Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/B5zoBbTPpf5ncwWKRcdZYqG2K2E.roa
File:                     B5zoBbTPpf5ncwWKRcdZYqG2K2E.roa (raw, json)
Hash identifier:          BxcNLBl0YrSFxI5QWhIGanPge7eEn+UNKsnoDSgoC94=
Subject key identifier:   07:9C:E8:05:B4:CF:A5:FE:67:73:05:8A:45:C7:59:62:A1:B6:2B:61
Certificate issuer:       /CN=65865968a1d8f4f377865c913af3b9af890d7cce
Certificate serial:       0FA81D4C
Authority key identifier: 65:86:59:68:A1:D8:F4:F3:77:86:5C:91:3A:F3:B9:AF:89:0D:7C:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYZZaKHY9PN3hlyROvO5r4kNfM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/B5zoBbTPpf5ncwWKRcdZYqG2K2E.roa
Signing time:             Sat 01 Jan 2022 02:57:22 +0000
ROA not before:           Sat 01 Jan 2022 02:57:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50673
IP address blocks:        185.161.174.0/24 maxlen: 24
                          2a07:c380::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 262675788 (0xfa81d4c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65865968a1d8f4f377865c913af3b9af890d7cce
        Validity
            Not Before: Jan  1 02:57:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=079ce805b4cfa5fe6773058a45c75962a1b62b61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:83:de:da:8f:a8:9f:34:b8:d0:b4:1d:90:b6:
                    66:8e:5a:2d:a2:4a:6d:a7:84:e0:cf:65:2b:1d:4b:
                    09:62:e3:da:d5:01:00:f7:89:55:45:29:6c:c3:59:
                    28:a0:5f:c0:9d:3e:64:9a:f8:4a:9b:06:c6:5e:a4:
                    9f:be:de:70:83:87:f9:3a:81:18:9c:96:bb:86:7c:
                    cf:b4:ec:c8:d8:c1:9a:1f:4b:2c:7d:5b:1d:d2:39:
                    6a:98:4c:e6:f1:f0:d7:fa:11:de:47:39:6d:40:0a:
                    a1:1d:7b:d9:76:f9:54:a2:47:a3:81:ca:5f:eb:1f:
                    8d:5c:56:83:30:ef:9d:e1:1d:29:ff:e8:35:5d:6a:
                    40:b2:01:0c:22:b3:89:4b:8c:0f:a6:42:bf:cd:08:
                    3a:79:ff:cc:e7:b8:ac:3f:85:63:a7:d5:b5:53:61:
                    8d:4f:7b:1c:46:78:2a:b7:b6:75:31:13:73:10:fe:
                    26:5f:25:aa:2b:ea:16:e1:0c:3f:8c:65:78:e7:0c:
                    e7:6f:07:cf:57:0b:d9:3b:32:65:b6:04:5d:fc:c2:
                    0d:3c:db:6e:89:9b:72:48:ed:87:be:2f:d3:5d:d5:
                    b4:44:2d:b8:6d:84:89:62:94:ef:49:3c:ac:9a:c8:
                    3a:ba:40:64:28:37:98:0d:c2:d9:57:1d:db:65:50:
                    77:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:9C:E8:05:B4:CF:A5:FE:67:73:05:8A:45:C7:59:62:A1:B6:2B:61
            X509v3 Authority Key Identifier:
                keyid:65:86:59:68:A1:D8:F4:F3:77:86:5C:91:3A:F3:B9:AF:89:0D:7C:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYZZaKHY9PN3hlyROvO5r4kNfM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/B5zoBbTPpf5ncwWKRcdZYqG2K2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/ZYZZaKHY9PN3hlyROvO5r4kNfM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.174.0/24
