Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/O9PgzAU2xqPv-CGVYEVanAZtwKk.roa
File:                     O9PgzAU2xqPv-CGVYEVanAZtwKk.roa (raw, json)
Hash identifier:          ULx9TDxZCLm4tsEvBf/5jQ7BuOYmC+XFkZzIwOBg5KI=
Subject key identifier:   3B:D3:E0:CC:05:36:C6:A3:EF:F8:21:95:60:45:5A:9C:06:6D:C0:A9
Certificate issuer:       /CN=a0dbd5d1f86dd9dd66606a14d31d64cb0eaac83b
Certificate serial:       01E4F009
Authority key identifier: A0:DB:D5:D1:F8:6D:D9:DD:66:60:6A:14:D3:1D:64:CB:0E:AA:C8:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/O9PgzAU2xqPv-CGVYEVanAZtwKk.roa
Signing time:             Sat 01 Jan 2022 00:55:54 +0000
ROA not before:           Sat 01 Jan 2022 00:55:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3356
IP address blocks:        185.200.208.0/22 maxlen: 24
                          185.200.211.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 31780873 (0x1e4f009)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0dbd5d1f86dd9dd66606a14d31d64cb0eaac83b
        Validity
            Not Before: Jan  1 00:55:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3bd3e0cc0536c6a3eff8219560455a9c066dc0a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d7:c0:2a:10:7f:b5:95:84:24:ad:ba:cb:fc:
                    b1:5b:2e:f7:c4:f8:60:71:26:60:a0:25:cc:c6:49:
                    23:5b:bc:38:8f:4e:b0:67:c7:be:7a:26:40:15:40:
                    6c:18:29:64:d8:5a:e6:d8:be:0b:c9:fb:99:ae:ea:
                    bc:06:64:24:1f:d7:0e:7d:54:da:28:a8:40:03:eb:
                    97:df:bc:79:e6:0e:5e:70:a3:5d:79:73:3b:de:9f:
                    2f:c2:ae:13:48:79:11:92:ca:7f:0f:b1:ed:6b:d8:
                    ba:e2:d0:86:01:c8:48:0e:ed:67:0a:b5:1e:0a:7e:
                    f7:9d:c3:57:0f:35:d6:73:4b:97:93:27:c7:42:42:
                    f8:5f:45:a0:61:5a:51:20:e3:78:51:87:ea:c4:49:
                    06:c6:28:06:ea:24:4d:66:d9:bc:e0:ee:8a:94:6e:
                    a1:12:f1:50:3d:40:ca:50:10:c7:ca:31:e0:15:59:
                    ae:4e:59:91:58:5e:f6:66:ba:9b:d1:12:4f:85:f9:
                    b2:75:f1:d0:a4:cc:b7:82:f8:56:87:e0:35:91:35:
                    35:57:5c:cb:09:e3:5a:0c:33:6b:ac:58:9a:3b:81:
                    93:74:a8:1a:b8:68:06:7a:0c:d6:1d:2a:59:1c:07:
                    6e:61:ff:71:aa:bf:b6:48:9e:8d:f3:a3:c2:6b:10:
                    1d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D3:E0:CC:05:36:C6:A3:EF:F8:21:95:60:45:5A:9C:06:6D:C0:A9
            X509v3 Authority Key Identifier:
                keyid:A0:DB:D5:D1:F8:6D:D9:DD:66:60:6A:14:D3:1D:64:CB:0E:AA:C8:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/O9PgzAU2xqPv-CGVYEVanAZtwKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/oNvV0fht2d1mYGoU0x1kyw6qyDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:2f:6d:57:7f:6f:c9:ac:3e:0f:ab:35:98:a6:7c:2d:bb:88:
