Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/821bbf-a024-457f-9b93-09108f3bf204/1/oGCulP684AsNApss-2gyknwRmfI.roa
File:                     oGCulP684AsNApss-2gyknwRmfI.roa (raw, json)
Hash identifier:          LcfrRqV1YIQa9NmNDObXGohDOWIuwGOby5Hu2JDtjZQ=
Subject key identifier:   A0:60:AE:94:FE:BC:E0:0B:0D:02:9B:2C:FB:68:32:92:7C:11:99:F2
Certificate issuer:       /CN=5fdb8a17efa4654923a35e06b2d05fc7c20d5ef2
Certificate serial:       72F29A
Authority key identifier: 5F:DB:8A:17:EF:A4:65:49:23:A3:5E:06:B2:D0:5F:C7:C2:0D:5E:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X9uKF--kZUkjo14GstBfx8INXvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/821bbf-a024-457f-9b93-09108f3bf204/1/oGCulP684AsNApss-2gyknwRmfI.roa
Signing time:             Sat 01 Jan 2022 01:50:43 +0000
ROA not before:           Sat 01 Jan 2022 01:50:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     136744
IP address blocks:        212.23.208.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7533210 (0x72f29a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fdb8a17efa4654923a35e06b2d05fc7c20d5ef2
        Validity
            Not Before: Jan  1 01:50:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a060ae94febce00b0d029b2cfb6832927c1199f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ee:95:0f:5f:66:48:2d:85:b0:b2:88:33:da:
                    70:1d:4d:d6:99:37:c9:df:91:c2:a0:4c:e2:cf:c5:
                    2f:d2:48:54:4e:c1:44:08:19:83:77:14:61:80:8b:
                    99:b2:00:f8:df:ba:fb:e5:30:e0:33:5e:66:c9:e4:
                    05:68:d1:4b:f0:57:d6:be:db:68:5b:bf:75:a6:23:
                    9c:c4:f6:a4:2f:13:d6:47:6e:3a:bd:18:9b:8b:6c:
                    71:a3:be:25:dd:69:f3:8d:a6:8d:1e:e4:d1:a6:e9:
                    2e:e2:f4:88:c3:58:50:8e:e2:dd:57:eb:5a:6b:8e:
                    19:73:68:50:54:33:82:2a:9f:8f:7e:e7:2e:46:1e:
                    8e:c0:6d:9e:d8:87:f4:20:14:01:37:92:9e:69:fd:
                    da:0d:f6:61:83:d7:0c:13:54:a0:8f:da:81:d8:af:
                    b1:18:36:0d:ed:2c:ff:95:b8:b5:1e:ac:24:7c:15:
                    e8:80:ab:dd:8b:90:9b:c6:99:0c:a1:6d:2d:bc:87:
                    5c:28:1d:ce:d7:1b:0a:da:ec:f1:ad:34:31:fc:9a:
                    af:2e:4c:9e:f9:d0:14:a5:51:ad:31:61:2d:8c:cc:
                    f8:16:a0:75:0f:cc:cc:48:2e:e1:ab:c7:58:a9:22:
                    b5:39:b1:23:66:02:1a:7b:da:c1:49:1e:a1:4b:13:
                    ef:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:60:AE:94:FE:BC:E0:0B:0D:02:9B:2C:FB:68:32:92:7C:11:99:F2
            X509v3 Authority Key Identifier:
                keyid:5F:DB:8A:17:EF:A4:65:49:23:A3:5E:06:B2:D0:5F:C7:C2:0D:5E:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X9uKF--kZUkjo14GstBfx8INXvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/821bbf-a024-457f-9b93-09108f3bf204/1/oGCulP684AsNApss-2gyknwRmfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/821bbf-a024-457f-9b93-09108f3bf204/1/X9uKF--kZUkjo14GstBfx8INXvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:d4:d8:03:1f:b0:ed:35:9f:14:b2:07:cf:ae:21:84:a6:73:
