Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/3DeZBPzEKT0go2_MGO0CEOmSPXM.roa
File:                     3DeZBPzEKT0go2_MGO0CEOmSPXM.roa (raw, json)
Hash identifier:          RDdyr6DY8AGmnBR404fmLV5XsZfF1coOKR5c9vAqKCY=
Subject key identifier:   DC:37:99:04:FC:C4:29:3D:20:A3:6F:CC:18:ED:02:10:E9:92:3D:73
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       1DECC274
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/3DeZBPzEKT0go2_MGO0CEOmSPXM.roa
Signing time:             Fri 13 May 2022 14:49:40 +0000
ROA not before:           Fri 13 May 2022 14:49:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398465
IP address blocks:        212.111.220.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 502055540 (0x1decc274)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: May 13 14:49:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dc379904fcc4293d20a36fcc18ed0210e9923d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4c:16:60:20:5b:8a:bb:31:b2:ee:83:0c:fd:
                    07:24:39:b9:ab:06:a1:48:65:05:d7:0f:f9:c3:e5:
                    b4:d4:33:02:f9:3a:0d:6b:54:7a:39:87:2d:fb:f4:
                    24:9c:66:9d:73:88:90:e8:65:af:fc:71:b7:3d:a2:
                    33:d4:93:82:a1:d1:54:de:dc:a3:a9:eb:d6:8b:38:
                    58:e1:b4:35:4b:8c:7a:dd:a3:6e:45:26:8e:e7:ac:
                    d1:54:ed:a2:63:3e:1d:3b:8e:6f:a8:c5:6b:f7:33:
                    18:f4:60:c2:ef:a2:d3:f6:46:2a:e4:a9:2d:85:40:
                    07:4e:39:c6:16:e9:20:7c:3d:9c:f7:8a:63:96:9f:
                    68:5f:78:6f:21:3a:70:fe:26:27:02:a7:d0:ad:16:
                    68:a9:d5:a7:40:11:9c:31:a6:67:3d:6f:20:6a:8a:
                    07:be:23:0f:c5:32:fd:4d:7c:6f:08:ec:98:ff:73:
                    2b:4b:69:7b:6f:8f:3e:86:1d:7f:96:63:5f:03:9f:
                    35:3a:b8:4f:bb:79:b4:13:3a:ab:31:1d:39:d1:c0:
                    73:c9:5d:3b:bd:8f:2d:d4:61:d0:df:8a:c1:ce:93:
                    ba:7c:8e:ef:a0:a4:cc:76:40:31:8f:2e:90:5e:60:
                    db:7a:29:a7:3b:56:96:d2:4c:fd:c4:94:04:c4:cd:
                    a5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:37:99:04:FC:C4:29:3D:20:A3:6F:CC:18:ED:02:10:E9:92:3D:73
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/3DeZBPzEKT0go2_MGO0CEOmSPXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:16:94:e5:43:fd:88:f3:98:00:f6:97:43:59:1e:b4:61:21:
         26:a2:49:fd:ce:20:ab:88:0e:08:81:54:a9:91:47:35:26:e5:
         1e:70:14:4e:fd:be:36:c1:2b:d3:3e:97:24:90:d2:d6:21:cc:
         3d:d8:72:7a:01:8f:70:16:fe:95:45:5b:4f:21:b8:cd:aa:46:
         99:74:d9:f1:1e:d2:97:3c:75:20:7d:fe:1d:12:66:8b:56:81:
         db:2f:c0:91:74:db:dc:04:7d:df:8d:d7:82:fb:37:05:7b:97:
         68:bf:5e:c3:c7:9f:d1:31:c4:26:c4:5e:2b:01:31:5c:26:bb:
         0f:50:4f:fd:66:71:0c:bf:55:d6:30:51:fa:47:78:22:92:30:
         31:26:7c:fd:c6:e3:cd:14:9c:06:71:ec:77:3b:c2:32:ca:a8:
         ac:15:86:04:23:21:57:67:3b:db:fb:20:dc:55:ab:29:83:b5:
         bb:3c:ae:00:94:bc:1a:aa:ec:24:16:f5:04:f5:ee:58:e4:b1:
         24:cf:4a:3b:c7:6a:4e:e4:1e:59:85:3b:ec:2c:4a:69:d0:95:
         99:1d:af:ca:56:fd:c8:c8:54:46:fd:57:a8:5e:e4:30:2e:88:
         81:a7:85:bc:76:9a:8d:97:ff:c8:81:60:2a:3f:83:b0:a8:6e:
         35:c8:81:99
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEHezCdDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
OTQyNjMyNWFjYjhjZTYwOWE2ODZmYTY1NWIwNTg5Njg4MDliMzQ2MB4XDTIyMDUx
MzE0NDk0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGMzNzk5MDRmY2M0
MjkzZDIwYTM2ZmNjMThlZDAyMTBlOTkyM2Q3MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKlMFmAgW4q7MbLugwz9ByQ5uasGoUhlBdcP+cPltNQzAvk6
DWtUejmHLfv0JJxmnXOIkOhlr/xxtz2iM9STgqHRVN7co6nr1os4WOG0NUuMet2j
bkUmjues0VTtomM+HTuOb6jFa/czGPRgwu+i0/ZGKuSpLYVAB045xhbpIHw9nPeK
Y5afaF94byE6cP4mJwKn0K0WaKnVp0ARnDGmZz1vIGqKB74jD8Uy/U18bwjsmP9z
K0tpe2+PPoYdf5ZjXwOfNTq4T7t5tBM6qzEdOdHAc8ldO72PLdRh0N+Kwc6TunyO
76CkzHZAMY8ukF5g23oppztWltJM/cSUBMTNpRcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTcN5kE/MQpPSCjb8wY7QIQ6ZI9czAfBgNVHSMEGDAWgBQZQmMlrLjOYJpo
b6ZVsFiWiAmzRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dVSmpKYXk0em1DYWFHLW1WYkJZbG9nSnMwWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvOGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8x
LzNEZVpCUHpFS1QwZ28yX01HTzBDRU9tU1BYTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
OGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8xL0dVSmpKYXk0em1D
YWFHLW1WYkJZbG9nSnMwWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtRv3DANBgkqhkiG9w0BAQsFAAOC
AQEAtBaU5UP9iPOYAPaXQ1ketGEhJqJJ/c4gq4gOCIFUqZFHNSblHnAUTv2+NsEr
0z6XJJDS1iHMPdhyegGPcBb+lUVbTyG4zapGmXTZ8R7Slzx1IH3+HRJmi1aB2y/A
kXTb3AR9343Xgvs3BXuXaL9ew8ef0THEJsReKwExXCa7D1BP/WZxDL9V1jBR+kd4
IpIwMSZ8/cbjzRScBnHsdzvCMsqorBWGBCMhV2c72/sg3FWrKYO1uzyuAJS8Gqrs
JBb1BPXuWOSxJM9KO8dqTuQeWYU77CxKadCVmR2vylb9yMhURv1XqF7kMC6IgaeF
vHaajZf/yIFgKj+DsKhuNciBmQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:05 2023 by rpki-client on console-ams.rpki-client.org