Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/Y9RUinGhDqUY1GvCxAQNmH4SRkk.roa
File:                     Y9RUinGhDqUY1GvCxAQNmH4SRkk.roa (raw, json)
Hash identifier:          a1/7mV6hlKMps171jvIXa/ohgZ1nG378V7yzmFdAtGk=
Subject key identifier:   63:D4:54:8A:71:A1:0E:A5:18:D4:6B:C2:C4:04:0D:98:7E:12:46:49
Certificate issuer:       /CN=7c8c1371dd6afd5fd79ea984da3fbda1b94afe23
Certificate serial:       08F0E520
Authority key identifier: 7C:8C:13:71:DD:6A:FD:5F:D7:9E:A9:84:DA:3F:BD:A1:B9:4A:FE:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fIwTcd1q_V_XnqmE2j-9oblK_iM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/Y9RUinGhDqUY1GvCxAQNmH4SRkk.roa
Signing time:             Sat 01 Jan 2022 02:52:47 +0000
ROA not before:           Sat 01 Jan 2022 02:52:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210252
IP address blocks:        193.23.20.0/22 maxlen: 24
                          2a0d:5bc0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 150005024 (0x8f0e520)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c8c1371dd6afd5fd79ea984da3fbda1b94afe23
        Validity
            Not Before: Jan  1 02:52:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=63d4548a71a10ea518d46bc2c4040d987e124649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:71:1e:5d:c8:fa:c9:66:cb:46:f3:63:ce:4b:
                    4c:3e:22:70:dd:2c:e8:87:5d:39:85:21:00:58:9e:
                    58:51:50:1f:e3:a9:71:c2:dd:39:19:58:fa:94:eb:
                    e0:71:f1:c0:5a:56:fc:d0:46:cb:b5:14:dc:58:79:
                    3f:f6:8c:7d:ad:db:54:8e:bb:99:1b:87:ae:09:6f:
                    8e:90:b5:7f:c4:ff:b8:f6:fb:f3:67:56:ad:3d:73:
                    e2:8f:c8:d9:67:1b:2f:f5:46:a6:c9:3c:6f:00:b2:
                    78:fa:88:8d:48:eb:be:aa:ec:37:79:2d:42:61:98:
                    b7:77:c5:f6:ba:ad:11:08:a2:d4:18:79:c1:a3:6c:
                    ac:dc:2c:bf:84:87:95:40:ed:36:e6:09:47:2e:7c:
                    b4:a2:9b:e4:d1:b0:28:a8:cf:7d:2a:37:6d:fd:9b:
                    2d:bb:85:df:9f:b6:3d:81:a3:de:dd:b4:a5:f9:57:
                    d1:35:46:4e:71:32:99:be:dd:b4:da:5c:a8:08:34:
                    1d:13:cc:b2:3a:73:e2:7b:3a:91:38:68:00:64:99:
                    8e:78:68:c6:d2:48:a8:39:09:1e:44:1e:99:7c:55:
                    8c:7a:cc:0c:20:ab:87:9f:b9:62:36:ad:2f:d3:00:
                    b3:28:71:ee:5b:28:ec:dd:52:43:e5:49:dd:97:37:
                    b5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D4:54:8A:71:A1:0E:A5:18:D4:6B:C2:C4:04:0D:98:7E:12:46:49
            X509v3 Authority Key Identifier:
                keyid:7C:8C:13:71:DD:6A:FD:5F:D7:9E:A9:84:DA:3F:BD:A1:B9:4A:FE:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fIwTcd1q_V_XnqmE2j-9oblK_iM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/Y9RUinGhDqUY1GvCxAQNmH4SRkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/fIwTcd1q_V_XnqmE2j-9oblK_iM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.20.0/22
