Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/bONDjhnw8USHPZT0bXCIPQkx-ms.roa
File:                     bONDjhnw8USHPZT0bXCIPQkx-ms.roa (raw, json)
Hash identifier:          RWV5gDVBLfkGUiZ8mZIflS5ETmWr2RYaAnhNxgGB5GQ=
Subject key identifier:   6C:E3:43:8E:19:F0:F1:44:87:3D:94:F4:6D:70:88:3D:09:31:FA:6B
Certificate issuer:       /CN=2995944e84dc37ba6a42d68bb1e2b9a4421e84a4
Certificate serial:       0E42A760
Authority key identifier: 29:95:94:4E:84:DC:37:BA:6A:42:D6:8B:B1:E2:B9:A4:42:1E:84:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZWUToTcN7pqQtaLseK5pEIehKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/bONDjhnw8USHPZT0bXCIPQkx-ms.roa
Signing time:             Sat 01 Jan 2022 05:00:30 +0000
ROA not before:           Sat 01 Jan 2022 05:00:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        185.214.22.0/24 maxlen: 24
                          185.214.23.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 239249248 (0xe42a760)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2995944e84dc37ba6a42d68bb1e2b9a4421e84a4
        Validity
            Not Before: Jan  1 05:00:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6ce3438e19f0f144873d94f46d70883d0931fa6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:51:64:06:d3:a3:4e:63:fc:7d:cf:6b:f0:68:
                    72:11:f1:92:99:ae:3e:39:4e:65:12:d9:d7:58:4c:
                    92:37:76:78:47:75:03:1f:8c:0e:80:5c:b4:1f:fb:
                    0f:ed:3c:79:69:10:5b:50:f4:e1:36:62:8b:4a:70:
                    ce:c3:5f:f8:91:aa:d4:ba:48:5e:ec:d3:7f:09:be:
                    51:8c:3c:d4:72:3b:95:80:99:ff:6e:4a:a8:8a:64:
                    ab:12:d1:62:51:e1:dd:e2:a5:1b:73:2e:6c:e2:7e:
                    75:3d:77:c1:3b:79:fe:d0:48:8c:fe:80:81:89:b3:
                    84:14:3b:0f:15:f2:f5:a7:88:2e:c1:3a:0a:5f:f4:
                    4e:c1:3d:9e:f9:a3:b6:58:f7:aa:52:79:ca:70:0e:
                    79:c9:cd:5f:47:51:d2:da:99:5f:1d:8c:5d:3f:dd:
                    c9:c8:bf:02:71:99:e0:bd:30:45:b2:6c:31:52:66:
                    eb:fe:07:25:da:0c:62:37:c5:8b:e7:3f:66:08:7d:
                    71:5a:95:50:17:54:5e:05:71:e9:06:6a:2d:0b:95:
                    15:9d:c2:8f:b8:46:87:05:50:3a:60:e1:65:d4:2c:
                    8e:2e:d0:0e:3c:79:ea:f7:f2:24:e6:8e:84:45:6d:
                    ef:3d:7d:f7:a1:f7:24:cd:1b:d7:39:fa:61:75:c4:
                    8f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E3:43:8E:19:F0:F1:44:87:3D:94:F4:6D:70:88:3D:09:31:FA:6B
            X509v3 Authority Key Identifier:
                keyid:29:95:94:4E:84:DC:37:BA:6A:42:D6:8B:B1:E2:B9:A4:42:1E:84:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZWUToTcN7pqQtaLseK5pEIehKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/bONDjhnw8USHPZT0bXCIPQkx-ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/KZWUToTcN7pqQtaLseK5pEIehKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:4b:47:e2:34:a8:39:85:9b:45:2b:90:cd:03:f9:9d:22:96:
