Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/TazcAs6Sng9v1r6PCL6_d7ad4r0.roa
File:                     TazcAs6Sng9v1r6PCL6_d7ad4r0.roa (raw, json)
Hash identifier:          8BoDwoX43yPcQ7mHN66qU2QOSCH4otCNrKBItXXKfww=
Subject key identifier:   4D:AC:DC:02:CE:92:9E:0F:6F:D6:BE:8F:08:BE:BF:77:B6:9D:E2:BD
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       0195780C
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/TazcAs6Sng9v1r6PCL6_d7ad4r0.roa
Signing time:             Fri 01 Jul 2022 07:06:02 +0000
ROA not before:           Fri 01 Jul 2022 07:06:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        45.156.147.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 26572812 (0x195780c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jul  1 07:06:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4dacdc02ce929e0f6fd6be8f08bebf77b69de2bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:cb:c0:92:ee:98:e5:16:c4:8d:1f:6a:06:be:
                    54:69:da:8b:6c:0d:1e:cc:b5:9c:f8:6d:ec:3f:8f:
                    b6:fa:34:c7:8b:25:40:3e:35:88:cc:4c:5f:96:2d:
                    ff:a2:a8:00:93:2b:9d:05:31:f4:45:97:11:08:03:
                    ca:a4:66:9f:45:ae:59:e0:30:05:25:c3:cd:50:0b:
                    46:54:af:2b:4f:95:f4:b6:5c:62:7c:f4:b6:60:4a:
                    1d:c6:67:74:4c:80:b7:21:d4:c4:29:19:bc:02:a6:
                    8e:d2:d3:e7:a6:57:aa:ee:63:75:fa:ac:3a:e8:07:
                    10:22:1c:f3:f4:84:a6:bf:f0:51:08:92:3a:c5:d5:
                    a4:90:17:bf:5c:90:53:da:b0:b8:bc:ec:9b:b2:9f:
                    85:3c:5a:5f:07:05:c1:a1:98:54:af:0d:c7:bd:d1:
                    9b:d5:87:af:16:70:8f:85:3a:78:7f:ea:22:60:3c:
                    fd:30:a3:3e:c6:c0:f3:32:29:ac:14:b5:e9:7a:9a:
                    a6:e4:cd:0e:cc:98:27:88:b8:be:be:ea:89:d6:a7:
                    75:79:6d:f9:a4:84:07:a6:8b:80:f4:96:78:46:c0:
                    90:8e:68:33:f1:86:2d:d8:79:2e:70:7f:7b:de:48:
                    c0:f3:63:70:f2:1f:a3:52:be:39:a8:1d:f9:d9:52:
                    2c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:AC:DC:02:CE:92:9E:0F:6F:D6:BE:8F:08:BE:BF:77:B6:9D:E2:BD
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/TazcAs6Sng9v1r6PCL6_d7ad4r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:b5:2a:e5:88:16:25:5a:23:e8:6a:bb:26:b3:52:0a:cd:86:
         20:2b:05:9c:a0:72:14:17:bb:3c:38:a0:06:bd:11:63:df:f4:
         6f:f8:91:45:db:fd:84:f6:e9:0b:20:5d:0a:02:6c:20:2f:e7:
         e5:68:76:ca:af:ad:ee:8c:5f:80:41:1b:67:2b:e7:90:9d:1b:
         d0:53:09:0f:b6:7d:28:e3:12:0c:c8:ea:9b:b2:38:ae:e2:0d:
         fc:d6:66:e6:c9:61:c7:74:38:00:92:97:4c:3d:9d:57:21:7b:
         42:2a:0e:d3:f7:44:f7:88:7f:ab:0a:ef:1f:08:b9:57:4c:44:
         16:c0:5c:a1:7c:f4:57:19:d5:0b:b8:d2:45:04:20:77:2f:7b:
         31:7e:cf:72:17:e1:43:f4:c3:b5:af:c4:23:c5:db:d3:af:76:
         56:70:34:c9:ec:0f:da:2f:2b:08:8f:2a:97:99:89:43:93:5c:
         24:0f:2b:dd:b1:40:14:67:f1:c2:96:ce:f9:3a:84:e1:48:e2:
         5e:97:c3:02:3d:7c:05:17:29:4e:5a:0f:47:d3:54:8a:84:68:
         73:7d:90:5a:97:d8:ec:03:47:a0:92:a0:11:36:cb:cb:6c:30:
         87:96:2a:c1:c1:7a:30:fc:e6:00:74:f7:12:13:dc:81:f4:a2:
         bb:a0:d8:a0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAZV4DDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YTdmMDM2ZTI1OTIzOTFmYjQ1YTNkZDMzY2FmMGIwNzk1Njk3M2NmMB4XDTIyMDcw
MTA3MDYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGRhY2RjMDJjZTky
OWUwZjZmZDZiZThmMDhiZWJmNzdiNjlkZTJiZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOTLwJLumOUWxI0faga+VGnai2wNHsy1nPht7D+Ptvo0x4sl
QD41iMxMX5Yt/6KoAJMrnQUx9EWXEQgDyqRmn0WuWeAwBSXDzVALRlSvK0+V9LZc
Ynz0tmBKHcZndEyAtyHUxCkZvAKmjtLT56ZXqu5jdfqsOugHECIc8/SEpr/wUQiS
OsXVpJAXv1yQU9qwuLzsm7KfhTxaXwcFwaGYVK8Nx73Rm9WHrxZwj4U6eH/qImA8
/TCjPsbA8zIprBS16XqapuTNDsyYJ4i4vr7qidandXlt+aSEB6aLgPSWeEbAkI5o
M/GGLdh5LnB/e95IwPNjcPIfo1K+Oagd+dlSLLECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRNrNwCzpKeD2/Wvo8Ivr93tp3ivTAfBgNVHSMEGDAWgBQafwNuJZI5H7Ra
PdM8rwsHlWlzzzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0duOERiaVdTT1ItMFdqM1RQSzhMQjVWcGM4OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWQvMjRiZTFhLTE2ZGEtNDgxYy04YmNiLTM0MGQ2MjVjNmRiYS8x
L1RhemNBczZTbmc5djFyNlBDTDZfZDdhZDRyMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQv
MjRiZTFhLTE2ZGEtNDgxYy04YmNiLTM0MGQ2MjVjNmRiYS8xL0duOERiaVdTT1It
MFdqM1RQSzhMQjVWcGM4OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2ckzANBgkqhkiG9w0BAQsFAAOC
AQEAY7Uq5YgWJVoj6Gq7JrNSCs2GICsFnKByFBe7PDigBr0RY9/0b/iRRdv9hPbp
CyBdCgJsIC/n5Wh2yq+t7oxfgEEbZyvnkJ0b0FMJD7Z9KOMSDMjqm7I4ruIN/NZm
5slhx3Q4AJKXTD2dVyF7QioO0/dE94h/qwrvHwi5V0xEFsBcoXz0VxnVC7jSRQQg
dy97MX7PchfhQ/TDta/EI8Xb0692VnA0yewP2i8rCI8ql5mJQ5NcJA8r3bFAFGfx
wpbO+TqE4UjiXpfDAj18BRcpTloPR9NUioRoc32QWpfY7ANHoJKgETbLy2wwh5Yq
wcF6MPzmAHT3EhPcgfSiu6DYoA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:53 2023 by rpki-client on console-ams.rpki-client.org