Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/I3-tjn94OBfDYiPkFr-YACZS-r4.roa
File:                     I3-tjn94OBfDYiPkFr-YACZS-r4.roa (raw, json)
Hash identifier:          LDYoqJsOKNdNdd5Is5iPadAr4RcxoYaTaGmRn9VAfb0=
Subject key identifier:   23:7F:AD:8E:7F:78:38:17:C3:62:23:E4:16:BF:98:00:26:52:FA:BE
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       17E42832
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/I3-tjn94OBfDYiPkFr-YACZS-r4.roa
Signing time:             Sat 01 Jan 2022 04:54:41 +0000
ROA not before:           Sat 01 Jan 2022 04:54:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207803
IP address blocks:        185.224.145.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 400828466 (0x17e42832)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 04:54:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=237fad8e7f783817c36223e416bf98002652fabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1e:56:0e:1f:e9:88:40:6e:21:70:5f:b4:56:
                    56:3a:81:52:45:37:da:6e:b1:1b:41:3e:00:e9:37:
                    3d:17:28:e1:8d:11:7e:1e:61:f6:92:9a:f4:6f:b3:
                    9b:0e:77:b1:80:1c:8f:a7:c7:1c:3a:fa:74:e2:6e:
                    fd:44:06:8b:23:cb:f0:96:23:9f:f1:6b:42:f8:f7:
                    12:a7:5a:83:e4:73:a2:0e:ab:58:7f:c5:a5:94:28:
                    e2:e0:01:a1:65:6d:d9:ea:e6:d7:87:1f:8e:be:54:
                    ea:10:a8:28:7e:ec:c0:29:ed:6b:5a:8d:9a:84:7f:
                    13:e7:a3:92:81:e6:d7:35:cd:f5:24:56:48:86:8a:
                    9f:0e:17:8e:89:3a:05:43:22:a6:9f:24:1f:e0:e2:
                    e8:42:d0:8d:d4:a6:80:42:2d:ef:84:e8:ab:3b:f9:
                    c2:3e:63:2b:95:5b:a6:49:66:e7:60:56:90:c7:53:
                    e9:78:c9:5a:02:dc:fc:d2:86:a2:71:18:6c:b1:e2:
                    43:2c:99:f5:e4:8c:39:d3:1b:90:78:64:24:04:9d:
                    b5:67:4c:19:70:f2:99:73:78:a3:58:c4:d9:30:15:
                    b5:34:67:9b:ee:6c:f0:f9:aa:be:bb:94:f0:04:19:
                    c2:ec:ad:cf:08:3f:39:42:b1:65:fc:d5:83:f5:bb:
                    a5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:7F:AD:8E:7F:78:38:17:C3:62:23:E4:16:BF:98:00:26:52:FA:BE
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/I3-tjn94OBfDYiPkFr-YACZS-r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:2e:d8:43:7e:96:e5:f6:2f:5e:27:af:f3:b8:dc:bb:e0:f2:
         f6:12:bf:b5:59:97:3d:d1:70:61:45:ba:ea:a4:8b:84:cf:58:
         20:2d:f9:e8:2e:e4:4e:db:1d:f4:3d:f0:32:a2:18:bd:4d:56:
         f9:e3:bc:58:fa:2d:4f:0d:ea:d9:7f:01:48:f0:ec:7d:f6:82:
         00:31:15:87:e3:8b:74:4f:1e:5d:9d:51:a3:c0:c9:64:c3:53:
         d8:d9:ee:3b:3e:29:40:6b:02:da:6c:54:21:97:e7:46:c0:02:
         68:95:5b:6b:3e:59:71:32:b7:96:10:8e:ff:07:5f:cc:0b:92:
         2d:1f:8a:2c:7f:03:7a:04:2a:01:0e:f5:9b:3a:e9:1f:5e:d7:
         c6:73:ea:6e:1d:41:76:2b:4a:52:98:53:80:ff:12:81:7b:92:
         b4:b5:3c:f0:a5:5e:e4:53:1e:63:86:96:08:fe:80:e8:45:91:
         fb:ef:c0:10:3a:cd:f6:30:f0:34:4b:5c:28:10:27:6e:2b:23:
         f5:ec:dc:d7:11:ab:2f:92:01:85:b7:af:63:f9:81:59:48:29:
         19:78:66:33:1f:e5:76:25:ba:14:db:4b:b1:38:65:a4:be:19:
         8b:42:92:1a:dc:9b:b3:52:c1:9a:29:f1:ec:e4:02:da:a8:45:
         36:ab:16:30
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF+QoMjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEw
MTA0NTQ0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjM3ZmFkOGU3Zjc4
MzgxN2MzNjIyM2U0MTZiZjk4MDAyNjUyZmFiZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJIeVg4f6YhAbiFwX7RWVjqBUkU32m6xG0E+AOk3PRco4Y0R
fh5h9pKa9G+zmw53sYAcj6fHHDr6dOJu/UQGiyPL8JYjn/FrQvj3Eqdag+Rzog6r
WH/FpZQo4uABoWVt2erm14cfjr5U6hCoKH7swCnta1qNmoR/E+ejkoHm1zXN9SRW
SIaKnw4Xjok6BUMipp8kH+Di6ELQjdSmgEIt74Toqzv5wj5jK5Vbpklm52BWkMdT
6XjJWgLc/NKGonEYbLHiQyyZ9eSMOdMbkHhkJASdtWdMGXDymXN4o1jE2TAVtTRn
m+5s8PmqvruU8AQZwuytzwg/OUKxZfzVg/W7pQ0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQjf62Of3g4F8NiI+QWv5gAJlL6vjAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L0kzLXRqbjk0T0JmRFlpUGtGci1ZQUNaUy1yNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALngkTANBgkqhkiG9w0BAQsFAAOC
AQEAbi7YQ36W5fYvXiev87jcu+Dy9hK/tVmXPdFwYUW66qSLhM9YIC356C7kTtsd
9D3wMqIYvU1W+eO8WPotTw3q2X8BSPDsffaCADEVh+OLdE8eXZ1Ro8DJZMNT2Nnu
Oz4pQGsC2mxUIZfnRsACaJVbaz5ZcTK3lhCO/wdfzAuSLR+KLH8DegQqAQ71mzrp
H17XxnPqbh1BditKUphTgP8SgXuStLU88KVe5FMeY4aWCP6A6EWR++/AEDrN9jDw
NEtcKBAnbisj9ezc1xGrL5IBhbevY/mBWUgpGXhmMx/ldiW6FNtLsThlpL4Zi0KS
Gtybs1LBminx7OQC2qhFNqsWMA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:04:17 2023 by rpki-client on console-fra.rpki-client.org