                IPv6:
                  2a07:c380::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:e6:8b:33:bb:ef:46:69:e2:21:ac:c1:12:36:29:61:ec:f0:
         94:c4:c8:cd:39:74:fa:f2:bf:c3:65:49:ea:19:b4:1a:6b:f6:
         91:10:7a:8d:32:bf:4c:dd:e3:09:fc:2f:a8:90:da:5b:da:50:
         43:ef:3c:31:72:33:3b:0e:69:a6:85:d4:7a:2c:88:51:00:3c:
         e5:ae:28:24:f7:28:3b:2e:81:00:b2:11:11:2d:67:08:4d:46:
         b8:14:de:93:a3:3b:8d:7d:de:82:9b:a7:2a:53:1c:03:52:91:
         16:8f:b1:de:11:0c:a7:76:8a:08:0d:fd:26:1f:45:31:24:87:
         5f:de:b9:ea:89:36:8b:67:e9:42:88:03:66:77:59:86:94:b1:
         e6:5f:71:e8:05:7b:8a:26:d8:3e:8b:ff:25:5e:c4:39:8f:9e:
         33:53:48:04:61:9a:6b:bf:92:bc:b2:3f:d0:a2:84:f0:e8:da:
         c5:1d:ad:bb:20:8f:c5:7a:d4:be:21:11:21:78:61:47:16:74:
         87:e3:d9:f7:83:cf:7f:95:e5:eb:e2:7b:d6:59:7c:53:c6:bf:
         7d:90:fe:8f:5a:98:43:76:17:7e:ac:c8:fb:32:17:ca:da:7e:
         f4:c6:15:27:2f:e3:1e:62:ca:f9:16:48:03:aa:b0:c8:b1:9c:
         ef:c2:01:33
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIED6gdTDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NTg2NTk2OGExZDhmNGYzNzc4NjVjOTEzYWYzYjlhZjg5MGQ3Y2NlMB4XDTIyMDEw
MTAyNTcyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDc5Y2U4MDViNGNm
YTVmZTY3NzMwNThhNDVjNzU5NjJhMWI2MmI2MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALuD3tqPqJ80uNC0HZC2Zo5aLaJKbaeE4M9lKx1LCWLj2tUB
APeJVUUpbMNZKKBfwJ0+ZJr4SpsGxl6kn77ecIOH+TqBGJyWu4Z8z7TsyNjBmh9L
LH1bHdI5aphM5vHw1/oR3kc5bUAKoR172Xb5VKJHo4HKX+sfjVxWgzDvneEdKf/o
NV1qQLIBDCKziUuMD6ZCv80IOnn/zOe4rD+FY6fVtVNhjU97HEZ4Kre2dTETcxD+
Jl8lqivqFuEMP4xleOcM528Hz1cL2TsyZbYEXfzCDTzbbombckjth74v013VtEQt
uG2EiWKU70k8rJrIOrpAZCg3mA3C2Vcd22VQd5cCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQHnOgFtM+l/mdzBYpFx1liobYrYTAfBgNVHSMEGDAWgBRlhlloodj083eG
XJE687mviQ18zjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1pZWlphS0hZOVBOM2hseVJPdk81cjRrTmZNNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjYvMzJjNWNlLTI4YjItNDdkNy1hYmQ1LTJlOWQ2Y2EwODcwMS8x
L0I1em9CYlRQcGY1bmN3V0tSY2RaWXFHMksyRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYv
MzJjNWNlLTI4YjItNDdkNy1hYmQ1LTJlOWQ2Y2EwODcwMS8xL1pZWlphS0hZOVBO
M2hseVJPdk81cjRrTmZNNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALmhrjANBAIAAjAHAwUAKgfDgDAN
BgkqhkiG9w0BAQsFAAOCAQEAouaLM7vvRmniIazBEjYpYezwlMTIzTl0+vK/w2VJ
6hm0Gmv2kRB6jTK/TN3jCfwvqJDaW9pQQ+88MXIzOw5ppoXUeiyIUQA85a4oJPco
Oy6BALIRES1nCE1GuBTek6M7jX3egpunKlMcA1KRFo+x3hEMp3aKCA39Jh9FMSSH
X9656ok2i2fpQogDZndZhpSx5l9x6AV7iibYPov/JV7EOY+eM1NIBGGaa7+SvLI/
0KKE8OjaxR2tuyCPxXrUviERIXhhRxZ0h+PZ94PPf5Xl6+J71ll8U8a/fZD+j1qY
Q3YXfqzI+zIXytp+9MYVJy/jHmLK+RZIA6qwyLGc78IBMw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:13 2023 by rpki-client on console-fra.rpki-client.org