Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/N3aLCF7coNKqR67b6Rx7dRfX8bE.roa
File:                     N3aLCF7coNKqR67b6Rx7dRfX8bE.roa (raw, json)
Hash identifier:          HpaSi/3nyEKE4QFuJ7gRI3O/Q+AiM2ElD9zRaYCThfk=
Subject key identifier:   37:76:8B:08:5E:DC:A0:D2:AA:47:AE:DB:E9:1C:7B:75:17:D7:F1:B1
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       089F67AC
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/N3aLCF7coNKqR67b6Rx7dRfX8bE.roa
Signing time:             Sat 01 Jan 2022 11:04:09 +0000
ROA not before:           Sat 01 Jan 2022 11:04:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        63.246.144.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 144664492 (0x89f67ac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 11:04:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=37768b085edca0d2aa47aedbe91c7b7517d7f1b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c4:31:87:1c:46:0d:04:f0:3c:bd:44:e3:49:
                    0f:5f:95:ab:3b:6f:14:e6:39:46:c8:40:c2:ad:04:
                    3f:80:b6:c6:5c:b8:9a:5c:c7:3d:99:29:08:4e:a6:
                    c7:89:1e:1c:60:04:1b:6c:45:03:09:be:aa:44:1e:
                    fa:52:1d:45:f3:cb:ff:45:19:68:f6:dd:8d:58:5c:
                    ce:d3:2c:71:81:86:a0:62:29:55:f7:04:04:b9:03:
                    15:ef:a6:89:78:72:2a:ba:32:89:95:5c:84:f6:e7:
                    41:0e:e1:8f:14:ca:d3:a2:3c:e3:5b:50:57:e9:86:
                    1b:6e:2f:4f:75:11:55:ff:cd:15:54:7e:1f:b1:08:
                    bc:bf:ee:a4:cd:eb:bd:a2:28:fe:1c:a8:fe:7b:93:
                    91:8d:e0:4c:f3:e7:ef:37:39:20:e1:db:16:c6:aa:
                    7b:d7:44:57:2d:b1:94:02:fe:aa:dc:48:af:b5:2e:
                    64:77:7c:8f:b1:ec:c3:33:04:eb:96:73:a3:ed:b0:
                    e0:69:50:b6:b1:24:60:68:71:c2:b9:bc:82:f5:65:
                    8d:4f:37:51:ec:3d:4e:71:35:77:71:e5:49:7a:89:
                    63:02:44:cd:2a:4c:cd:94:50:58:42:4f:f4:76:56:
                    41:db:15:cb:a4:a8:81:2b:eb:af:76:4c:a5:96:8f:
                    23:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:76:8B:08:5E:DC:A0:D2:AA:47:AE:DB:E9:1C:7B:75:17:D7:F1:B1
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/N3aLCF7coNKqR67b6Rx7dRfX8bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.246.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:08:2d:fd:6b:d9:24:84:5b:33:e5:6c:38:90:17:13:ba:af:
         6c:53:df:89:40:be:70:87:f3:da:8e:46:bb:41:46:43:cf:54:
         ab:59:b2:d4:6c:22:0d:49:c1:aa:da:1f:4e:b9:8c:cd:be:d9:
         bf:da:85:7f:83:78:fc:8d:db:75:06:cf:a2:50:58:91:bf:70:
         36:ac:c3:23:11:14:ae:f6:17:58:cb:55:4b:ed:3f:a8:c3:2d:
         ac:89:6e:22:53:7e:4e:1a:5b:d1:53:5c:ed:04:b2:5f:06:8b:
         7e:df:18:41:2c:63:c6:73:f8:fd:73:46:61:05:bb:61:7b:d4:
         72:ef:9b:16:53:2d:b0:e2:ea:20:b2:23:30:98:dc:b7:bb:84:
         11:27:97:aa:74:4c:51:02:48:08:2e:86:ce:68:88:c4:92:88:
         57:51:70:c4:8d:11:24:97:77:52:aa:b0:30:bd:53:35:1a:df:
         53:9d:3e:5d:30:74:a3:4f:97:ee:5c:a2:cf:df:0b:d1:a6:48:
         e2:c7:d2:e3:e0:8d:f0:7f:cf:38:3f:68:83:c6:5c:57:66:17:
         ab:7a:d4:1e:7b:e8:73:a3:2c:60:50:e4:cf:52:14:ea:82:3e:
         4d:4d:64:67:be:84:cf:fa:c5:54:a4:32:51:01:72:34:60:ec:
         b6:98:a3:7d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECJ9nrDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MmI3OGY2NjgyZmMzOWM1NWI0MWQ0OGY4MGI4ODM4ZDVkMmRiZjA3MB4XDTIyMDEw
MTExMDQwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzc3NjhiMDg1ZWRj
YTBkMmFhNDdhZWRiZTkxYzdiNzUxN2Q3ZjFiMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALfEMYccRg0E8Dy9RONJD1+VqztvFOY5RshAwq0EP4C2xly4
mlzHPZkpCE6mx4keHGAEG2xFAwm+qkQe+lIdRfPL/0UZaPbdjVhcztMscYGGoGIp
VfcEBLkDFe+miXhyKroyiZVchPbnQQ7hjxTK06I841tQV+mGG24vT3URVf/NFVR+
H7EIvL/upM3rvaIo/hyo/nuTkY3gTPPn7zc5IOHbFsaqe9dEVy2xlAL+qtxIr7Uu
ZHd8j7HswzME65Zzo+2w4GlQtrEkYGhxwrm8gvVljU83Uew9TnE1d3HlSXqJYwJE
zSpMzZRQWEJP9HZWQdsVy6SogSvrr3ZMpZaPI8ECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ3dosIXtyg0qpHrtvpHHt1F9fxsTAfBgNVHSMEGDAWgBRyt49mgvw5xVtB
1I+AuIONXS2/BzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NyZVBab0w4T2NWYlFkU1BnTGlEalYwdHZ3Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvM2M0YjhhLWJmYzctNDFlOS05OWUxLWYzZTUwNmFlYWEwMS8x
L04zYUxDRjdjb05LcVI2N2I2Ung3ZFJmWDhiRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
M2M0YjhhLWJmYzctNDFlOS05OWUxLWYzZTUwNmFlYWEwMS8xL2NyZVBab0w4T2NW
YlFkU1BnTGlEalYwdHZ3Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD/2kDANBgkqhkiG9w0BAQsFAAOC
AQEAPQgt/WvZJIRbM+VsOJAXE7qvbFPfiUC+cIfz2o5Gu0FGQ89Uq1my1GwiDUnB
qtofTrmMzb7Zv9qFf4N4/I3bdQbPolBYkb9wNqzDIxEUrvYXWMtVS+0/qMMtrIlu
IlN+Thpb0VNc7QSyXwaLft8YQSxjxnP4/XNGYQW7YXvUcu+bFlMtsOLqILIjMJjc
t7uEESeXqnRMUQJICC6GzmiIxJKIV1FwxI0RJJd3UqqwML1TNRrfU50+XTB0o0+X
7lyiz98L0aZI4sfS4+CN8H/POD9og8ZcV2YXq3rUHnvoc6MsYFDkz1IU6oI+TU1k
Z76Ez/rFVKQyUQFyNGDstpijfQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:49 2023 by rpki-client on console-ams.rpki-client.org