Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/jKvWPNJbUXj82lpWbzN2hcY56_Q.roa
File:                     jKvWPNJbUXj82lpWbzN2hcY56_Q.roa (raw, json)
Hash identifier:          AsVIbOCXfloLI3jXDT8VaZVV3p+K3a8BaUP0mq0uaq4=
Subject key identifier:   8C:AB:D6:3C:D2:5B:51:78:FC:DA:5A:56:6F:33:76:85:C6:39:EB:F4
Certificate issuer:       /CN=a1628e39f471addc75e71a391b82dd925c7f081d
Certificate serial:       02D42A25
Authority key identifier: A1:62:8E:39:F4:71:AD:DC:75:E7:1A:39:1B:82:DD:92:5C:7F:08:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/jKvWPNJbUXj82lpWbzN2hcY56_Q.roa
Signing time:             Sat 01 Jan 2022 05:01:43 +0000
ROA not before:           Sat 01 Jan 2022 05:01:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        193.239.244.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 47458853 (0x2d42a25)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1628e39f471addc75e71a391b82dd925c7f081d
        Validity
            Not Before: Jan  1 05:01:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8cabd63cd25b5178fcda5a566f337685c639ebf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bc:05:6e:9b:fc:27:aa:c0:5f:8f:70:74:d2:
                    d7:55:49:dc:8a:ae:8e:95:e8:20:f4:e8:0e:6b:6d:
                    10:33:96:03:ff:36:7c:fa:4a:f0:82:69:d4:30:64:
                    d3:1f:0f:8a:26:e0:07:3f:e1:f5:bc:8c:24:ec:86:
                    61:c1:c6:5d:6e:23:fd:8f:ba:ff:98:67:aa:98:b9:
                    4a:13:64:03:ed:e6:59:12:70:ab:54:74:f0:4a:9d:
                    ce:52:c1:74:87:bd:8a:aa:fb:05:0a:1f:eb:23:03:
                    0a:7d:45:be:ae:2f:c4:6b:dc:04:ea:dd:39:0b:16:
                    c0:90:11:e5:e9:ee:b4:ee:46:f7:48:b5:d9:da:66:
                    fa:44:32:b8:d4:8c:95:0a:f5:23:e5:c1:bc:75:74:
                    97:f5:9e:42:16:0d:53:96:56:6c:91:1c:82:56:a3:
                    34:20:22:4c:4b:52:0e:7f:8c:b1:fa:75:52:95:8a:
                    14:22:21:14:02:ee:88:45:2f:55:6d:1b:4a:7e:45:
                    75:90:82:45:75:c0:4a:1c:a1:b3:65:1e:b1:5b:c4:
                    3e:b1:a4:86:0c:9b:18:bc:2e:23:9b:22:46:5a:af:
                    ed:19:1b:d4:e9:d7:8b:3d:28:71:05:87:e8:71:34:
                    9f:da:1e:ae:db:92:14:45:fd:bd:1e:1b:34:55:b8:
                    c8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:AB:D6:3C:D2:5B:51:78:FC:DA:5A:56:6F:33:76:85:C6:39:EB:F4
            X509v3 Authority Key Identifier:
                keyid:A1:62:8E:39:F4:71:AD:DC:75:E7:1A:39:1B:82:DD:92:5C:7F:08:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/jKvWPNJbUXj82lpWbzN2hcY56_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/oWKOOfRxrdx15xo5G4Ldklx_CB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:29:3f:6e:68:36:38:09:08:06:c2:4a:71:f4:14:2d:69:90:
