Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/09e16e-3b3e-4ccb-886e-9891b328ed4a/1/nrBzk3TZS7XCuhrWSr8PJS_ZUsE.roa
File:                     nrBzk3TZS7XCuhrWSr8PJS_ZUsE.roa (raw, json)
Hash identifier:          CUepE9zLUN2mGjHGpAnFZqss0CHQ+Rn4Swss+iyFGN8=
Subject key identifier:   9E:B0:73:93:74:D9:4B:B5:C2:BA:1A:D6:4A:BF:0F:25:2F:D9:52:C1
Certificate issuer:       /CN=a5e7c6ca7370d90d7924a65d860ec9246f4d38a9
Certificate serial:       013F4759
Authority key identifier: A5:E7:C6:CA:73:70:D9:0D:79:24:A6:5D:86:0E:C9:24:6F:4D:38:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pefGynNw2Q15JKZdhg7JJG9NOKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/09e16e-3b3e-4ccb-886e-9891b328ed4a/1/nrBzk3TZS7XCuhrWSr8PJS_ZUsE.roa
Signing time:             Sat 01 Jan 2022 13:00:21 +0000
ROA not before:           Sat 01 Jan 2022 13:00:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        212.24.113.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20924249 (0x13f4759)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5e7c6ca7370d90d7924a65d860ec9246f4d38a9
        Validity
            Not Before: Jan  1 13:00:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9eb0739374d94bb5c2ba1ad64abf0f252fd952c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5a:fb:04:b5:b5:86:c4:76:3e:8d:43:d2:4d:
                    2f:de:31:fd:a5:48:77:cb:3b:11:af:b4:89:9c:40:
                    f8:9a:cd:ad:67:f4:b0:6b:92:f1:72:21:de:7a:02:
                    2c:a7:43:85:60:65:e7:45:76:2b:42:70:a7:e4:b0:
                    6a:06:c8:c4:29:fe:5e:c0:42:94:f2:42:c8:23:cc:
                    f1:80:5f:31:5f:db:78:90:4b:80:61:78:b6:35:47:
                    f0:35:74:d2:87:c7:b8:65:55:3e:74:4c:78:a3:37:
                    14:83:65:a4:00:24:fb:9d:4d:06:46:6c:1c:50:f3:
                    75:15:e5:97:4c:87:f8:26:68:24:ea:60:63:ea:73:
                    5d:71:4a:fe:34:c4:f0:99:d3:4b:e6:1c:4e:b6:83:
                    de:f5:da:5e:fd:79:ea:2c:79:bc:fe:d9:7d:e1:b9:
                    ca:c3:ca:24:1d:d2:ec:69:94:16:ee:69:19:41:7b:
                    3d:9f:40:54:23:3d:01:62:dc:33:1e:e6:1f:38:c6:
                    80:91:61:7f:9c:29:0b:ec:77:63:d2:78:ae:74:52:
                    6f:cc:7b:8f:bd:e6:50:91:4c:dd:3c:a9:52:e6:b4:
                    eb:78:38:08:51:7f:62:51:bd:36:77:bc:f8:d9:9a:
                    7e:ec:09:c9:1a:30:73:c5:09:65:f0:d1:db:36:0c:
                    2c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B0:73:93:74:D9:4B:B5:C2:BA:1A:D6:4A:BF:0F:25:2F:D9:52:C1
            X509v3 Authority Key Identifier:
                keyid:A5:E7:C6:CA:73:70:D9:0D:79:24:A6:5D:86:0E:C9:24:6F:4D:38:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pefGynNw2Q15JKZdhg7JJG9NOKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/09e16e-3b3e-4ccb-886e-9891b328ed4a/1/nrBzk3TZS7XCuhrWSr8PJS_ZUsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/09e16e-3b3e-4ccb-886e-9891b328ed4a/1/pefGynNw2Q15JKZdhg7JJG9NOKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.24.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:4c:6c:83:53:71:94:44:55:05:e7:2e:1b:9e:e7:fc:57:0b:
