Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/hkk_0Xg9Q4GbIgtSfF-dSJJdrQw.roa
File:                     hkk_0Xg9Q4GbIgtSfF-dSJJdrQw.roa (raw, json)
Hash identifier:          GshAN6ru2DTOIv20NkJyf9hHjWA6tH1Cs6uNGw8e46Q=
Subject key identifier:   86:49:3F:D1:78:3D:43:81:9B:22:0B:52:7C:5F:9D:48:92:5D:AD:0C
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       011B43B0
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/hkk_0Xg9Q4GbIgtSfF-dSJJdrQw.roa
Signing time:             Thu 12 May 2022 16:49:02 +0000
ROA not before:           Thu 12 May 2022 16:49:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48741
IP address blocks:        45.156.145.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 18564016 (0x11b43b0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: May 12 16:49:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=86493fd1783d43819b220b527c5f9d48925dad0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3c:94:05:94:d5:6d:de:48:0f:53:93:2f:fd:
                    88:72:2b:92:ab:a1:3b:2e:9e:44:9a:ff:5a:63:60:
                    52:02:1e:d6:3d:22:ce:75:f8:42:c8:01:32:af:7f:
                    4e:ba:1b:b4:9e:1c:1e:dc:1f:a1:de:0e:72:46:44:
                    b7:c3:d4:3d:d4:2a:03:f3:c3:96:d9:c0:a6:f6:14:
                    41:db:75:18:7f:cf:76:1a:9b:79:5c:9b:bd:ea:c0:
                    6a:4a:1f:03:03:7f:b5:5d:5e:48:7c:be:32:0b:93:
                    91:c5:ee:e8:19:47:a3:8c:47:1a:a0:92:ce:e0:38:
                    1e:45:c1:36:61:cc:3c:96:ed:da:af:8a:61:22:75:
                    4f:69:b0:9f:09:e5:32:4a:d8:30:e4:0a:b8:f1:5f:
                    6c:6b:fc:e7:de:85:2c:cf:7e:18:2d:59:bc:d8:b8:
                    c9:42:99:bb:25:3d:eb:14:ea:26:c1:f2:bf:2d:61:
                    11:cb:fd:ec:00:ed:3b:48:af:f2:2c:9f:11:e4:cb:
                    d0:e9:a2:81:88:e3:eb:98:a5:af:f1:4a:3f:b3:95:
                    b4:5d:84:02:bd:72:5e:b9:b4:f3:c6:ab:02:a5:c1:
                    fb:7f:68:22:a6:b5:86:37:94:f7:12:c0:dc:9a:6e:
                    96:7b:fd:9a:5c:ee:06:4d:8b:a3:ce:19:fa:9e:c6:
                    95:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:49:3F:D1:78:3D:43:81:9B:22:0B:52:7C:5F:9D:48:92:5D:AD:0C
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/hkk_0Xg9Q4GbIgtSfF-dSJJdrQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:5d:ff:ed:7d:c6:e3:c0:7e:8a:4a:9f:29:4e:d0:2d:97:88:
         6a:ef:ef:4d:20:78:4b:a4:fb:09:fc:3d:60:22:f8:c1:0c:d2:
         3f:91:2a:bd:f4:b8:e8:2f:ad:2e:6c:17:29:94:ee:fb:6e:27:
         bd:cc:21:80:a0:ae:e9:6e:f6:ed:9a:18:a6:d0:f1:eb:7f:9a:
         55:0b:15:13:60:2c:b0:da:c5:18:36:b6:ed:76:5e:5d:de:94:
         96:a5:97:a9:06:d3:49:25:ca:4d:71:99:7f:13:12:86:7c:39:
         9d:7f:f9:21:37:02:26:06:45:e4:34:e2:b5:ea:ce:18:6f:bc:
         73:8b:c0:4c:c3:1f:62:84:5c:d4:b3:ac:73:d6:7c:7e:88:d8:
         e7:34:b4:3b:33:7d:2d:54:63:21:de:9a:15:ca:c3:ee:b7:40:
         96:68:85:6d:24:a3:f5:fd:ff:55:5e:5a:06:9c:6f:2d:51:40:
         97:f4:0b:b0:23:1d:44:45:e2:09:c8:42:96:0a:51:da:6f:03:
         19:ba:e8:1d:d6:6b:e4:02:07:5f:db:c0:3b:2a:d8:c8:83:33:
         60:fc:db:06:32:fe:23:d6:9a:e6:3e:76:d8:eb:4c:6e:b1:7c:
         6f:af:c1:8e:99:66:a8:52:c2:26:0d:a8:0f:7a:da:84:34:34:
         07:1c:65:66
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEARtDsDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YTdmMDM2ZTI1OTIzOTFmYjQ1YTNkZDMzY2FmMGIwNzk1Njk3M2NmMB4XDTIyMDUx
MjE2NDkwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODY0OTNmZDE3ODNk
NDM4MTliMjIwYjUyN2M1ZjlkNDg5MjVkYWQwYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALA8lAWU1W3eSA9Tky/9iHIrkquhOy6eRJr/WmNgUgIe1j0i
znX4QsgBMq9/TrobtJ4cHtwfod4OckZEt8PUPdQqA/PDltnApvYUQdt1GH/Pdhqb
eVybverAakofAwN/tV1eSHy+MguTkcXu6BlHo4xHGqCSzuA4HkXBNmHMPJbt2q+K
YSJ1T2mwnwnlMkrYMOQKuPFfbGv8596FLM9+GC1ZvNi4yUKZuyU96xTqJsHyvy1h
Ecv97ADtO0iv8iyfEeTL0OmigYjj65ilr/FKP7OVtF2EAr1yXrm088arAqXB+39o
Iqa1hjeU9xLA3Jpulnv9mlzuBk2Lo84Z+p7Gle0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSGST/ReD1DgZsiC1J8X51Ikl2tDDAfBgNVHSMEGDAWgBQafwNuJZI5H7Ra
PdM8rwsHlWlzzzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0duOERiaVdTT1ItMFdqM1RQSzhMQjVWcGM4OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWQvMjRiZTFhLTE2ZGEtNDgxYy04YmNiLTM0MGQ2MjVjNmRiYS8x
L2hra18wWGc5UTRHYklndFNmRi1kU0pKZHJRdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQv
MjRiZTFhLTE2ZGEtNDgxYy04YmNiLTM0MGQ2MjVjNmRiYS8xL0duOERiaVdTT1It
MFdqM1RQSzhMQjVWcGM4OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2ckTANBgkqhkiG9w0BAQsFAAOC
AQEAM13/7X3G48B+ikqfKU7QLZeIau/vTSB4S6T7Cfw9YCL4wQzSP5EqvfS46C+t
LmwXKZTu+24nvcwhgKCu6W727ZoYptDx63+aVQsVE2AssNrFGDa27XZeXd6UlqWX
qQbTSSXKTXGZfxMShnw5nX/5ITcCJgZF5DTiterOGG+8c4vATMMfYoRc1LOsc9Z8
fojY5zS0OzN9LVRjId6aFcrD7rdAlmiFbSSj9f3/VV5aBpxvLVFAl/QLsCMdREXi
CchClgpR2m8DGbroHdZr5AIHX9vAOyrYyIMzYPzbBjL+I9aa5j522OtMbrF8b6/B
jplmqFLCJg2oD3rahDQ0BxxlZg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:03 2023 by rpki-client on console-fra.rpki-client.org