Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/uTyAvAT4LYKpDgzyYuLFjcRDLXM.roa
File:                     uTyAvAT4LYKpDgzyYuLFjcRDLXM.roa (raw, json)
Hash identifier:          sCmEMcBHMyOmdcrUdd5FpK8/GV/ZSKPP/B8/enNGif8=
Subject key identifier:   B9:3C:80:BC:04:F8:2D:82:A9:0E:0C:F2:62:E2:C5:8D:C4:43:2D:73
Certificate issuer:       /CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
Certificate serial:       08B20CB4
Authority key identifier: A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/uTyAvAT4LYKpDgzyYuLFjcRDLXM.roa
Signing time:             Sat 01 Jan 2022 16:02:05 +0000
ROA not before:           Sat 01 Jan 2022 16:02:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2856
IP address blocks:        178.218.240.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 145886388 (0x8b20cb4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
        Validity
            Not Before: Jan  1 16:02:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b93c80bc04f82d82a90e0cf262e2c58dc4432d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a4:44:51:41:c1:37:4a:f5:bb:7b:c0:0a:52:
                    6d:26:5d:bc:fb:51:c9:59:1c:f6:10:d1:03:12:1d:
                    7f:8f:b1:f8:18:22:c2:d2:81:a0:14:20:ca:85:14:
                    39:55:bc:f1:22:85:c9:33:24:7c:43:a3:33:84:fd:
                    82:33:9d:8b:c8:bb:81:47:4e:9f:11:b8:72:f9:8d:
                    41:c3:6a:6f:80:a0:95:3d:e9:44:c4:a3:93:b4:8e:
                    0d:cd:aa:5a:a6:46:5b:e4:5e:2a:08:29:ac:10:2f:
                    b6:de:b1:94:28:ec:83:0b:23:e8:4c:22:1d:4d:8a:
                    16:ab:fd:ac:af:f6:0f:3b:a7:c2:00:a9:d1:88:ba:
                    d5:f9:b2:a5:52:8a:c8:48:e1:65:e8:d7:48:3d:9c:
                    5b:e8:f8:bf:f8:15:32:fa:d2:ec:89:b4:a0:85:fb:
                    e6:b9:ec:de:20:ea:8f:ec:44:d0:f3:48:d0:18:c9:
                    9d:ce:a7:b9:ee:d8:f5:7c:42:3a:cb:e8:20:cb:71:
                    df:97:59:91:9a:0b:ad:72:3e:75:33:36:34:62:49:
                    75:24:61:68:9f:1f:43:05:ee:be:ce:74:88:3c:3c:
                    d1:c0:a8:c8:a4:53:62:a0:6a:b7:3c:d0:e3:84:12:
                    c3:4d:e3:d5:27:e2:75:df:a5:68:70:ec:36:eb:89:
                    82:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:3C:80:BC:04:F8:2D:82:A9:0E:0C:F2:62:E2:C5:8D:C4:43:2D:73
            X509v3 Authority Key Identifier:
                keyid:A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/uTyAvAT4LYKpDgzyYuLFjcRDLXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:d6:e7:df:3c:34:d1:af:48:82:a2:d5:a1:ed:8b:ac:e4:7e:
         ae:98:6d:f4:6c:ff:13:ab:82:e5:6b:78:bb:0f:c6:d8:9f:98:
         2d:30:e5:36:bb:a9:19:56:d8:6b:77:4d:71:c6:88:3b:47:67:
         f3:10:1d:ba:ea:42:f9:41:a5:e2:30:76:3c:f8:7c:83:7f:2d:
         38:8f:a0:0d:6f:72:85:eb:53:ce:e7:e6:ea:db:23:88:c2:c7:
         0a:c0:d9:ac:ed:ac:2f:3f:3d:cb:08:b8:07:81:c6:70:e6:59:
         9f:c0:57:cb:10:ce:c4:0e:85:3f:f6:0f:ce:35:aa:7d:13:fd:
         92:f1:1e:38:5a:23:f5:a2:e4:ca:20:ad:68:81:9c:5f:2e:ac:
         dc:31:24:66:fa:61:8b:3f:1e:15:9f:dc:3c:51:6e:66:b2:ce:
         c2:b0:08:b1:c7:25:f2:a1:01:2c:e0:75:32:2d:39:44:32:6c:
         ad:3e:cf:3d:98:bf:b5:b8:1d:44:8b:c3:40:c1:71:73:d9:bd:
         14:22:31:67:19:88:aa:3e:2d:17:45:e2:60:fd:5a:5d:75:e1:
         f2:f1:a5:c4:43:27:bf:9f:6f:f7:d9:f4:02:9f:fc:ae:b2:c9:
         a1:42:86:a7:42:ba:53:8f:73:08:49:55:09:47:ae:b2:c0:0f:
         75:8d:88:5f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECLIMtDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NDIwMDBjNGY0ZWM0YTAzY2Q0ZDM2NTdlMDFiNzAwMzRlYzIzYjk3MB4XDTIyMDEw
MTE2MDIwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjkzYzgwYmMwNGY4
MmQ4MmE5MGUwY2YyNjJlMmM1OGRjNDQzMmQ3MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMukRFFBwTdK9bt7wApSbSZdvPtRyVkc9hDRAxIdf4+x+Bgi
wtKBoBQgyoUUOVW88SKFyTMkfEOjM4T9gjOdi8i7gUdOnxG4cvmNQcNqb4CglT3p
RMSjk7SODc2qWqZGW+ReKggprBAvtt6xlCjsgwsj6EwiHU2KFqv9rK/2DzunwgCp
0Yi61fmypVKKyEjhZejXSD2cW+j4v/gVMvrS7Im0oIX75rns3iDqj+xE0PNI0BjJ
nc6nue7Y9XxCOsvoIMtx35dZkZoLrXI+dTM2NGJJdSRhaJ8fQwXuvs50iDw80cCo
yKRTYqBqtzzQ44QSw03j1Sfidd+laHDsNuuJgi8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBS5PIC8BPgtgqkODPJi4sWNxEMtczAfBgNVHSMEGDAWgBSkIADE9OxKA81N
NlfgG3ADTsI7lzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BDQUF4UFRzU2dQTlRUWlg0QnR3QTA3Q081Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTkvMTYzZDc3LTRmZWEtNDEzMS1iZWNiLTBmMjJkODk2ODlhMC8x
L3VUeUF2QVQ0TFlLcERnenlZdUxGamNSRExYTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTkv
MTYzZDc3LTRmZWEtNDEzMS1iZWNiLTBmMjJkODk2ODlhMC8xL3BDQUF4UFRzU2dQ
TlRUWlg0QnR3QTA3Q081Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArLa8DANBgkqhkiG9w0BAQsFAAOC
AQEATNbn3zw00a9IgqLVoe2LrOR+rpht9Gz/E6uC5Wt4uw/G2J+YLTDlNrupGVbY
a3dNccaIO0dn8xAduupC+UGl4jB2PPh8g38tOI+gDW9yhetTzufm6tsjiMLHCsDZ
rO2sLz89ywi4B4HGcOZZn8BXyxDOxA6FP/YPzjWqfRP9kvEeOFoj9aLkyiCtaIGc
Xy6s3DEkZvphiz8eFZ/cPFFuZrLOwrAIsccl8qEBLOB1Mi05RDJsrT7PPZi/tbgd
RIvDQMFxc9m9FCIxZxmIqj4tF0XiYP1aXXXh8vGlxEMnv59v99n0Ap/8rrLJoUKG
p0K6U49zCElVCUeussAPdY2IXw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:39 2023 by rpki-client on console-ams.rpki-client.org