Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/3joA1-zdQU33FRslwF0h0bzUuD8.roa
File:                     3joA1-zdQU33FRslwF0h0bzUuD8.roa (raw, json)
Hash identifier:          pihrrnU4Ztwx2ar7qJ7AyCKeaGw56nuexEuJSqrZzf0=
Subject key identifier:   DE:3A:00:D7:EC:DD:41:4D:F7:15:1B:25:C0:5D:21:D1:BC:D4:B8:3F
Certificate issuer:       /CN=15403e157c82f75efa7c54a9bc7d0d1bf01b1cae
Certificate serial:       088EADF1
Authority key identifier: 15:40:3E:15:7C:82:F7:5E:FA:7C:54:A9:BC:7D:0D:1B:F0:1B:1C:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FUA-FXyC9176fFSpvH0NG_AbHK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/3joA1-zdQU33FRslwF0h0bzUuD8.roa
Signing time:             Sat 01 Jan 2022 10:56:53 +0000
ROA not before:           Sat 01 Jan 2022 10:56:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     394814
IP address blocks:        91.239.187.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 143568369 (0x88eadf1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15403e157c82f75efa7c54a9bc7d0d1bf01b1cae
        Validity
            Not Before: Jan  1 10:56:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=de3a00d7ecdd414df7151b25c05d21d1bcd4b83f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a2:f2:c2:5a:5b:79:85:f6:46:57:df:b3:0c:
                    9d:dd:3d:22:1b:13:53:c7:a5:73:cf:6b:7f:62:56:
                    62:06:d5:b4:40:ce:7c:9d:59:79:7b:b7:0c:1e:16:
                    ca:38:ef:fa:31:bf:cf:fa:e3:17:45:e7:c3:9f:63:
                    bc:ae:6d:50:9f:03:b7:1d:fe:d3:cd:71:d7:5a:40:
                    d9:fe:00:99:7a:c9:3e:b7:60:3b:2c:78:34:71:0f:
                    de:3e:97:19:20:c5:0b:c5:24:ae:c3:e1:81:89:d6:
                    be:fe:f7:24:33:eb:cd:c9:cc:d2:15:8a:7e:fb:82:
                    2b:68:58:8a:0f:bb:ff:3f:8f:85:11:3f:a2:a4:64:
                    10:79:5d:b2:07:71:8d:bc:e2:0e:c4:cc:45:2f:a6:
                    ab:06:af:fb:a1:fd:81:78:8b:58:f1:42:6e:a4:c9:
                    da:1c:b6:fb:20:3b:04:cc:a3:93:dd:07:71:28:f5:
                    1e:a1:d0:58:56:aa:f7:2e:e9:68:c7:aa:76:ba:24:
                    92:b9:bb:1d:96:70:53:e7:26:05:38:62:53:4e:44:
                    88:29:89:e1:1a:a2:29:56:89:7f:65:8e:85:cb:a3:
                    2c:6b:95:78:28:d3:6e:b9:33:db:23:26:40:e4:ae:
                    1f:b6:84:7f:19:88:9d:a4:67:16:05:e2:2d:c8:96:
                    64:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:3A:00:D7:EC:DD:41:4D:F7:15:1B:25:C0:5D:21:D1:BC:D4:B8:3F
            X509v3 Authority Key Identifier:
                keyid:15:40:3E:15:7C:82:F7:5E:FA:7C:54:A9:BC:7D:0D:1B:F0:1B:1C:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FUA-FXyC9176fFSpvH0NG_AbHK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/3joA1-zdQU33FRslwF0h0bzUuD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/FUA-FXyC9176fFSpvH0NG_AbHK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:81:4c:a7:ba:73:59:35:b3:4e:b8:5b:5e:03:64:bd:a2:df:
