Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/c2f028-4643-4fa4-bbb2-28924b056c59/1/PjIhzSMwmqXNoHdgHkoa0gng2Qc.roa
File:                     PjIhzSMwmqXNoHdgHkoa0gng2Qc.roa (raw, json)
Hash identifier:          ovj9VRGnvdgCbE+GPHLWmK3uqXifYpTOayptQmsQhrU=
Subject key identifier:   3E:32:21:CD:23:30:9A:A5:CD:A0:77:60:1E:4A:1A:D2:09:E0:D9:07
Certificate issuer:       /CN=a5860cc77cd48b52197cf5bf7b94920c02144bd5
Certificate serial:       DB60E0
Authority key identifier: A5:86:0C:C7:7C:D4:8B:52:19:7C:F5:BF:7B:94:92:0C:02:14:4B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pYYMx3zUi1IZfPW_e5SSDAIUS9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/c2f028-4643-4fa4-bbb2-28924b056c59/1/PjIhzSMwmqXNoHdgHkoa0gng2Qc.roa
Signing time:             Sat 01 Jan 2022 11:00:45 +0000
ROA not before:           Sat 01 Jan 2022 11:00:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        37.72.136.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14377184 (0xdb60e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5860cc77cd48b52197cf5bf7b94920c02144bd5
        Validity
            Not Before: Jan  1 11:00:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3e3221cd23309aa5cda077601e4a1ad209e0d907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f0:88:4c:f8:1c:bb:2f:2a:93:b7:67:2b:cd:
                    b3:e6:f5:77:75:5e:29:52:15:fa:a4:20:5b:82:9a:
                    f2:35:20:33:9d:6f:5d:69:32:aa:3e:ef:66:0f:d8:
                    ba:5f:ee:b4:15:db:5b:64:10:ca:88:41:1e:74:2f:
                    b9:f4:ab:01:84:6c:f2:4f:b2:b7:d6:92:a9:d2:cb:
                    dc:01:26:27:04:90:f1:be:d4:2e:4d:32:8b:d9:12:
                    9a:4c:89:cf:a8:26:cf:12:b9:c4:5c:a4:0a:18:b6:
                    cf:e2:02:db:53:7e:47:0c:3b:c5:d9:47:31:f6:59:
                    65:52:d7:b5:3e:c1:ee:0c:d6:7d:eb:c7:2d:a2:ab:
                    e1:76:1f:19:ee:50:9c:60:e5:51:79:87:04:90:ca:
                    df:97:fe:8b:76:70:da:a9:87:50:2f:34:05:c4:cc:
                    bb:63:6a:f0:ba:88:c2:82:aa:01:eb:29:6b:de:fd:
                    ef:68:21:46:5f:1e:65:72:d0:d5:35:a7:c0:3b:f4:
                    bd:10:d2:79:01:ae:78:77:8e:25:4d:fb:6b:fe:61:
                    09:72:1f:9b:09:48:7b:37:27:af:75:5f:e1:10:34:
                    57:d2:54:e2:43:14:69:df:4d:06:3c:59:c1:dc:89:
                    70:1c:ae:3f:5b:83:42:2e:6b:a0:2c:56:f0:ca:5b:
                    1a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:32:21:CD:23:30:9A:A5:CD:A0:77:60:1E:4A:1A:D2:09:E0:D9:07
            X509v3 Authority Key Identifier:
                keyid:A5:86:0C:C7:7C:D4:8B:52:19:7C:F5:BF:7B:94:92:0C:02:14:4B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pYYMx3zUi1IZfPW_e5SSDAIUS9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/c2f028-4643-4fa4-bbb2-28924b056c59/1/PjIhzSMwmqXNoHdgHkoa0gng2Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/c2f028-4643-4fa4-bbb2-28924b056c59/1/pYYMx3zUi1IZfPW_e5SSDAIUS9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:6b:a6:c1:9a:7a:1e:99:ea:7b:65:44:36:d1:15:9c:40:d8:
