Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/rt8KbH_oQgrg4DFruBN_Hg5GpnQ.roa
File:                     rt8KbH_oQgrg4DFruBN_Hg5GpnQ.roa (raw, json)
Hash identifier:          Z9sJkSaKKNnLTdZUZB8CTo0V5Cnp4qW5BUqKrB81vF8=
Subject key identifier:   AE:DF:0A:6C:7F:E8:42:0A:E0:E0:31:6B:B8:13:7F:1E:0E:46:A6:74
Certificate issuer:       /CN=c5a82f3936f244edcb6013e121d51a7690d13599
Certificate serial:       03EA8C70
Authority key identifier: C5:A8:2F:39:36:F2:44:ED:CB:60:13:E1:21:D5:1A:76:90:D1:35:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xagvOTbyRO3LYBPhIdUadpDRNZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/rt8KbH_oQgrg4DFruBN_Hg5GpnQ.roa
Signing time:             Sat 01 Jan 2022 16:03:31 +0000
ROA not before:           Sat 01 Jan 2022 16:03:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        185.203.91.0/24 maxlen: 24
                          2a10:8c00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65703024 (0x3ea8c70)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5a82f3936f244edcb6013e121d51a7690d13599
        Validity
            Not Before: Jan  1 16:03:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aedf0a6c7fe8420ae0e0316bb8137f1e0e46a674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3d:8f:75:d1:ad:da:3d:af:c5:3d:4f:09:41:
                    4b:3e:24:98:6a:09:15:e0:1f:22:83:3a:cb:54:21:
                    80:17:58:7a:22:40:fd:b1:20:ec:54:92:4c:eb:84:
                    ad:be:4a:26:66:d8:43:48:38:7b:40:c0:36:f5:33:
                    aa:c7:ec:4c:03:e8:b2:82:82:ec:5d:a5:4f:a3:e8:
                    d0:eb:e9:63:0b:d2:73:a4:19:00:f7:8c:eb:05:4e:
                    f5:86:db:aa:ed:8f:b2:23:20:b9:08:b6:e6:86:dd:
                    9f:84:8a:59:63:e7:8e:a2:7a:a6:1d:b7:fc:11:e4:
                    81:23:e7:6f:4b:e3:39:b1:f7:25:97:3c:64:53:b1:
                    1d:45:15:47:8c:96:65:ff:aa:b3:4a:52:e1:1d:37:
                    ea:c9:f2:6d:b3:3a:c7:b2:a2:6a:c8:aa:16:24:1d:
                    3d:4a:5c:c4:2d:30:f2:e7:bc:e0:82:0b:ba:24:a6:
                    9e:dd:d7:d2:05:1d:91:dc:53:16:2a:0d:34:13:27:
                    8c:1a:a5:f4:4a:e8:b0:59:03:80:de:d7:8f:08:27:
                    50:c2:75:2a:c4:51:71:1d:5e:f1:87:3c:46:0a:0a:
                    1b:ca:2e:fc:09:cb:33:5b:2f:af:29:27:9a:aa:64:
                    73:27:22:fa:9f:97:4a:79:72:7d:32:87:f3:c1:8b:
                    7f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:DF:0A:6C:7F:E8:42:0A:E0:E0:31:6B:B8:13:7F:1E:0E:46:A6:74
            X509v3 Authority Key Identifier:
                keyid:C5:A8:2F:39:36:F2:44:ED:CB:60:13:E1:21:D5:1A:76:90:D1:35:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xagvOTbyRO3LYBPhIdUadpDRNZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/rt8KbH_oQgrg4DFruBN_Hg5GpnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/5f8cea-54ba-4965-a454-07a449a50f08/1/xagvOTbyRO3LYBPhIdUadpDRNZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.91.0/24
