Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/1f48GDh7gTJikPhUsqOVDX1dUdI.roa
File:                     1f48GDh7gTJikPhUsqOVDX1dUdI.roa (raw, json)
Hash identifier:          2Bt3Uv1auFZcr6u7oSKJY8Vxt4hNo3V7ouuQI57k3Vg=
Subject key identifier:   D5:FE:3C:18:38:7B:81:32:62:90:F8:54:B2:A3:95:0D:7D:5D:51:D2
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       0764F555
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/1f48GDh7gTJikPhUsqOVDX1dUdI.roa
Signing time:             Sat 01 Jan 2022 03:51:33 +0000
ROA not before:           Sat 01 Jan 2022 03:51:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397630
IP address blocks:        45.137.19.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124056917 (0x764f555)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 03:51:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d5fe3c18387b81326290f854b2a3950d7d5d51d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cb:a0:bc:64:9a:f6:78:ac:8c:87:e2:05:b9:
                    ec:53:72:40:c8:d4:53:5b:2d:9e:a6:98:5f:39:7b:
                    1e:67:55:a1:0a:7d:ff:4c:48:f3:d9:22:1c:7f:53:
                    f2:77:a1:bc:94:9a:1b:93:4e:c9:aa:b1:4e:7d:f5:
                    09:7d:92:80:3c:8a:c6:32:cf:ba:8c:36:bc:56:ec:
                    b8:31:0f:f2:db:4e:2c:9b:fb:a1:07:7d:e5:5c:b7:
                    c3:bd:c5:1f:80:dc:d2:ff:b2:cc:f3:03:52:92:5f:
                    3e:e5:a1:cc:67:5b:9a:e1:e9:f2:ce:c8:f6:9a:6d:
                    2c:90:79:7f:8c:05:99:34:cd:75:e9:f4:6d:de:25:
                    e0:93:4e:b7:63:cc:f9:37:27:98:c1:0d:a3:0e:64:
                    84:84:57:83:58:3d:62:82:c0:00:74:e9:a9:ab:24:
                    58:be:19:e7:3b:15:a2:90:45:2d:5f:d3:cf:9d:6d:
                    4c:0d:b4:d8:f5:32:4a:f6:1a:dd:a2:2e:cd:5a:c1:
                    35:3a:6c:e5:fb:9e:da:dd:44:8b:ea:e7:ff:69:10:
                    69:57:42:50:ed:46:7d:c8:28:ae:b4:a1:29:5f:9d:
                    8f:52:ea:22:c4:b4:ed:09:b3:1a:bd:f8:39:34:df:
                    e9:69:a9:a2:27:d6:23:ab:78:eb:1d:ca:df:31:db:
                    e5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:FE:3C:18:38:7B:81:32:62:90:F8:54:B2:A3:95:0D:7D:5D:51:D2
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/1f48GDh7gTJikPhUsqOVDX1dUdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:4d:1b:58:15:6e:4d:66:93:9f:56:77:44:46:70:32:4b:79:
         a4:5b:43:f9:38:4d:25:55:a3:26:74:f1:21:e4:22:de:4b:eb:
         bf:69:58:b6:3e:97:c9:a1:28:9f:17:dd:dc:bf:1f:0c:53:16:
         30:d6:2a:cf:c3:77:34:85:b6:11:6f:db:2e:4b:fc:7e:df:67:
         c1:91:ee:55:9f:b1:f3:fa:80:bf:b6:d6:88:a5:6f:10:69:0f:
         11:d8:b4:c9:0d:d9:e2:02:68:42:1d:0f:65:80:60:f2:5a:4f:
         d3:71:bd:35:f6:e9:cf:ff:5a:e7:7f:f7:84:0f:0a:24:c5:4c:
         55:7c:00:b3:52:e5:bc:f2:fc:ba:d0:69:0d:03:a5:8e:2b:74:
         fa:77:9b:b0:ac:2e:dd:27:ff:2e:e6:8a:37:95:d3:5e:c5:13:
         8e:0e:6d:c5:a8:56:ac:fa:be:bb:90:67:e8:7f:f5:cf:eb:5a:
         74:58:fe:a2:ea:e4:1c:32:d3:f3:1b:29:33:63:4b:52:e1:c3:
         c8:05:ee:d7:a7:de:88:02:b6:2d:35:28:0f:3b:2a:a3:d2:56:
         90:05:43:8b:f2:24:94:07:dd:25:e9:56:3f:e9:33:4b:68:d6:
         9c:3b:ec:43:d4:f2:df:19:db:df:8d:3a:26:cf:9f:44:72:c9:
         f7:25:fd:13
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB2T1VTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YjBjMGQwNDIyNTU2NmRiOTVlOWFkM2IyZWY2MDUwMTQ5NzVhYWEyMB4XDTIyMDEw
MTAzNTEzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDVmZTNjMTgzODdi
ODEzMjYyOTBmODU0YjJhMzk1MGQ3ZDVkNTFkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMPLoLxkmvZ4rIyH4gW57FNyQMjUU1stnqaYXzl7HmdVoQp9
/0xI89kiHH9T8nehvJSaG5NOyaqxTn31CX2SgDyKxjLPuow2vFbsuDEP8ttOLJv7
oQd95Vy3w73FH4Dc0v+yzPMDUpJfPuWhzGdbmuHp8s7I9pptLJB5f4wFmTTNden0
bd4l4JNOt2PM+TcnmMENow5khIRXg1g9YoLAAHTpqaskWL4Z5zsVopBFLV/Tz51t
TA202PUySvYa3aIuzVrBNTps5fue2t1Ei+rn/2kQaVdCUO1GfcgorrShKV+dj1Lq
IsS07QmzGr34OTTf6WmpoifWI6t46x3K3zHb5dECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTV/jwYOHuBMmKQ+FSyo5UNfV1R0jAfBgNVHSMEGDAWgBSbDA0EIlVm25Xp
rTsu9gUBSXWqojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L213d05CQ0pWWnR1VjZhMDdMdllGQVVsMXFxSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvMGVjNmQyLWYxZDctNGIwYS1hZDMzLWU4ZWYyZjA5NTk4ZS8x
LzFmNDhHRGg3Z1RKaWtQaFVzcU9WRFgxZFVkSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
MGVjNmQyLWYxZDctNGIwYS1hZDMzLWU4ZWYyZjA5NTk4ZS8xL213d05CQ0pWWnR1
VjZhMDdMdllGQVVsMXFxSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2JEzANBgkqhkiG9w0BAQsFAAOC
AQEALE0bWBVuTWaTn1Z3REZwMkt5pFtD+ThNJVWjJnTxIeQi3kvrv2lYtj6XyaEo
nxfd3L8fDFMWMNYqz8N3NIW2EW/bLkv8ft9nwZHuVZ+x8/qAv7bWiKVvEGkPEdi0
yQ3Z4gJoQh0PZYBg8lpP03G9Nfbpz/9a53/3hA8KJMVMVXwAs1LlvPL8utBpDQOl
jit0+nebsKwu3Sf/LuaKN5XTXsUTjg5txahWrPq+u5Bn6H/1z+tadFj+ourkHDLT
8xspM2NLUuHDyAXu16feiAK2LTUoDzsqo9JWkAVDi/IklAfdJelWP+kzS2jWnDvs
Q9Ty3xnb3406Js+fRHLJ9yX9Ew==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:12 2023 by rpki-client on console-ams.rpki-client.org