identifier:   B2:1F:96:F5:83:A1:06:68:BC:0F:EF:A0:AE:39:F4:19:C9:49:E8:E2
Certificate issuer:       /CN=b312db95dfc3b31395e0ecb5ff26212d798de834
Certificate serial:       042CC483
Authority key identifier: B3:12:DB:95:DF:C3:B3:13:95:E0:EC:B5:FF:26:21:2D:79:8D:E8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/sh-W9YOhBmi8D--grjn0GclJ6OI.roa
Signing time:             Sat 01 Jan 2022 13:59:04 +0000
ROA not before:           Sat 01 Jan 2022 13:59:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42910
IP address blocks:        185.51.20.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70042755 (0x42cc483)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b312db95dfc3b31395e0ecb5ff26212d798de834
        Validity
            Not Before: Jan  1 13:59:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b21f96f583a10668bc0fefa0ae39f419c949e8e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:64:0c:11:98:28:32:ea:02:3f:be:05:75:ea:
                    6e:41:24:16:05:e8:36:64:d9:79:d6:8c:b6:76:2d:
                    5e:24:3d:47:fa:13:71:f6:7f:80:dd:84:41:16:f3:
                    3a:24:5c:47:8a:d6:79:6e:02:47:eb:e3:a3:4d:cf:
                    1b:43:21:64:0e:6a:91:03:45:0f:38:36:af:73:f9:
                    c3:49:5a:c6:3d:9b:d9:98:68:2f:fe:16:f2:91:39:
                    d0:f8:02:61:b4:2d:0e:d8:6a:33:c3:77:a0:33:77:
                    83:f0:a0:f4:85:a8:9a:20:48:4a:c2:e1:b5:93:c4:
                    31:c5:e4:52:66:fa:28:82:42:3c:d1:37:bf:fa:64:
                    ed:ce:98:45:a2:68:1c:19:df:6e:4e:db:8c:22:67:
                    d1:85:63:ea:ed:e2:8e:c0:b9:7f:1e:8a:fc:c1:5f:
                    0f:3d:0e:4a:bd:cd:ba:f0:88:43:f1:d9:3c:6a:0a:
                    d6:a8:49:b0:b8:60:bc:f1:b5:0e:fa:7f:4e:ea:63:
                    ef:bd:32:a2:ea:a9:fd:0a:04:0d:c1:c9:f7:4d:99:
                    d5:31:40:fc:5e:ee:f1:71:e0:50:2a:3a:5a:39:79:
                    b7:95:cc:25:b6:a5:33:91:e3:b0:94:c5:13:7f:42:
                    bf:2d:5e:1b:31:e6:9e:e0:b1:7f:7b:29:63:b6:b3:
                    23:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:1F:96:F5:83:A1:06:68:BC:0F:EF:A0:AE:39:F4:19:C9:49:E8:E2
            X509v3 Authority Key Identifier:
                keyid:B3:12:DB:95:DF:C3:B3:13:95:E0:EC:B5:FF:26:21:2D:79:8D:E8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/sh-W9YOhBmi8D--grjn0GclJ6OI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ff:13:db:9c:94:24:f7:c3:7a:f8:9a:b9:44:8c:2f:c1:63:
         0e:5c:f8:f7:72:cb:8c:55:16:41:a4:46:3f:02:7b:77:b6:68:
         45:ef:f4:0b:a8:69:d9:92:87:e7:a1:bb:56:bf:b2:46:47:ad:
         3a:bb:3f:b2:e9:7c:4e:c8:84:b4:33:66:c6:68:9c:34:29:0b:
         18:3d:cb:6c:b0:da:95:13:fc:d8:41:36:5e:ba:45:f9:91:d3:
         2e:d7:9f:f4:f6:78:2b:43:be:5c:72:3c:98:40:47:a1:27:4d:
         70:c9:df:22:d4:79:98:1c:4c:bd:2b:93:09:6b:e2:21:f8:cc:
         3c:f0:16:2d:cb:00:f0:c7:07:e6:c3:a9:21:ab:f6:63:85:d0:
         4c:60:e4:d8:86:53:0b:4e:dd:3e:a0:5e:09:29:56:9e:bc:34:
         d9:00:e8:e3:4a:09:f6:08:a6:7a:d3:15:92:0b:cd:f8:09:1b:
         b5:41:d9:f6:86:1f:a6:93:8a:ba:60:fb:dc:41:e3:25:d5:d3:
         a8:8f:26:49:b5:df:6d:dd:74:40:2b:30:aa:3b:eb:80:44:f2:
         31:cc:ff:de:ae:d2:95:2b:48:8f:15:15:a7:c7:74:ce:d5:b9:
         e3:58:4b:63:9d:9b:f4:43:90:24:34:ae:19:ec:c4:7c:64:b8:
         19:a3:d3:02
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBCzEgzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MzEyZGI5NWRmYzNiMzEzOTVlMGVjYjVmZjI2MjEyZDc5OGRlODM0MB4XDTIyMDEw
MTEzNTkwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjIxZjk2ZjU4M2Ex
MDY2OGJjMGZlZmEwYWUzOWY0MTljOTQ5ZThlMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJFkDBGYKDLqAj++BXXqbkEkFgXoNmTZedaMtnYtXiQ9R/oT
cfZ/gN2EQRbzOiRcR4rWeW4CR+vjo03PG0MhZA5qkQNFDzg2r3P5w0laxj2b2Zho
L/4W8pE50PgCYbQtDthqM8N3oDN3g/Cg9IWomiBISsLhtZPEMcXkUmb6KIJCPNE3
v/pk7c6YRaJoHBnfbk7bjCJn0YVj6u3ijsC5fx6K/MFfDz0OSr3NuvCIQ/HZPGoK
1qhJsLhgvPG1Dvp/Tupj770youqp/QoEDcHJ902Z1TFA/F7u8XHgUCo6Wjl5t5XM
JbalM5HjsJTFE39Cvy1eGzHmnuCxf3spY7azI50CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSyH5b1g6EGaLwP76CuOfQZyUno4jAfBgNVHSMEGDAWgBSzEtuV38OzE5Xg
7LX/JiEteY3oNDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3N4TGJsZF9Ec3hPVjRPeTFfeVloTFhtTjZEUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDkvY2JjNTBlLWZhZWYtNDNlYy1iZGJhLWZkYTQ3MGM2MWUwOS8x
L3NoLVc5WU9oQm1pOEQtLWdyam4wR2NsSjZPSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDkv
Y2JjNTBlLWZhZWYtNDNlYy1iZGJhLWZkYTQ3MGM2MWUwOS8xL3N4TGJsZF9Ec3hP
VjRPeTFfeVloTFhtTjZEUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkzFDANBgkqhkiG9w0BAQsFAAOC
AQEAC/8T25yUJPfDeviauUSML8FjDlz493LLjFUWQaRGPwJ7d7ZoRe/0C6hp2ZKH
56G7Vr+yRketOrs/sul8TsiEtDNmxmicNCkLGD3LbLDalRP82EE2XrpF+ZHTLtef
9PZ4K0O+XHI8mEBHoSdNcMnfItR5mBxMvSuTCWviIfjMPPAWLcsA8McH5sOpIav2
Y4XQTGDk2IZTC07dPqBeCSlWnrw02QDo40oJ9gimetMVkgvN+AkbtUHZ9oYfppOK
umD73EHjJdXTqI8mSbXfbd10QCswqjvrgETyMcz/3q7SlStIjxUVp8d0ztW541hL
Y52b9EOQJDSuGezEfGS4GaPTAg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:48 2024 by rpki-client on console-ams.rpki-client.org