Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/apsKl1TBLCeS8fVNCBwfughVlI4.roa
File:                     apsKl1TBLCeS8fVNCBwfughVlI4.roa (raw, json)
Hash identifier:          XOKsNDcttxEQW2WzijransSVwvWPSrqv826WeSYaVpA=
Subject key identifier:   6A:9B:0A:97:54:C1:2C:27:92:F1:F5:4D:08:1C:1F:BA:08:55:94:8E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       02C4C8CC
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/apsKl1TBLCeS8fVNCBwfughVlI4.roa
Signing time:             Thu 14 Apr 2022 19:31:35 +0000
ROA not before:           Thu 14 Apr 2022 19:31:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400601
IP address blocks:        194.33.32.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46450892 (0x2c4c8cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 14 19:31:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6a9b0a9754c12c2792f1f54d081c1fba0855948e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e6:22:ea:00:67:5d:37:37:28:c2:20:68:93:
                    ea:5b:6f:c9:c7:ec:cb:c1:e9:43:8a:b0:50:18:c8:
                    9a:d4:53:b1:7e:dd:fa:d8:fa:57:70:4a:c4:1c:ab:
                    95:b1:1d:9c:12:ff:fa:78:0e:56:86:d0:a0:ca:b9:
                    52:6a:69:14:ae:0e:08:ba:97:8d:56:dd:67:fa:6b:
                    91:b4:e4:27:f7:10:29:49:3c:2b:d7:ce:6e:7a:ec:
                    90:69:3f:d4:32:64:20:76:e4:bf:3e:d8:0a:20:fd:
                    5e:1f:1b:1d:06:2a:00:bf:af:be:09:27:ae:6d:70:
                    f0:16:dc:45:47:b5:4c:6b:5f:4b:d2:e9:93:6f:d7:
                    bd:d5:da:e8:bf:65:1d:c5:f3:18:2e:f7:7b:75:51:
                    98:93:d1:9a:4d:4b:8f:66:90:e4:b5:69:30:d0:e1:
                    f0:f7:95:35:d9:fe:3c:51:20:e4:39:6d:39:ab:5d:
                    ae:08:68:ae:c5:32:77:6a:02:8d:eb:aa:17:9f:9f:
                    9a:85:4d:9b:c9:c7:59:2a:b8:c4:69:70:0b:18:e2:
                    40:4b:a0:d3:59:e3:1c:c0:fb:88:c0:42:ea:44:ea:
                    3c:df:f7:8d:62:08:59:6e:84:44:9b:06:b8:e7:8c:
                    22:61:b0:b8:e3:07:8a:fc:7a:bf:96:44:b9:9e:37:
                    f6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9B:0A:97:54:C1:2C:27:92:F1:F5:4D:08:1C:1F:BA:08:55:94:8E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/apsKl1TBLCeS8fVNCBwfughVlI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:ad:bd:18:b1:09:3e:45:dd:25:b0:75:5c:21:3b:ec:1f:64:
         c2:dc:ad:a7:17:4e:f6:a2:cb:bc:7b:1b:cd:ee:89:e4:d8:9d:
         41:75:75:a4:31:ab:3b:70:fd:98:51:8e:9d:98:d0:cf:b0:60:
         50:d7:2b:08:74:59:b3:dd:91:ba:3b:94:8a:87:23:da:0e:ae:
         68:f4:58:ca:76:71:b1:75:37:21:4e:08:c2:1a:12:f6:b9:3b:
         2d:88:7a:22:f6:7d:86:07:90:92:b4:75:18:fb:78:e9:6d:f4:
         39:37:4b:b8:a9:c9:44:cb:51:72:60:5c:b8:fb:9e:d9:9c:79:
         4e:e1:52:3a:c8:c0:e3:9d:cc:68:bd:9b:cd:ae:40:da:68:89:
         8c:e5:f4:21:cb:a0:e0:3a:4b:a3:e2:e6:a8:c8:22:6d:66:1c:
         0e:15:dd:05:65:fe:f7:b2:64:ca:4b:93:16:f8:c4:56:ef:ba:
         f9:84:70:89:c2:53:22:a6:5c:70:a3:d9:3e:ba:24:96:52:af:
         29:49:28:28:c4:7b:fc:cf:56:a5:ac:9f:b9:65:24:61:37:ec:
         a4:83:8a:05:5d:92:64:21:a0:ae:62:a2:f0:75:2c:78:f5:6f:
         7f:cb:30:c4:77:f4:32:34:43:e5:77:f4:a7:1f:56:a1:b0:23:
         ee:b5:fa:ba
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAsTIzDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZDU1OWFhZmJmYzA5MzEyNDJlMWQ2MzcyOThjZjFkZDIyM2U0YzI2MB4XDTIyMDQx
NDE5MzEzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmE5YjBhOTc1NGMx
MmMyNzkyZjFmNTRkMDgxYzFmYmEwODU1OTQ4ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/mIuoAZ103NyjCIGiT6ltvycfsy8HpQ4qwUBjImtRTsX7d
+tj6V3BKxByrlbEdnBL/+ngOVobQoMq5UmppFK4OCLqXjVbdZ/prkbTkJ/cQKUk8
K9fObnrskGk/1DJkIHbkvz7YCiD9Xh8bHQYqAL+vvgknrm1w8BbcRUe1TGtfS9Lp
k2/XvdXa6L9lHcXzGC73e3VRmJPRmk1Lj2aQ5LVpMNDh8PeVNdn+PFEg5DltOatd
rghorsUyd2oCjeuqF5+fmoVNm8nHWSq4xGlwCxjiQEug01njHMD7iMBC6kTqPN/3
jWIIWW6ERJsGuOeMImGwuOMHivx6v5ZEuZ439gkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRqmwqXVMEsJ5Lx9U0IHB+6CFWUjjAfBgNVHSMEGDAWgBR9VZqvv8CTEkLh
1jcpjPHdIj5MJjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZWV2FyN19Ba3hKQzRkWTNLWXp4M1NJLVRDWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzAvNDlhZGM2LWJhODktNDAzZi1hZGE5LThjNTAwN2MyYTRiNi8x
L2Fwc0tsMVRCTENlUzhmVk5DQndmdWdoVmxJNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAv
NDlhZGM2LWJhODktNDAzZi1hZGE5LThjNTAwN2MyYTRiNi8xL2ZWV2FyN19Ba3hK
QzRkWTNLWXp4M1NJLVRDWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIhIDANBgkqhkiG9w0BAQsFAAOC
AQEASa29GLEJPkXdJbB1XCE77B9kwtytpxdO9qLLvHsbze6J5NidQXV1pDGrO3D9
mFGOnZjQz7BgUNcrCHRZs92RujuUiocj2g6uaPRYynZxsXU3IU4IwhoS9rk7LYh6
IvZ9hgeQkrR1GPt46W30OTdLuKnJRMtRcmBcuPue2Zx5TuFSOsjA453MaL2bza5A
2miJjOX0Icug4DpLo+LmqMgibWYcDhXdBWX+97JkykuTFvjEVu+6+YRwicJTIqZc
cKPZProkllKvKUkoKMR7/M9WpayfuWUkYTfspIOKBV2SZCGgrmKi8HUsePVvf8sw
xHf0MjRD5Xf0px9WobAj7rX6ug==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:19 2023 by rpki-client on console-fra.rpki-client.org