Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/DMkVjxkePPqZds6MvwzV9pQ1X8I.roa
File:                     DMkVjxkePPqZds6MvwzV9pQ1X8I.roa (raw, json)
Hash identifier:          Hv+7eLNf7vKoIv02T9i8gHgySyrX3MgMaMxcvdOlRnU=
Subject key identifier:   0C:C9:15:8F:19:1E:3C:FA:99:76:CE:8C:BF:0C:D5:F6:94:35:5F:C2
Certificate issuer:       /CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
Certificate serial:       023E6D78
Authority key identifier: B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/DMkVjxkePPqZds6MvwzV9pQ1X8I.roa
Signing time:             Sat 01 Jan 2022 04:53:23 +0000
ROA not before:           Sat 01 Jan 2022 04:53:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        194.99.96.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 37645688 (0x23e6d78)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
        Validity
            Not Before: Jan  1 04:53:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0cc9158f191e3cfa9976ce8cbf0cd5f694355fc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:32:a1:af:ef:3e:9d:bb:8e:7c:32:53:62:15:
                    c3:4e:31:09:7d:74:1f:f2:b6:68:ef:0c:05:e5:7f:
                    23:38:6e:b0:2b:96:14:01:70:8d:3d:22:9e:73:fa:
                    82:66:bd:50:f5:be:ec:4b:26:e7:30:97:98:a8:1f:
                    ba:83:2e:66:76:c5:b0:dd:06:7b:2f:a3:61:60:f5:
                    75:11:13:ba:f7:e9:f8:fc:71:3c:c7:c6:ad:ab:47:
                    59:94:fa:76:83:b3:dd:33:8e:f3:2b:d2:23:89:b6:
                    12:83:ce:04:ff:3f:fc:c5:46:dd:d2:0e:62:f4:22:
                    13:fc:1a:a2:65:8f:43:7d:67:6f:47:70:48:76:85:
                    5b:5a:55:1d:d5:c7:6a:22:80:86:07:35:85:fd:78:
                    05:17:83:d6:b1:ab:df:33:3f:da:5e:ff:cd:28:f8:
                    9d:3e:b0:e6:38:bb:28:04:65:f6:50:53:c7:56:cc:
                    7b:21:47:b6:1e:c6:05:93:89:25:26:f4:30:d5:4a:
                    e8:67:a9:73:64:1d:0f:4f:06:0e:ef:23:ff:e8:54:
                    a4:28:a6:c2:fd:c9:e9:b2:c6:1c:e3:3d:04:fc:53:
                    83:90:9b:34:66:36:a0:e5:42:94:79:6f:65:05:cc:
                    8d:8e:06:a9:4d:03:9c:15:65:20:6e:75:0f:ff:60:
                    25:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:C9:15:8F:19:1E:3C:FA:99:76:CE:8C:BF:0C:D5:F6:94:35:5F:C2
            X509v3 Authority Key Identifier:
                keyid:B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/DMkVjxkePPqZds6MvwzV9pQ1X8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:7b:3c:9c:d9:72:18:53:88:20:22:32:9b:0c:dd:da:5c:fb:
         6e:5d:d9:8a:be:32:38:ca:a9:1d:8e:65:d3:00:06:a2:75:32:
         1a:1f:cc:15:69:0f:07:9f:b5:86:d8:d1:3f:6b:ca:ff:6b:c2:
         f1:dc:da:b6:2f:79:85:9e:39:8f:8c:97:d9:3d:94:dd:9a:b7:
         6d:f6:19:95:23:62:a8:20:a2:39:37:a9:f0:5b:00:6b:07:95:
         f0:04:6e:e5:fc:60:d4:de:a0:6e:0e:81:39:ac:53:10:ff:4c:
         c1:0c:8f:34:88:72:81:81:5b:70:8d:3f:46:d4:bd:c9:d7:24:
         ac:27:21:11:c6:31:a2:62:bd:36:e9:7f:28:30:ee:0d:da:64:
         0d:0f:c0:58:30:8a:e3:b4:48:9c:83:7c:62:5a:94:41:69:6e:
         ed:00:09:9c:f7:13:45:07:17:63:8a:6c:97:3c:33:89:13:d3:
         e3:a0:1e:90:d5:34:c6:cd:4f:0f:3d:be:6d:1b:ee:d1:32:2a:
         70:12:e0:21:f0:45:9a:3c:59:6a:58:45:9a:bc:88:56:5d:5f:
         3c:a4:11:71:81:a9:76:a9:d8:34:53:00:4a:ef:80:7f:4f:7e:
         0d:ad:27:69:fd:b6:3d:59:dd:9d:ca:d1:ab:13:67:b9:08:b8:
         94:90:74:ea
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAj5teDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NzRjZTNmM2M1ZTVhMmY5ZDhiOGE0Yzc3YTgzNjFmOGEyMTZmM2FkMB4XDTIyMDEw
MTA0NTMyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGNjOTE1OGYxOTFl
M2NmYTk5NzZjZThjYmYwY2Q1ZjY5NDM1NWZjMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMkyoa/vPp27jnwyU2IVw04xCX10H/K2aO8MBeV/IzhusCuW
FAFwjT0innP6gma9UPW+7Esm5zCXmKgfuoMuZnbFsN0Gey+jYWD1dRETuvfp+Pxx
PMfGratHWZT6doOz3TOO8yvSI4m2EoPOBP8//MVG3dIOYvQiE/waomWPQ31nb0dw
SHaFW1pVHdXHaiKAhgc1hf14BReD1rGr3zM/2l7/zSj4nT6w5ji7KARl9lBTx1bM
eyFHth7GBZOJJSb0MNVK6Gepc2QdD08GDu8j/+hUpCimwv3J6bLGHOM9BPxTg5Cb
NGY2oOVClHlvZQXMjY4GqU0DnBVlIG51D/9gJQMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQMyRWPGR48+pl2zoy/DNX2lDVfwjAfBgNVHSMEGDAWgBS3TOPzxeWi+di4
pMd6g2H4ohbzrTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Qwemo4OFhsb3ZuWXVLVEhlb05oLUtJVzg2MC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGUvYWM2ODFmLTA1ZDItNDA0NS1hZTEwLTVlYmRkOWUyODg3Yy8x
L0RNa1ZqeGtlUFBxWmRzNk12d3pWOXBRMVg4SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUv
YWM2ODFmLTA1ZDItNDA0NS1hZTEwLTVlYmRkOWUyODg3Yy8xL3Qwemo4OFhsb3Zu
WXVLVEhlb05oLUtJVzg2MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcJjYDANBgkqhkiG9w0BAQsFAAOC
AQEAG3s8nNlyGFOIICIymwzd2lz7bl3Zir4yOMqpHY5l0wAGonUyGh/MFWkPB5+1
htjRP2vK/2vC8dzati95hZ45j4yX2T2U3Zq3bfYZlSNiqCCiOTep8FsAaweV8ARu
5fxg1N6gbg6BOaxTEP9MwQyPNIhygYFbcI0/RtS9ydckrCchEcYxomK9Nul/KDDu
DdpkDQ/AWDCK47RInIN8YlqUQWlu7QAJnPcTRQcXY4pslzwziRPT46AekNU0xs1P
Dz2+bRvu0TIqcBLgIfBFmjxZalhFmryIVl1fPKQRcYGpdqnYNFMASu+Af09+Da0n
af22PVndncrRqxNnuQi4lJB06g==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:00 2023 by rpki-client on console-fra.rpki-client.org