         0d:c5:b0:b5:30:9e:10:72:b7:34:0a:92:bd:3b:eb:69:f2:42:
         c3:4c:83:bf:83:f5:64:68:dd:a3:be:90:ad:65:9f:5b:f6:77:
         64:c2:1c:72:9e:91:fb:43:4b:23:14:b6:60:d5:f0:27:90:cd:
         56:9c:77:99:0a:19:79:05:e8:87:36:14:52:0a:f9:d2:8b:57:
         24:e0:75:68:3f:7d:19:9a:8a:55:33:6c:3b:92:6c:85:68:7c:
         f1:6f:d1:3e:cb:32:ad:9d:c2:14:5a:9a:5e:93:af:79:cc:69:
         83:0f:18:f0:89:e1:dd:aa:f4:1f:61:1f:38:52:47:0c:49:13:
         47:79:bb:c4:f5:eb:7e:41:41:67:30:43:9b:a7:e0:81:bb:22:
         78:54:e0:1c:3d:ec:35:65:0b:18:1c:16:e0:7d:91:e4:76:d7:
         43:2d:72:6d:c9:f1:67:50:11:23:6d:bc:1d:60:b6:97:f1:a3:
         e7:c9:85:d1:2b:ac:30:0c:8b:12:d7:8f:6e:37:c5:23:fa:0c:
         47:9e:91:45:15:db:9c:23:fd:59:00:12:a9:34:cd:af:d4:58:
         d1:7e:b6:9b:b2:0c:e8:67:f9:81:00:37:ca:c2:65:b0:66:91:
         25:eb:d6:ae
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAtQqJTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MTYyOGUzOWY0NzFhZGRjNzVlNzFhMzkxYjgyZGQ5MjVjN2YwODFkMB4XDTIyMDEw
MTA1MDE0M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGNhYmQ2M2NkMjVi
NTE3OGZjZGE1YTU2NmYzMzc2ODVjNjM5ZWJmNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM+8BW6b/CeqwF+PcHTS11VJ3IqujpXoIPToDmttEDOWA/82
fPpK8IJp1DBk0x8PiibgBz/h9byMJOyGYcHGXW4j/Y+6/5hnqpi5ShNkA+3mWRJw
q1R08EqdzlLBdIe9iqr7BQof6yMDCn1Fvq4vxGvcBOrdOQsWwJAR5enutO5G90i1
2dpm+kQyuNSMlQr1I+XBvHV0l/WeQhYNU5ZWbJEcglajNCAiTEtSDn+Msfp1UpWK
FCIhFALuiEUvVW0bSn5FdZCCRXXAShyhs2UesVvEPrGkhgybGLwuI5siRlqv7Rkb
1OnXiz0ocQWH6HE0n9oertuSFEX9vR4bNFW4yKECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSMq9Y80ltRePzaWlZvM3aFxjnr9DAfBgNVHSMEGDAWgBShYo459HGt3HXn
Gjkbgt2SXH8IHTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29XS09PZlJ4cmR4MTV4bzVHNExka2x4X0NCMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmQvMzg5ZWQyLTFiODItNDVjOS1hNzBhLTAyNWEwZTZmMDVhZS8x
L2pLdldQTkpiVVhqODJscFdiek4yaGNZNTZfUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQv
Mzg5ZWQyLTFiODItNDVjOS1hNzBhLTAyNWEwZTZmMDVhZS8xL29XS09PZlJ4cmR4
MTV4bzVHNExka2x4X0NCMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcHv9DANBgkqhkiG9w0BAQsFAAOC
AQEANik/bmg2OAkIBsJKcfQULWmQDcWwtTCeEHK3NAqSvTvrafJCw0yDv4P1ZGjd
o76QrWWfW/Z3ZMIccp6R+0NLIxS2YNXwJ5DNVpx3mQoZeQXohzYUUgr50otXJOB1
aD99GZqKVTNsO5JshWh88W/RPssyrZ3CFFqaXpOvecxpgw8Y8Inh3ar0H2EfOFJH
DEkTR3m7xPXrfkFBZzBDm6fggbsieFTgHD3sNWULGBwW4H2R5HbXQy1ybcnxZ1AR
I228HWC2l/Gj58mF0SusMAyLEtePbjfFI/oMR56RRRXbnCP9WQASqTTNr9RY0X62
m7IM6Gf5gQA3ysJlsGaRJevWrg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:56 2023 by rpki-client on console-fra.rpki-client.org