         09:5f:04:05:30:1d:b1:24:5a:08:8b:fa:d4:1b:62:45:76:23:
         fb:08:f6:6f:07:31:b5:c4:67:07:8d:18:0e:98:ce:a0:3b:0e:
         10:37:69:b0:77:32:85:ec:49:04:8e:02:28:77:6c:e5:e9:0b:
         1f:e4:1d:ac:73:2b:f5:34:55:df:17:57:f6:f5:01:bf:f5:96:
         13:99:87:4e:c4:3f:07:7a:e0:8e:97:4b:dc:fc:6b:40:b1:47:
         41:15:5a:98:0e:7b:6f:38:f5:ea:9d:6e:b1:35:ff:d8:22:f7:
         0a:79:cd:20:6c:14:df:6d:64:a7:cc:8c:62:6f:7d:c6:2f:b4:
         78:b3:1d:70:6b:75:fd:b0:ee:d5:93:77:96:49:da:02:cc:80:
         09:5e:58:f5:67:ae:aa:26:7b:ed:35:f6:ae:86:8c:bb:c6:80:
         9e:71:23:3b:cc:d8:2f:ee:02:d0:05:3d:4d:ed:eb:0f:fe:51:
         07:a2:b2:15:37:9a:d4:ba:34:c3:27:a8:1c:28:d2:09:c2:e9:
         80:ec:b7:55:70:6e:5b:a7:0a:b3:c0:8e:96:62:1a:70:e2:12:
         9d:45:45:bb:45:38:e7:2a:56:cb:1a:b6:91:ee:73:48:17:67:
         7c:a5:bb:ba
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDkKnYDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
OTk1OTQ0ZTg0ZGMzN2JhNmE0MmQ2OGJiMWUyYjlhNDQyMWU4NGE0MB4XDTIyMDEw
MTA1MDAzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmNlMzQzOGUxOWYw
ZjE0NDg3M2Q5NGY0NmQ3MDg4M2QwOTMxZmE2YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ9RZAbTo05j/H3Pa/BochHxkpmuPjlOZRLZ11hMkjd2eEd1
Ax+MDoBctB/7D+08eWkQW1D04TZii0pwzsNf+JGq1LpIXuzTfwm+UYw81HI7lYCZ
/25KqIpkqxLRYlHh3eKlG3MubOJ+dT13wTt5/tBIjP6AgYmzhBQ7DxXy9aeILsE6
Cl/0TsE9nvmjtlj3qlJ5ynAOecnNX0dR0tqZXx2MXT/dyci/AnGZ4L0wRbJsMVJm
6/4HJdoMYjfFi+c/Zgh9cVqVUBdUXgVx6QZqLQuVFZ3Cj7hGhwVQOmDhZdQsji7Q
Djx56vfyJOaOhEVt7z1996H3JM0b1zn6YXXEj7kCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRs40OOGfDxRIc9lPRtcIg9CTH6azAfBgNVHSMEGDAWgBQplZROhNw3umpC
1oux4rmkQh6EpDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0taV1VUb1RjTjdwcVF0YUxzZUs1cEVJZWhLUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzgvYTEyMDY5LWEwNjEtNDQyZS05YmZiLTMzOGJkZDQzOWVlMS8x
L2JPTkRqaG53OFVTSFBaVDBiWENJUFFreC1tcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgv
YTEyMDY5LWEwNjEtNDQyZS05YmZiLTMzOGJkZDQzOWVlMS8xL0taV1VUb1RjTjdw
cVF0YUxzZUs1cEVJZWhLUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbnWFjANBgkqhkiG9w0BAQsFAAOC
AQEAJktH4jSoOYWbRSuQzQP5nSKWCV8EBTAdsSRaCIv61BtiRXYj+wj2bwcxtcRn
B40YDpjOoDsOEDdpsHcyhexJBI4CKHds5ekLH+QdrHMr9TRV3xdX9vUBv/WWE5mH
TsQ/B3rgjpdL3PxrQLFHQRVamA57bzj16p1usTX/2CL3CnnNIGwU321kp8yMYm99
xi+0eLMdcGt1/bDu1ZN3lknaAsyACV5Y9WeuqiZ77TX2roaMu8aAnnEjO8zYL+4C
0AU9Te3rD/5RB6KyFTea1Lo0wyeoHCjSCcLpgOy3VXBuW6cKs8COlmIacOISnUVF
u0U45ypWyxq2ke5zSBdnfKW7ug==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:43 2023 by rpki-client on console-ams.rpki-client.org