Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/qWvmMmzX2ohoioz7bpYZQGfAaPs.roa
File:                     qWvmMmzX2ohoioz7bpYZQGfAaPs.roa (raw, json)
Hash identifier:          ClFWgOZljRrhuTlzQeFJtyNTQg2Bw5gNCvkG8b8W0GA=
Subject key identifier:   A9:6B:E6:32:6C:D7:DA:88:68:8A:8C:FB:6E:96:19:40:67:C0:68:FB
Certificate issuer:       /CN=c0a233590de586e0c55821c6f6d5732afc841229
Certificate serial:       08F3FE38
Authority key identifier: C0:A2:33:59:0D:E5:86:E0:C5:58:21:C6:F6:D5:73:2A:FC:84:12:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wKIzWQ3lhuDFWCHG9tVzKvyEEik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/qWvmMmzX2ohoioz7bpYZQGfAaPs.roa
Signing time:             Sat 01 Jan 2022 03:52:06 +0000
ROA not before:           Sat 01 Jan 2022 03:52:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57630
IP address blocks:        31.12.80.0/22 maxlen: 22
                          5.152.152.0/23 maxlen: 23
                          2a02:7e00::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 150208056 (0x8f3fe38)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0a233590de586e0c55821c6f6d5732afc841229
        Validity
            Not Before: Jan  1 03:52:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a96be6326cd7da88688a8cfb6e96194067c068fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b2:99:95:35:f8:ca:97:7e:70:c3:ee:bd:76:
                    89:48:aa:ba:8e:5c:fa:ab:76:31:a5:12:55:ae:58:
                    82:75:8a:9c:b6:f2:21:0b:4f:61:87:6c:ad:2c:95:
                    6c:2e:2d:ba:6d:c0:a3:cf:9b:3c:f7:9b:f6:cd:91:
                    20:03:ee:c3:19:e5:0d:6a:af:e7:91:81:f7:d2:32:
                    16:60:2b:28:2a:1b:53:cb:ac:2a:8a:88:d8:bf:d0:
                    7e:f5:45:e3:c6:a2:01:6d:70:20:bb:20:a8:ca:88:
                    a9:56:54:9e:b9:fd:ef:2b:ec:1b:dd:55:0a:a1:3a:
                    4c:d3:e2:3f:6b:0f:60:79:32:d9:88:10:e9:f0:c1:
                    33:e4:1b:51:a0:e0:fe:44:a5:32:0c:df:fe:58:3f:
                    84:9e:d7:29:bd:b0:43:2e:21:58:76:9b:0b:95:d7:
                    0e:ac:6d:a2:ef:18:0a:74:62:7f:4c:1e:95:9a:9b:
                    ea:1b:21:9c:26:b5:8d:71:41:e9:12:95:14:82:0b:
                    6b:2a:b4:96:93:40:5c:00:bc:5a:3b:ec:db:17:4d:
                    e6:81:4a:d1:20:dd:df:95:ef:19:78:dd:74:af:a1:
                    91:ed:1b:94:e7:9e:2a:8b:7b:ec:30:62:3c:52:b3:
                    f4:bc:98:d7:a5:94:aa:85:89:58:ef:fc:79:cd:a9:
                    3c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6B:E6:32:6C:D7:DA:88:68:8A:8C:FB:6E:96:19:40:67:C0:68:FB
            X509v3 Authority Key Identifier:
                keyid:C0:A2:33:59:0D:E5:86:E0:C5:58:21:C6:F6:D5:73:2A:FC:84:12:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wKIzWQ3lhuDFWCHG9tVzKvyEEik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/qWvmMmzX2ohoioz7bpYZQGfAaPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/97b0b7-013d-433e-b538-a84eb411ef8a/1/wKIzWQ3lhuDFWCHG9tVzKvyEEik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.152.152.0/23