         5e:50:53:4f:5a:81:89:5a:4b:eb:eb:e8:32:a4:25:26:36:d5:
         d7:29:05:2e:13:f6:73:60:19:13:34:70:94:9f:91:f8:23:b7:
         2d:07:db:fd:a3:fb:34:d7:71:46:e7:8c:f2:a7:7a:80:30:cc:
         c9:f1:22:d3:67:f9:db:f1:c5:84:89:b3:3a:7e:cd:08:e0:ba:
         dc:fd:dc:34:91:bd:46:64:51:8e:0c:5d:5c:4c:ec:78:68:28:
         6c:4e:6e:53:a8:63:b6:d6:0d:56:4b:d4:9c:52:c7:d0:26:89:
         1e:94:fe:a8:9b:03:e0:72:75:19:7b:ba:e1:1a:16:27:3a:ca:
         b3:80:a6:ae:35:0b:b3:c9:72:76:e5:fe:1c:86:8b:79:bc:5d:
         76:0f:54:ff:18:85:41:1f:a5:84:db:3f:05:de:3a:e0:ed:e7:
         fe:04:44:28:5c:98:98:ff:37:6e:a6:b3:f1:b9:74:59:b6:0b:
         7b:68:31:c1:1c:e8:e6:83:41:4d:b6:ba:63:4b:6c:36:ab:16:
         99:dd:83:80:78:66:20:a1:2c:c8:6d:e1:7e:45:bb:69:de:9b:
         57:53:23:22:ce:45:76:b2:d6:95:2a:f3:04:d6:33:e6:7d:98:
         70:b9:eb:60
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEANtg4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NTg2MGNjNzdjZDQ4YjUyMTk3Y2Y1YmY3Yjk0OTIwYzAyMTQ0YmQ1MB4XDTIyMDEw
MTExMDA0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2UzMjIxY2QyMzMw
OWFhNWNkYTA3NzYwMWU0YTFhZDIwOWUwZDkwNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/wiEz4HLsvKpO3ZyvNs+b1d3VeKVIV+qQgW4Ka8jUgM51v
XWkyqj7vZg/Yul/utBXbW2QQyohBHnQvufSrAYRs8k+yt9aSqdLL3AEmJwSQ8b7U
Lk0yi9kSmkyJz6gmzxK5xFykChi2z+IC21N+Rww7xdlHMfZZZVLXtT7B7gzWfevH
LaKr4XYfGe5QnGDlUXmHBJDK35f+i3Zw2qmHUC80BcTMu2Nq8LqIwoKqAespa979
72ghRl8eZXLQ1TWnwDv0vRDSeQGueHeOJU37a/5hCXIfmwlIezcnr3Vf4RA0V9JU
4kMUad9NBjxZwdyJcByuP1uDQi5roCxW8MpbGskCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ+MiHNIzCapc2gd2AeShrSCeDZBzAfBgNVHSMEGDAWgBSlhgzHfNSLUhl8
9b97lJIMAhRL1TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BZWU14M3pVaTFJWmZQV19lNVNTREFJVVM5VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvYzJmMDI4LTQ2NDMtNGZhNC1iYmIyLTI4OTI0YjA1NmM1OS8x
L1BqSWh6U013bXFYTm9IZGdIa29hMGduZzJRYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
YzJmMDI4LTQ2NDMtNGZhNC1iYmIyLTI4OTI0YjA1NmM1OS8xL3BZWU14M3pVaTFJ
WmZQV19lNVNTREFJVVM5VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACVIiDANBgkqhkiG9w0BAQsFAAOC
AQEAF2umwZp6Hpnqe2VENtEVnEDYXlBTT1qBiVpL6+voMqQlJjbV1ykFLhP2c2AZ
EzRwlJ+R+CO3LQfb/aP7NNdxRueM8qd6gDDMyfEi02f52/HFhImzOn7NCOC63P3c
NJG9RmRRjgxdXEzseGgobE5uU6hjttYNVkvUnFLH0CaJHpT+qJsD4HJ1GXu64RoW
JzrKs4CmrjULs8lyduX+HIaLebxddg9U/xiFQR+lhNs/Bd464O3n/gREKFyYmP83
bqaz8bl0WbYLe2gxwRzo5oNBTba6Y0tsNqsWmd2DgHhmIKEsyG3hfkW7ad6bV1Mj
Is5FdrLWlSrzBNYz5n2YcLnrYA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:15 2023 by rpki-client on console-ams.rpki-client.org