         e3:d1:bf:93:cc:75:ef:e1:02:19:27:56:55:4f:0b:4b:71:af:
         f3:6d:64:e2:6b:78:b9:a1:13:ea:ac:46:14:5c:97:4c:a4:48:
         20:ab:1e:64:33:8e:17:10:67:bd:d1:6a:55:0b:26:be:00:f4:
         de:4b:cc:8b:54:6f:09:22:a7:25:c0:c2:74:10:92:a8:33:28:
         80:64:db:5e:ea:f6:b6:7a:ec:08:de:18:4c:7f:21:02:e1:7d:
         3f:99:d8:72:43:63:e2:65:cd:fd:98:86:41:45:88:35:c9:c4:
         0f:09:c8:3c:f7:8b:a0:8a:d7:ab:8a:52:6b:f4:f0:89:17:ae:
         6f:44:4b:cc:04:79:36:a8:cf:95:05:5e:be:1b:12:95:55:fc:
         7c:6f:ff:25:fb:b1:25:f1:19:14:bb:28:c9:8b:53:82:36:d5:
         15:8d:20:3b:d4:db:6c:0d:4f:bc:26:7b:63:75:78:f9:64:95:
         78:0a:94:bc:7f:cb:57:e7:ea:7d:05:ee:3b:45:eb:77:47:70:
         b1:be:f5:ae:66:76:41:67:ac:94:5d:ab:2f:02:ee:16:1e:64:
         e8:3d:2c:ea:3c:8a:1e:b0:04:68:07:00:1d:c5:91:aa:7b:5f:
         24:0b:4f:14
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAeTwCTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MGRiZDVkMWY4NmRkOWRkNjY2MDZhMTRkMzFkNjRjYjBlYWFjODNiMB4XDTIyMDEw
MTAwNTU1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2JkM2UwY2MwNTM2
YzZhM2VmZjgyMTk1NjA0NTVhOWMwNjZkYzBhOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKXXwCoQf7WVhCStusv8sVsu98T4YHEmYKAlzMZJI1u8OI9O
sGfHvnomQBVAbBgpZNha5ti+C8n7ma7qvAZkJB/XDn1U2iioQAPrl9+8eeYOXnCj
XXlzO96fL8KuE0h5EZLKfw+x7WvYuuLQhgHISA7tZwq1Hgp+953DVw811nNLl5Mn
x0JC+F9FoGFaUSDjeFGH6sRJBsYoBuokTWbZvODuipRuoRLxUD1AylAQx8ox4BVZ
rk5ZkVhe9ma6m9EST4X5snXx0KTMt4L4VofgNZE1NVdcywnjWgwza6xYmjuBk3So
GrhoBnoM1h0qWRwHbmH/caq/tkiejfOjwmsQHckCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ70+DMBTbGo+/4IZVgRVqcBm3AqTAfBgNVHSMEGDAWgBSg29XR+G3Z3WZg
ahTTHWTLDqrIOzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29OdlYwZmh0MmQxbVlHb1UweDFreXc2cXlEcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvMWQ0Y2ZjLThlNWMtNDU3Yy05NjIwLTEzNWM5MWVjMTk5ZS8x
L085UGd6QVUyeHFQdi1DR1ZZRVZhbkFadHdLay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
MWQ0Y2ZjLThlNWMtNDU3Yy05NjIwLTEzNWM5MWVjMTk5ZS8xL29OdlYwZmh0MmQx
bVlHb1UweDFreXc2cXlEcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArnI0DANBgkqhkiG9w0BAQsFAAOC
AQEAiS9tV39vyaw+D6s1mKZ8LbuI49G/k8x17+ECGSdWVU8LS3Gv821k4mt4uaET
6qxGFFyXTKRIIKseZDOOFxBnvdFqVQsmvgD03kvMi1RvCSKnJcDCdBCSqDMogGTb
Xur2tnrsCN4YTH8hAuF9P5nYckNj4mXN/ZiGQUWINcnEDwnIPPeLoIrXq4pSa/Tw
iReub0RLzAR5NqjPlQVevhsSlVX8fG//JfuxJfEZFLsoyYtTgjbVFY0gO9TbbA1P
vCZ7Y3V4+WSVeAqUvH/LV+fqfQXuO0Xrd0dwsb71rmZ2QWeslF2rLwLuFh5k6D0s
6jyKHrAEaAcAHcWRqntfJAtPFA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:32 2023 by rpki-client on console-ams.rpki-client.org