Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff5e5f-436c-4efc-8df7-9b6d82aced33/1/dtRQnN-KKIY3BL_uVVLnU6gcrOE.roa
File:                     dtRQnN-KKIY3BL_uVVLnU6gcrOE.roa (raw, json)
Hash identifier:          lsPbH0Nosg2POQ1J0YhlAMfd9sag+ryaLo9ZoXmM7o8=
Subject key identifier:   76:D4:50:9C:DF:8A:28:86:37:04:BF:EE:55:52:E7:53:A8:1C:AC:E1
Certificate issuer:       /CN=4c087d065f2e46953c68326dc699b3fc1f7227fc
Certificate serial:       777A1C
Authority key identifier: 4C:08:7D:06:5F:2E:46:95:3C:68:32:6D:C6:99:B3:FC:1F:72:27:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TAh9Bl8uRpU8aDJtxpmz_B9yJ_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff5e5f-436c-4efc-8df7-9b6d82aced33/1/dtRQnN-KKIY3BL_uVVLnU6gcrOE.roa
Signing time:             Sat 01 Jan 2022 02:55:32 +0000
ROA not before:           Sat 01 Jan 2022 02:55:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        212.52.9.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7830044 (0x777a1c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c087d065f2e46953c68326dc699b3fc1f7227fc
        Validity
            Not Before: Jan  1 02:55:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=76d4509cdf8a28863704bfee5552e753a81cace1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:29:69:91:c5:93:ca:76:62:43:76:91:6f:32:
                    58:e4:11:d8:3f:87:58:66:04:89:7c:8c:7b:2d:04:
                    c9:ae:46:4f:03:b2:8b:b9:6a:a6:cb:a8:bd:94:a4:
                    61:0f:d1:71:61:f0:28:22:06:01:88:fe:6d:b9:86:
                    cf:ff:6a:cd:6e:82:0f:57:90:80:5b:3e:68:a1:0c:
                    65:b8:2a:e8:c3:66:e9:e6:99:ec:9a:ca:dd:95:ae:
                    86:f9:5d:05:3f:6f:bc:8c:31:7c:af:43:f5:09:63:
                    30:34:55:e6:90:a7:53:68:72:7f:df:c5:45:7f:af:
                    42:25:44:ef:73:22:2b:5a:00:1d:3a:17:04:8c:85:
                    b8:50:6e:46:97:61:4d:2e:c0:62:98:bd:2e:14:3f:
                    20:5c:00:f7:81:9f:0e:93:a2:6a:61:5b:85:41:ba:
                    37:2f:94:94:45:f3:53:89:2b:39:c8:f0:26:b6:fc:
                    44:7b:d9:e5:80:57:61:6f:25:7e:30:da:a5:af:6f:
                    d4:8d:a9:0f:8c:f1:2d:39:28:ae:d7:c4:81:d5:a7:
                    cd:5f:b6:5e:7a:58:d1:1e:8b:a4:8a:ac:fe:d9:64:
                    9a:d6:c7:1d:b4:e9:5e:33:99:5f:4f:78:07:53:8f:
                    20:09:d8:5d:7f:3f:f7:0a:3d:e9:24:cd:e4:0a:be:
                    3f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D4:50:9C:DF:8A:28:86:37:04:BF:EE:55:52:E7:53:A8:1C:AC:E1
            X509v3 Authority Key Identifier:
                keyid:4C:08:7D:06:5F:2E:46:95:3C:68:32:6D:C6:99:B3:FC:1F:72:27:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TAh9Bl8uRpU8aDJtxpmz_B9yJ_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff5e5f-436c-4efc-8df7-9b6d82aced33/1/dtRQnN-KKIY3BL_uVVLnU6gcrOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff5e5f-436c-4efc-8df7-9b6d82aced33/1/TAh9Bl8uRpU8aDJtxpmz_B9yJ_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:85:54:ee:92:b5:78:79:54:c5:4a:c0:96:90:fa:9c:03:f1:
