Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3Gj8BVSkEGG0fz4MTn2Gb4c-LoM.roa
File:                     3Gj8BVSkEGG0fz4MTn2Gb4c-LoM.roa (raw, json)
Hash identifier:          H8sBxjITAJatuS3p+eocjo9ev94rOwJK6+QD2nB+iOs=
Subject key identifier:   DC:68:FC:05:54:A4:10:61:B4:7F:3E:0C:4E:7D:86:6F:87:3E:2E:83
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01851AA3BB119EA59633DF6D33D200DF8310
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3Gj8BVSkEGG0fz4MTn2Gb4c-LoM.roa
Signing time:             Fri 16 Dec 2022 11:13:35 +0000
ROA not before:           Fri 16 Dec 2022 11:13:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210654
IP address blocks:        194.87.114.0/24 maxlen: 24
                          194.87.132.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:1a:a3:bb:11:9e:a5:96:33:df:6d:33:d2:00:df:83:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 16 11:13:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dc68fc0554a41061b47f3e0c4e7d866f873e2e83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ed:b7:ff:f1:53:50:28:8c:97:5f:ce:e6:dc:
                    e9:40:d3:c1:bf:7c:9e:e2:3f:89:65:ee:96:e6:9c:
                    25:9d:38:40:cf:d1:da:87:11:8b:57:58:ec:a6:a7:
                    33:01:32:7f:64:6d:77:13:00:89:df:c0:92:a9:a2:
                    cd:87:68:bb:d8:1b:cd:1a:74:fa:5b:d6:ae:f4:29:
                    73:ca:92:94:ab:96:ca:62:42:7c:b9:50:c5:b2:34:
                    4a:98:8f:4c:10:1c:7c:66:79:35:52:25:bd:af:c9:
                    73:b2:90:23:de:06:1d:e6:08:8d:14:d7:31:62:a9:
                    ec:5a:c9:0a:e2:b5:7c:09:4e:66:4a:45:7a:80:b8:
                    67:c0:78:07:7c:03:54:d7:9a:0c:14:9e:f5:6d:72:
                    47:ea:69:23:a3:fe:21:34:dc:6c:40:11:d2:ff:1a:
                    52:75:15:2f:67:8b:df:fe:04:fd:45:95:78:de:d4:
                    d8:33:d0:af:49:c2:5c:01:25:3a:b5:64:88:34:42:
                    a3:01:bc:dd:85:61:3e:f4:53:b4:f3:88:8e:30:4e:
                    95:5c:87:45:e1:da:e2:93:a3:50:5c:d0:f9:d6:63:
                    36:f0:d4:b9:07:8c:50:86:8e:32:0c:df:19:6e:7a:
                    69:24:7a:fd:ed:6e:30:fe:ef:5d:54:fe:fb:fe:f0:
                    ef:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:68:FC:05:54:A4:10:61:B4:7F:3E:0C:4E:7D:86:6F:87:3E:2E:83
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3Gj8BVSkEGG0fz4MTn2Gb4c-LoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.114.0/24
                  194.87.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:3a:7f:92:54:05:47:d1:5f:46:4f:61:59:c0:c1:a6:49:db:
         50:47:cf:55:4d:b5:fd:86:4f:bb:30:e7:08:a5:92:48:f7:bb:
         9d:d9:13:a5:23:5b:8e:75:01:8b:04:79:bc:73:cb:47:7b:e2:
         79:79:f0:59:10:ef:6c:e8:dc:e3:4e:a5:d8:c9:56:80:29:06:
         69:26:2a:43:20:3c:b1:73:f3:ef:3c:27:6e:cd:ad:d6:79:1c:
         7e:c3:fe:d0:4b:a1:1b:8c:3f:41:58:47:34:0c:bf:85:3c:41:
         0c:e8:28:da:a6:bc:ae:92:9c:3f:af:64:00:1d:88:cd:fb:38:
         64:72:1b:ee:a3:a9:ae:1c:a0:c9:40:df:3d:1a:74:9d:3c:ae:
         9b:5f:2c:7c:5e:aa:39:88:25:ab:20:47:da:f4:66:ab:9a:1a:
         2a:07:da:5c:67:a4:db:1b:43:0e:a0:cc:e7:af:e1:3c:b2:02:
         42:03:7c:1b:bd:c9:31:d5:2b:85:7f:84:8c:d2:05:e5:a5:9c:
         57:34:b1:e9:5e:89:fb:91:d7:de:49:39:17:7b:ee:96:49:3e:
         44:9c:20:be:32:cd:64:ce:62:af:1a:b5:49:07:69:5d:17:2d:
         9a:cf:a2:05:93:a5:e9:d0:1c:91:48:d9:b7:37:01:7e:eb:4e:
         e2:05:54:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYUao7sRnqWWM99tM9IA34MQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjE2MTExMzM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzY4ZmMwNTU0YTQxMDYxYjQ3ZjNlMGM0ZTdkODY2Zjg3M2UyZTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgu23//FTUCiMl1/O5tzpQNPBv3ye
4j+JZe6W5pwlnThAz9HahxGLV1jspqczATJ/ZG13EwCJ38CSqaLNh2i72BvNGnT6
W9au9ClzypKUq5bKYkJ8uVDFsjRKmI9MEBx8Znk1UiW9r8lzspAj3gYd5giNFNcx
YqnsWskK4rV8CU5mSkV6gLhnwHgHfANU15oMFJ71bXJH6mkjo/4hNNxsQBHS/xpS
dRUvZ4vf/gT9RZV43tTYM9CvScJcASU6tWSINEKjAbzdhWE+9FO084iOME6VXIdF
4drik6NQXND51mM28NS5B4xQho4yDN8ZbnppJHr97W4w/u9dVP77/vDvcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNxo/AVUpBBhtH8+DE59hm+HPi6DMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvM0dqOEJWU2tFR0cwZno0TVRuMkdiNGMtTG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwldyAwQC
wleEMA0GCSqGSIb3DQEBCwUAA4IBAQAEOn+SVAVH0V9GT2FZwMGmSdtQR89VTbX9
hk+7MOcIpZJI97ud2ROlI1uOdQGLBHm8c8tHe+J5efBZEO9s6NzjTqXYyVaAKQZp
JipDIDyxc/PvPCduza3WeRx+w/7QS6EbjD9BWEc0DL+FPEEM6Cjapryukpw/r2QA
HYjN+zhkchvuo6muHKDJQN89GnSdPK6bXyx8Xqo5iCWrIEfa9GarmhoqB9pcZ6Tb
G0MOoMznr+E8sgJCA3wbvckx1SuFf4SM0gXlpZxXNLHpXon7kdfeSTkXe+6WST5E
nCC+Ms1kzmKvGrVJB2ldFy2az6IFk6Xp0ByRSNm3NwF+607iBVQj
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:49 2023 by rpki-client on console-ams.rpki-client.org