Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e20ba1-6ae8-4b43-a709-7545c04e1578/1/nIALmXiHCxmt8t0Dc9vTQ0zoCUM.roa
File:                     nIALmXiHCxmt8t0Dc9vTQ0zoCUM.roa (raw, json)
Hash identifier:          ywG7L5+LjOelnicNlg6bHuTS8r9CqeL7N1AcnTCTf6s=
Subject key identifier:   9C:80:0B:99:78:87:0B:19:AD:F2:DD:03:73:DB:D3:43:4C:E8:09:43
Certificate issuer:       /CN=4474cf3e2fa892b5fdd3f30dc8275ee1062e1d06
Certificate serial:       03A1AB01
Authority key identifier: 44:74:CF:3E:2F:A8:92:B5:FD:D3:F3:0D:C8:27:5E:E1:06:2E:1D:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RHTPPi-okrX90_MNyCde4QYuHQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e20ba1-6ae8-4b43-a709-7545c04e1578/1/nIALmXiHCxmt8t0Dc9vTQ0zoCUM.roa
Signing time:             Mon 09 May 2022 13:32:33 +0000
ROA not before:           Mon 09 May 2022 13:32:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        2.58.66.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60926721 (0x3a1ab01)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4474cf3e2fa892b5fdd3f30dc8275ee1062e1d06
        Validity
            Not Before: May  9 13:32:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9c800b9978870b19adf2dd0373dbd3434ce80943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:32:c9:b5:dc:eb:1b:fe:b5:c8:c9:80:91:f2:
                    2f:0b:51:c6:fa:a8:ee:fb:15:68:ac:fc:3e:c6:2f:
                    15:d5:70:c0:05:08:b7:92:76:f9:6a:d0:e8:a0:2b:
                    aa:81:a8:98:08:da:8a:c1:cb:bc:b7:63:f4:5a:35:
                    b2:fd:85:5d:f3:7a:75:a2:74:23:65:16:05:d3:87:
                    bb:4f:a9:24:99:bc:d3:05:74:2c:08:81:15:97:db:
                    5c:30:e4:ae:1b:dd:e9:ad:f7:f5:bf:c5:47:c2:3b:
                    15:8a:e0:7e:69:ff:45:8e:10:0a:46:ef:f4:fd:cf:
                    1b:c6:56:84:df:b5:dc:f5:15:2c:05:bc:7a:11:52:
                    35:9c:1f:0f:c6:50:fa:1f:eb:e0:4f:31:8f:a2:4d:
                    6e:04:61:ef:ab:84:fd:0b:ee:d7:7d:3f:35:45:40:
                    02:1e:56:39:52:68:31:a7:aa:7a:4a:f4:55:f1:ae:
                    40:24:6c:91:a6:2f:3f:31:07:db:b9:8b:8e:7e:74:
                    30:8c:e3:eb:c0:97:43:90:a0:eb:f7:a7:e0:e7:82:
                    f0:e0:4c:f8:59:7e:aa:4f:98:4c:d6:0b:47:74:80:
                    9e:25:54:02:33:57:7a:6d:6b:2b:dd:e5:8a:fa:9c:
                    12:13:a8:94:18:8d:eb:5f:8d:32:b2:ca:de:31:06:
                    40:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:80:0B:99:78:87:0B:19:AD:F2:DD:03:73:DB:D3:43:4C:E8:09:43
            X509v3 Authority Key Identifier:
                keyid:44:74:CF:3E:2F:A8:92:B5:FD:D3:F3:0D:C8:27:5E:E1:06:2E:1D:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHTPPi-okrX90_MNyCde4QYuHQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e20ba1-6ae8-4b43-a709-7545c04e1578/1/nIALmXiHCxmt8t0Dc9vTQ0zoCUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e20ba1-6ae8-4b43-a709-7545c04e1578/1/RHTPPi-okrX90_MNyCde4QYuHQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:97:5c:fe:a8:15:bd:25:12:fe:c9:c4:06:5d:69:bd:b7:59:
