Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/d2MMngDyrJgfriYG5D87ueHjkpo.roa
File:                     d2MMngDyrJgfriYG5D87ueHjkpo.roa (raw, json)
Hash identifier:          6yuR/RTnm2Wen667pLpwmMbiRgkf4bBifKw5U2MZA24=
Subject key identifier:   77:63:0C:9E:00:F2:AC:98:1F:AE:26:06:E4:3F:3B:B9:E1:E3:92:9A
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       044EF7E4
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/d2MMngDyrJgfriYG5D87ueHjkpo.roa
Signing time:             Sat 01 Jan 2022 06:54:28 +0000
ROA not before:           Sat 01 Jan 2022 06:54:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398849
IP address blocks:        157.23.224.0/20 maxlen: 24
                          2a0e:bbc0:8000::/40 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72284132 (0x44ef7e4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  1 06:54:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=77630c9e00f2ac981fae2606e43f3bb9e1e3929a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5d:25:c7:49:92:e1:78:7e:65:46:82:f5:bc:
                    b1:82:aa:ff:8e:9a:84:94:c1:59:ad:20:56:31:36:
                    73:90:32:d0:6c:53:34:dc:8f:f8:16:56:0c:3a:59:
                    f7:16:96:4a:38:60:d1:60:41:e5:4b:aa:e5:7a:0a:
                    64:e9:dc:86:b6:03:95:a4:5c:0f:ce:9b:a3:83:60:
                    eb:1c:23:50:1d:ce:8b:5a:f1:f9:37:6d:c5:9c:f3:
                    02:c5:b6:aa:ec:73:f7:be:99:29:15:97:77:4d:5e:
                    e0:f9:5f:e6:d9:9c:7c:e7:98:dc:12:7d:d0:25:19:
                    fe:3a:29:5b:64:c6:54:92:a7:b0:1a:00:82:c8:da:
                    6d:e4:cd:e5:e8:c5:9d:94:35:8f:a3:a7:a6:da:0e:
                    29:92:00:99:d8:4f:11:b1:f6:c6:c9:44:0c:72:73:
                    7f:95:7b:fc:1c:e5:f8:d6:cc:a6:a4:83:09:92:32:
                    38:44:17:34:1c:8e:a2:5c:f2:4d:3c:55:43:fb:5d:
                    db:18:ca:6c:98:02:f8:56:44:fe:df:5c:c1:66:71:
                    86:3d:ae:05:7f:33:83:aa:14:9a:04:41:d5:11:2c:
                    f5:24:77:7c:32:bc:84:e1:b3:bd:44:46:3a:39:97:
                    6d:9d:8f:7c:ec:d6:cb:f9:0f:b0:86:0e:1f:5c:96:
                    b7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:63:0C:9E:00:F2:AC:98:1F:AE:26:06:E4:3F:3B:B9:E1:E3:92:9A
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/d2MMngDyrJgfriYG5D87ueHjkpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.224.0/20
                IPv6:
                  2a0e:bbc0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:7e:a6:6d:44:79:cd:5a:1b:22:55:96:4b:9b:88:58:1d:60:
         a7:8f:0c:a3:f5:89:c2:37:ad:8e:40:b9:03:7d:99:3d:ad:7a:
         ab:20:30:a9:10:5f:e6:e0:a5:c5:8e:4f:83:7f:5f:00:34:50:
         0a:58:83:db:e3:df:76:05:5d:c4:6c:7a:6b:eb:07:d7:ac:66:
         69:13:f6:dc:df:2f:b6:82:24:05:66:51:98:39:a4:87:f5:d2:
         55:08:1f:40:f7:9d:8f:79:83:17:4d:4d:5a:14:f7:29:35:53:
         c2:0a:d7:d5:cd:0b:32:bc:7a:6f:5f:7b:fc:2b:93:9d:78:a5:
         89:5e:56:ea:d5:66:0f:0e:3c:ae:4e:af:3b:59:5e:31:a8:5c:
         90:09:ba:18:b1:13:d9:26:bc:92:f9:ff:12:8f:47:2d:45:67:
         b4:cd:9e:bc:ca:e1:c9:e0:52:12:7d:6e:3a:31:29:52:d8:8d:
         70:62:64:1a:c4:45:4e:c6:04:6e:8d:51:53:19:34:37:3e:08:
         ea:ab:f7:54:41:ff:e3:4a:be:8b:13:cf:4c:7e:fe:6e:67:a6:
         23:24:a8:a6:ac:13:dc:04:e1:54:36:9a:34:d9:4f:a6:4f:8b:
         2e:0d:ca:6b:5b:b3:a3:61:63:67:01:19:02:bf:30:e9:ab:8b:
         db:3e:53:41
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIEBE735DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YmEzNWNmOGFiNmYzZWFhMmFlYmFkZDllMjM3M2RlYzA4OTM2MjVlMB4XDTIyMDEw
MTA2NTQyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzc2MzBjOWUwMGYy
YWM5ODFmYWUyNjA2ZTQzZjNiYjllMWUzOTI5YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL1dJcdJkuF4fmVGgvW8sYKq/46ahJTBWa0gVjE2c5Ay0GxT
NNyP+BZWDDpZ9xaWSjhg0WBB5Uuq5XoKZOnchrYDlaRcD86bo4Ng6xwjUB3Oi1rx
+TdtxZzzAsW2quxz976ZKRWXd01e4Plf5tmcfOeY3BJ90CUZ/jopW2TGVJKnsBoA
gsjabeTN5ejFnZQ1j6OnptoOKZIAmdhPEbH2xslEDHJzf5V7/Bzl+NbMpqSDCZIy
OEQXNByOolzyTTxVQ/td2xjKbJgC+FZE/t9cwWZxhj2uBX8zg6oUmgRB1REs9SR3
fDK8hOGzvURGOjmXbZ2PfOzWy/kPsIYOH1yWt4cCAwEAAaOCAhkwggIVMB0GA1Ud
DgQWBBR3YwyeAPKsmB+uJgbkPzu54eOSmjAfBgNVHSMEGDAWgBS7o1z4q28+qirr
rdniNz3sCJNiXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3U2TmMtS3R2UHFvcTY2M1o0amM5N0FpVFlsNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmEvYTBlMDFhLTliYmMtNDRlZS05OGEzLTU5N2I2ZTI0OTJhYi8x
L2QyTU1uZ0R5ckpnZnJpWUc1RDg3dWVIamtwby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEv
YTBlMDFhLTliYmMtNDRlZS05OGEzLTU5N2I2ZTI0OTJhYi8xL3U2TmMtS3R2UHFv
cTY2M1o0amM5N0FpVFlsNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAv
BggrBgEFBQcBBwEB/wQgMB4wDAQCAAEwBgMEBJ0X4DAOBAIAAjAIAwYAKg67wIAw
DQYJKoZIhvcNAQELBQADggEBAK5+pm1Eec1aGyJVlkubiFgdYKePDKP1icI3rY5A
uQN9mT2teqsgMKkQX+bgpcWOT4N/XwA0UApYg9vj33YFXcRsemvrB9esZmkT9tzf
L7aCJAVmUZg5pIf10lUIH0D3nY95gxdNTVoU9yk1U8IK19XNCzK8em9fe/wrk514
pYleVurVZg8OPK5OrztZXjGoXJAJuhixE9kmvJL5/xKPRy1FZ7TNnrzK4cngUhJ9
bjoxKVLYjXBiZBrERU7GBG6NUVMZNDc+COqr91RB/+NKvosTz0x+/m5npiMkqKas
E9wE4VQ2mjTZT6ZPiy4Nymtbs6NhY2cBGQK/MOmri9s+U0E=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:38 2023 by rpki-client on console-ams.rpki-client.org