                IPv6:
                  2a10:8c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:9c:f6:f9:e7:d2:f7:62:dc:6b:76:2a:25:e5:00:1a:93:35:
         ad:19:64:a1:a7:8d:a4:28:29:9f:6f:57:b6:3f:09:b7:6b:a8:
         6b:ba:7d:0a:e5:b0:45:76:67:af:a3:70:d7:fc:11:e3:55:6b:
         15:25:4d:c3:a9:6f:98:64:0f:9a:18:fa:a1:ea:2b:36:7c:09:
         f5:1c:8f:b3:e8:7a:ae:4c:0b:9d:56:c4:32:a9:42:a6:85:0f:
         bb:f8:75:f9:ae:e4:b7:ca:15:e2:bb:6c:0e:de:6e:d3:44:7e:
         a4:f8:d0:c2:67:b8:c9:42:c8:b7:df:e2:be:4c:18:2e:fb:ba:
         46:15:a9:9d:2d:8a:21:ab:dc:2b:52:7d:3d:78:62:0d:09:e5:
         51:f3:57:bb:3e:42:70:26:00:7d:8c:8f:ec:22:af:b0:f5:95:
         21:1a:e2:a3:60:6b:c2:1b:36:21:1f:1d:c0:e0:25:20:17:52:
         92:b5:9a:e9:c7:61:b5:da:d2:df:59:fc:5d:ef:98:52:02:ec:
         d0:f6:4f:62:50:ac:97:fe:13:95:fa:e2:bf:54:cd:5c:ab:05:
         5e:72:f3:83:b6:d9:e1:41:56:97:ec:c9:db:4b:31:b8:6c:c6:
         19:9c:79:87:cd:82:58:43:61:db:62:fb:da:a9:1c:93:f7:ba:
         3f:93:2c:26
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEA+qMcDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NWE4MmYzOTM2ZjI0NGVkY2I2MDEzZTEyMWQ1MWE3NjkwZDEzNTk5MB4XDTIyMDEw
MTE2MDMzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWVkZjBhNmM3ZmU4
NDIwYWUwZTAzMTZiYjgxMzdmMWUwZTQ2YTY3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKI9j3XRrdo9r8U9TwlBSz4kmGoJFeAfIoM6y1QhgBdYeiJA
/bEg7FSSTOuErb5KJmbYQ0g4e0DANvUzqsfsTAPosoKC7F2lT6Po0OvpYwvSc6QZ
APeM6wVO9Ybbqu2PsiMguQi25obdn4SKWWPnjqJ6ph23/BHkgSPnb0vjObH3JZc8
ZFOxHUUVR4yWZf+qs0pS4R036snybbM6x7KiasiqFiQdPUpcxC0w8ue84IILuiSm
nt3X0gUdkdxTFioNNBMnjBql9ErosFkDgN7XjwgnUMJ1KsRRcR1e8Yc8RgoKG8ou
/AnLM1svryknmqpkcyci+p+XSnlyfTKH88GLf2kCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSu3wpsf+hCCuDgMWu4E38eDkamdDAfBgNVHSMEGDAWgBTFqC85NvJE7ctg
E+Eh1Rp2kNE1mTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hhZ3ZPVGJ5Uk8zTFlCUGhJZFVhZHBEUk5aay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTEvNWY4Y2VhLTU0YmEtNDk2NS1hNDU0LTA3YTQ0OWE1MGYwOC8x
L3J0OEtiSF9vUWdyZzRERnJ1Qk5fSGc1R3BuUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEv
NWY4Y2VhLTU0YmEtNDk2NS1hNDU0LTA3YTQ0OWE1MGYwOC8xL3hhZ3ZPVGJ5Uk8z
TFlCUGhJZFVhZHBEUk5aay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALnLWzANBAIAAjAHAwUAKhCMADAN
BgkqhkiG9w0BAQsFAAOCAQEAhpz2+efS92Lca3YqJeUAGpM1rRlkoaeNpCgpn29X
tj8Jt2uoa7p9CuWwRXZnr6Nw1/wR41VrFSVNw6lvmGQPmhj6oeorNnwJ9RyPs+h6
rkwLnVbEMqlCpoUPu/h1+a7kt8oV4rtsDt5u00R+pPjQwme4yULIt9/ivkwYLvu6
RhWpnS2KIavcK1J9PXhiDQnlUfNXuz5CcCYAfYyP7CKvsPWVIRrio2Brwhs2IR8d
wOAlIBdSkrWa6cdhtdrS31n8Xe+YUgLs0PZPYlCsl/4Tlfriv1TNXKsFXnLzg7bZ
4UFWl+zJ20sxuGzGGZx5h82CWENh22L72qkck/e6P5MsJg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:04 2023 by rpki-client on console-ams.rpki-client.org