Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a2db06-42e4-4c76-97d1-418c1e3a9436/1/XULAmivy__PzcRPAsW_ibeBBCvI.roa
File:                     XULAmivy__PzcRPAsW_ibeBBCvI.roa (raw, json)
Hash identifier:          0OucrmavWpIkDy040nEz571CKfeJje8r7KqVkaKRYYw=
Subject key identifier:   5D:42:C0:9A:2B:F2:FF:F3:F3:71:13:C0:B1:6F:E2:6D:E0:41:0A:F2
Certificate issuer:       /CN=cb4644ddeb0390b4b648b69bc860942aed9bbb6e
Certificate serial:       D942DA
Authority key identifier: CB:46:44:DD:EB:03:90:B4:B6:48:B6:9B:C8:60:94:2A:ED:9B:BB:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y0ZE3esDkLS2SLabyGCUKu2bu24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a2db06-42e4-4c76-97d1-418c1e3a9436/1/XULAmivy__PzcRPAsW_ibeBBCvI.roa
Signing time:             Sat 01 Jan 2022 08:53:39 +0000
ROA not before:           Sat 01 Jan 2022 08:53:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        188.244.123.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14238426 (0xd942da)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb4644ddeb0390b4b648b69bc860942aed9bbb6e
        Validity
            Not Before: Jan  1 08:53:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d42c09a2bf2fff3f37113c0b16fe26de0410af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:96:d0:bb:a4:dd:67:2b:a4:8c:7f:dc:8d:0d:
                    ab:2c:77:ef:29:c6:54:c6:b0:f7:ef:05:ad:2c:bb:
                    70:86:20:58:e7:25:8d:c3:45:4b:7d:d5:8e:c0:9d:
                    1f:ec:4c:6f:25:1f:b7:8f:ff:ee:31:f8:3a:c1:b0:
                    5b:11:9e:9c:65:c0:a6:67:ba:2d:96:80:2d:3c:68:
                    35:ef:5f:f5:79:5c:22:1c:c9:52:d0:fd:27:1f:f9:
                    10:b4:23:ea:28:ef:78:f3:76:ad:48:2d:81:d7:fb:
                    08:25:10:f9:d4:c0:a9:f6:71:e7:23:c2:86:77:36:
                    d3:de:ef:f0:aa:46:59:d8:28:5c:88:6d:ca:de:19:
                    d9:26:9f:d5:ad:ae:ca:53:40:36:c4:95:bf:83:55:
                    a2:fe:0b:84:9e:a6:6a:10:d5:09:36:41:0a:94:ce:
                    27:61:c0:45:9f:6f:87:ca:c6:5e:7b:13:a8:bb:28:
                    15:92:e4:53:04:50:be:da:aa:9f:1f:38:4b:42:23:
                    fd:bd:1f:31:ed:e3:a7:bf:ab:9c:81:4a:4b:30:3b:
                    38:d3:c2:e1:59:d3:d0:93:89:09:3d:84:ad:7e:5e:
                    df:c3:29:de:0d:69:ca:f8:15:fb:52:4d:6b:aa:f5:
                    3a:82:c1:7b:db:52:ca:0d:cd:b7:d9:b7:4f:17:6d:
                    55:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:42:C0:9A:2B:F2:FF:F3:F3:71:13:C0:B1:6F:E2:6D:E0:41:0A:F2
            X509v3 Authority Key Identifier:
                keyid:CB:46:44:DD:EB:03:90:B4:B6:48:B6:9B:C8:60:94:2A:ED:9B:BB:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y0ZE3esDkLS2SLabyGCUKu2bu24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a2db06-42e4-4c76-97d1-418c1e3a9436/1/XULAmivy__PzcRPAsW_ibeBBCvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a2db06-42e4-4c76-97d1-418c1e3a9436/1/y0ZE3esDkLS2SLabyGCUKu2bu24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.244.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:e6:12:e3:7c:e9:b2:f0:2f:ea:4e:fe:b0:14:3c:1d:dd:a5:
         0e:bc:76:1f:c7:53:d9:68:dd:a8:47:ef:95:84:2f:25:a6:bb:
         b2:01:a5:a3:c8:ae:9d:1f:bb:03:41:71:4d:89:9a:3c:ae:23:
         36:ea:5e:56:2c:ee:47:87:6b:76:16:45:f5:8b:07:92:6c:8a:
         4a:7e:9e:a0:b0:c0:c1:07:fd:66:03:f1:34:1d:d1:64:b7:97:
         66:e7:2a:cf:a6:c4:c5:98:08:bc:ed:f0:25:00:78:57:bf:30:
         3e:39:6a:62:01:a9:de:56:65:02:0f:ea:74:88:14:9b:39:d7:
         18:cb:c7:fd:91:ea:ef:ee:28:78:1f:ab:e9:c6:ff:7d:62:34:
         26:70:1b:04:a8:13:f4:3e:5e:ca:d8:e1:00:bb:be:6b:78:4a:
         60:43:ea:07:82:ee:33:97:fa:82:35:1e:04:29:b1:11:ee:4e:
         9f:f7:7b:db:42:96:54:6b:e8:92:a3:41:68:5b:9b:7b:99:56:
         ca:8a:2f:a7:07:cd:bb:11:73:e0:84:8b:c5:f0:99:66:8c:ba:
         3c:68:86:d1:30:85:66:32:38:7f:3e:71:ee:e6:6a:7d:c5:e6:
         87:99:d4:a0:77:ea:98:46:dd:d1:7e:61:b8:09:76:62:75:ca:
         53:83:96:99
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEANlC2jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YjQ2NDRkZGViMDM5MGI0YjY0OGI2OWJjODYwOTQyYWVkOWJiYjZlMB4XDTIyMDEw
MTA4NTMzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWQ0MmMwOWEyYmYy
ZmZmM2YzNzExM2MwYjE2ZmUyNmRlMDQxMGFmMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMqW0Luk3WcrpIx/3I0Nqyx37ynGVMaw9+8FrSy7cIYgWOcl
jcNFS33VjsCdH+xMbyUft4//7jH4OsGwWxGenGXApme6LZaALTxoNe9f9XlcIhzJ
UtD9Jx/5ELQj6ijvePN2rUgtgdf7CCUQ+dTAqfZx5yPChnc2097v8KpGWdgoXIht
yt4Z2Saf1a2uylNANsSVv4NVov4LhJ6mahDVCTZBCpTOJ2HARZ9vh8rGXnsTqLso
FZLkUwRQvtqqnx84S0Ij/b0fMe3jp7+rnIFKSzA7ONPC4VnT0JOJCT2ErX5e38Mp
3g1pyvgV+1JNa6r1OoLBe9tSyg3Nt9m3TxdtVZUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRdQsCaK/L/8/NxE8Cxb+Jt4EEK8jAfBgNVHSMEGDAWgBTLRkTd6wOQtLZI
tpvIYJQq7Zu7bjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3kwWkUzZXNEa0xTMlNMYWJ5R0NVS3UyYnUyNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTIvYTJkYjA2LTQyZTQtNGM3Ni05N2QxLTQxOGMxZTNhOTQzNi8x
L1hVTEFtaXZ5X19QemNSUEFzV19pYmVCQkN2SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIv
YTJkYjA2LTQyZTQtNGM3Ni05N2QxLTQxOGMxZTNhOTQzNi8xL3kwWkUzZXNEa0xT
MlNMYWJ5R0NVS3UyYnUyNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALz0ezANBgkqhkiG9w0BAQsFAAOC
AQEAduYS43zpsvAv6k7+sBQ8Hd2lDrx2H8dT2WjdqEfvlYQvJaa7sgGlo8iunR+7
A0FxTYmaPK4jNupeVizuR4drdhZF9YsHkmyKSn6eoLDAwQf9ZgPxNB3RZLeXZucq
z6bExZgIvO3wJQB4V78wPjlqYgGp3lZlAg/qdIgUmznXGMvH/ZHq7+4oeB+r6cb/
fWI0JnAbBKgT9D5eytjhALu+a3hKYEPqB4LuM5f6gjUeBCmxEe5On/d720KWVGvo
kqNBaFube5lWyoovpwfNuxFz4ISLxfCZZoy6PGiG0TCFZjI4fz5x7uZqfcXmh5nU
oHfqmEbd0X5huAl2YnXKU4OWmQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:15 2023 by rpki-client on console-ams.rpki-client.org