Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/iY7JDfK9CW8BXUygV-SodjRN7OE.roa
File:                     iY7JDfK9CW8BXUygV-SodjRN7OE.roa (raw, json)
Hash identifier:          7t1/9Efz0L3j4dDZRiwxF7EhmtjfTtylc9axLKRS60M=
Subject key identifier:   89:8E:C9:0D:F2:BD:09:6F:01:5D:4C:A0:57:E4:A8:76:34:4D:EC:E1
Certificate issuer:       /CN=9b632edb635aa8f9c40a0495a7a63bb6539580bb
Certificate serial:       05DBBE39
Authority key identifier: 9B:63:2E:DB:63:5A:A8:F9:C4:0A:04:95:A7:A6:3B:B6:53:95:80:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/iY7JDfK9CW8BXUygV-SodjRN7OE.roa
Signing time:             Fri 18 Feb 2022 13:01:19 +0000
ROA not before:           Fri 18 Feb 2022 13:01:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198949
IP address blocks:        212.62.85.0/24 maxlen: 24
                          84.201.65.0/24 maxlen: 24
                          84.201.64.0/18 maxlen: 24
                          84.201.66.0/24 maxlen: 24
                          84.201.73.0/24 maxlen: 24
                          84.201.98.0/24 maxlen: 24
                          81.89.246.0/24 maxlen: 24
                          212.62.64.0/19 maxlen: 24
                          212.62.68.0/24 maxlen: 24
                          212.62.67.0/24 maxlen: 24
                          212.62.72.0/24 maxlen: 24
                          81.89.224.0/19 maxlen: 24
                          2a00:1348:10::/48 maxlen: 64
                          2a00:1348:11::/48 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 98287161 (0x5dbbe39)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b632edb635aa8f9c40a0495a7a63bb6539580bb
        Validity
            Not Before: Feb 18 13:01:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=898ec90df2bd096f015d4ca057e4a876344dece1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:cb:8f:66:06:a6:77:da:ad:72:e9:0a:e0:3e:
                    34:ca:43:d2:67:f1:32:54:df:4f:13:af:af:1e:34:
                    3c:9c:06:eb:0c:0f:84:41:d6:73:3b:8d:c4:1a:0a:
                    f6:99:2e:b5:20:ad:6d:b7:59:25:18:76:c0:fa:09:
                    e7:36:24:81:98:df:d5:09:2b:99:54:6b:8f:e1:9d:
                    59:dc:5f:9e:3a:e0:f2:a8:c1:30:a9:e2:16:7a:d6:
                    93:e7:eb:47:ea:2b:1c:8d:ec:c0:a3:5d:d0:92:01:
                    9d:9c:df:8c:78:1a:25:13:ce:25:22:0a:3e:27:d4:
                    61:f4:48:e0:38:6a:26:72:c9:a7:13:8e:6d:d4:47:
                    9f:d9:4f:77:be:f3:79:1f:72:6a:34:84:dc:96:d1:
                    41:df:e4:55:89:45:46:c9:a5:ae:e7:a0:e6:00:94:
                    3b:af:45:ed:8d:ab:3b:1d:47:b8:ea:31:8c:2f:48:
                    a8:35:df:c6:58:4c:97:cf:96:a1:3b:10:86:dd:99:
                    b3:24:08:d9:18:43:64:f0:c8:7d:62:26:d9:c0:ce:
                    66:7a:4c:4f:4d:78:1e:2f:2d:b9:9e:dc:98:b6:2b:
                    95:b1:f1:2d:64:d7:fb:ee:83:eb:22:f0:7a:5b:47:
                    07:f9:4d:26:ce:9b:21:f3:56:37:1f:09:1f:82:cc:
                    38:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8E:C9:0D:F2:BD:09:6F:01:5D:4C:A0:57:E4:A8:76:34:4D:EC:E1
            X509v3 Authority Key Identifier:
                keyid:9B:63:2E:DB:63:5A:A8:F9:C4:0A:04:95:A7:A6:3B:B6:53:95:80:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/iY7JDfK9CW8BXUygV-SodjRN7OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/m2Mu22NaqPnECgSVp6Y7tlOVgLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.224.0/19
                  84.201.64.0/18
                  212.62.64.0/19
                IPv6:
                  2a00:1348:10::/47

    Signature Algorithm: sha256WithRSAEncryption
         90:f3:78:e8:3e:68:14:f0:9c:f8:31:d8:89:be:04:61:08:cb:
         7c:df:17:51:58:e7:65:5d:90:a8:f1:69:a6:64:8b:e7:0a:43:
         d6:b2:7e:41:14:5b:f0:1f:59:03:77:4e:6b:6e:16:67:d5:76:
         bf:34:5a:af:43:56:48:c7:6b:79:f0:3c:01:de:9b:0f:b9:31:
         15:77:51:8c:8b:35:21:95:83:b9:31:8f:23:a6:b9:d4:9b:6d:
         f6:96:a2:a6:f1:bf:8a:1c:a0:39:cc:ab:00:ca:0e:f9:92:d5:
         dd:84:87:87:8c:a0:d2:29:15:b8:7e:46:fc:bf:42:ab:35:d0:
         f7:d6:06:3f:78:7d:0a:f8:9a:02:09:95:36:2f:d3:ad:61:a1:
         2e:4a:01:7a:b7:91:ce:40:be:23:0b:01:be:51:0a:05:e9:2e:
         c1:eb:4c:dc:a6:1c:99:08:14:1f:a6:6d:2b:d0:8b:ed:98:e1:
         6f:1f:fb:39:af:7f:23:20:ba:7e:11:21:8e:ea:16:0f:76:2c:
         6e:3c:2c:ee:cf:8e:c6:13:6c:08:b2:e1:1d:25:75:e9:b6:53:
         a6:95:5b:00:38:b4:fc:08:c6:63:94:bc:6b:22:c8:f6:a7:82:
         5a:2e:4b:42:84:c8:e8:b7:fc:a8:5a:19:c2:7e:de:36:bf:c0:
         7c:f2:87:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIEBdu+OTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YjYzMmVkYjYzNWFhOGY5YzQwYTA0OTVhN2E2M2JiNjUzOTU4MGJiMB4XDTIyMDIx
ODEzMDExOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODk4ZWM5MGRmMmJk
MDk2ZjAxNWQ0Y2EwNTdlNGE4NzYzNDRkZWNlMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJfLj2YGpnfarXLpCuA+NMpD0mfxMlTfTxOvrx40PJwG6wwP
hEHWczuNxBoK9pkutSCtbbdZJRh2wPoJ5zYkgZjf1QkrmVRrj+GdWdxfnjrg8qjB
MKniFnrWk+frR+orHI3swKNd0JIBnZzfjHgaJRPOJSIKPifUYfRI4DhqJnLJpxOO
bdRHn9lPd77zeR9yajSE3JbRQd/kVYlFRsmlrueg5gCUO69F7Y2rOx1HuOoxjC9I
qDXfxlhMl8+WoTsQht2ZsyQI2RhDZPDIfWIm2cDOZnpMT014Hi8tuZ7cmLYrlbHx
LWTX++6D6yLweltHB/lNJs6bIfNWNx8JH4LMOPkCAwEAAaOCAiYwggIiMB0GA1Ud
DgQWBBSJjskN8r0JbwFdTKBX5Kh2NE3s4TAfBgNVHSMEGDAWgBSbYy7bY1qo+cQK
BJWnpju2U5WAuzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L20yTXUyMk5hcVBuRUNnU1ZwNlk3dGxPVmdMcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGMvZDAyOTgzLWIxMWMtNGJmNy1iNGI1LWU4YzlhZDVmMDUxYS8x
L2lZN0pEZks5Q1c4QlhVeWdWLVNvZGpSTjdPRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMv
ZDAyOTgzLWIxMWMtNGJmNy1iNGI1LWU4YzlhZDVmMDUxYS8xL20yTXUyMk5hcVBu
RUNnU1ZwNlk3dGxPVmdMcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA8
BggrBgEFBQcBBwEB/wQtMCswGAQCAAEwEgMEBVFZ4AMEBlTJQAMEBdQ+QDAPBAIA
AjAJAwcBKgATSAAQMA0GCSqGSIb3DQEBCwUAA4IBAQCQ83joPmgU8Jz4MdiJvgRh
CMt83xdRWOdlXZCo8WmmZIvnCkPWsn5BFFvwH1kDd05rbhZn1Xa/NFqvQ1ZIx2t5
8DwB3psPuTEVd1GMizUhlYO5MY8jprnUm232lqKm8b+KHKA5zKsAyg75ktXdhIeH
jKDSKRW4fkb8v0KrNdD31gY/eH0K+JoCCZU2L9OtYaEuSgF6t5HOQL4jCwG+UQoF
6S7B60zcphyZCBQfpm0r0IvtmOFvH/s5r38jILp+ESGO6hYPdixuPCzuz47GE2wI
suEdJXXptlOmlVsAOLT8CMZjlLxrIsj2p4JaLktChMjot/yoWhnCft42v8B88och
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:49 2023 by rpki-client on console-ams.rpki-client.org