         55:9c:91:a0:d5:f9:61:79:38:22:57:9b:89:42:84:29:90:08:
         05:0f:f8:13:bf:d3:4f:cc:8d:2f:b0:a5:79:f0:5e:f2:60:e8:
         dd:b8:05:c7:5d:eb:50:27:13:12:9f:1e:93:28:b3:53:75:3d:
         7f:41:60:49:8f:54:94:96:14:bd:9b:af:19:c8:92:ad:9b:dd:
         f7:27:2d:0b:13:4e:01:20:cb:8d:1b:6c:07:8e:73:33:ba:cf:
         a4:d5:ea:6d:5e:f0:65:83:d2:86:e2:0f:c0:86:57:aa:c2:7f:
         38:22:82:0b:02:27:cc:f6:53:75:e4:41:5a:ce:06:89:5f:b1:
         2d:42:44:54:3e:9d:94:a2:bb:c9:e8:d5:54:8a:e0:39:64:68:
         f3:ae:a0:99:f7:91:42:70:d9:b2:94:e6:96:3c:5f:96:76:71:
         0c:1f:21:0a:cc:80:c9:1a:61:37:0a:4c:6b:69:c8:0a:71:a8:
         e1:ec:29:f1:f0:0f:e8:64:59:e0:94:d0:fd:ec:59:84:30:ce:
         89:d3:4e:ba:a6:fc:78:fb:63:89:30:bf:56:bf:53:4a:f6:a4:
         84:3c:1c:a3:2f:52:42:ca:5e:5e:91:75:89:81:3f:97:da:ad:
         3d:b0:9a:1c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA6GrATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NDc0Y2YzZTJmYTg5MmI1ZmRkM2YzMGRjODI3NWVlMTA2MmUxZDA2MB4XDTIyMDUw
OTEzMzIzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWM4MDBiOTk3ODg3
MGIxOWFkZjJkZDAzNzNkYmQzNDM0Y2U4MDk0MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI0yybXc6xv+tcjJgJHyLwtRxvqo7vsVaKz8PsYvFdVwwAUI
t5J2+WrQ6KArqoGomAjaisHLvLdj9Fo1sv2FXfN6daJ0I2UWBdOHu0+pJJm80wV0
LAiBFZfbXDDkrhvd6a339b/FR8I7FYrgfmn/RY4QCkbv9P3PG8ZWhN+13PUVLAW8
ehFSNZwfD8ZQ+h/r4E8xj6JNbgRh76uE/Qvu130/NUVAAh5WOVJoMaeqekr0VfGu
QCRskaYvPzEH27mLjn50MIzj68CXQ5Cg6/en4OeC8OBM+Fl+qk+YTNYLR3SAniVU
AjNXem1rK93livqcEhOolBiN61+NMrLK3jEGQGUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBScgAuZeIcLGa3y3QNz29NDTOgJQzAfBgNVHSMEGDAWgBREdM8+L6iStf3T
8w3IJ17hBi4dBjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JIVFBQaS1va3JYOTBfTU55Q2RlNFFZdUhRWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvZTIwYmExLTZhZTgtNGI0My1hNzA5LTc1NDVjMDRlMTU3OC8x
L25JQUxtWGlIQ3htdDh0MERjOXZUUTB6b0NVTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
ZTIwYmExLTZhZTgtNGI0My1hNzA5LTc1NDVjMDRlMTU3OC8xL1JIVFBQaS1va3JY
OTBfTU55Q2RlNFFZdUhRWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQI6QjANBgkqhkiG9w0BAQsFAAOC
AQEACJdc/qgVvSUS/snEBl1pvbdZVZyRoNX5YXk4IlebiUKEKZAIBQ/4E7/TT8yN
L7ClefBe8mDo3bgFx13rUCcTEp8ekyizU3U9f0FgSY9UlJYUvZuvGciSrZvd9yct
CxNOASDLjRtsB45zM7rPpNXqbV7wZYPShuIPwIZXqsJ/OCKCCwInzPZTdeRBWs4G
iV+xLUJEVD6dlKK7yejVVIrgOWRo866gmfeRQnDZspTmljxflnZxDB8hCsyAyRph
NwpMa2nICnGo4ewp8fAP6GRZ4JTQ/exZhDDOidNOuqb8ePtjiTC/Vr9TSvakhDwc
oy9SQspeXpF1iYE/l9qtPbCaHA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:04:29 2023 by rpki-client on console-fra.rpki-client.org