Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/a-ONLJfZWXCJpc4vE1Mm-kESXwA.roa
File:                     a-ONLJfZWXCJpc4vE1Mm-kESXwA.roa (raw, json)
Hash identifier:          1sEOAkDxC9gBvYVqARNvCjrAXCVr0Wtn43qATn3/sA8=
Subject key identifier:   6B:E3:8D:2C:97:D9:59:70:89:A5:CE:2F:13:53:26:FA:41:12:5F:00
Certificate issuer:       /CN=f93ac6cd2240249bba60171f086e9101cc87ca24
Certificate serial:       01F81FE3
Authority key identifier: F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/a-ONLJfZWXCJpc4vE1Mm-kESXwA.roa
Signing time:             Sat 01 Jan 2022 15:06:20 +0000
ROA not before:           Sat 01 Jan 2022 15:06:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     64249
IP address blocks:        147.189.132.0/24 maxlen: 24
                          147.189.137.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33038307 (0x1f81fe3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f93ac6cd2240249bba60171f086e9101cc87ca24
        Validity
            Not Before: Jan  1 15:06:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6be38d2c97d9597089a5ce2f135326fa41125f00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c8:55:8a:c2:97:43:79:98:90:45:3d:61:82:
                    60:b2:8b:4b:b3:f1:a4:92:33:42:2e:bf:45:d5:de:
                    1f:2d:02:3f:a3:20:6c:ae:36:a5:2d:d2:df:df:b9:
                    84:0c:36:50:a2:e7:a6:74:5e:d9:bf:44:ca:a7:d6:
                    c7:4f:ca:e8:f6:12:8b:47:71:42:09:d1:f3:3f:0b:
                    e8:f2:93:05:f6:20:a7:3b:ee:82:33:68:dd:04:35:
                    27:58:a5:24:7c:0b:65:61:ac:f4:54:26:01:10:f7:
                    88:9c:c5:84:32:32:1c:68:9d:f9:0e:a7:7c:ee:4c:
                    89:7d:9c:58:7d:68:d2:c9:c7:23:29:83:19:e5:79:
                    76:6f:63:f0:ea:53:75:d4:0f:df:d3:59:16:de:94:
                    5c:a5:2e:d4:d2:ac:29:cf:d3:78:3d:79:80:82:f8:
                    0b:43:87:66:28:33:e7:93:60:7f:2e:7b:52:fa:cb:
                    5c:79:82:2b:05:ce:63:62:06:02:23:4e:96:41:7f:
                    3c:dd:ad:ee:17:76:00:d6:47:8c:18:f1:43:d9:8f:
                    cf:1e:f9:68:47:c3:f7:f2:c0:12:d5:23:76:f1:86:
                    52:cd:e3:01:20:b5:4c:7e:c8:fe:ba:d5:c5:3a:c8:
                    15:19:c1:f4:65:26:ae:c7:3d:cc:07:a4:21:b2:20:
                    6c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E3:8D:2C:97:D9:59:70:89:A5:CE:2F:13:53:26:FA:41:12:5F:00
            X509v3 Authority Key Identifier:
                keyid:F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/a-ONLJfZWXCJpc4vE1Mm-kESXwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.132.0/24
                  147.189.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:37:0d:ed:de:25:00:d8:c9:6a:42:60:ec:61:9d:57:72:26:
         5e:b4:10:75:5a:c6:07:85:13:4f:5f:39:e7:4f:dc:60:8c:5c:
         81:72:41:18:03:dc:8e:34:b9:a4:6e:bd:a0:34:50:bf:6d:22:
         9b:bf:a8:af:8e:9c:58:1b:a0:a6:bc:d8:42:7d:2f:1e:48:21:
         15:38:46:98:52:d6:92:c6:04:4d:71:ad:02:c8:2c:27:3f:d0:
         ac:2d:c2:f4:8f:a5:ae:b3:31:4c:ca:40:83:e8:73:1b:03:7a:
         6d:3e:cf:fc:c2:55:0d:cf:b4:be:f6:65:31:a3:ec:75:28:21:
         1b:54:78:8a:02:5d:ba:a3:fb:9d:58:bc:89:9f:5c:12:b5:5b:
         74:a5:05:41:86:63:ca:59:e9:97:ef:92:06:69:4f:4c:25:c2:
         81:63:11:5f:2c:85:9e:46:53:e2:10:88:19:5e:77:71:aa:71:
         cc:ab:18:bf:3d:96:d7:84:4f:b8:10:db:96:62:85:0d:cd:77:
         0e:1a:dd:84:9e:da:1d:93:cb:d3:ad:b8:f0:8d:46:1f:d2:d4:
         c9:f1:1c:aa:45:66:f7:d9:b0:2f:05:9a:1d:09:bb:97:05:0c:
         09:13:06:fa:5e:b9:7b:01:f5:fa:0b:75:74:fa:68:af:21:06:
         48:cf:42:4a
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEAfgf4zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
OTNhYzZjZDIyNDAyNDliYmE2MDE3MWYwODZlOTEwMWNjODdjYTI0MB4XDTIyMDEw
MTE1MDYyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmJlMzhkMmM5N2Q5
NTk3MDg5YTVjZTJmMTM1MzI2ZmE0MTEyNWYwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMXIVYrCl0N5mJBFPWGCYLKLS7PxpJIzQi6/RdXeHy0CP6Mg
bK42pS3S39+5hAw2UKLnpnRe2b9EyqfWx0/K6PYSi0dxQgnR8z8L6PKTBfYgpzvu
gjNo3QQ1J1ilJHwLZWGs9FQmARD3iJzFhDIyHGid+Q6nfO5MiX2cWH1o0snHIymD
GeV5dm9j8OpTddQP39NZFt6UXKUu1NKsKc/TeD15gIL4C0OHZigz55Ngfy57UvrL
XHmCKwXOY2IGAiNOlkF/PN2t7hd2ANZHjBjxQ9mPzx75aEfD9/LAEtUjdvGGUs3j
ASC1TH7I/rrVxTrIFRnB9GUmrsc9zAekIbIgbPcCAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBRr440sl9lZcImlzi8TUyb6QRJfADAfBgNVHSMEGDAWgBT5OsbNIkAkm7pg
Fx8IbpEBzIfKJDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtVHJHelNKQUpKdTZZQmNmQ0c2UkFjeUh5aVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzk4L2IwMzIxMy01ZTgwLTQ5MzEtODFjZS1mNzUyZDgxNjA1ZmIv
MS9hLU9OTEpmWldYQ0pwYzR2RTFNbS1rRVNYd0Eucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4
L2IwMzIxMy01ZTgwLTQ5MzEtODFjZS1mNzUyZDgxNjA1ZmIvMS8xLVRyR3pTSkFK
SnU2WUJjZkNHNlJBY3lIeWlRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk72EAwQAk72JMA0GCSqGSIb3
DQEBCwUAA4IBAQB9Nw3t3iUA2MlqQmDsYZ1XciZetBB1WsYHhRNPXznnT9xgjFyB
ckEYA9yONLmkbr2gNFC/bSKbv6ivjpxYG6CmvNhCfS8eSCEVOEaYUtaSxgRNca0C
yCwnP9CsLcL0j6WuszFMykCD6HMbA3ptPs/8wlUNz7S+9mUxo+x1KCEbVHiKAl26
o/udWLyJn1wStVt0pQVBhmPKWemX75IGaU9MJcKBYxFfLIWeRlPiEIgZXndxqnHM
qxi/PZbXhE+4ENuWYoUNzXcOGt2Entodk8vTrbjwjUYf0tTJ8RyqRWb32bAvBZod
CbuXBQwJEwb6Xrl7AfX6C3V0+mivIQZIz0JK
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:08 2024 by rpki-client on console-ams.rpki-client.org