Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/u4f3gKSN-ORjKNrCABB834Wii4Y.roa
File:                     u4f3gKSN-ORjKNrCABB834Wii4Y.roa (raw, json)
Hash identifier:          zTXQNC7M7EecMegSNLqPbqSk/wxeXMjtxGVyURDva2I=
Subject key identifier:   BB:87:F7:80:A4:8D:F8:E4:63:28:DA:C2:00:10:7C:DF:85:A2:8B:86
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       0183188838BE5DEC0D9740A5BB9D70B72166
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/u4f3gKSN-ORjKNrCABB834Wii4Y.roa
Signing time:             Wed 07 Sep 2022 15:18:43 +0000
ROA not before:           Wed 07 Sep 2022 15:18:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     138687
IP address blocks:        91.239.148.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:18:88:38:be:5d:ec:0d:97:40:a5:bb:9d:70:b7:21:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Sep  7 15:18:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bb87f780a48df8e46328dac200107cdf85a28b86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ee:35:08:79:7e:6f:d2:50:ba:6a:05:22:fe:
                    d6:0c:d4:77:cc:a1:85:9f:64:89:71:0b:db:d4:b4:
                    9f:39:3c:87:94:fa:7e:41:e5:6a:f1:cc:1e:47:af:
                    a7:1f:61:85:d7:48:4c:83:f9:7c:de:de:b6:7c:1f:
                    b2:2c:0c:a4:f9:c1:a3:3e:e2:54:74:19:43:70:40:
                    d4:36:a5:68:ed:b5:78:c2:12:24:59:5d:28:2f:2e:
                    f9:aa:bb:fd:1c:d7:ad:d5:d1:7d:0e:87:d2:b3:b1:
                    95:b9:53:50:a4:22:22:58:29:29:b5:52:6e:7f:77:
                    c4:bf:bd:20:ab:8b:b1:05:0d:86:aa:4a:42:4e:3f:
                    2c:32:c5:20:01:76:1a:69:4a:4b:20:67:7d:a5:d2:
                    1d:d8:c4:a0:69:02:05:c9:6e:d2:58:ba:ce:e5:20:
                    bf:8a:de:de:f3:64:a4:13:3c:d8:0b:3b:b9:bf:d4:
                    d0:32:a8:3d:e3:6e:a1:7e:a1:91:78:df:c4:aa:7b:
                    ec:c8:7f:fb:80:04:5b:dd:d2:8b:25:11:d8:ec:41:
                    4c:e5:ca:5d:22:49:b3:1b:06:b7:f7:67:28:28:01:
                    69:c7:1a:30:1d:99:1a:af:e1:18:1c:8c:66:66:ac:
                    f2:3e:5f:ed:b0:b3:d7:ce:42:2b:f6:da:5b:0d:c8:
                    3f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:87:F7:80:A4:8D:F8:E4:63:28:DA:C2:00:10:7C:DF:85:A2:8B:86
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/u4f3gKSN-ORjKNrCABB834Wii4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:c1:25:ef:ce:91:18:f0:ba:ff:10:d4:0b:79:38:0e:1b:e0:
         b8:87:47:6e:ce:51:ca:c5:db:64:da:8b:a8:03:33:9a:89:81:
         d6:4c:75:5a:f8:b3:8f:ec:f5:8e:3f:f6:a5:7e:bb:22:fe:b0:
         5c:cc:43:6c:12:d6:95:62:0c:96:2f:e9:74:29:2c:41:c0:f9:
         c0:8d:bf:fd:08:18:40:80:e2:e5:fd:a8:c2:ef:8f:ff:02:c8:
         1a:60:65:5a:b3:a7:0a:af:f9:8a:2a:8d:05:db:62:76:de:0b:
         87:15:f1:f2:07:ef:e1:78:5a:02:97:f3:08:b7:e8:02:50:7e:
         50:b5:07:92:08:b0:99:1e:0c:1d:b9:ed:06:5f:d0:c6:34:d7:
         c3:61:d7:f4:4c:52:7e:84:02:81:ad:80:a7:5b:dc:ce:be:c1:
         d4:68:d5:a6:ef:88:41:79:92:b7:6b:3b:ce:97:29:52:72:e8:
         75:42:65:ca:31:d4:90:64:d0:d3:a9:6a:34:47:c9:d3:24:c3:
         ac:ed:23:03:53:92:36:3e:8f:f5:e0:2a:ab:35:0d:c0:e9:b2:
         17:85:98:53:6a:6e:3a:23:fc:f3:0b:d7:4c:52:fa:67:5e:75:
         c4:72:a2:64:25:bc:8a:76:48:12:9a:98:79:67:8c:a2:86:b1:
         01:46:aa:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYMYiDi+XewNl0Clu51wtyFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjIwOTA3MTUxODQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjg3Zjc4MGE0OGRmOGU0NjMyOGRhYzIwMDEwN2NkZjg1YTI4Yjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+41CHl+b9JQumoFIv7WDNR3zKGF
n2SJcQvb1LSfOTyHlPp+QeVq8cweR6+nH2GF10hMg/l83t62fB+yLAyk+cGjPuJU
dBlDcEDUNqVo7bV4whIkWV0oLy75qrv9HNet1dF9DofSs7GVuVNQpCIiWCkptVJu
f3fEv70gq4uxBQ2GqkpCTj8sMsUgAXYaaUpLIGd9pdId2MSgaQIFyW7SWLrO5SC/
it7e82SkEzzYCzu5v9TQMqg9426hfqGReN/EqnvsyH/7gARb3dKLJRHY7EFM5cpd
IkmzGwa392coKAFpxxowHZkar+EYHIxmZqzyPl/tsLPXzkIr9tpbDcg/FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuH94CkjfjkYyjawgAQfN+FoouGMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvdTRmM2dLU04tT1JqS05yQ0FCQjgzNFdpaTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++UMA0G
CSqGSIb3DQEBCwUAA4IBAQBfwSXvzpEY8Lr/ENQLeTgOG+C4h0duzlHKxdtk2ouo
AzOaiYHWTHVa+LOP7PWOP/alfrsi/rBczENsEtaVYgyWL+l0KSxBwPnAjb/9CBhA
gOLl/ajC74//AsgaYGVas6cKr/mKKo0F22J23guHFfHyB+/heFoCl/MIt+gCUH5Q
tQeSCLCZHgwdue0GX9DGNNfDYdf0TFJ+hAKBrYCnW9zOvsHUaNWm74hBeZK3azvO
lylScuh1QmXKMdSQZNDTqWo0R8nTJMOs7SMDU5I2Po/14CqrNQ3A6bIXhZhTam46
I/zzC9dMUvpnXnXEcqJkJbyKdkgSmph5Z4yihrEBRqpG
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:12 2023 by rpki-client on console-ams.rpki-client.org