         6d:63:69:48:b6:e5:f7:1e:19:3f:62:d0:05:c0:21:e7:8c:07:
         fc:c1:50:69:21:dc:f4:ee:b9:75:db:61:65:a9:04:e6:bf:f3:
         00:89:3b:26:0b:49:09:8a:2f:b5:20:9a:2f:71:92:ef:8a:21:
         ec:22:9c:ca:8e:9f:15:6f:9d:c7:7e:c1:1f:0c:cf:98:c5:81:
         f7:9b:d3:1b:a3:fa:88:c0:fe:7d:b6:24:36:66:b2:e8:87:07:
         6e:a1:c6:43:e5:ed:c6:ce:12:f4:09:4d:74:7a:88:c6:1f:8e:
         e9:7b:db:7d:13:d8:96:64:09:ec:13:77:4f:b1:b2:a4:d2:17:
         79:41:c3:bf:64:01:bf:fe:15:9e:8b:1d:dd:4d:69:b9:e2:fa:
         ae:e7:db:d5:46:6d:ed:17:3f:c5:68:ff:f4:14:4b:ea:8c:f9:
         a1:ba:34:d9:73:ae:7a:51:80:01:af:8e:e7:da:d9:56:a4:b7:
         f9:a8:07:5b:5f:1d:a2:1a:85:d8:fb:96:2d:54:d4:51:06:b1:
         e4:95:20:3a:6d:93:fd:b2:80:a1:ee:0a:9a:34:54:c2:e8:6f:
         36:ff:b8:ca:c1:9a:56:0b:e1:7c:26:ef:02:6a:b1:a3:b8:00:
         de:6e:c2:3b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAT9HWTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NWU3YzZjYTczNzBkOTBkNzkyNGE2NWQ4NjBlYzkyNDZmNGQzOGE5MB4XDTIyMDEw
MTEzMDAyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWViMDczOTM3NGQ5
NGJiNWMyYmExYWQ2NGFiZjBmMjUyZmQ5NTJjMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANxa+wS1tYbEdj6NQ9JNL94x/aVId8s7Ea+0iZxA+JrNrWf0
sGuS8XIh3noCLKdDhWBl50V2K0Jwp+SwagbIxCn+XsBClPJCyCPM8YBfMV/beJBL
gGF4tjVH8DV00ofHuGVVPnRMeKM3FINlpAAk+51NBkZsHFDzdRXll0yH+CZoJOpg
Y+pzXXFK/jTE8JnTS+YcTraD3vXaXv156ix5vP7ZfeG5ysPKJB3S7GmUFu5pGUF7
PZ9AVCM9AWLcMx7mHzjGgJFhf5wpC+x3Y9J4rnRSb8x7j73mUJFM3TypUua063g4
CFF/YlG9Nne8+NmafuwJyRowc8UJZfDR2zYMLH8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSesHOTdNlLtcK6GtZKvw8lL9lSwTAfBgNVHSMEGDAWgBSl58bKc3DZDXkk
pl2GDskkb004qTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BlZkd5bk53MlExNUpLWmRoZzdKSkc5Tk9Lay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODUvMDllMTZlLTNiM2UtNGNjYi04ODZlLTk4OTFiMzI4ZWQ0YS8x
L25yQnprM1RaUzdYQ3VocldTcjhQSlNfWlVzRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUv
MDllMTZlLTNiM2UtNGNjYi04ODZlLTk4OTFiMzI4ZWQ0YS8xL3BlZkd5bk53MlEx
NUpLWmRoZzdKSkc5Tk9Lay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQYcTANBgkqhkiG9w0BAQsFAAOC
AQEAQ0xsg1NxlERVBecuG57n/FcLbWNpSLbl9x4ZP2LQBcAh54wH/MFQaSHc9O65
ddthZakE5r/zAIk7JgtJCYovtSCaL3GS74oh7CKcyo6fFW+dx37BHwzPmMWB95vT
G6P6iMD+fbYkNmay6IcHbqHGQ+Xtxs4S9AlNdHqIxh+O6XvbfRPYlmQJ7BN3T7Gy
pNIXeUHDv2QBv/4Vnosd3U1pueL6rufb1UZt7Rc/xWj/9BRL6oz5obo02XOuelGA
Aa+O59rZVqS3+agHW18dohqF2PuWLVTUUQax5JUgOm2T/bKAoe4KmjRUwuhvNv+4
ysGaVgvhfCbvAmqxo7gA3m7COw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:58:51 2023 by rpki-client on console-fra.rpki-client.org