Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/vrB6OlrIkgFpgGsaEJHMp1z03VQ.roa
File:                     vrB6OlrIkgFpgGsaEJHMp1z03VQ.roa (raw, json)
Hash identifier:          GHZofh2qX4O+MblUgAMm2rrh9zk7OL/ITjPO5PRGHAM=
Subject key identifier:   BE:B0:7A:3A:5A:C8:92:01:69:80:6B:1A:10:91:CC:A7:5C:F4:DD:54
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       0183F56AF9ACA17FEC9E2CDF20E0211CA968
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/vrB6OlrIkgFpgGsaEJHMp1z03VQ.roa
Signing time:             Thu 20 Oct 2022 12:42:52 +0000
ROA not before:           Thu 20 Oct 2022 12:42:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     142111
IP address blocks:        2.59.182.0/24 maxlen: 24
                          45.156.146.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:f5:6a:f9:ac:a1:7f:ec:9e:2c:df:20:e0:21:1c:a9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Oct 20 12:42:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=beb07a3a5ac8920169806b1a1091cca75cf4dd54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:31:2b:0d:83:42:0e:b3:c3:59:8a:da:38:a5:
                    63:ee:08:c8:c5:a9:d9:68:b4:c9:3e:06:53:2e:5b:
                    55:4c:35:30:30:25:04:8f:c6:17:c7:ac:82:55:cf:
                    58:2a:c9:3c:ee:50:33:b5:19:b2:be:61:a6:78:dd:
                    b0:24:b5:c9:e2:17:da:bf:86:a0:a5:e0:8b:ea:bf:
                    34:66:86:20:1b:55:b0:57:da:52:f6:58:65:2a:ea:
                    24:49:48:29:f8:81:e4:2c:63:04:f6:76:73:4a:22:
                    f8:d4:83:02:f0:f1:74:5c:6b:4a:9c:38:c0:36:89:
                    69:58:d2:97:b5:87:b0:50:d6:1d:49:fc:82:f5:6e:
                    b6:30:92:b8:08:90:bc:76:9d:31:ae:a4:8d:c5:ba:
                    6f:03:27:1c:99:c4:96:8d:2d:a4:fe:b2:60:34:b2:
                    bf:a2:1d:98:41:b2:68:38:18:52:d1:08:f0:72:81:
                    86:fa:3e:33:36:de:b9:40:e6:28:aa:ed:0d:76:ef:
                    fc:5a:ca:91:d7:23:25:66:14:cc:1a:9c:84:3f:40:
                    67:bf:2b:48:be:9b:a0:7f:b2:f4:b3:45:40:d6:b3:
                    c9:eb:ff:bd:08:02:a7:b7:c1:94:1c:6e:1e:ff:8a:
                    00:bc:77:0a:ae:28:92:d5:26:7f:7c:29:25:06:92:
                    60:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B0:7A:3A:5A:C8:92:01:69:80:6B:1A:10:91:CC:A7:5C:F4:DD:54
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/vrB6OlrIkgFpgGsaEJHMp1z03VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.182.0/24
                  45.156.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:12:a5:30:17:8f:fd:a8:40:c2:8f:75:9e:49:67:4b:8f:ef:
         cd:65:37:e1:f9:a3:53:f0:03:33:9e:c2:ef:c1:9e:a2:1f:72:
         3c:9c:93:a3:ec:85:ee:dd:c6:87:1c:65:1d:ae:5d:df:1d:08:
         de:08:ed:1d:19:27:58:22:de:16:f9:59:eb:27:3f:c4:24:8c:
         c0:b6:99:a0:bd:16:8e:83:c1:64:53:3d:ac:65:fb:73:99:c4:
         76:d2:91:23:69:10:8f:1d:1a:83:1f:0f:7a:a1:58:92:00:f2:
         3a:2a:ac:1a:ce:b9:d4:41:ee:93:ae:91:bd:78:0d:a0:a0:f7:
         cf:51:2c:10:fc:13:3c:1c:e7:c8:91:02:62:4b:e5:9b:68:7b:
         34:25:2b:b4:37:81:0c:6d:c5:df:e9:0c:b4:12:3c:88:ea:e7:
         09:cc:9c:6f:50:e2:79:ae:a0:2b:64:34:19:ff:36:6a:d0:08:
         d4:c7:a5:18:d4:c6:5d:f8:46:98:d3:b9:a3:23:08:1e:64:a0:
         8f:16:6c:66:b8:64:59:51:21:f3:1b:bb:81:5e:9e:bb:6d:1f:
         48:5b:89:a4:01:e2:e6:bc:f4:94:78:99:51:6a:35:40:4e:f0:
         ab:91:e6:35:da:ef:48:56:8e:31:d2:77:99:5e:07:4a:22:8e:
         72:3b:58:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYP1avmsoX/snizfIOAhHKloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjIxMDIwMTI0MjUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWIwN2EzYTVhYzg5MjAxNjk4MDZiMWExMDkxY2NhNzVjZjRkZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDErDYNCDrPDWYraOKVj7gjIxanZ
aLTJPgZTLltVTDUwMCUEj8YXx6yCVc9YKsk87lAztRmyvmGmeN2wJLXJ4hfav4ag
peCL6r80ZoYgG1WwV9pS9lhlKuokSUgp+IHkLGME9nZzSiL41IMC8PF0XGtKnDjA
NolpWNKXtYewUNYdSfyC9W62MJK4CJC8dp0xrqSNxbpvAyccmcSWjS2k/rJgNLK/
oh2YQbJoOBhS0QjwcoGG+j4zNt65QOYoqu0Ndu/8WsqR1yMlZhTMGpyEP0BnvytI
vpugf7L0s0VA1rPJ6/+9CAKnt8GUHG4e/4oAvHcKriiS1SZ/fCklBpJgZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL6wejpayJIBaYBrGhCRzKdc9N1UMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvdnJCNk9scklrZ0ZwZ0dzYUVKSE1wMXowM1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAju2AwQA
LZySMA0GCSqGSIb3DQEBCwUAA4IBAQA1EqUwF4/9qEDCj3WeSWdLj+/NZTfh+aNT
8AMznsLvwZ6iH3I8nJOj7IXu3caHHGUdrl3fHQjeCO0dGSdYIt4W+VnrJz/EJIzA
tpmgvRaOg8FkUz2sZftzmcR20pEjaRCPHRqDHw96oViSAPI6KqwazrnUQe6TrpG9
eA2goPfPUSwQ/BM8HOfIkQJiS+WbaHs0JSu0N4EMbcXf6Qy0EjyI6ucJzJxvUOJ5
rqArZDQZ/zZq0AjUx6UY1MZd+EaY07mjIwgeZKCPFmxmuGRZUSHzG7uBXp67bR9I
W4mkAeLmvPSUeJlRajVATvCrkeY12u9IVo4x0neZXgdKIo5yO1jP
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:03 2023 by rpki-client on console-fra.rpki-client.org