Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/C1fJnR4qXj7mvXjlmBIkmtZ-ER0.roa
File:                     C1fJnR4qXj7mvXjlmBIkmtZ-ER0.roa (raw, json)
Hash identifier:          ih2IXRxbA01ASv2TG5dpAuWTSMNJuAareTnXrx93pFE=
Subject key identifier:   0B:57:C9:9D:1E:2A:5E:3E:E6:BD:78:E5:98:12:24:9A:D6:7E:11:1D
Certificate issuer:       /CN=7a59a5cc61febdb916d4624bbe8c10897353b0c1
Certificate serial:       070577C5
Authority key identifier: 7A:59:A5:CC:61:FE:BD:B9:16:D4:62:4B:BE:8C:10:89:73:53:B0:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/C1fJnR4qXj7mvXjlmBIkmtZ-ER0.roa
Signing time:             Sat 01 Jan 2022 16:05:26 +0000
ROA not before:           Sat 01 Jan 2022 16:05:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35129
IP address blocks:        88.135.0.0/20 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 117798853 (0x70577c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a59a5cc61febdb916d4624bbe8c10897353b0c1
        Validity
            Not Before: Jan  1 16:05:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0b57c99d1e2a5e3ee6bd78e59812249ad67e111d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d7:1d:05:dd:2b:2b:a8:3f:e6:b8:48:e7:eb:
                    e5:da:f5:09:2d:3e:e9:a1:88:a6:cc:49:ed:4b:74:
                    ba:b5:0c:26:2f:63:db:c3:3b:52:e3:0b:39:66:68:
                    cc:ae:7e:c7:91:e1:bb:17:f3:23:c3:3d:94:ae:b1:
                    ba:85:00:44:36:30:3c:e0:33:de:59:27:8e:e2:d0:
                    d4:cd:cf:c4:03:3f:ad:d9:3b:eb:08:4a:17:58:3d:
                    55:79:bc:a4:1b:53:db:0e:9f:49:25:dc:5a:43:8b:
                    78:4e:f6:66:fe:fc:e6:29:c6:a3:32:37:93:fd:98:
                    db:30:63:99:96:04:21:c4:1d:e9:ab:5b:a8:73:8c:
                    8c:33:6b:87:26:7e:44:ff:7f:d7:96:1f:3c:7f:6d:
                    0e:51:a9:5f:e8:fc:1e:b9:7b:65:fa:07:14:56:58:
                    a8:23:b9:c5:48:67:ac:8b:9d:84:2b:c0:bd:2d:fb:
                    6c:e4:32:49:75:b7:a5:21:da:48:79:98:fb:2a:4e:
                    7f:b7:82:99:45:56:ba:ed:21:cb:b4:59:83:45:63:
                    98:11:20:4d:9e:58:1f:13:4b:07:8a:24:3c:e3:11:
                    9f:1b:a0:bb:e6:12:72:3e:f5:fe:20:06:ec:3b:e5:
                    52:48:07:94:a6:a9:72:d9:18:d2:b8:e4:48:33:41:
                    02:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:57:C9:9D:1E:2A:5E:3E:E6:BD:78:E5:98:12:24:9A:D6:7E:11:1D
            X509v3 Authority Key Identifier:
                keyid:7A:59:A5:CC:61:FE:BD:B9:16:D4:62:4B:BE:8C:10:89:73:53:B0:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elmlzGH-vbkW1GJLvowQiXNTsME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/C1fJnR4qXj7mvXjlmBIkmtZ-ER0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b1ab1b-0e95-4c3c-8768-903d083496e5/1/elmlzGH-vbkW1GJLvowQiXNTsME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         af:b3:2b:b6:f6:af:4b:31:39:c0:55:7e:9e:d6:41:b9:b6:e9:
