Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/BaoHfm4vO3mbag0ERSTxkoAXleY.roa
File:                     BaoHfm4vO3mbag0ERSTxkoAXleY.roa (raw, json)
Hash identifier:          nM0s+d5R8Vwc2xBDOgF5fSsUo/yMzotTcrVShgg7tOM=
Subject key identifier:   05:AA:07:7E:6E:2F:3B:79:9B:6A:0D:04:45:24:F1:92:80:17:95:E6
Certificate issuer:       /CN=9d202808d1f914555e1bd59c1677287ff9b3b590
Certificate serial:       01637297
Authority key identifier: 9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/BaoHfm4vO3mbag0ERSTxkoAXleY.roa
Signing time:             Sat 01 Jan 2022 05:04:28 +0000
ROA not before:           Sat 01 Jan 2022 05:04:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     46071
IP address blocks:        94.231.200.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 23294615 (0x1637297)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d202808d1f914555e1bd59c1677287ff9b3b590
        Validity
            Not Before: Jan  1 05:04:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=05aa077e6e2f3b799b6a0d044524f192801795e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0f:fb:36:99:6a:e0:6f:ce:48:cc:5a:33:2e:
                    70:ac:fa:d2:7d:08:d9:69:5f:83:57:46:e8:5e:bd:
                    b8:0c:cb:dd:44:d0:65:83:0e:f7:6a:d9:3a:31:1b:
                    ca:d2:9e:c2:ee:ec:6d:f1:a3:d4:9d:b8:c1:66:03:
                    ed:ff:35:12:5b:7a:d8:b9:9c:ac:49:ce:58:46:93:
                    ca:1c:c3:de:8d:3e:7e:d6:b3:c0:dc:95:5a:ff:f9:
                    d2:1d:23:16:59:b1:d4:21:2a:0a:5d:bf:76:31:1a:
                    bb:46:92:8e:93:4c:be:65:b3:cc:3c:5e:2a:d7:de:
                    2e:00:3c:55:0b:90:94:78:c1:c7:77:5f:38:41:6f:
                    93:fe:87:a8:c3:f0:33:0e:64:70:61:4a:69:9c:02:
                    a8:38:87:0c:b7:c2:08:fe:33:e3:cd:a2:f7:a2:8a:
                    94:3d:3b:1d:65:56:78:40:14:8f:76:58:43:d3:74:
                    f1:57:c4:ef:5c:61:27:3c:89:e3:ae:b6:73:93:fe:
                    21:01:a2:bc:fb:19:9e:3f:7c:e7:f3:b2:21:87:f4:
                    18:b3:f4:b7:50:56:73:ef:d1:57:bf:1b:57:6c:3d:
                    9a:bf:cd:0e:b0:97:42:62:af:84:d6:df:14:01:6f:
                    e3:83:d6:70:45:fe:06:ed:89:42:9a:57:84:d8:40:
                    ea:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:AA:07:7E:6E:2F:3B:79:9B:6A:0D:04:45:24:F1:92:80:17:95:E6
            X509v3 Authority Key Identifier:
                keyid:9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/BaoHfm4vO3mbag0ERSTxkoAXleY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:50:6c:ae:1b:c5:2b:4a:3c:e4:85:95:59:1b:88:68:7f:3e:
