Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a2944b-b810-44b9-97c9-6208ef7ffd91/1/CHKkX59sR5_wL00scUxxFKYTw48.roa
File:                     CHKkX59sR5_wL00scUxxFKYTw48.roa (raw, json)
Hash identifier:          sw6jte4zzTt/Un7zBWpE7Rt5Z/s6kLqYn0bO46Pzs/8=
Subject key identifier:   08:72:A4:5F:9F:6C:47:9F:F0:2F:4D:2C:71:4C:71:14:A6:13:C3:8F
Certificate issuer:       /CN=b424721e133a182a1fd0d09656e3ce74d85acf60
Certificate serial:       BAF0AC
Authority key identifier: B4:24:72:1E:13:3A:18:2A:1F:D0:D0:96:56:E3:CE:74:D8:5A:CF:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCRyHhM6GCof0NCWVuPOdNhaz2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a2944b-b810-44b9-97c9-6208ef7ffd91/1/CHKkX59sR5_wL00scUxxFKYTw48.roa
Signing time:             Sat 01 Jan 2022 06:57:08 +0000
ROA not before:           Sat 01 Jan 2022 06:57:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        62.106.74.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12251308 (0xbaf0ac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b424721e133a182a1fd0d09656e3ce74d85acf60
        Validity
            Not Before: Jan  1 06:57:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0872a45f9f6c479ff02f4d2c714c7114a613c38f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:36:fd:62:76:f8:87:68:a5:a2:63:3c:a5:93:
                    fd:fe:ca:01:53:18:81:a5:0b:56:62:b3:66:37:eb:
                    0d:e6:69:c7:6a:c9:56:d7:9c:a1:af:30:8a:17:96:
                    48:62:bd:0b:7a:7a:07:f0:74:0a:a4:9f:a7:e5:c5:
                    ec:2d:72:5e:1e:c7:63:d5:44:b4:68:6a:f3:23:34:
                    c4:13:9f:ee:c6:cc:6c:01:04:d6:7f:2c:79:b7:71:
                    60:2b:3f:3d:80:be:f0:0b:f2:d8:77:25:bb:09:7a:
                    e5:65:96:48:5f:15:a7:64:47:74:04:2d:db:1d:11:
                    a4:43:8b:0a:53:d2:b9:12:66:49:67:51:44:db:f4:
                    81:8f:b0:4d:ea:a6:34:ef:ae:9c:f0:9f:82:ec:da:
                    52:98:94:57:43:f1:9e:2c:69:e1:33:f1:58:0a:75:
                    d8:a2:44:b9:ad:bd:a0:eb:f3:16:c2:f8:81:d3:8e:
                    67:72:26:86:d3:f9:ad:39:d8:88:88:67:25:2a:cd:
                    e9:35:a5:db:1a:bb:46:cd:dc:f3:07:54:8a:66:81:
                    17:24:48:83:c0:b2:cb:02:c0:b5:f3:e9:e3:37:de:
                    5c:be:39:42:ea:7f:62:12:60:fd:a6:29:02:3d:3e:
                    a0:f7:64:32:b3:c3:ca:f1:7a:25:68:18:52:53:34:
                    a2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:72:A4:5F:9F:6C:47:9F:F0:2F:4D:2C:71:4C:71:14:A6:13:C3:8F
            X509v3 Authority Key Identifier:
                keyid:B4:24:72:1E:13:3A:18:2A:1F:D0:D0:96:56:E3:CE:74:D8:5A:CF:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCRyHhM6GCof0NCWVuPOdNhaz2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a2944b-b810-44b9-97c9-6208ef7ffd91/1/CHKkX59sR5_wL00scUxxFKYTw48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a2944b-b810-44b9-97c9-6208ef7ffd91/1/tCRyHhM6GCof0NCWVuPOdNhaz2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ed:58:a0:76:9a:fd:ac:0e:de:91:66:93:5e:81:0a:b7:c1:
