Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/f372hS9lXt1j84twPjxRsz6ur4o.roa
File:                     f372hS9lXt1j84twPjxRsz6ur4o.roa (raw, json)
Hash identifier:          cK6Tm9zDEpkZhnvGOtt98VBcB1ttunCULaxycrGf+xg=
Subject key identifier:   7F:7E:F6:85:2F:65:5E:DD:63:F3:8B:70:3E:3C:51:B3:3E:AE:AF:8A
Certificate issuer:       /CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
Certificate serial:       095E2A62
Authority key identifier: 62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/f372hS9lXt1j84twPjxRsz6ur4o.roa
Signing time:             Sat 01 Jan 2022 03:55:18 +0000
ROA not before:           Sat 01 Jan 2022 03:55:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3356
IP address blocks:        85.209.206.0/23 maxlen: 23
                          85.209.204.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 157166178 (0x95e2a62)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
        Validity
            Not Before: Jan  1 03:55:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7f7ef6852f655edd63f38b703e3c51b33eaeaf8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:54:ce:f5:37:18:4a:51:0d:db:ac:48:78:63:
                    be:62:ef:59:85:26:c6:96:04:9a:a2:96:39:0a:8b:
                    2c:06:b2:1c:5d:b1:5d:54:06:55:21:bf:fc:ed:d7:
                    ba:47:b4:c5:3e:a0:84:47:26:77:8c:00:2d:34:63:
                    63:50:c9:90:be:c9:4e:5e:69:b5:01:d0:d0:77:e4:
                    1c:60:37:1e:6e:bf:58:f5:3b:be:ae:73:00:dd:bf:
                    6a:fd:92:f3:d6:c7:e7:d1:1c:a2:60:5e:ad:f9:9e:
                    03:4b:50:06:49:0f:27:c0:e6:09:f0:8a:64:ad:6e:
                    aa:7c:2d:52:f4:12:38:4f:2e:45:ba:69:91:42:5d:
                    25:34:69:dd:00:bd:cc:d4:d7:f6:b0:51:80:9c:79:
                    07:1a:d2:61:56:73:c2:d6:83:65:ca:c5:e7:91:6a:
                    15:4e:84:f1:2a:f2:26:a0:d6:53:cd:ea:f7:73:d7:
                    f3:7b:6e:ba:a5:de:e1:34:b8:0e:31:65:c8:3d:b0:
                    5a:ff:9f:d2:81:1c:55:9b:12:26:2f:2a:b8:86:7f:
                    c3:5f:b3:c1:14:2b:de:d3:0a:af:3e:dc:37:e6:4d:
                    c6:4d:43:57:69:8b:9b:3f:5b:85:c9:ef:28:50:20:
                    dc:ba:ce:2c:e7:58:23:d6:bb:d5:22:40:da:90:9e:
                    38:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7E:F6:85:2F:65:5E:DD:63:F3:8B:70:3E:3C:51:B3:3E:AE:AF:8A
            X509v3 Authority Key Identifier:
                keyid:62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/f372hS9lXt1j84twPjxRsz6ur4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:b6:75:b3:0c:a7:14:0a:d5:ff:1b:3d:37:0d:27:8f:96:15:
         de:be:25:27:ed:f1:b7:5a:eb:bb:8e:0e:9e:e4:7d:af:fb:0c:
         4c:89:e8:b0:c1:a3:62:de:2f:68:26:7c:8a:33:20:e4:d1:7f:
         76:d6:73:8e:7d:ec:d8:96:ce:6f:b6:c1:a2:79:1a:e6:a3:dc:
         f6:1c:bb:cd:90:3a:4c:54:d5:68:7e:46:59:13:fd:73:b3:63:
         9c:b3:80:26:f0:e5:74:56:88:cc:2c:98:3e:01:c3:ef:76:7d:
         15:d9:ad:42:17:f0:8e:45:1c:a5:33:98:7f:fe:08:48:87:3b:
         5b:d1:93:77:a5:fe:f9:ee:ea:57:b3:51:e4:26:3a:5a:1d:31:
         ad:dc:3a:1e:4a:f0:9a:1a:82:13:0f:46:88:8b:14:27:8b:3e:
         fc:d8:37:dc:ef:d3:28:51:79:75:71:4b:fd:dd:f5:6f:84:ce:
         d3:e6:0d:ad:8e:71:b6:10:8d:a4:6f:8a:65:83:a8:c5:52:7a:
         b5:93:27:5b:25:7f:a5:2c:87:15:46:40:ea:74:c1:ee:33:88:
         9a:e2:05:c7:94:4b:a5:5e:a4:69:5d:87:ef:c9:f6:45:c4:de:
         e2:1f:18:98:7b:2f:28:df:ff:c9:55:23:e7:44:74:43:84:eb:
         4d:8c:77:f1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECV4qYjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MmJlY2M0YmE4YTRkNTI0OThhMGQyOTgzYTY4YjYxMzgzYWE3ZmQ3MB4XDTIyMDEw
MTAzNTUxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2Y3ZWY2ODUyZjY1
NWVkZDYzZjM4YjcwM2UzYzUxYjMzZWFlYWY4YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKRUzvU3GEpRDdusSHhjvmLvWYUmxpYEmqKWOQqLLAayHF2x
XVQGVSG//O3Xuke0xT6ghEcmd4wALTRjY1DJkL7JTl5ptQHQ0HfkHGA3Hm6/WPU7
vq5zAN2/av2S89bH59EcomBerfmeA0tQBkkPJ8DmCfCKZK1uqnwtUvQSOE8uRbpp
kUJdJTRp3QC9zNTX9rBRgJx5BxrSYVZzwtaDZcrF55FqFU6E8SryJqDWU83q93PX
83tuuqXe4TS4DjFlyD2wWv+f0oEcVZsSJi8quIZ/w1+zwRQr3tMKrz7cN+ZNxk1D
V2mLmz9bhcnvKFAg3LrOLOdYI9a71SJA2pCeOJkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR/fvaFL2Ve3WPzi3A+PFGzPq6vijAfBgNVHSMEGDAWgBRivsxLqKTVJJig
0pg6aLYTg6p/1zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lyN01TNmlrMVNTWW9OS1lPbWkyRTRPcWY5Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODYvOWM0OTNiLTQxN2ItNGFmNi05ZjQzLTJmZjE0YzIxODcxOS8x
L2YzNzJoUzlsWHQxajg0dHdQanhSc3o2dXI0by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYv
OWM0OTNiLTQxN2ItNGFmNi05ZjQzLTJmZjE0YzIxODcxOS8xL1lyN01TNmlrMVNT
WW9OS1lPbWkyRTRPcWY5Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlXRzDANBgkqhkiG9w0BAQsFAAOC
AQEADrZ1swynFArV/xs9Nw0nj5YV3r4lJ+3xt1rru44OnuR9r/sMTInosMGjYt4v
aCZ8ijMg5NF/dtZzjn3s2JbOb7bBonka5qPc9hy7zZA6TFTVaH5GWRP9c7NjnLOA
JvDldFaIzCyYPgHD73Z9FdmtQhfwjkUcpTOYf/4ISIc7W9GTd6X++e7qV7NR5CY6
Wh0xrdw6HkrwmhqCEw9GiIsUJ4s+/Ng33O/TKFF5dXFL/d31b4TO0+YNrY5xthCN
pG+KZYOoxVJ6tZMnWyV/pSyHFUZA6nTB7jOImuIFx5RLpV6kaV2H78n2RcTe4h8Y
mHsvKN//yVUj50R0Q4TrTYx38Q==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:33 2023 by rpki-client on console-ams.rpki-client.org