Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0eH_aq-m47COJGivBAMfhHZngYk.roa
File:                     0eH_aq-m47COJGivBAMfhHZngYk.roa (raw, json)
Hash identifier:          wZcJJsPQ0MPDdcI/a6ClhabHAR0Wx0hex9mjJcofDGA=
Subject key identifier:   D1:E1:FF:6A:AF:A6:E3:B0:8E:24:68:AF:04:03:1F:84:76:67:81:89
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184C27691C87514F4F2BEF6AD42ECBF178E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0eH_aq-m47COJGivBAMfhHZngYk.roa
Signing time:             Tue 29 Nov 2022 08:17:41 +0000
ROA not before:           Tue 29 Nov 2022 08:17:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211252
IP address blocks:        194.87.205.0/24 maxlen: 24
                          193.124.44.0/24 maxlen: 24
                          194.87.151.0/24 maxlen: 24
                          212.192.8.0/24 maxlen: 24
                          195.133.18.0/24 maxlen: 24
                          195.133.38.0/24 maxlen: 24
                          195.133.40.0/24 maxlen: 24
                          212.192.30.0/24 maxlen: 24
                          194.87.84.0/22 maxlen: 24
                          212.193.7.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c2:76:91:c8:75:14:f4:f2:be:f6:ad:42:ec:bf:17:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 29 08:17:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d1e1ff6aafa6e3b08e2468af04031f8476678189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:61:14:a8:01:24:53:02:c2:89:46:3d:33:c5:
                    f1:c4:4a:7f:05:1d:26:c1:4a:64:4c:de:05:56:87:
                    4f:da:88:bd:3f:4c:f1:7d:c9:f6:3f:b3:13:85:b1:
                    26:de:4b:cf:d7:af:e6:43:73:dd:cf:6b:ef:7f:65:
                    0b:86:e1:9f:e5:d7:bd:e8:be:80:27:b6:f4:0d:12:
                    79:0a:0a:df:4d:30:89:5f:f6:32:96:4f:74:d8:a3:
                    02:11:6d:19:01:73:f6:37:2e:c8:af:93:e1:1f:3d:
                    39:05:95:2b:dd:62:86:f2:08:15:e4:b2:bc:9c:c0:
                    55:63:9e:d3:c1:37:7a:90:de:40:ff:ab:b9:51:38:
                    44:81:0b:19:5d:0a:3c:b4:41:3c:5b:54:56:0f:8e:
                    10:90:4c:38:28:fd:dd:40:ab:83:ff:a9:e0:8c:6d:
                    62:e4:60:71:58:47:6d:55:1d:a1:cb:1a:58:2e:af:
                    4c:ed:1a:d8:af:a4:24:8f:5a:a6:7f:f4:97:9a:94:
                    95:b9:f3:c3:fa:d6:34:99:98:f2:13:a1:1f:6d:ad:
                    8c:5d:be:15:09:54:f6:d6:8d:71:49:e3:c1:4c:25:
                    92:05:76:50:04:7f:d9:9b:2d:af:4f:e0:ba:d7:2d:
                    f6:4c:08:f9:cb:b4:e2:49:4c:e2:dd:80:03:1b:d7:
                    16:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E1:FF:6A:AF:A6:E3:B0:8E:24:68:AF:04:03:1F:84:76:67:81:89
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0eH_aq-m47COJGivBAMfhHZngYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.44.0/24
                  194.87.84.0/22
                  194.87.151.0/24
                  194.87.205.0/24
                  195.133.18.0/24
                  195.133.38.0/24
                  195.133.40.0/24
                  212.192.8.0/24
                  212.192.30.0/24
                  212.193.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:94:7e:ad:9b:31:26:ef:68:74:8f:06:32:d4:a6:84:65:d5:
         33:6f:3b:7b:84:05:b2:74:d9:41:d0:51:12:63:b8:5e:f0:57:
         ba:1b:ce:f0:3e:6d:7a:3a:56:52:a9:54:c2:cd:f2:f7:33:55:
         17:10:b0:1d:fb:5d:b7:db:47:16:56:ad:8d:83:a8:64:24:fb:
         84:f6:39:4b:2a:a3:41:99:b4:70:37:4e:da:51:cb:31:bb:c1:
         86:47:77:1d:a8:95:cd:e3:b5:54:85:94:25:c6:28:e0:fa:ad:
         af:31:04:f1:25:1e:68:0e:24:0f:8d:50:1c:b9:2f:ad:30:8f:
         0b:37:06:79:88:f9:88:12:8b:50:47:b9:0a:8d:61:06:ed:c5:
         db:34:78:1e:4f:a4:69:e3:02:fe:f4:e8:4f:1b:92:05:8e:b8:
         0e:70:fa:f7:f0:54:5e:b0:56:96:17:eb:a1:20:25:e1:56:f7:
         94:85:aa:f7:21:c0:61:94:eb:87:06:e7:33:f6:59:7f:b3:32:
         46:0d:9f:25:a0:c3:ca:48:c2:df:6b:b5:5d:65:10:13:39:1d:
         55:12:e3:8c:f2:b1:00:4e:84:7c:fd:4e:e9:1e:61:10:ee:d6:
         b2:18:9c:c5:5e:28:51:bc:8e:b8:98:8d:fb:d7:84:ab:d3:24:
         bb:11:7f:7f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYTCdpHIdRT08r72rULsvxeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTI5MDgxNzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWUxZmY2YWFmYTZlM2IwOGUyNDY4YWYwNDAzMWY4NDc2Njc4MTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2EUqAEkUwLCiUY9M8XxxEp/BR0m
wUpkTN4FVodP2oi9P0zxfcn2P7MThbEm3kvP16/mQ3Pdz2vvf2ULhuGf5de96L6A
J7b0DRJ5CgrfTTCJX/Yylk902KMCEW0ZAXP2Ny7Ir5PhHz05BZUr3WKG8ggV5LK8
nMBVY57TwTd6kN5A/6u5UThEgQsZXQo8tEE8W1RWD44QkEw4KP3dQKuD/6ngjG1i
5GBxWEdtVR2hyxpYLq9M7RrYr6Qkj1qmf/SXmpSVufPD+tY0mZjyE6Efba2MXb4V
CVT21o1xSePBTCWSBXZQBH/Zmy2vT+C61y32TAj5y7TiSUzi3YADG9cWFQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNHh/2qvpuOwjiRorwQDH4R2Z4GJMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMGVIX2FxLW00N0NPSkdpdkJBTWZoSFpuZ1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwXwsAwQC
wldUAwQAwleXAwQAwlfNAwQAw4USAwQAw4UmAwQAw4UoAwQA1MAIAwQA1MAeAwQA
1MEHMA0GCSqGSIb3DQEBCwUAA4IBAQB3lH6tmzEm72h0jwYy1KaEZdUzbzt7hAWy
dNlB0FESY7he8Fe6G87wPm16OlZSqVTCzfL3M1UXELAd+12320cWVq2Ng6hkJPuE
9jlLKqNBmbRwN07aUcsxu8GGR3cdqJXN47VUhZQlxijg+q2vMQTxJR5oDiQPjVAc
uS+tMI8LNwZ5iPmIEotQR7kKjWEG7cXbNHgeT6Rp4wL+9OhPG5IFjrgOcPr38FRe
sFaWF+uhICXhVveUhar3IcBhlOuHBucz9ll/szJGDZ8loMPKSMLfa7VdZRATOR1V
EuOM8rEAToR8/U7pHmEQ7tayGJzFXihRvI64mI3714Sr0yS7EX9/
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:48 2023 by rpki-client on console-ams.rpki-client.org