Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/3fuZmYGygcK8xPn2aENAVwmSfrY.roa
File:                     3fuZmYGygcK8xPn2aENAVwmSfrY.roa (raw, json)
Hash identifier:          kCph57RpnVLm7P0mJeS02IRYyiPrkY+YUbhuNoG+7hw=
Subject key identifier:   DD:FB:99:99:81:B2:81:C2:BC:C4:F9:F6:68:43:40:57:09:92:7E:B6
Certificate issuer:       /CN=89e21a2b8a25b971bdb741a0aae325992304194e
Certificate serial:       07A642E0
Authority key identifier: 89:E2:1A:2B:8A:25:B9:71:BD:B7:41:A0:AA:E3:25:99:23:04:19:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/3fuZmYGygcK8xPn2aENAVwmSfrY.roa
Signing time:             Sat 19 Feb 2022 11:10:16 +0000
ROA not before:           Sat 19 Feb 2022 11:10:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     396998
IP address blocks:        193.25.252.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 128336608 (0x7a642e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89e21a2b8a25b971bdb741a0aae325992304194e
        Validity
            Not Before: Feb 19 11:10:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ddfb999981b281c2bcc4f9f66843405709927eb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b5:dc:03:ac:86:e7:68:a1:4b:f9:cc:c6:04:
                    6d:1b:dd:d7:77:37:0c:48:dc:69:7f:87:c5:16:f6:
                    cc:4a:6d:95:b7:c2:bf:f6:3a:a8:fc:c5:9d:71:b9:
                    82:d7:29:fb:97:7d:9a:8f:6d:c7:06:10:7b:d7:cb:
                    fd:3c:c8:27:b8:c1:7b:49:49:c6:39:ba:19:8b:a2:
                    d1:0f:de:3d:35:bd:2b:d6:2b:ec:92:1a:4e:0e:b1:
                    55:e4:6e:98:bb:65:c8:5d:1d:09:0f:2c:09:b2:e6:
                    b1:45:99:ba:ac:3e:8b:5a:e1:0a:a8:1d:41:5d:8b:
                    9f:05:d7:66:fb:59:37:aa:a2:6c:ac:a6:b4:26:a2:
                    ab:f9:1d:61:73:77:bc:25:8d:11:90:6d:d1:fb:9d:
                    34:d4:9f:79:53:be:53:6e:12:e1:86:f2:b2:ba:0a:
                    55:c0:39:97:51:d3:93:55:e3:69:e3:ba:d1:a7:ec:
                    4d:11:a0:ae:b5:33:66:30:f1:5b:39:ff:32:a7:34:
                    0f:68:0d:7f:8b:a4:7b:76:03:ec:dd:78:ab:5f:83:
                    a1:c0:d4:f2:6d:eb:bd:d8:6f:99:05:ae:76:28:d4:
                    87:b6:99:f3:6b:e5:7b:20:9b:79:90:36:22:35:29:
                    36:1c:bf:d1:25:4e:8d:44:55:88:21:13:8b:f4:eb:
                    2a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:FB:99:99:81:B2:81:C2:BC:C4:F9:F6:68:43:40:57:09:92:7E:B6
            X509v3 Authority Key Identifier:
                keyid:89:E2:1A:2B:8A:25:B9:71:BD:B7:41:A0:AA:E3:25:99:23:04:19:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieIaK4oluXG9t0GgquMlmSMEGU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/3fuZmYGygcK8xPn2aENAVwmSfrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/406991-5be3-4a05-acb2-1ad47ccd2d9a/1/ieIaK4oluXG9t0GgquMlmSMEGU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:15:fa:ac:80:c9:e8:64:51:83:c4:55:b3:9a:21:4c:2a:8d:
         37:ff:bc:c1:72:bb:1e:68:d6:24:ba:e7:eb:66:bb:2e:2e:09:
         8e:52:44:12:20:3d:1c:7b:22:63:8d:79:de:c5:3b:24:1c:7d:
         bd:15:51:a1:6f:de:c8:ee:b9:e9:fb:71:89:df:27:3e:70:d2:
         9d:1a:b4:57:ad:a9:43:45:a5:6d:1b:36:3b:e5:1b:4c:92:ee:
         ea:9d:2f:eb:48:fc:0e:d9:94:5f:f3:57:5b:d4:5e:7a:01:26:
         20:56:36:e2:d0:2c:7c:01:85:4b:38:59:a0:4c:6e:b3:9a:b0:
         b6:6d:5e:d3:dd:c9:bd:7e:10:cd:8a:13:d1:d5:5e:2a:27:26:
         25:c2:fe:9f:35:ab:99:30:5e:fc:3b:f3:83:89:9b:58:f9:d2:
         fe:24:c1:22:46:e7:0f:6e:88:df:5b:d7:07:21:eb:ca:e8:f2:
         c7:7a:32:fd:15:2c:72:6a:d5:40:69:3a:3d:be:27:cd:75:0f:
         9a:08:82:d5:19:a3:45:4a:95:62:e5:50:9b:25:b7:58:df:b3:
         c7:2a:11:cd:57:85:4b:26:94:01:6c:51:cc:10:5c:e9:f8:98:
         18:11:7f:b9:94:14:61:e1:63:b9:dc:f1:a8:e5:6d:7e:a8:b1:
         0c:f1:59:ee
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB6ZC4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OWUyMWEyYjhhMjViOTcxYmRiNzQxYTBhYWUzMjU5OTIzMDQxOTRlMB4XDTIyMDIx
OTExMTAxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGRmYjk5OTk4MWIy
ODFjMmJjYzRmOWY2Njg0MzQwNTcwOTkyN2ViNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALm13AOshudooUv5zMYEbRvd13c3DEjcaX+HxRb2zEptlbfC
v/Y6qPzFnXG5gtcp+5d9mo9txwYQe9fL/TzIJ7jBe0lJxjm6GYui0Q/ePTW9K9Yr
7JIaTg6xVeRumLtlyF0dCQ8sCbLmsUWZuqw+i1rhCqgdQV2LnwXXZvtZN6qibKym
tCaiq/kdYXN3vCWNEZBt0fudNNSfeVO+U24S4YbysroKVcA5l1HTk1XjaeO60afs
TRGgrrUzZjDxWzn/Mqc0D2gNf4uke3YD7N14q1+DocDU8m3rvdhvmQWudijUh7aZ
82vleyCbeZA2IjUpNhy/0SVOjURViCETi/TrKqcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTd+5mZgbKBwrzE+fZoQ0BXCZJ+tjAfBgNVHSMEGDAWgBSJ4horiiW5cb23
QaCq4yWZIwQZTjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2llSWFLNG9sdVhHOXQwR2dxdU1sbVNNRUdVNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2YvNDA2OTkxLTViZTMtNGEwNS1hY2IyLTFhZDQ3Y2NkMmQ5YS8x
LzNmdVptWUd5Z2NLOHhQbjJhRU5BVndtU2ZyWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Yv
NDA2OTkxLTViZTMtNGEwNS1hY2IyLTFhZDQ3Y2NkMmQ5YS8xL2llSWFLNG9sdVhH
OXQwR2dxdU1sbVNNRUdVNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEZ/DANBgkqhkiG9w0BAQsFAAOC
AQEAkxX6rIDJ6GRRg8RVs5ohTCqNN/+8wXK7HmjWJLrn62a7Li4JjlJEEiA9HHsi
Y4153sU7JBx9vRVRoW/eyO656ftxid8nPnDSnRq0V62pQ0WlbRs2O+UbTJLu6p0v
60j8DtmUX/NXW9ReegEmIFY24tAsfAGFSzhZoExus5qwtm1e093JvX4QzYoT0dVe
KicmJcL+nzWrmTBe/Dvzg4mbWPnS/iTBIkbnD26I31vXByHryujyx3oy/RUscmrV
QGk6Pb4nzXUPmgiC1RmjRUqVYuVQmyW3WN+zxyoRzVeFSyaUAWxRzBBc6fiYGBF/
uZQUYeFjudzxqOVtfqixDPFZ7g==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:09 2023 by rpki-client on console-ams.rpki-client.org