Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/RyO5gEpcBlappPcec1qdyyean5Y.roa
File:                     RyO5gEpcBlappPcec1qdyyean5Y.roa (raw, json)
Hash identifier:          EwIiediSfhz2Cu0HAHRJYpCQXeS+oiw6sm/Upa/V5Jc=
Subject key identifier:   47:23:B9:80:4A:5C:06:56:A9:A4:F7:1E:73:5A:9D:CB:27:9A:9F:96
Certificate issuer:       /CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
Certificate serial:       08CF1781
Authority key identifier: 0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/RyO5gEpcBlappPcec1qdyyean5Y.roa
Signing time:             Sat 01 Jan 2022 14:57:15 +0000
ROA not before:           Sat 01 Jan 2022 14:57:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        185.127.28.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147789697 (0x8cf1781)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
        Validity
            Not Before: Jan  1 14:57:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4723b9804a5c0656a9a4f71e735a9dcb279a9f96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:20:9b:08:e1:6b:b3:3f:f3:86:02:e7:25:6f:
                    61:8a:98:a5:24:00:1f:92:73:c0:c4:0f:66:af:15:
                    e4:56:10:ec:8d:3f:3c:01:9c:36:a8:f5:f0:e5:5d:
                    15:94:c1:3a:3c:aa:80:51:9d:dd:1a:e1:ab:ad:18:
                    b3:66:64:97:94:b5:d3:44:a4:61:57:fb:85:00:a6:
                    a3:0a:a4:f6:29:62:97:93:d9:ed:0f:ec:62:26:eb:
                    77:cc:47:cd:91:af:b1:2a:f7:70:b6:77:33:f8:9e:
                    2d:2c:ec:37:05:0f:d3:08:4a:e8:36:ee:69:9c:8f:
                    16:08:14:91:34:58:49:47:15:b3:e1:e3:88:3d:b3:
                    74:65:fc:49:56:7b:75:64:c2:bf:f6:0c:3e:69:55:
                    a4:ed:85:51:c3:d3:dd:5e:ff:22:11:e2:c6:7d:b8:
                    b8:28:84:43:e8:ea:e1:b9:6d:51:71:44:de:c7:90:
                    02:93:6e:50:a5:e9:c7:04:20:4c:1b:82:99:b9:f9:
                    d2:c4:8b:99:d6:5f:dd:ac:0e:d0:0b:e7:c8:14:96:
                    12:3e:81:8e:f2:cf:25:59:69:ca:b1:79:b4:25:4b:
                    b6:15:5c:a6:dd:4f:20:53:08:84:3e:6e:64:97:be:
                    49:f9:b2:51:e5:c4:3f:b7:60:e9:ef:17:d5:33:a6:
                    4f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:23:B9:80:4A:5C:06:56:A9:A4:F7:1E:73:5A:9D:CB:27:9A:9F:96
            X509v3 Authority Key Identifier:
                keyid:0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/RyO5gEpcBlappPcec1qdyyean5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ea:33:00:78:f0:79:26:1c:e5:bf:01:d1:55:a9:ee:7c:49:
         c8:96:83:41:ca:56:ed:b3:62:c5:0a:ef:48:ad:ef:9e:cb:0c:
         c7:c1:39:fc:80:2b:e6:ae:de:dd:70:07:f4:95:61:f5:a4:9b:
         b8:bc:5c:aa:65:83:42:c8:23:a8:5b:c3:d8:b3:45:c4:6c:10:
         b0:09:01:da:0a:11:da:0b:69:e3:cb:d3:be:37:20:e8:32:6b:
         8e:5d:cc:e9:2c:cb:01:cf:22:bf:96:d6:8e:46:55:b5:53:81:
         98:e7:52:90:70:95:a4:be:d3:fb:10:3f:44:19:51:a9:7b:86:
         1c:53:81:de:63:ea:48:cb:3d:1d:fb:0e:64:cd:c5:55:a7:e0:
         5f:ed:4c:d2:28:e0:5d:35:ab:85:f1:23:85:08:ad:55:f8:8a:
         7a:1c:18:ef:b2:2e:76:cb:b3:c7:21:80:b5:48:47:43:28:21:
         11:84:8e:60:8b:98:59:cc:d9:c6:22:96:d1:2a:24:b2:d0:f4:
         23:a5:5a:34:73:4e:95:b8:c7:89:7b:2b:89:f1:8f:b6:6f:fe:
         ed:3b:4f:cd:6c:c7:c1:c0:7c:51:28:1d:d4:d5:c5:9f:b0:31:
         0f:3c:03:e5:63:14:e7:6b:90:9a:e3:c9:39:0a:2f:92:df:92:
         46:0f:85:5d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECM8XgTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZTBiMGRjYjZhZDBjYTgxNmQyYmQyMDRlMTNmMWVhZjExMDQyNzRjMB4XDTIyMDEw
MTE0NTcxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDcyM2I5ODA0YTVj
MDY1NmE5YTRmNzFlNzM1YTlkY2IyNzlhOWY5NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALwgmwjha7M/84YC5yVvYYqYpSQAH5JzwMQPZq8V5FYQ7I0/
PAGcNqj18OVdFZTBOjyqgFGd3Rrhq60Ys2Zkl5S100SkYVf7hQCmowqk9ilil5PZ
7Q/sYibrd8xHzZGvsSr3cLZ3M/ieLSzsNwUP0whK6DbuaZyPFggUkTRYSUcVs+Hj
iD2zdGX8SVZ7dWTCv/YMPmlVpO2FUcPT3V7/IhHixn24uCiEQ+jq4bltUXFE3seQ
ApNuUKXpxwQgTBuCmbn50sSLmdZf3awO0AvnyBSWEj6BjvLPJVlpyrF5tCVLthVc
pt1PIFMIhD5uZJe+SfmyUeXEP7dg6e8X1TOmT1MCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRHI7mASlwGVqmk9x5zWp3LJ5qfljAfBgNVHSMEGDAWgBQOCw3LatDKgW0r
0gThPx6vEQQnTDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0Rnc055MnJReW9GdEs5SUU0VDhlcnhFRUowdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGEvZjE5ZDA2LWM3ZmEtNDBlNS1iODEzLTdmZTM5NTFhNzM1Yi8x
L1J5TzVnRXBjQmxhcHBQY2VjMXFkeXllYW41WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEv
ZjE5ZDA2LWM3ZmEtNDBlNS1iODEzLTdmZTM5NTFhNzM1Yi8xL0Rnc055MnJReW9G
dEs5SUU0VDhlcnhFRUowdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl/HDANBgkqhkiG9w0BAQsFAAOC
AQEAkeozAHjweSYc5b8B0VWp7nxJyJaDQcpW7bNixQrvSK3vnssMx8E5/IAr5q7e
3XAH9JVh9aSbuLxcqmWDQsgjqFvD2LNFxGwQsAkB2goR2gtp48vTvjcg6DJrjl3M
6SzLAc8iv5bWjkZVtVOBmOdSkHCVpL7T+xA/RBlRqXuGHFOB3mPqSMs9HfsOZM3F
VafgX+1M0ijgXTWrhfEjhQitVfiKehwY77IudsuzxyGAtUhHQyghEYSOYIuYWczZ
xiKW0SokstD0I6VaNHNOlbjHiXsrifGPtm/+7TtPzWzHwcB8USgd1NXFn7AxDzwD
5WMU52uQmuPJOQovkt+SRg+FXQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:21 2023 by rpki-client on console-ams.rpki-client.org