         e3:25:ed:69:89:be:70:68:41:ef:e3:cf:55:13:c0:5d:5c:95:
         d2:86:c1:bb:c5:04:d0:a8:b7:9f:f4:ce:d2:f5:a9:9a:3e:73:
         18:4d:7d:0a:c5:00:4b:16:58:44:ce:43:27:06:41:1c:c1:b6:
         61:67:93:27:3a:d7:87:91:05:d0:a8:58:ca:d6:98:e6:7f:82:
         6f:6a:ec:18:04:d5:22:99:e7:e2:3e:6e:59:fa:71:be:11:0b:
         c2:1a:37:11:e3:58:ff:5d:e9:2d:9c:d1:e9:19:43:2f:72:e0:
         d0:91:3d:6f:3b:68:f5:a6:e8:d3:a1:90:ff:11:b1:4a:10:54:
         71:34:7a:47:af:6c:45:dc:79:d7:df:f3:90:50:4c:c2:cd:b8:
         b8:40:29:9d:8d:2b:ae:d1:d2:10:4f:03:a2:78:63:a4:ba:55:
         3f:f3:c2:e1:64:04:fd:ee:c1:f1:ee:46:0c:34:31:b4:39:e4:
         84:dd:07:72:78:e3:ff:6b:bd:8f:06:b7:7c:7d:73:77:cb:7b:
         92:eb:7d:ce:63:ed:e3:b4:e5:16:72:d6:f7:af:eb:6c:83:7e:
         45:ba:4b:3d:98:12:06:f5:84:a8:fc:cd:e2:77:db:93:c3:85:
         a2:3b:a7:74
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECI6t8TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
NTQwM2UxNTdjODJmNzVlZmE3YzU0YTliYzdkMGQxYmYwMWIxY2FlMB4XDTIyMDEw
MTEwNTY1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGUzYTAwZDdlY2Rk
NDE0ZGY3MTUxYjI1YzA1ZDIxZDFiY2Q0YjgzZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMWi8sJaW3mF9kZX37MMnd09IhsTU8elc89rf2JWYgbVtEDO
fJ1ZeXu3DB4Wyjjv+jG/z/rjF0Xnw59jvK5tUJ8Dtx3+081x11pA2f4AmXrJPrdg
Oyx4NHEP3j6XGSDFC8UkrsPhgYnWvv73JDPrzcnM0hWKfvuCK2hYig+7/z+PhRE/
oqRkEHldsgdxjbziDsTMRS+mqwav+6H9gXiLWPFCbqTJ2hy2+yA7BMyjk90HcSj1
HqHQWFaq9y7paMeqdrokkrm7HZZwU+cmBThiU05EiCmJ4RqiKVaJf2WOhcujLGuV
eCjTbrkz2yMmQOSuH7aEfxmInaRnFgXiLciWZPsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTeOgDX7N1BTfcVGyXAXSHRvNS4PzAfBgNVHSMEGDAWgBQVQD4VfIL3Xvp8
VKm8fQ0b8BscrjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0ZVQS1GWHlDOTE3NmZGU3B2SDBOR19BYkhLNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjIvZWFmODgwLTcxMDYtNGQzMy04NzM1LTMzNGY5NDI5MjQ4ZS8x
LzNqb0ExLXpkUVUzM0ZSc2x3RjBoMGJ6VXVEOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIv
ZWFmODgwLTcxMDYtNGQzMy04NzM1LTMzNGY5NDI5MjQ4ZS8xL0ZVQS1GWHlDOTE3
NmZGU3B2SDBOR19BYkhLNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvvuzANBgkqhkiG9w0BAQsFAAOC
AQEAGYFMp7pzWTWzTrhbXgNkvaLf4yXtaYm+cGhB7+PPVRPAXVyV0obBu8UE0Ki3
n/TO0vWpmj5zGE19CsUASxZYRM5DJwZBHMG2YWeTJzrXh5EF0KhYytaY5n+Cb2rs
GATVIpnn4j5uWfpxvhELwho3EeNY/13pLZzR6RlDL3Lg0JE9bzto9abo06GQ/xGx
ShBUcTR6R69sRdx519/zkFBMws24uEApnY0rrtHSEE8DonhjpLpVP/PC4WQE/e7B
8e5GDDQxtDnkhN0Hcnjj/2u9jwa3fH1zd8t7kut9zmPt47TlFnLW96/rbIN+RbpL
PZgSBvWEqPzN4nfbk8OFojundA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:24 2023 by rpki-client on console-ams.rpki-client.org