                  31.12.80.0/22
                IPv6:
                  2a02:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:a1:f4:ea:4f:5e:87:91:c0:7e:45:df:06:84:64:2a:b2:9f:
         9b:69:1a:b0:69:b5:d6:b2:93:b5:82:c8:82:52:50:f3:62:e9:
         e9:9d:6b:b2:b1:e8:4b:dd:ee:e0:8c:a1:49:ad:30:6a:12:f4:
         4f:90:af:f8:58:f9:59:38:cf:27:29:c8:55:25:60:05:c1:d7:
         58:d7:a4:50:5e:2a:5b:1e:63:44:94:4f:6d:b4:c4:37:04:48:
         38:12:5f:96:45:19:d8:e8:b9:26:10:1b:ec:0a:99:bf:b9:65:
         c1:bf:da:73:1a:16:b4:2c:a2:e5:e0:d5:ab:c4:f1:50:4b:fc:
         39:c2:7d:14:f1:d9:df:5b:25:ba:7e:a9:07:cf:59:91:89:fe:
         75:36:0d:9e:0d:cc:0c:e4:5c:21:70:ab:05:21:30:65:30:3d:
         b1:7a:a1:a5:2f:7a:7c:c6:82:a8:c9:f6:98:f3:c4:9d:9a:75:
         b5:6d:d0:bc:10:11:46:04:f5:96:2b:83:bd:34:d2:14:74:48:
         38:94:26:36:18:ba:4a:e3:f3:10:63:16:06:9e:3b:c8:08:41:
         7f:56:75:bf:85:65:c8:ed:fc:f7:31:f1:8d:8d:d2:90:1e:35:
         78:bc:9c:ab:fc:65:9a:0d:e5:d2:48:a7:8a:3b:d8:a3:79:10:
         b4:07:07:bd
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIECPP+ODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MGEyMzM1OTBkZTU4NmUwYzU1ODIxYzZmNmQ1NzMyYWZjODQxMjI5MB4XDTIyMDEw
MTAzNTIwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTk2YmU2MzI2Y2Q3
ZGE4ODY4OGE4Y2ZiNmU5NjE5NDA2N2MwNjhmYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM2ymZU1+MqXfnDD7r12iUiquo5c+qt2MaUSVa5YgnWKnLby
IQtPYYdsrSyVbC4tum3Ao8+bPPeb9s2RIAPuwxnlDWqv55GB99IyFmArKCobU8us
KoqI2L/QfvVF48aiAW1wILsgqMqIqVZUnrn97yvsG91VCqE6TNPiP2sPYHky2YgQ
6fDBM+QbUaDg/kSlMgzf/lg/hJ7XKb2wQy4hWHabC5XXDqxtou8YCnRif0welZqb
6hshnCa1jXFB6RKVFIILayq0lpNAXAC8Wjvs2xdN5oFK0SDd35XvGXjddK+hke0b
lOeeKot77DBiPFKz9LyY16WUqoWJWO/8ec2pPOMCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBSpa+YybNfaiGiKjPtulhlAZ8Bo+zAfBgNVHSMEGDAWgBTAojNZDeWG4MVY
Icb21XMq/IQSKTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3dLSXpXUTNsaHVERldDSEc5dFZ6S3Z5RUVpay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWMvOTdiMGI3LTAxM2QtNDMzZS1iNTM4LWE4NGViNDExZWY4YS8x
L3FXdm1NbXpYMm9ob2lvejdicFlaUUdmQWFQcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMv
OTdiMGI3LTAxM2QtNDMzZS1iNTM4LWE4NGViNDExZWY4YS8xL3dLSXpXUTNsaHVE
RldDSEc5dFZ6S3Z5RUVpay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAQWYmAMEAh8MUDANBAIAAjAHAwUD
KgJ+ADANBgkqhkiG9w0BAQsFAAOCAQEArKH06k9eh5HAfkXfBoRkKrKfm2kasGm1
1rKTtYLIglJQ82Lp6Z1rsrHoS93u4IyhSa0wahL0T5Cv+Fj5WTjPJynIVSVgBcHX
WNekUF4qWx5jRJRPbbTENwRIOBJflkUZ2Oi5JhAb7AqZv7llwb/acxoWtCyi5eDV
q8TxUEv8OcJ9FPHZ31slun6pB89ZkYn+dTYNng3MDORcIXCrBSEwZTA9sXqhpS96
fMaCqMn2mPPEnZp1tW3QvBARRgT1liuDvTTSFHRIOJQmNhi6SuPzEGMWBp47yAhB
f1Z1v4VlyO389zHxjY3SkB41eLycq/xlmg3l0kinijvYo3kQtAcHvQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:05 2024 by rpki-client on console-ams.rpki-client.org