Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/K9L8Qk7wt8S7PtVs4ZOUOZUX2i8.roa
File:                     K9L8Qk7wt8S7PtVs4ZOUOZUX2i8.roa (raw, json)
Hash identifier:          bcMnAM48zuHFNvpu9G761lW0JcPHkOgv19uXKF7UEbs=
Subject key identifier:   2B:D2:FC:42:4E:F0:B7:C4:BB:3E:D5:6C:E1:93:94:39:95:17:DA:2F
Certificate issuer:       /CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Certificate serial:       0181CFB5D2869DEC549A7BAE587A0BC2CBFA
Authority key identifier: 35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/K9L8Qk7wt8S7PtVs4ZOUOZUX2i8.roa
Signing time:             Tue 05 Jul 2022 18:53:28 +0000
ROA not before:           Tue 05 Jul 2022 18:53:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        198.14.16.0/20 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:cf:b5:d2:86:9d:ec:54:9a:7b:ae:58:7a:0b:c2:cb:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35c96065093998ba42cfba11bf0d17d3ac403d40
        Validity
            Not Before: Jul  5 18:53:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2bd2fc424ef0b7c4bb3ed56ce19394399517da2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:87:08:b6:3f:d2:53:cc:d5:d6:f1:83:ee:f3:
                    4c:03:47:e0:5e:b0:72:63:d9:b9:66:d2:54:66:86:
                    da:de:b1:33:ce:f7:25:28:7a:1d:5b:ec:33:34:4d:
                    e6:82:32:07:00:36:a8:4d:ef:98:b9:bf:c5:d9:62:
                    8b:fe:8e:98:ad:f8:91:a5:10:ac:93:b4:87:f4:aa:
                    57:76:30:6a:e5:66:ae:64:94:15:f0:da:d4:33:51:
                    24:e6:3d:da:08:50:0b:93:3d:5e:ab:2c:ed:1f:c2:
                    c7:be:5f:bb:92:e1:5f:d6:62:ee:2b:99:fb:67:ae:
                    61:f6:cd:39:83:b7:bd:03:ae:9a:37:d5:30:9b:58:
                    d4:c7:01:7a:d6:39:0a:db:ed:07:f6:0c:b1:e9:4a:
                    c4:bc:ab:1a:70:92:ae:23:73:1b:7a:69:a1:56:ef:
                    47:f7:1d:6f:e6:45:df:6e:5f:ef:5b:61:80:db:c4:
                    c3:b8:76:38:b2:2c:b4:32:6b:00:82:f9:1d:e3:c0:
                    f0:0a:2a:16:9b:4e:0f:af:d3:12:dc:67:ff:76:1a:
                    cd:99:6c:ee:a4:f9:d7:e3:bd:f4:50:a3:81:90:1f:
                    06:a2:25:d8:12:07:30:88:50:e5:ce:0d:3a:28:fc:
                    15:5d:b9:da:c7:81:89:1b:51:cc:88:78:a5:8f:7a:
                    56:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D2:FC:42:4E:F0:B7:C4:BB:3E:D5:6C:E1:93:94:39:95:17:DA:2F
            X509v3 Authority Key Identifier:
                keyid:35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/K9L8Qk7wt8S7PtVs4ZOUOZUX2i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/NclgZQk5mLpCz7oRvw0X06xAPUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.14.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b4:58:ef:d4:8e:a3:a9:83:ef:a6:85:8d:b6:fb:92:84:20:09:
         7c:b2:c6:1e:b4:87:b3:b4:14:20:5a:b4:70:89:55:ed:7e:e1:
         fd:98:15:f4:af:de:6e:f2:57:64:d8:72:3f:01:a8:82:45:ac:
         26:a7:95:35:bc:16:d7:c6:98:73:b3:fd:9a:a8:2e:06:5b:3b:
         87:0e:b8:59:81:75:b5:56:78:9b:77:5e:20:4f:20:6c:ba:45:
         65:1c:87:bd:bd:4a:be:d9:a8:94:e9:8f:9b:be:ab:06:02:d2:
         ed:c1:cf:ac:ee:a9:4c:f1:cb:df:e2:cd:0b:44:c8:c4:de:cc:
         83:e9:26:f0:e6:6d:ce:3a:5d:28:80:98:31:c2:09:62:46:7f:
         74:9a:ec:69:9e:d7:7a:71:aa:75:39:7f:d2:6f:34:8b:2c:3e:
         3c:48:8d:f5:a0:51:35:40:84:23:45:3b:5a:04:a7:39:e7:1a:
         ef:e5:6d:be:a0:19:4b:47:82:d1:85:bc:3f:91:0a:1e:64:21:
         d7:93:da:8c:c9:c9:dd:f2:c9:c6:de:75:de:ab:e2:5f:1e:da:
         83:2b:cc:06:20:af:f1:40:0e:73:b9:2f:cb:fc:12:d0:94:ce:
         95:13:1b:08:8c:8f:9a:e9:90:c8:14:36:b8:63:e8:ac:de:1f:
         1f:25:8b:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYHPtdKGnexUmnuuWHoLwsv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1Yzk2MDY1MDkzOTk4YmE0MmNmYmExMWJmMGQxN2QzYWM0
MDNkNDAwHhcNMjIwNzA1MTg1MzI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQyZmM0MjRlZjBiN2M0YmIzZWQ1NmNlMTkzOTQzOTk1MTdkYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYcItj/SU8zV1vGD7vNMA0fgXrBy
Y9m5ZtJUZoba3rEzzvclKHodW+wzNE3mgjIHADaoTe+Yub/F2WKL/o6YrfiRpRCs
k7SH9KpXdjBq5WauZJQV8NrUM1Ek5j3aCFALkz1eqyztH8LHvl+7kuFf1mLuK5n7
Z65h9s05g7e9A66aN9Uwm1jUxwF61jkK2+0H9gyx6UrEvKsacJKuI3MbemmhVu9H
9x1v5kXfbl/vW2GA28TDuHY4siy0MmsAgvkd48DwCioWm04Pr9MS3Gf/dhrNmWzu
pPnX4730UKOBkB8GoiXYEgcwiFDlzg06KPwVXbnax4GJG1HMiHilj3pWnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvS/EJO8LfEuz7VbOGTlDmVF9ovMB8GA1UdIwQY
MBaAFDXJYGUJOZi6Qs+6Eb8NF9OsQD1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMt
NmJhYzM0OTg3MDE5LzEvSzlMOFFrN3d0OFM3UHRWczRaT1VPWlVYMmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMtNmJhYzM0OTg3MDE5
LzEvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQExg4QMA0G
CSqGSIb3DQEBCwUAA4IBAQC0WO/UjqOpg++mhY22+5KEIAl8ssYetIeztBQgWrRw
iVXtfuH9mBX0r95u8ldk2HI/AaiCRawmp5U1vBbXxphzs/2aqC4GWzuHDrhZgXW1
Vnibd14gTyBsukVlHIe9vUq+2aiU6Y+bvqsGAtLtwc+s7qlM8cvf4s0LRMjE3syD
6Sbw5m3OOl0ogJgxwgliRn90muxpntd6cap1OX/SbzSLLD48SI31oFE1QIQjRTta
BKc55xrv5W2+oBlLR4LRhbw/kQoeZCHXk9qMycnd8snG3nXeq+JfHtqDK8wGIK/x
QA5zuS/L/BLQlM6VExsIjI+a6ZDIFDa4Y+is3h8fJYum
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:22 2023 by rpki-client on console-ams.rpki-client.org