         b2:a4:09:16:6b:5d:46:13:d4:e6:de:48:71:49:91:a6:f6:09:
         26:9b:f1:06:f0:6c:ae:98:65:b7:20:5a:9c:e3:69:e2:5f:42:
         26:5a:43:aa:fa:40:b2:6e:98:51:1b:22:4b:df:d2:8b:31:51:
         7f:33:85:c9:e6:54:a4:1d:36:82:17:58:63:8b:82:06:bd:88:
         99:5f:89:25:51:55:86:4a:ab:ac:80:f2:8f:82:23:d5:0f:cc:
         80:e9:b8:4f:ca:3d:5a:79:23:4e:f8:d7:83:91:0f:6a:00:d2:
         44:64:ab:8b:6f:db:13:04:68:fc:ea:25:f7:c7:38:22:fe:20:
         d8:82:ae:e8:12:85:5e:73:3f:10:54:e9:46:ae:cb:53:32:84:
         e9:03:7a:c1:5a:2b:84:4b:d8:a7:5e:38:09:bd:0f:cf:c4:ed:
         bb:77:1e:12:25:54:c7:91:9b:fd:52:cc:8a:f9:1d:05:ca:a9:
         ad:c8:fc:5b:2e:9b:99:17:73:52:f3:f2:54:f5:1b:9f:4c:5a:
         d8:7c:0c:d0:57:51:b3:22:12:6f:2a:2f:1b:f4:7f:f7:8f:bb:
         6a:0c:5b:58:1d:ca:bf:72:43:3b:98:d9:70:57:99:ed:14:96:
         e6:b5:92:11
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDcvKaMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDVm
ZGI4YTE3ZWZhNDY1NDkyM2EzNWUwNmIyZDA1ZmM3YzIwZDVlZjIwHhcNMjIwMTAx
MDE1MDQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhhMDYwYWU5NGZlYmNl
MDBiMGQwMjliMmNmYjY4MzI5MjdjMTE5OWYyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxO6VD19mSC2FsLKIM9pwHU3WmTfJ35HCoEziz8Uv0khUTsFE
CBmDdxRhgIuZsgD437r75TDgM15myeQFaNFL8FfWvttoW791piOcxPakLxPWR246
vRibi2xxo74l3WnzjaaNHuTRpuku4vSIw1hQjuLdV+taa44Zc2hQVDOCKp+Pfucu
Rh6OwG2e2If0IBQBN5Keaf3aDfZhg9cME1Sgj9qB2K+xGDYN7Sz/lbi1HqwkfBXo
gKvdi5CbxpkMoW0tvIdcKB3O1xsK2uzxrTQx/JqvLkye+dAUpVGtMWEtjMz4FqB1
D8zMSC7hq8dYqSK1ObEjZgIae9rBSR6hSxPvnwIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFKBgrpT+vOALDQKbLPtoMpJ8EZnyMB8GA1UdIwQYMBaAFF/bihfvpGVJI6Ne
BrLQX8fCDV7yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
WDl1S0YtLWtaVWtqbzE0R3N0QmZ4OElOWHZJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jMC84MjFiYmYtYTAyNC00NTdmLTliOTMtMDkxMDhmM2JmMjA0LzEv
b0dDdWxQNjg0QXNOQXBzcy0yZ3lrbndSbWZJLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC84
MjFiYmYtYTAyNC00NTdmLTliOTMtMDkxMDhmM2JmMjA0LzEvWDl1S0YtLWtaVWtq
bzE0R3N0QmZ4OElOWHZJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfQMA0GCSqGSIb3DQEBCwUAA4IB
AQAH1NgDH7DtNZ8UsgfPriGEpnOypAkWa11GE9Tm3khxSZGm9gkmm/EG8GyumGW3
IFqc42niX0ImWkOq+kCybphRGyJL39KLMVF/M4XJ5lSkHTaCF1hji4IGvYiZX4kl
UVWGSqusgPKPgiPVD8yA6bhPyj1aeSNO+NeDkQ9qANJEZKuLb9sTBGj86iX3xzgi
/iDYgq7oEoVecz8QVOlGrstTMoTpA3rBWiuES9inXjgJvQ/PxO27dx4SJVTHkZv9
UsyK+R0FyqmtyPxbLpuZF3NS8/JU9RufTFrYfAzQV1GzIhJvKi8b9H/3j7tqDFtY
Hcq/ckM7mNlwV5ntFJbmtZIR
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:13 2023 by rpki-client on console-ams.rpki-client.org