Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/NhvlZokh03r84RRehvt_AbNrYY4.roa
File:                     NhvlZokh03r84RRehvt_AbNrYY4.roa (raw, json)
Hash identifier:          Ig+Zcl1zQ/83dc/fw0XGHnXB/NWZSpAw7jLfb4vSIhM=
Subject key identifier:   36:1B:E5:66:89:21:D3:7A:FC:E1:14:5E:86:FB:7F:01:B3:6B:61:8E
Certificate issuer:       /CN=4944680c20d1af01f169b18ac9c77d9877133cde
Certificate serial:       01836A802D925A984564C03D925EB5D8BB4F
Authority key identifier: 49:44:68:0C:20:D1:AF:01:F1:69:B1:8A:C9:C7:7D:98:77:13:3C:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SURoDCDRrwHxabGKycd9mHcTPN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/NhvlZokh03r84RRehvt_AbNrYY4.roa
Signing time:             Fri 23 Sep 2022 13:18:48 +0000
ROA not before:           Fri 23 Sep 2022 13:18:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        91.232.182.0/24 maxlen: 24
                          91.232.184.0/24 maxlen: 24
                          91.232.185.0/24 maxlen: 24
                          176.118.80.0/21 maxlen: 21
                          91.233.192.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:6a:80:2d:92:5a:98:45:64:c0:3d:92:5e:b5:d8:bb:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4944680c20d1af01f169b18ac9c77d9877133cde
        Validity
            Not Before: Sep 23 13:18:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=361be5668921d37afce1145e86fb7f01b36b618e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:35:b8:c8:e4:8e:ec:2a:11:a7:e1:ca:3e:d8:
                    90:c6:b1:7f:d1:35:ff:c2:56:3d:b3:d3:17:82:d9:
                    d2:af:85:f3:73:e4:d3:0f:7a:e5:fd:0d:6d:1c:86:
                    02:d7:22:bd:71:e0:e6:c5:56:ff:18:2a:a8:62:f1:
                    87:a8:db:c1:22:c2:8c:f7:bd:5d:04:0d:af:91:ce:
                    11:bf:5f:b0:ff:e8:fa:7b:c0:68:28:09:43:0b:0e:
                    52:a8:4f:c6:16:6c:63:4b:77:b2:7b:c1:4f:ad:cd:
                    d7:66:47:d8:8e:17:7a:b0:8c:c9:ca:1b:0c:93:57:
                    b3:81:bb:18:9e:95:db:3c:ef:4f:f4:a0:3e:3f:3f:
                    d9:28:7c:af:74:7a:1e:b5:2d:de:ac:7e:36:c0:3b:
                    60:4b:20:57:d6:6e:f6:73:a7:a6:d6:a3:5c:10:2c:
                    cf:71:3c:e8:f9:a1:61:30:4c:9b:70:39:00:0c:1c:
                    4b:eb:d2:42:2a:2f:d1:18:59:f6:2d:99:cb:ba:98:
                    01:28:83:1e:86:01:36:08:c1:dc:62:ac:d7:fd:3a:
                    14:35:29:c0:b2:49:02:f5:3f:40:6e:6c:7f:53:dc:
                    12:c0:b7:c8:30:40:62:5d:53:7a:34:ed:bd:aa:9d:
                    ac:79:c2:50:99:eb:ab:41:25:da:5f:4d:b1:7b:96:
                    58:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:1B:E5:66:89:21:D3:7A:FC:E1:14:5E:86:FB:7F:01:B3:6B:61:8E
            X509v3 Authority Key Identifier:
                keyid:49:44:68:0C:20:D1:AF:01:F1:69:B1:8A:C9:C7:7D:98:77:13:3C:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SURoDCDRrwHxabGKycd9mHcTPN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/NhvlZokh03r84RRehvt_AbNrYY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7dee09-cd2e-4030-ab92-ebdcc02fbae9/1/SURoDCDRrwHxabGKycd9mHcTPN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.182.0/24
