Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/9vj5UGzFTEpASyEI7CJCMF2SY6o.roa
File:                     9vj5UGzFTEpASyEI7CJCMF2SY6o.roa (raw, json)
Hash identifier:          Zrg65m4qL3msdo9sXrshUx9PXKn36KCr9qRr12nq/mo=
Subject key identifier:   F6:F8:F9:50:6C:C5:4C:4A:40:4B:21:08:EC:22:42:30:5D:92:63:AA
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       031CE7
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/9vj5UGzFTEpASyEI7CJCMF2SY6o.roa
Signing time:             Wed 12 Jan 2022 07:27:22 +0000
ROA not before:           Wed 12 Jan 2022 07:27:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204171
IP address blocks:        185.103.120.0/24 maxlen: 24
                          185.103.123.0/24 maxlen: 24
                          185.103.121.0/24 maxlen: 24
                          185.103.122.0/24 maxlen: 24
                          2a06:2bc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 204007 (0x31ce7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan 12 07:27:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f6f8f9506cc54c4a404b2108ec2242305d9263aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:95:1c:3a:10:3d:63:31:da:33:84:6e:43:6f:
                    92:ef:eb:d7:b7:ce:5c:59:ec:e6:ed:9c:ed:8d:e3:
                    82:97:38:e4:0e:1a:85:00:07:d2:03:6c:f3:0c:94:
                    1b:2d:ae:84:6d:39:78:d6:7d:ec:91:00:d6:d9:fc:
                    be:8b:bb:a5:30:63:33:23:c1:d9:b4:52:2d:21:82:
                    c5:9a:30:bc:bf:0b:45:60:75:a3:cd:5a:08:c8:19:
                    77:8c:dc:e0:fc:74:0e:4c:5d:a5:7c:6d:85:c1:db:
                    fb:73:88:44:1e:6c:ab:31:4b:09:12:83:c2:a1:19:
                    5f:cd:fb:1b:fd:d9:59:55:9e:77:55:a7:52:b5:b8:
                    1b:85:5d:d7:68:c2:08:79:6f:0d:66:ca:67:df:11:
                    85:d5:cd:3b:12:6d:9e:e3:c1:85:3d:95:98:ab:c6:
                    37:17:1a:a7:6d:57:2a:24:4d:79:fd:bd:fc:b7:0e:
                    6a:92:45:3b:c9:78:48:cd:28:12:a5:86:3e:c9:2a:
                    c3:42:8c:86:2a:50:91:4a:31:0b:14:4a:89:48:26:
                    97:58:77:bd:17:d8:5e:9d:05:aa:e3:64:74:e7:b3:
                    94:fd:fc:f8:cc:ae:f2:1b:bc:71:c9:cc:e3:0f:37:
                    2d:2f:b4:e5:13:fe:2f:fc:e9:84:25:17:b8:ec:1c:
                    7d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:F8:F9:50:6C:C5:4C:4A:40:4B:21:08:EC:22:42:30:5D:92:63:AA
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/9vj5UGzFTEpASyEI7CJCMF2SY6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.120.0/22
                IPv6:
                  2a06:2bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:91:ed:23:4c:e8:29:9b:25:e2:c0:e1:1e:75:36:a9:47:51:
         a6:a5:d4:53:6d:07:91:71:e9:cd:d6:f8:72:21:12:a3:57:52:
         40:b5:28:4b:8a:3c:51:01:bd:83:7e:42:c0:01:06:af:3a:b1:
         2e:1c:5d:b8:d0:85:a9:a0:92:91:0e:7a:db:38:1f:07:f8:a0:
         35:e6:5e:72:52:99:7c:90:47:7e:fa:c3:e2:b2:7f:f1:bc:1d:
         65:d3:54:95:a7:78:f0:9d:72:54:b9:fb:9d:55:5e:04:3b:85:
         63:51:62:dd:f8:7e:8f:83:d6:ec:04:35:04:2d:eb:55:d2:2d:
         a1:69:72:1c:f6:61:b0:6b:79:d2:35:79:1a:bd:06:6f:e2:0d:
         31:e6:01:a0:8f:ef:93:83:28:aa:4c:7b:b0:36:b9:81:5a:9c:
         14:76:08:a6:e8:15:6d:15:93:69:73:1b:11:94:2c:05:80:53:
         90:4f:74:0b:ff:03:ed:77:1c:51:ef:46:a8:a0:5b:54:66:f5:
         83:86:d1:b4:24:b7:1d:b0:99:a3:80:ee:fb:dd:c3:5f:39:02:
         84:f8:65:49:e2:4c:bf:46:1d:71:2c:b0:df:3d:a5:bc:24:5d:
         e8:28:40:2d:fc:19:01:27:5c:8b:29:c5:46:87:bd:19:08:65:
         e0:4b:66:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIDAxznMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDFh
N2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2OTczY2YwHhcNMjIwMTEy
MDcyNzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhmNmY4Zjk1MDZjYzU0
YzRhNDA0YjIxMDhlYzIyNDIzMDVkOTI2M2FhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAp5UcOhA9YzHaM4RuQ2+S7+vXt85cWezm7ZztjeOClzjkDhqF
AAfSA2zzDJQbLa6EbTl41n3skQDW2fy+i7ulMGMzI8HZtFItIYLFmjC8vwtFYHWj
zVoIyBl3jNzg/HQOTF2lfG2Fwdv7c4hEHmyrMUsJEoPCoRlfzfsb/dlZVZ53VadS
tbgbhV3XaMIIeW8NZspn3xGF1c07Em2e48GFPZWYq8Y3FxqnbVcqJE15/b38tw5q
kkU7yXhIzSgSpYY+ySrDQoyGKlCRSjELFEqJSCaXWHe9F9henQWq42R057OU/fz4
zK7yG7xxyczjDzctL7TlE/4v/OmEJRe47Bx9uwIDAQABo4ICGDCCAhQwHQYDVR0O
BBYEFPb4+VBsxUxKQEshCOwiQjBdkmOqMB8GA1UdIwQYMBaAFBp/A24lkjkftFo9
0zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
R244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJhLzEv
OXZqNVVHekZURXBBU3lFSTdDSkNNRjJTWTZvLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8y
NGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJhLzEvR244RGJpV1NPUi0w
V2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4G
CCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWd4MA0EAgACMAcDBQMqBivAMA0G
CSqGSIb3DQEBCwUAA4IBAQBeke0jTOgpmyXiwOEedTapR1GmpdRTbQeRcenN1vhy
IRKjV1JAtShLijxRAb2DfkLAAQavOrEuHF240IWpoJKRDnrbOB8H+KA15l5yUpl8
kEd++sPisn/xvB1l01SVp3jwnXJUufudVV4EO4VjUWLd+H6Pg9bsBDUELetV0i2h
aXIc9mGwa3nSNXkavQZv4g0x5gGgj++TgyiqTHuwNrmBWpwUdgim6BVtFZNpcxsR
lCwFgFOQT3QL/wPtdxxR70aooFtUZvWDhtG0JLcdsJmjgO773cNfOQKE+GVJ4ky/
Rh1xLLDfPaW8JF3oKEAt/BkBJ1yLKcVGh70ZCGXgS2ZB
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:03 2023 by rpki-client on console-fra.rpki-client.org