                IPv6:
                  2a0d:5bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:a0:54:b0:8f:fa:ac:28:51:a6:cc:d7:56:e1:f2:73:9a:5b:
         d9:fd:93:17:8a:23:ba:64:46:aa:0d:85:ac:a5:a0:09:44:e1:
         37:56:2f:78:59:60:7e:1e:ae:e6:cf:56:dd:ce:58:b9:8c:32:
         1b:2a:9b:97:7f:6a:84:5c:f2:a5:92:5c:3b:89:65:38:27:17:
         82:bf:87:9e:b1:0b:e0:6a:7e:b6:81:9b:e9:7c:ef:06:24:4e:
         68:ff:0f:21:e9:1d:94:82:da:5a:a8:98:12:25:64:ba:c5:e1:
         91:28:7c:35:6a:2d:28:ff:2e:d9:e5:61:84:f8:1b:e0:8d:bc:
         ba:57:b2:73:f9:5a:2f:c8:8b:ef:e5:da:61:e2:97:fc:2b:04:
         f3:39:28:b2:b8:1d:60:6e:9f:c8:06:43:a4:bd:c9:13:ea:29:
         36:67:c5:77:21:8b:10:0e:9a:b5:84:73:81:68:2e:17:55:6d:
         30:15:c5:ce:cd:d2:cc:ec:25:fa:17:0d:b2:ab:09:0a:92:10:
         54:6c:f9:d9:af:97:8e:9f:64:25:b3:a8:2b:2b:e0:df:72:d7:
         8d:58:19:b1:a1:fc:f0:e0:36:ed:3e:08:3e:4d:0e:b4:2f:d1:
         5b:6a:43:c8:1f:79:a4:64:75:6c:1b:94:80:d2:87:65:3f:f7:
         f3:9f:c2:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECPDlIDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YzhjMTM3MWRkNmFmZDVmZDc5ZWE5ODRkYTNmYmRhMWI5NGFmZTIzMB4XDTIyMDEw
MTAyNTI0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjNkNDU0OGE3MWEx
MGVhNTE4ZDQ2YmMyYzQwNDBkOTg3ZTEyNDY0OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOtxHl3I+slmy0bzY85LTD4icN0s6IddOYUhAFieWFFQH+Op
ccLdORlY+pTr4HHxwFpW/NBGy7UU3Fh5P/aMfa3bVI67mRuHrglvjpC1f8T/uPb7
82dWrT1z4o/I2WcbL/VGpsk8bwCyePqIjUjrvqrsN3ktQmGYt3fF9rqtEQii1Bh5
waNsrNwsv4SHlUDtNuYJRy58tKKb5NGwKKjPfSo3bf2bLbuF35+2PYGj3t20pflX
0TVGTnEymb7dtNpcqAg0HRPMsjpz4ns6kThoAGSZjnhoxtJIqDkJHkQemXxVjHrM
DCCrh5+5YjatL9MAsyhx7lso7N1SQ+VJ3Zc3tZ0CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRj1FSKcaEOpRjUa8LEBA2YfhJGSTAfBgNVHSMEGDAWgBR8jBNx3Wr9X9ee
qYTaP72huUr+IzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZJd1RjZDFxX1ZfWG5xbUUyai05b2JsS19pTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmQvZTk0NjUyLTE1NjQtNGQxYi04MTk4LTFhYzVkODg2MzA4Mi8x
L1k5UlVpbkdoRHFVWTFHdkN4QVFObUg0U1Jray5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQv
ZTk0NjUyLTE1NjQtNGQxYi04MTk4LTFhYzVkODg2MzA4Mi8xL2ZJd1RjZDFxX1Zf
WG5xbUUyai05b2JsS19pTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAsEXFDANBAIAAjAHAwUAKg1bwDAN
BgkqhkiG9w0BAQsFAAOCAQEAcqBUsI/6rChRpszXVuHyc5pb2f2TF4ojumRGqg2F
rKWgCUThN1YveFlgfh6u5s9W3c5YuYwyGyqbl39qhFzypZJcO4llOCcXgr+HnrEL
4Gp+toGb6XzvBiROaP8PIekdlILaWqiYEiVkusXhkSh8NWotKP8u2eVhhPgb4I28
uleyc/laL8iL7+XaYeKX/CsE8zkosrgdYG6fyAZDpL3JE+opNmfFdyGLEA6atYRz
gWguF1VtMBXFzs3SzOwl+hcNsqsJCpIQVGz52a+Xjp9kJbOoKyvg33LXjVgZsaH8
8OA27T4IPk0OtC/RW2pDyB95pGR1bBuUgNKHZT/385/CwA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:09 2024 by rpki-client on console-fra.rpki-client.org