Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/YJxj8nRp6gW8B2Ls2PtntnEyBZc.roa
File:                     YJxj8nRp6gW8B2Ls2PtntnEyBZc.roa (raw, json)
Hash identifier:          +mvSYjsrmuFnssqqA01TpoHnKW1Pat6Pu433oZ3uyVc=
Subject key identifier:   60:9C:63:F2:74:69:EA:05:BC:07:62:EC:D8:FB:67:B6:71:32:05:97
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       C98F05
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/YJxj8nRp6gW8B2Ls2PtntnEyBZc.roa
Signing time:             Mon 11 Apr 2022 13:10:56 +0000
ROA not before:           Mon 11 Apr 2022 13:10:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        2.59.181.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13209349 (0xc98f05)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Apr 11 13:10:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=609c63f27469ea05bc0762ecd8fb67b671320597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:14:17:87:b5:77:e2:d1:d9:e4:31:5b:13:78:
                    ee:3e:28:a1:c5:74:df:29:2e:7d:d5:74:82:b6:86:
                    70:4a:d3:1c:ca:1b:27:af:ff:40:29:cb:24:59:e5:
                    97:0d:ee:93:90:d5:66:51:2b:9e:04:15:0f:8e:79:
                    64:65:52:0f:f9:4d:95:27:88:4b:55:20:48:e3:68:
                    0e:04:4e:04:e2:17:eb:f3:88:0c:17:64:67:be:bc:
                    10:5a:ac:57:0c:45:f2:c9:3c:99:6b:10:d8:d9:07:
                    a8:e2:ec:de:6a:b5:09:76:79:5f:bf:05:49:4d:84:
                    1f:8e:f7:36:dc:2d:57:d5:63:34:a2:f4:4e:54:ce:
                    43:40:5a:d1:a8:41:1a:4a:51:8d:47:96:25:86:36:
                    95:fd:f8:bd:02:74:91:0b:5c:ec:e0:f7:21:f3:64:
                    41:9b:c4:e7:18:99:ce:6d:5c:e4:49:82:81:ff:b7:
                    c6:a6:43:53:0d:72:05:70:1d:81:5d:42:f3:a3:a8:
                    c8:c0:d1:af:56:93:aa:7d:f6:80:8b:b2:fd:76:89:
                    6a:7d:74:98:62:cb:5b:c0:9a:34:5c:65:d9:57:a1:
                    fc:07:2a:0f:e7:59:88:71:9d:44:b0:c1:2e:ab:eb:
                    95:f0:73:34:d7:7b:af:5a:de:2e:e4:74:b9:84:ce:
                    a0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9C:63:F2:74:69:EA:05:BC:07:62:EC:D8:FB:67:B6:71:32:05:97
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/YJxj8nRp6gW8B2Ls2PtntnEyBZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:55:03:bb:52:44:38:c5:0f:49:5e:c9:48:2d:f4:f2:41:86:
         ce:20:75:bb:2f:cc:15:fd:2c:a9:0a:63:ec:7c:90:27:ee:8c:
         7e:03:17:43:35:74:b9:5f:d4:21:18:84:2f:c3:03:f3:5a:85:
         ac:ed:59:77:7d:f6:2f:54:2e:b5:40:68:d0:6c:99:63:65:13:
         2e:9f:82:0b:ac:6a:88:10:d6:45:1f:7d:50:3a:1b:28:ff:c2:
         be:2c:52:af:4f:7a:d3:5d:35:ba:ca:42:17:4b:e5:b5:7c:f1:
         ef:f3:46:36:65:08:b0:2b:cb:a9:3e:b0:56:08:a2:9f:57:01:
         bb:cd:2d:9e:da:f8:94:ee:b6:07:17:3d:1a:9c:49:94:67:56:
         30:a9:ff:29:dc:b0:dd:2a:a8:8a:f9:bb:63:07:2b:d1:19:11:
         67:2f:3c:20:ad:8b:6f:ef:72:6d:6e:49:9c:37:32:9a:2a:f1:
         a8:ff:1b:69:13:ea:5f:87:ee:c0:46:ad:06:90:d0:ec:fe:61:
         bc:35:9e:15:0b:cb:14:e0:15:06:97:26:99:80:8b:d4:19:62:
         59:4d:46:6d:b4:f2:8d:7b:f2:0b:47:4e:e3:6a:7a:bb:29:ac:
         be:0b:a4:a6:e1:4a:bc:81:83:2f:41:6f:21:4f:2d:76:f4:a9:
         58:63:41:95
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAMmPBTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YTdmMDM2ZTI1OTIzOTFmYjQ1YTNkZDMzY2FmMGIwNzk1Njk3M2NmMB4XDTIyMDQx
MTEzMTA1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjA5YzYzZjI3NDY5
ZWEwNWJjMDc2MmVjZDhmYjY3YjY3MTMyMDU5NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOQUF4e1d+LR2eQxWxN47j4oocV03ykufdV0graGcErTHMob
J6//QCnLJFnllw3uk5DVZlErngQVD455ZGVSD/lNlSeIS1UgSONoDgROBOIX6/OI
DBdkZ768EFqsVwxF8sk8mWsQ2NkHqOLs3mq1CXZ5X78FSU2EH473NtwtV9VjNKL0
TlTOQ0Ba0ahBGkpRjUeWJYY2lf34vQJ0kQtc7OD3IfNkQZvE5xiZzm1c5EmCgf+3
xqZDUw1yBXAdgV1C86OoyMDRr1aTqn32gIuy/XaJan10mGLLW8CaNFxl2Veh/Acq
D+dZiHGdRLDBLqvrlfBzNNd7r1reLuR0uYTOoBsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRgnGPydGnqBbwHYuzY+2e2cTIFlzAfBgNVHSMEGDAWgBQafwNuJZI5H7Ra
PdM8rwsHlWlzzzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0duOERiaVdTT1ItMFdqM1RQSzhMQjVWcGM4OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWQvMjRiZTFhLTE2ZGEtNDgxYy04YmNiLTM0MGQ2MjVjNmRiYS8x
L1lKeGo4blJwNmdXOEIyTHMyUHRudG5FeUJaYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQv
MjRiZTFhLTE2ZGEtNDgxYy04YmNiLTM0MGQ2MjVjNmRiYS8xL0duOERiaVdTT1It
MFdqM1RQSzhMQjVWcGM4OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI7tTANBgkqhkiG9w0BAQsFAAOC
AQEAoVUDu1JEOMUPSV7JSC308kGGziB1uy/MFf0sqQpj7HyQJ+6MfgMXQzV0uV/U
IRiEL8MD81qFrO1Zd332L1QutUBo0GyZY2UTLp+CC6xqiBDWRR99UDobKP/CvixS
r0960101uspCF0vltXzx7/NGNmUIsCvLqT6wVgiin1cBu80tntr4lO62Bxc9GpxJ
lGdWMKn/Kdyw3Sqoivm7Ywcr0RkRZy88IK2Lb+9ybW5JnDcymirxqP8baRPqX4fu
wEatBpDQ7P5hvDWeFQvLFOAVBpcmmYCL1BliWU1GbbTyjXvyC0dO42p6uymsvguk
puFKvIGDL0FvIU8tdvSpWGNBlQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:09:53 2023 by rpki-client on console-ams.rpki-client.org