         21:45:ea:21:b1:98:f0:3c:e1:23:52:14:21:96:4f:38:92:01:
         0f:2e:83:74:b5:ea:d6:6b:6f:88:b9:63:80:45:c0:59:a2:af:
         13:1e:6a:1b:e9:b7:2d:3c:76:10:69:2a:b3:a4:95:13:38:03:
         75:4d:68:f3:82:64:f3:3e:97:c2:fd:13:1d:bf:b1:b3:c7:f4:
         7d:b1:7a:97:4c:a5:b9:f7:b8:f3:b9:aa:d6:a2:6e:37:e8:05:
         85:ef:3e:9b:4b:d4:a8:56:b5:fc:d6:04:f4:ca:2b:06:24:f1:
         04:23:d2:a8:f9:a8:22:11:91:84:6e:6e:d0:db:3b:2f:cb:82:
         e9:52:a0:d5:de:2a:75:8a:7c:39:d3:f4:55:1d:21:07:bb:06:
         61:06:8d:da:17:a7:e1:8d:c0:dd:f8:fe:07:2c:e2:89:7e:a8:
         f0:03:6b:2e:6b:b9:99:47:61:96:44:8f:41:84:5a:ae:a2:60:
         d0:69:d2:7f:9d:45:8c:90:9b:46:9a:12:70:f8:b6:3b:12:6d:
         ec:e0:4e:80:6f:a6:f2:18:42:8f:46:28:42:66:d1:7d:d0:70:
         57:27:b6:7c:eb:12:cf:26:0d:c8:31:1e:2f:da:3f:73:f5:ad:
         64:0d:09:b8
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBwV3xTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YTU5YTVjYzYxZmViZGI5MTZkNDYyNGJiZThjMTA4OTczNTNiMGMxMB4XDTIyMDEw
MTE2MDUyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGI1N2M5OWQxZTJh
NWUzZWU2YmQ3OGU1OTgxMjI0OWFkNjdlMTExZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJTXHQXdKyuoP+a4SOfr5dr1CS0+6aGIpsxJ7Ut0urUMJi9j
28M7UuMLOWZozK5+x5HhuxfzI8M9lK6xuoUARDYwPOAz3lknjuLQ1M3PxAM/rdk7
6whKF1g9VXm8pBtT2w6fSSXcWkOLeE72Zv785inGozI3k/2Y2zBjmZYEIcQd6atb
qHOMjDNrhyZ+RP9/15YfPH9tDlGpX+j8Hrl7ZfoHFFZYqCO5xUhnrIudhCvAvS37
bOQySXW3pSHaSHmY+ypOf7eCmUVWuu0hy7RZg0VjmBEgTZ5YHxNLB4okPOMRnxug
u+YScj71/iAG7DvlUkgHlKapctkY0rjkSDNBAqsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQLV8mdHipePua9eOWYEiSa1n4RHTAfBgNVHSMEGDAWgBR6WaXMYf69uRbU
Yku+jBCJc1OwwTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2VsbWx6R0gtdmJrVzFHSkx2b3dRaVhOVHNNRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTYvYjFhYjFiLTBlOTUtNGMzYy04NzY4LTkwM2QwODM0OTZlNS8x
L0MxZkpuUjRxWGo3bXZYamxtQklrbXRaLUVSMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTYv
YjFhYjFiLTBlOTUtNGMzYy04NzY4LTkwM2QwODM0OTZlNS8xL2VsbWx6R0gtdmJr
VzFHSkx2b3dRaVhOVHNNRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBFiHADANBgkqhkiG9w0BAQsFAAOC
AQEAr7MrtvavSzE5wFV+ntZBubbpIUXqIbGY8DzhI1IUIZZPOJIBDy6DdLXq1mtv
iLljgEXAWaKvEx5qG+m3LTx2EGkqs6SVEzgDdU1o84Jk8z6Xwv0THb+xs8f0fbF6
l0ylufe487mq1qJuN+gFhe8+m0vUqFa1/NYE9MorBiTxBCPSqPmoIhGRhG5u0Ns7
L8uC6VKg1d4qdYp8OdP0VR0hB7sGYQaN2hen4Y3A3fj+ByziiX6o8ANrLmu5mUdh
lkSPQYRarqJg0GnSf51FjJCbRpoScPi2OxJt7OBOgG+m8hhCj0YoQmbRfdBwVye2
fOsSzyYNyDEeL9o/c/WtZA0JuA==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:12 2023 by rpki-client on console.sobornost.net