Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/urReNEijm-xE3ZKJ8vRzGlDDQmU.roa
File:                     urReNEijm-xE3ZKJ8vRzGlDDQmU.roa (raw, json)
Hash identifier:          6fggy7BMCG4vxaMO6Se7xQAJai9braG4UNPTa3nDJ7k=
Subject key identifier:   BA:B4:5E:34:48:A3:9B:EC:44:DD:92:89:F2:F4:73:1A:50:C3:42:65
Certificate issuer:       /CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
Certificate serial:       18A38043
Authority key identifier: CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/urReNEijm-xE3ZKJ8vRzGlDDQmU.roa
Signing time:             Sat 01 Jan 2022 07:59:00 +0000
ROA not before:           Sat 01 Jan 2022 07:59:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        91.102.186.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 413368387 (0x18a38043)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
        Validity
            Not Before: Jan  1 07:59:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bab45e3448a39bec44dd9289f2f4731a50c34265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:34:10:13:1f:b5:b6:a3:d3:36:5c:52:99:9b:
                    5d:5b:ce:2e:17:d9:fd:a9:49:6e:39:8e:2f:d6:9a:
                    f6:e3:c6:1a:ef:7c:e4:73:04:40:8f:2a:56:1a:6e:
                    b5:09:f5:98:4e:73:f8:e5:c6:9c:7d:d8:70:12:5a:
                    cd:9f:d2:1e:f4:c1:37:91:f7:d1:0e:d0:6b:a7:5a:
                    3b:a8:28:5b:ea:77:38:14:39:5f:73:e9:86:bd:27:
                    0c:c1:9a:25:4d:f9:f2:45:fb:cf:89:05:00:4e:8e:
                    16:02:c9:20:df:60:14:c4:62:4c:77:ad:dc:98:bf:
                    00:17:22:71:da:9b:ec:d9:cc:cf:91:5e:ce:8b:a7:
                    f6:a6:ad:c4:2c:a4:80:80:6c:3f:46:b8:37:0b:d8:
                    4e:48:80:bd:3b:dd:1d:d8:3c:32:77:f0:b4:03:fd:
                    50:8b:b4:b0:f1:b0:b7:1c:64:40:07:c2:fb:12:33:
                    90:0c:bf:6d:20:4b:85:d0:e3:46:9d:04:22:e3:eb:
                    fe:d9:69:cd:e9:34:2b:31:7a:78:97:3e:16:85:13:
                    f7:41:6c:48:56:f7:ba:5b:0c:97:3f:b5:07:01:3c:
                    1d:1e:57:2b:0d:59:fa:e7:9e:34:44:2e:fd:76:ed:
                    25:f2:65:df:31:c9:93:6d:37:6d:c8:10:da:3a:40:
                    2b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B4:5E:34:48:A3:9B:EC:44:DD:92:89:F2:F4:73:1A:50:C3:42:65
            X509v3 Authority Key Identifier:
                keyid:CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/urReNEijm-xE3ZKJ8vRzGlDDQmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e9:c4:4d:61:91:94:e2:aa:f5:ec:de:de:e6:e1:8b:69:6c:
         9a:ab:aa:e3:21:72:00:25:3f:32:fa:4a:16:3c:51:55:81:8d:
         83:2a:15:9a:b4:d0:25:53:56:f5:d5:94:c2:c9:8a:34:4b:6a:
         02:11:8e:68:96:2a:1f:93:b7:80:9b:c1:bd:05:ef:bb:2f:67:
         db:41:c2:7e:2c:8c:08:fb:ba:62:46:e5:b6:44:89:65:77:ec:
         53:bc:c1:9f:45:1a:f8:11:09:2b:01:63:79:88:3d:52:9f:22:
         ca:17:b0:9d:ef:bd:5d:da:7b:9d:f5:7a:7a:5e:b3:1c:78:4d:
         d8:4e:60:eb:f1:e6:82:ea:69:9a:9b:20:2b:c7:c2:ef:1a:6d:
         82:b1:59:58:7f:6f:96:e4:2b:a1:04:f0:c7:fc:bd:bd:ae:cf:
         8c:ef:f2:3d:8e:30:dc:65:2d:63:80:36:db:0f:47:d0:94:41:
         bc:88:b2:7e:2a:7e:04:9c:ce:e5:69:40:58:ef:6c:f1:c6:f6:
         02:b5:6f:f7:bb:98:3c:db:1e:8a:d0:3d:9b:33:d5:c8:92:af:
         52:0d:3f:95:81:72:dd:e8:11:31:5d:02:c4:97:95:e7:bd:9f:
         d7:6a:83:7e:93:ac:f7:43:a2:b3:a8:00:f5:11:fc:dd:54:53:
         d6:a9:94:fd
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEGKOAQzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZWMzYjM0N2EyMTZiYzQzN2IwYmQ0Y2YwYmM4Y2RhNjVlOGMyZDNiMB4XDTIyMDEw
MTA3NTkwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmFiNDVlMzQ0OGEz
OWJlYzQ0ZGQ5Mjg5ZjJmNDczMWE1MGMzNDI2NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALU0EBMftbaj0zZcUpmbXVvOLhfZ/alJbjmOL9aa9uPGGu98
5HMEQI8qVhputQn1mE5z+OXGnH3YcBJazZ/SHvTBN5H30Q7Qa6daO6goW+p3OBQ5
X3Pphr0nDMGaJU358kX7z4kFAE6OFgLJIN9gFMRiTHet3Ji/ABcicdqb7NnMz5Fe
zoun9qatxCykgIBsP0a4NwvYTkiAvTvdHdg8MnfwtAP9UIu0sPGwtxxkQAfC+xIz
kAy/bSBLhdDjRp0EIuPr/tlpzek0KzF6eJc+FoUT90FsSFb3ulsMlz+1BwE8HR5X
Kw1Z+ueeNEQu/XbtJfJl3zHJk203bcgQ2jpAKx8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBS6tF40SKOb7ETdkony9HMaUMNCZTAfBgNVHSMEGDAWgBTOw7NHoha8Q3sL
1M8LyM2mXowtOzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pzT3pSNklXdkVON0M5VFBDOGpOcGw2TUxUcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTcvN2E2ODNiLWZhNzgtNDExMi1iNmI2LTE1NWZiM2ZlMjg3ZS8x
L3VyUmVORWlqbS14RTNaS0o4dlJ6R2xERFFtVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTcv
N2E2ODNiLWZhNzgtNDExMi1iNmI2LTE1NWZiM2ZlMjg3ZS8xL3pzT3pSNklXdkVO
N0M5VFBDOGpOcGw2TUxUcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFtmujANBgkqhkiG9w0BAQsFAAOC
AQEAoOnETWGRlOKq9eze3ubhi2lsmquq4yFyACU/MvpKFjxRVYGNgyoVmrTQJVNW
9dWUwsmKNEtqAhGOaJYqH5O3gJvBvQXvuy9n20HCfiyMCPu6YkbltkSJZXfsU7zB
n0Ua+BEJKwFjeYg9Up8iyhewne+9Xdp7nfV6el6zHHhN2E5g6/HmguppmpsgK8fC
7xptgrFZWH9vluQroQTwx/y9va7PjO/yPY4w3GUtY4A22w9H0JRBvIiyfip+BJzO
5WlAWO9s8cb2ArVv97uYPNseitA9mzPVyJKvUg0/lYFy3egRMV0CxJeV572f12qD
fpOs90Ois6gA9RH83VRT1qmU/Q==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:40 2023 by rpki-client on console-fra.rpki-client.org