Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/04x9TpnSCB6W73x13lBiJ29TFTw.roa
File:                     04x9TpnSCB6W73x13lBiJ29TFTw.roa (raw, json)
Hash identifier:          VTn5nCPb6E8rmYHiarUEayrNrY+WdVPV/Q6J57pY3kY=
Subject key identifier:   D3:8C:7D:4E:99:D2:08:1E:96:EF:7C:75:DE:50:62:27:6F:53:15:3C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01852F2B0421467A701B180FB615DD6CEC1E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/04x9TpnSCB6W73x13lBiJ29TFTw.roa
Signing time:             Tue 20 Dec 2022 10:53:46 +0000
ROA not before:           Tue 20 Dec 2022 10:53:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207713
IP address blocks:        194.87.218.0/24 maxlen: 24
                          194.87.216.0/24 maxlen: 24
                          62.76.233.0/24 maxlen: 24
                          195.133.88.0/24 maxlen: 24
                          194.87.31.0/24 maxlen: 24
                          194.87.45.0/24 maxlen: 24
                          212.192.14.0/24 maxlen: 24
                          194.87.71.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2f:2b:04:21:46:7a:70:1b:18:0f:b6:15:dd:6c:ec:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 20 10:53:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d38c7d4e99d2081e96ef7c75de5062276f53153c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:24:37:4e:a2:71:40:4e:e5:5c:9e:d5:b7:5b:
                    61:c9:97:59:5c:a8:94:ca:2c:59:c5:62:74:5f:54:
                    73:57:92:fb:c0:6e:6f:3e:bf:18:72:8a:6c:47:46:
                    07:64:9b:7b:8b:5e:4d:a8:b4:bd:ed:28:8c:2e:c8:
                    90:00:be:be:55:ab:cc:4d:71:49:10:8c:87:1b:91:
                    1f:a7:4a:ff:a6:94:ca:e7:68:46:d7:e3:c3:f5:88:
                    b6:e8:b5:4e:42:f2:89:86:2f:65:d7:46:1e:4d:2e:
                    ed:03:cd:08:7b:44:a0:c6:d4:1c:8a:a6:42:99:f8:
                    4b:00:e7:0b:d9:1c:a9:ed:4e:04:fa:e5:45:62:d0:
                    a8:2e:ff:22:8d:87:2c:60:44:46:2c:3f:9d:e9:e4:
                    84:75:66:df:08:06:82:d7:73:89:42:83:7d:a4:b5:
                    75:09:d4:77:21:b4:81:85:83:0c:c0:3c:97:40:f6:
                    84:f5:17:89:2c:0e:8c:bb:48:b8:7e:b6:49:d8:b4:
                    c8:86:a9:31:dd:3b:9b:15:da:5e:44:17:5d:d6:22:
                    37:3a:ca:c5:28:70:60:39:de:17:6d:6b:88:8a:0f:
                    7f:28:14:37:d4:d2:e7:93:4c:ac:8e:19:88:96:12:
                    09:fc:cd:22:dd:eb:5a:91:5d:ce:fc:98:7a:4d:c7:
                    54:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:8C:7D:4E:99:D2:08:1E:96:EF:7C:75:DE:50:62:27:6F:53:15:3C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/04x9TpnSCB6W73x13lBiJ29TFTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.233.0/24
                  194.87.31.0/24
                  194.87.45.0/24
                  194.87.71.0/24
                  194.87.216.0/24
                  194.87.218.0/24
                  195.133.88.0/24
                  212.192.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:cb:a8:b3:94:5d:cc:cf:4d:6c:6c:50:ab:f3:b3:6f:ff:59:
         fa:92:68:6a:b4:99:d0:45:b0:52:dd:0c:bf:4c:10:9f:8b:bc:
         43:e3:60:a1:27:18:3a:20:bc:31:12:c6:e0:73:66:22:55:b9:
         38:6e:39:6e:ff:95:74:5a:99:98:94:2a:68:91:f5:b2:81:b8:
         6b:89:33:ce:3b:e7:fd:a6:7a:6b:d0:35:e6:47:ba:8f:83:26:
         3c:da:ce:c6:cf:e8:c7:b9:1e:fa:cc:91:0d:f4:cd:37:87:d0:
         45:22:41:fb:bb:f7:4e:0e:8a:76:8a:11:81:3c:47:cc:34:7d:
         43:65:53:de:9f:58:21:bc:92:3e:fb:3a:21:bf:7f:99:95:55:
         bc:95:75:43:30:ad:d8:4c:a3:1c:7b:0c:c9:88:ca:95:7b:f7:
         63:cc:21:2a:9a:41:1d:20:ef:e9:73:a9:8b:93:be:9c:2e:29:
         e9:84:d6:f0:f8:8d:6d:a9:70:d4:fa:6e:51:d3:94:3a:5b:1c:
         64:7e:3c:5d:8e:02:c7:da:c2:b2:e6:76:a9:15:77:b5:ed:a3:
         9c:a7:79:f4:bc:cc:ac:63:c6:47:29:b8:39:fc:55:c2:6e:84:
         66:95:ee:b3:ef:38:33:1e:d6:aa:79:db:73:7e:e9:15:59:b1:
         7f:f6:a1:23
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYUvKwQhRnpwGxgPthXdbOweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjIwMTA1MzQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzhjN2Q0ZTk5ZDIwODFlOTZlZjdjNzVkZTUwNjIyNzZmNTMxNTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniQ3TqJxQE7lXJ7Vt1thyZdZXKiU
yixZxWJ0X1RzV5L7wG5vPr8YcopsR0YHZJt7i15NqLS97SiMLsiQAL6+VavMTXFJ
EIyHG5Efp0r/ppTK52hG1+PD9Yi26LVOQvKJhi9l10YeTS7tA80Ie0SgxtQciqZC
mfhLAOcL2Ryp7U4E+uVFYtCoLv8ijYcsYERGLD+d6eSEdWbfCAaC13OJQoN9pLV1
CdR3IbSBhYMMwDyXQPaE9ReJLA6Mu0i4frZJ2LTIhqkx3TubFdpeRBdd1iI3OsrF
KHBgOd4XbWuIig9/KBQ31NLnk0ysjhmIlhIJ/M0i3etakV3O/Jh6TcdURQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNOMfU6Z0ggelu98dd5QYidvUxU8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMDR4OVRwblNDQjZXNzN4MTNsQmlKMjlURlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAPkzpAwQA
wlcfAwQAwlctAwQAwldHAwQAwlfYAwQAwlfaAwQAw4VYAwQA1MAOMA0GCSqGSIb3
DQEBCwUAA4IBAQALy6izlF3Mz01sbFCr87Nv/1n6kmhqtJnQRbBS3Qy/TBCfi7xD
42ChJxg6ILwxEsbgc2YiVbk4bjlu/5V0WpmYlCpokfWygbhriTPOO+f9pnpr0DXm
R7qPgyY82s7Gz+jHuR76zJEN9M03h9BFIkH7u/dODop2ihGBPEfMNH1DZVPen1gh
vJI++zohv3+ZlVW8lXVDMK3YTKMcewzJiMqVe/djzCEqmkEdIO/pc6mLk76cLinp
hNbw+I1tqXDU+m5R05Q6WxxkfjxdjgLH2sKy5napFXe17aOcp3n0vMysY8ZHKbg5
/FXCboRmle6z7zgzHtaqedtzfukVWbF/9qEj
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:48 2023 by rpki-client on console-ams.rpki-client.org