         58:6d:75:f9:60:fb:dd:bd:15:96:8b:36:ed:f3:7a:75:5a:4e:
         ad:73:0f:51:ed:5c:c1:d5:b3:4e:12:9f:3f:cf:51:0c:e8:df:
         5e:c3:1e:84:52:e1:11:d6:8c:12:18:47:b7:84:38:94:08:ae:
         99:9e:a9:fa:6a:d2:3f:3d:2c:0c:37:b0:6f:eb:41:18:69:b4:
         45:1b:f9:d3:17:f1:c7:e4:36:0d:90:e3:5d:b4:2a:99:59:dd:
         60:b8:9a:0c:2d:65:69:6c:65:8b:45:c1:89:5f:94:76:9b:58:
         3d:5e:5e:9f:9d:13:80:1b:7e:f4:e2:bc:92:62:6d:44:32:b9:
         d6:dc:16:a3:c1:b9:a6:2b:fd:9d:df:05:c9:0e:37:39:71:ba:
         e2:75:77:75:d0:6d:32:ca:f4:25:3b:c2:dd:09:57:04:3c:df:
         d9:35:fd:a4:ee:8b:c0:a4:0b:ce:f9:34:65:60:5c:db:50:15:
         fe:e3:38:d7:92:2c:8b:d2:e7:e4:01:80:3c:a2:a4:68:b9:4d:
         7a:aa:5d:bb:91:c1:20:16:b0:50:0e:b3:ef:75:1c:df:5c:d7:
         fc:15:50:ce:d3:ff:a8:82:ba:4e:91:17:17:a2:36:72:ec:9a:
         71:4e:9d:bf
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDd3ocMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDRj
MDg3ZDA2NWYyZTQ2OTUzYzY4MzI2ZGM2OTliM2ZjMWY3MjI3ZmMwHhcNMjIwMTAx
MDI1NTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3NmQ0NTA5Y2RmOGEy
ODg2MzcwNGJmZWU1NTUyZTc1M2E4MWNhY2UxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1ClpkcWTynZiQ3aRbzJY5BHYP4dYZgSJfIx7LQTJrkZPA7KL
uWqmy6i9lKRhD9FxYfAoIgYBiP5tuYbP/2rNboIPV5CAWz5ooQxluCrow2bp5pns
msrdla6G+V0FP2+8jDF8r0P1CWMwNFXmkKdTaHJ/38VFf69CJUTvcyIrWgAdOhcE
jIW4UG5Gl2FNLsBimL0uFD8gXAD3gZ8Ok6JqYVuFQbo3L5SURfNTiSs5yPAmtvxE
e9nlgFdhbyV+MNqlr2/UjakPjPEtOSiu18SB1afNX7ZeeljRHoukiqz+2WSa1scd
tOleM5lfT3gHU48gCdhdfz/3Cj3pJM3kCr4/XQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFHbUUJzfiiiGNwS/7lVS51OoHKzhMB8GA1UdIwQYMBaAFEwIfQZfLkaVPGgy
bcaZs/wfcif8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
VEFoOUJsOHVScFU4YURKdHhwbXpfQjl5Sl93LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9iMy9mZjVlNWYtNDM2Yy00ZWZjLThkZjctOWI2ZDgyYWNlZDMzLzEv
ZHRSUW5OLUtLSVkzQkxfdVZWTG5VNmdjck9FLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9m
ZjVlNWYtNDM2Yy00ZWZjLThkZjctOWI2ZDgyYWNlZDMzLzEvVEFoOUJsOHVScFU4
YURKdHhwbXpfQjl5Sl93LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQJMA0GCSqGSIb3DQEBCwUAA4IB
AQDUhVTukrV4eVTFSsCWkPqcA/FYbXX5YPvdvRWWizbt83p1Wk6tcw9R7VzB1bNO
Ep8/z1EM6N9ewx6EUuER1owSGEe3hDiUCK6Znqn6atI/PSwMN7Bv60EYabRFG/nT
F/HH5DYNkONdtCqZWd1guJoMLWVpbGWLRcGJX5R2m1g9Xl6fnROAG3704rySYm1E
MrnW3BajwbmmK/2d3wXJDjc5cbridXd10G0yyvQlO8LdCVcEPN/ZNf2k7ovApAvO
+TRlYFzbUBX+4zjXkiyL0ufkAYA8oqRouU16ql27kcEgFrBQDrPvdRzfXNf8FVDO
0/+ogrpOkRcXojZy7JpxTp2/
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:33 2023 by rpki-client on console-fra.rpki-client.org