         81:6c:c4:14:f4:c6:29:4f:2a:14:6b:b3:5c:91:85:23:88:ef:
         f6:9d:76:3c:cc:0b:6a:62:a2:f1:17:2a:c6:f6:2d:d8:31:ab:
         f1:83:c1:42:08:56:62:ea:7a:39:95:db:0e:cf:b9:e7:6b:a4:
         8c:93:53:49:24:bd:d8:c3:67:4d:15:58:39:02:dc:6f:03:9e:
         8a:6f:1a:84:c6:8c:b4:b3:da:fb:80:1c:71:19:ab:bc:29:34:
         7a:38:ed:3d:de:be:68:e1:6e:1b:9d:01:fd:11:63:f8:c3:71:
         c3:eb:60:21:1b:aa:a0:de:39:d3:84:f9:cc:44:a1:df:1a:45:
         2d:31:25:00:67:65:a4:ba:46:41:64:c2:2b:70:1d:ba:28:0c:
         7e:a1:61:29:61:30:56:ec:83:5e:49:9c:f6:4a:9c:65:60:e3:
         a0:b6:b7:21:da:65:44:2a:cd:95:6f:47:70:bd:17:a9:ae:2c:
         f1:1b:92:82:a4:4f:27:0c:9a:c2:a3:a8:7f:57:a6:d9:1a:f0:
         ff:cd:a1:c4:20:c8:39:a7:6d:2b:6f:49:8c:85:f8:23:af:0f:
         e9:f9:eb:94:f3:08:4d:6a:f2:bd:4f:c9:21:79:0e:91:ba:87:
         24:11:ac:1c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEALrwrDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NDI0NzIxZTEzM2ExODJhMWZkMGQwOTY1NmUzY2U3NGQ4NWFjZjYwMB4XDTIyMDEw
MTA2NTcwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDg3MmE0NWY5ZjZj
NDc5ZmYwMmY0ZDJjNzE0YzcxMTRhNjEzYzM4ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM42/WJ2+IdopaJjPKWT/f7KAVMYgaULVmKzZjfrDeZpx2rJ
Vtecoa8wiheWSGK9C3p6B/B0CqSfp+XF7C1yXh7HY9VEtGhq8yM0xBOf7sbMbAEE
1n8sebdxYCs/PYC+8Avy2Hcluwl65WWWSF8Vp2RHdAQt2x0RpEOLClPSuRJmSWdR
RNv0gY+wTeqmNO+unPCfguzaUpiUV0Pxnixp4TPxWAp12KJEua29oOvzFsL4gdOO
Z3ImhtP5rTnYiIhnJSrN6TWl2xq7Rs3c8wdUimaBFyRIg8CyywLAtfPp4zfeXL45
Qup/YhJg/aYpAj0+oPdkMrPDyvF6JWgYUlM0oq0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQIcqRfn2xHn/AvTSxxTHEUphPDjzAfBgNVHSMEGDAWgBS0JHIeEzoYKh/Q
0JZW48502FrPYDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RDUnlIaE02R0NvZjBOQ1dWdVBPZE5oYXoyQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGYvYTI5NDRiLWI4MTAtNDRiOS05N2M5LTYyMDhlZjdmZmQ5MS8x
L0NIS2tYNTlzUjVfd0wwMHNjVXh4RktZVHc0OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYv
YTI5NDRiLWI4MTAtNDRiOS05N2M5LTYyMDhlZjdmZmQ5MS8xL3RDUnlIaE02R0Nv
ZjBOQ1dWdVBPZE5oYXoyQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD5qSjANBgkqhkiG9w0BAQsFAAOC
AQEAg+1YoHaa/awO3pFmk16BCrfBgWzEFPTGKU8qFGuzXJGFI4jv9p12PMwLamKi
8RcqxvYt2DGr8YPBQghWYup6OZXbDs+552ukjJNTSSS92MNnTRVYOQLcbwOeim8a
hMaMtLPa+4AccRmrvCk0ejjtPd6+aOFuG50B/RFj+MNxw+tgIRuqoN4504T5zESh
3xpFLTElAGdlpLpGQWTCK3AduigMfqFhKWEwVuyDXkmc9kqcZWDjoLa3IdplRCrN
lW9HcL0Xqa4s8RuSgqRPJwyawqOof1em2Rrw/82hxCDIOadtK29JjIX4I68P6fnr
lPMITWryvU/JIXkOkbqHJBGsHA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:58 2023 by rpki-client on console-ams.rpki-client.org