         cf:de:fd:c4:ab:d3:97:93:75:ed:96:cb:40:10:b5:51:72:ff:
         80:4f:56:a8:14:4e:c3:40:0c:f1:66:4f:46:8e:b5:bb:aa:ea:
         1e:2a:41:ab:58:be:41:60:a4:d1:f6:a4:a7:7d:45:eb:1f:7f:
         69:2b:fb:d1:32:89:c8:10:9e:9f:84:fc:ec:2b:12:ac:1a:42:
         1f:d5:1e:ec:48:3a:7f:8e:c9:30:48:62:00:df:d4:3e:d6:4d:
         33:d7:7c:5e:bb:de:9f:a4:74:e4:4d:aa:ff:2c:16:69:fb:7c:
         fa:dd:2e:85:90:f5:a9:21:bf:34:f0:62:e5:94:d1:76:21:b4:
         5c:c9:e4:39:21:23:1e:29:35:de:6e:8f:ca:0f:f6:1a:b0:b4:
         f9:a8:b4:55:e4:aa:49:da:cf:5f:d2:b2:66:5c:bd:76:6f:66:
         31:10:66:d2:3d:3d:20:20:b7:e2:00:cf:c2:13:31:18:77:9d:
         80:a0:ea:99:6a:50:1b:1d:36:0a:e3:c7:e9:10:f4:fc:3e:a5:
         8a:3e:91:c3:b0:d6:38:8e:f3:2d:e8:cd:8e:a5:7b:46:b3:bf:
         09:08:d2:ee:41:47:d9:62:d1:36:ef:3c:e5:8f:9c:a9:b7:6e:
         ac:d5:76:8a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAWNylzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZDIwMjgwOGQxZjkxNDU1NWUxYmQ1OWMxNjc3Mjg3ZmY5YjNiNTkwMB4XDTIyMDEw
MTA1MDQyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDVhYTA3N2U2ZTJm
M2I3OTliNmEwZDA0NDUyNGYxOTI4MDE3OTVlNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN0P+zaZauBvzkjMWjMucKz60n0I2Wlfg1dG6F69uAzL3UTQ
ZYMO92rZOjEbytKewu7sbfGj1J24wWYD7f81Elt62LmcrEnOWEaTyhzD3o0+ftaz
wNyVWv/50h0jFlmx1CEqCl2/djEau0aSjpNMvmWzzDxeKtfeLgA8VQuQlHjBx3df
OEFvk/6HqMPwMw5kcGFKaZwCqDiHDLfCCP4z482i96KKlD07HWVWeEAUj3ZYQ9N0
8VfE71xhJzyJ4662c5P+IQGivPsZnj985/OyIYf0GLP0t1BWc+/RV78bV2w9mr/N
DrCXQmKvhNbfFAFv44PWcEX+Bu2JQppXhNhA6g0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQFqgd+bi87eZtqDQRFJPGSgBeV5jAfBgNVHSMEGDAWgBSdICgI0fkUVV4b
1ZwWdyh/+bO1kDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25TQW9DTkg1RkZWZUc5V2NGbmNvZl9tenRaQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTMvYTVjMDY5LTgwNjEtNGRlZS05NTY4LTg4MGIyZGY1N2YyNS8x
L0Jhb0hmbTR2TzNtYmFnMEVSU1R4a29BWGxlWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMv
YTVjMDY5LTgwNjEtNGRlZS05NTY4LTg4MGIyZGY1N2YyNS8xL25TQW9DTkg1RkZW
ZUc5V2NGbmNvZl9tenRaQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF7nyDANBgkqhkiG9w0BAQsFAAOC
AQEACVBsrhvFK0o85IWVWRuIaH8+z979xKvTl5N17ZbLQBC1UXL/gE9WqBROw0AM
8WZPRo61u6rqHipBq1i+QWCk0fakp31F6x9/aSv70TKJyBCen4T87CsSrBpCH9Ue
7Eg6f47JMEhiAN/UPtZNM9d8Xrven6R05E2q/ywWaft8+t0uhZD1qSG/NPBi5ZTR
diG0XMnkOSEjHik13m6Pyg/2GrC0+ai0VeSqSdrPX9KyZly9dm9mMRBm0j09ICC3
4gDPwhMxGHedgKDqmWpQGx02CuPH6RD0/D6lij6Rw7DWOI7zLejNjqV7RrO/CQjS
7kFH2WLRNu885Y+cqbdurNV2ig==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:40 2023 by rpki-client on console-fra.rpki-client.org