                  91.232.184.0/23
                  91.233.192.0/24
                  176.118.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         91:da:f4:5e:90:a6:26:b2:1e:13:75:15:53:b3:0f:6c:2a:6a:
         95:4b:59:a0:c4:a0:f8:99:94:80:60:aa:1f:ec:54:1f:19:98:
         f0:1b:83:ae:5f:ac:8c:12:b3:be:bc:7a:f9:38:11:60:22:68:
         b6:53:ea:58:8f:5f:67:c8:51:44:e4:09:ce:bc:31:75:87:49:
         d8:f4:57:cc:b9:72:9e:6f:f3:9f:35:2a:b0:06:65:df:b2:82:
         b2:b0:97:1a:97:d4:3f:96:ef:e8:6f:33:a7:7c:0a:ac:b8:68:
         15:0e:04:1f:29:be:2a:1c:7e:71:62:18:c1:0f:f8:e6:4a:7b:
         66:1d:f1:77:06:d1:6d:39:91:60:b2:69:bb:89:73:06:e9:8b:
         af:05:66:95:2a:c1:a9:f0:b0:97:1a:78:f2:5a:b9:86:d4:01:
         1e:01:c8:7b:c7:02:cc:92:25:a7:d3:dd:da:13:2f:67:22:ed:
         f5:5f:36:8a:1e:e2:42:e1:80:c3:33:80:44:33:cd:d2:94:96:
         04:2b:09:ff:ff:db:09:94:0d:3c:a4:e0:82:2c:5b:a3:07:ae:
         35:c1:d8:ab:ab:9c:d7:f6:55:aa:0b:e4:52:7f:b2:f7:47:1e:
         17:f2:04:f5:b3:e1:c8:d6:4f:ef:3f:33:4a:24:68:b1:a1:28:
         dc:f1:0f:d2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYNqgC2SWphFZMA9kl612LtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NDQ2ODBjMjBkMWFmMDFmMTY5YjE4YWM5Yzc3ZDk4Nzcx
MzNjZGUwHhcNMjIwOTIzMTMxODQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjFiZTU2Njg5MjFkMzdhZmNlMTE0NWU4NmZiN2YwMWIzNmI2MThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTW4yOSO7CoRp+HKPtiQxrF/0TX/
wlY9s9MXgtnSr4Xzc+TTD3rl/Q1tHIYC1yK9ceDmxVb/GCqoYvGHqNvBIsKM971d
BA2vkc4Rv1+w/+j6e8BoKAlDCw5SqE/GFmxjS3eye8FPrc3XZkfYjhd6sIzJyhsM
k1ezgbsYnpXbPO9P9KA+Pz/ZKHyvdHoetS3erH42wDtgSyBX1m72c6em1qNcECzP
cTzo+aFhMEybcDkADBxL69JCKi/RGFn2LZnLupgBKIMehgE2CMHcYqzX/ToUNSnA
skkC9T9Abmx/U9wSwLfIMEBiXVN6NO29qp2secJQmeurQSXaX02xe5ZYYwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDYb5WaJIdN6/OEUXob7fwGza2GOMB8GA1UdIwQY
MBaAFElEaAwg0a8B8WmxisnHfZh3EzzeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1VSb0RDRFJyd0h4YWJHS3ljZDltSGNUUE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83ZGVlMDktY2QyZS00MDMwLWFiOTIt
ZWJkY2MwMmZiYWU5LzEvTmh2bFpva2gwM3I4NFJSZWh2dF9BYk5yWVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83ZGVlMDktY2QyZS00MDMwLWFiOTItZWJkY2MwMmZiYWU5
LzEvU1VSb0RDRFJyd0h4YWJHS3ljZDltSGNUUE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW+i2AwQB
W+i4AwQAW+nAAwQDsHZQMA0GCSqGSIb3DQEBCwUAA4IBAQCR2vRekKYmsh4TdRVT
sw9sKmqVS1mgxKD4mZSAYKof7FQfGZjwG4OuX6yMErO+vHr5OBFgImi2U+pYj19n
yFFE5AnOvDF1h0nY9FfMuXKeb/OfNSqwBmXfsoKysJcal9Q/lu/obzOnfAqsuGgV
DgQfKb4qHH5xYhjBD/jmSntmHfF3BtFtOZFgsmm7iXMG6YuvBWaVKsGp8LCXGnjy
WrmG1AEeAch7xwLMkiWn093aEy9nIu31XzaKHuJC4YDDM4BEM83SlJYEKwn//9sJ
lA08pOCCLFujB641wdirq5zX9lWqC+RSf7L3Rx4X8gT1s+HI1k/vPzNKJGixoSjc
8Q/S
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:31 2023 by rpki-client on console-ams.rpki-client.org