Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/kMnTxTH4GEd_xKAQwW2BuJYXeBQ.roa
File:                     kMnTxTH4GEd_xKAQwW2BuJYXeBQ.roa (raw, json)
Hash identifier:          bPapdutR0yp3uq+1CtG1+Xb7dDymeYfxy/10LMvN45o=
Subject key identifier:   90:C9:D3:C5:31:F8:18:47:7F:C4:A0:10:C1:6D:81:B8:96:17:78:14
Certificate issuer:       /CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
Certificate serial:       0D80D8D7
Authority key identifier: DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/kMnTxTH4GEd_xKAQwW2BuJYXeBQ.roa
Signing time:             Sat 01 Jan 2022 08:54:39 +0000
ROA not before:           Sat 01 Jan 2022 08:54:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199659
IP address blocks:        185.223.88.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 226547927 (0xd80d8d7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
        Validity
            Not Before: Jan  1 08:54:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90c9d3c531f818477fc4a010c16d81b896177814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f4:0a:d3:87:a7:4c:d3:49:49:33:f3:75:14:
                    ae:e6:ff:20:53:b7:af:f3:b8:c7:65:ca:39:8e:d2:
                    73:be:7d:89:4a:f7:ec:9c:6f:0d:82:e0:42:3d:47:
                    97:4c:cc:50:60:7a:2b:e9:16:9f:fb:09:40:1e:a8:
                    43:21:b3:20:cb:d0:dc:1d:44:b8:d1:5c:24:11:36:
                    4b:a0:01:21:4c:03:92:be:38:da:6c:af:73:77:72:
                    94:07:d6:49:4e:24:7d:de:2c:ad:52:22:19:d6:10:
                    fa:59:fb:d2:97:84:90:69:58:23:47:25:d6:60:f5:
                    09:7f:49:9c:57:21:8d:6b:38:d5:6a:c6:d9:39:d2:
                    b4:4c:d9:e7:db:d2:9d:a8:5d:3b:b6:93:02:e8:4f:
                    60:fa:f1:74:63:66:d8:b8:d6:e6:d0:1a:8a:c0:dd:
                    8b:c0:26:5f:0e:bf:a4:42:62:21:32:43:14:29:9c:
                    ac:98:4b:a7:8c:36:8b:b9:33:84:b5:27:d3:76:d9:
                    ba:d7:65:b4:2a:13:2f:78:1c:b5:ed:30:0d:16:e6:
                    8e:81:c7:44:20:bd:3c:e2:fd:ec:70:a2:e7:30:13:
                    4e:50:8d:36:32:e1:e5:f1:b6:82:1a:f6:08:33:b3:
                    f1:d3:f5:eb:d5:84:84:f9:4c:b1:db:a4:a7:eb:e1:
                    67:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:C9:D3:C5:31:F8:18:47:7F:C4:A0:10:C1:6D:81:B8:96:17:78:14
            X509v3 Authority Key Identifier:
                keyid:DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/kMnTxTH4GEd_xKAQwW2BuJYXeBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:4a:86:99:fc:6a:e5:2c:b3:a2:20:23:81:ff:11:f2:04:45:
         fa:a6:d7:bd:61:6e:1b:99:34:d7:e0:82:b1:5e:bc:b1:e0:73:
         b7:b1:3d:98:b4:1a:07:6d:f8:13:df:27:6f:80:5c:2c:bb:4d:
         e0:14:df:14:d4:9e:bd:b6:66:59:87:93:65:c1:17:7d:bc:4f:
         ec:ed:64:54:74:e4:49:cb:ca:c6:4a:ea:f2:04:7a:6f:74:58:
         08:17:85:b4:e4:39:0a:a1:88:45:e7:ef:fb:9b:82:51:5a:f9:
         7f:21:b6:22:37:20:ad:bb:cb:c7:9f:36:c7:4d:ff:91:d2:f5:
         33:28:96:14:72:7d:eb:cf:43:e3:f9:d9:43:98:ed:62:af:79:
         7a:bc:a0:00:a0:d5:9d:d2:24:cd:93:64:dd:2a:df:69:74:5d:
         6d:ea:87:6f:3d:ab:15:20:ad:b2:03:92:0a:39:c2:13:2b:70:
         fc:22:b9:fe:9d:80:f5:0e:b6:43:1f:c0:e5:93:f2:ee:8c:13:
         8f:c0:82:50:c0:28:f2:57:40:93:91:c0:8c:b3:41:ab:f7:79:
         3c:a8:53:f5:60:18:62:26:cb:e2:36:0c:32:81:48:5d:4b:bc:
         fa:83:5b:f0:41:63:44:f7:00:99:e1:e4:a9:66:59:b0:bf:a6:
         69:cd:41:3c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDYDY1zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
Y2FlNGIwNDcxYTYxODcyYzQwNDE0MmUxZjkwZjUwNzRmMGQ2ZjE1MB4XDTIyMDEw
MTA4NTQzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTBjOWQzYzUzMWY4
MTg0NzdmYzRhMDEwYzE2ZDgxYjg5NjE3NzgxNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANP0CtOHp0zTSUkz83UUrub/IFO3r/O4x2XKOY7Sc759iUr3
7JxvDYLgQj1Hl0zMUGB6K+kWn/sJQB6oQyGzIMvQ3B1EuNFcJBE2S6ABIUwDkr44
2myvc3dylAfWSU4kfd4srVIiGdYQ+ln70peEkGlYI0cl1mD1CX9JnFchjWs41WrG
2TnStEzZ59vSnahdO7aTAuhPYPrxdGNm2LjW5tAaisDdi8AmXw6/pEJiITJDFCmc
rJhLp4w2i7kzhLUn03bZutdltCoTL3gcte0wDRbmjoHHRCC9POL97HCi5zATTlCN
NjLh5fG2ghr2CDOz8dP169WEhPlMsdukp+vhZ38CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSQydPFMfgYR3/EoBDBbYG4lhd4FDAfBgNVHSMEGDAWgBTcrksEcaYYcsQE
FC4fkPUHTw1vFTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNLNUxCSEdtR0hMRUJCUXVINUQxQjA4TmJ4VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTIvNjdmOWE3LWE2ZTgtNDI2ZS1iYWM0LTRiNjhiMTVkMzAxYS8x
L2tNblR4VEg0R0VkX3hLQVF3VzJCdUpZWGVCUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIv
NjdmOWE3LWE2ZTgtNDI2ZS1iYWM0LTRiNjhiMTVkMzAxYS8xLzNLNUxCSEdtR0hM
RUJCUXVINUQxQjA4TmJ4VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArnfWDANBgkqhkiG9w0BAQsFAAOC
AQEANkqGmfxq5SyzoiAjgf8R8gRF+qbXvWFuG5k01+CCsV68seBzt7E9mLQaB234
E98nb4BcLLtN4BTfFNSevbZmWYeTZcEXfbxP7O1kVHTkScvKxkrq8gR6b3RYCBeF
tOQ5CqGIRefv+5uCUVr5fyG2IjcgrbvLx582x03/kdL1MyiWFHJ9689D4/nZQ5jt
Yq95erygAKDVndIkzZNk3SrfaXRdbeqHbz2rFSCtsgOSCjnCEytw/CK5/p2A9Q62
Qx/A5ZPy7owTj8CCUMAo8ldAk5HAjLNBq/d5PKhT9WAYYibL4jYMMoFIXUu8+oNb
8EFjRPcAmeHkqWZZsL+mac1BPA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:07 2024 by rpki-client on console-ams.rpki-client.org