Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4DUZy8G_RWvbBDZq_u09wO9fKFI.roa
File:                     4DUZy8G_RWvbBDZq_u09wO9fKFI.roa (raw, json)
Hash identifier:          NfKnl8TY22B8Y4zPg9wYRF25M2i+CPOpfjApfQ2Pfoo=
Subject key identifier:   E0:35:19:CB:C1:BF:45:6B:DB:04:36:6A:FE:ED:3D:C0:EF:5F:28:52
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018476267DB2B498E7FD55407D651FAD300C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4DUZy8G_RWvbBDZq_u09wO9fKFI.roa
Signing time:             Mon 14 Nov 2022 12:39:04 +0000
ROA not before:           Mon 14 Nov 2022 12:39:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212598
IP address blocks:        194.87.209.0/24 maxlen: 24
                          194.87.39.0/24 maxlen: 24
                          194.58.33.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:76:26:7d:b2:b4:98:e7:fd:55:40:7d:65:1f:ad:30:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 14 12:39:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e03519cbc1bf456bdb04366afeed3dc0ef5f2852
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4a:f7:5d:d0:90:4f:f8:11:d9:5a:54:1a:15:
                    ef:10:6f:21:eb:bc:cb:61:4e:df:d8:57:a6:41:ef:
                    ad:cf:af:e7:84:7c:50:c3:4e:91:20:bc:95:7f:fb:
                    85:e9:21:1b:8c:6f:b1:d3:24:37:e7:44:4c:d7:1b:
                    ab:96:70:e4:5c:17:c9:f7:19:03:f4:7d:bf:b6:8b:
                    9f:22:0b:86:fc:41:ca:70:68:4a:9b:e4:a6:59:0c:
                    cf:0f:0c:61:de:23:f5:7d:00:77:d8:bb:ee:a1:d8:
                    a2:a1:53:d4:99:62:60:02:e6:57:08:94:27:84:07:
                    69:42:c6:2b:69:63:c0:cf:58:63:77:03:d8:f1:e3:
                    48:fe:20:ad:7b:e0:4b:76:ce:fe:6d:5b:ca:07:00:
                    b6:c8:4b:15:2e:d1:50:be:52:fd:a8:24:e6:9a:55:
                    e3:7f:a6:04:e7:a2:4e:20:57:7e:49:fb:a5:b3:9b:
                    a2:df:35:a2:7d:82:69:2a:79:36:ea:27:ff:f6:96:
                    3d:76:b7:e3:87:4d:53:87:7f:87:de:6c:d3:ce:37:
                    5a:5c:d3:4d:0f:d9:a8:11:fe:03:51:33:bf:33:64:
                    a8:31:4d:30:67:8a:dc:e9:d5:41:86:bb:40:4c:0a:
                    26:40:c2:6b:47:b2:f9:91:dd:25:71:57:69:c7:db:
                    11:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:35:19:CB:C1:BF:45:6B:DB:04:36:6A:FE:ED:3D:C0:EF:5F:28:52
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4DUZy8G_RWvbBDZq_u09wO9fKFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.33.0/24
                  194.87.39.0/24
                  194.87.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:3a:29:14:e0:75:e2:2f:36:ea:1b:0c:3d:f0:d7:f3:a0:cd:
         81:86:3a:86:a1:a9:67:77:cc:5e:3a:6e:dc:1b:2c:ac:28:c0:
         47:ea:24:4c:35:fe:1b:00:28:6b:dc:e5:81:1e:96:68:7e:c7:
         b8:ec:fe:de:34:af:dd:85:f2:2f:7d:e9:a9:95:dd:45:e3:0f:
         6b:65:90:89:e8:68:c7:8b:53:02:be:18:0a:22:08:4b:fd:23:
         00:1e:2a:22:c1:d8:56:1f:5f:73:2f:71:1a:23:c3:0a:1d:46:
         66:e0:29:13:c5:96:a5:9a:5b:92:58:9f:77:a1:33:5a:5d:4a:
         41:53:19:37:d9:4d:05:ca:45:b8:68:ac:5b:9c:ae:95:87:5a:
         48:0c:e5:fc:ec:0a:b2:b6:49:3b:ae:c5:ef:ef:67:f4:8e:b7:
         c3:9a:77:06:74:7a:a3:34:6b:c6:fd:56:de:95:e3:41:99:84:
         97:d2:0d:bf:d4:e1:6d:db:b1:24:eb:34:4f:a4:aa:fb:ee:ec:
         ef:7e:31:28:50:9d:60:9c:30:94:77:ac:48:5b:eb:0c:c3:05:
         f6:2e:bf:6b:ae:5a:15:3d:12:7c:fc:9c:34:30:d7:aa:76:e7:
         20:e5:ca:cc:98:eb:e1:70:46:ca:fc:03:f0:6c:e7:0b:85:fb:
         3f:7f:c0:34
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYR2Jn2ytJjn/VVAfWUfrTAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTE0MTIzOTA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM1MTljYmMxYmY0NTZiZGIwNDM2NmFmZWVkM2RjMGVmNWYyODUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkr3XdCQT/gR2VpUGhXvEG8h67zL
YU7f2FemQe+tz6/nhHxQw06RILyVf/uF6SEbjG+x0yQ350RM1xurlnDkXBfJ9xkD
9H2/toufIguG/EHKcGhKm+SmWQzPDwxh3iP1fQB32LvuodiioVPUmWJgAuZXCJQn
hAdpQsYraWPAz1hjdwPY8eNI/iCte+BLds7+bVvKBwC2yEsVLtFQvlL9qCTmmlXj
f6YE56JOIFd+Sfuls5ui3zWifYJpKnk26if/9pY9drfjh01Th3+H3mzTzjdaXNNN
D9moEf4DUTO/M2SoMU0wZ4rc6dVBhrtATAomQMJrR7L5kd0lcVdpx9sRhQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOA1GcvBv0Vr2wQ2av7tPcDvXyhSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNERVWnk4R19SV3ZiQkRacV91MDl3TzlmS0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwjohAwQA
wlcnAwQAwlfRMA0GCSqGSIb3DQEBCwUAA4IBAQCNOikU4HXiLzbqGww98NfzoM2B
hjqGoalnd8xeOm7cGyysKMBH6iRMNf4bAChr3OWBHpZofse47P7eNK/dhfIvfemp
ld1F4w9rZZCJ6GjHi1MCvhgKIghL/SMAHioiwdhWH19zL3EaI8MKHUZm4CkTxZal
mluSWJ93oTNaXUpBUxk32U0FykW4aKxbnK6Vh1pIDOX87Aqytkk7rsXv72f0jrfD
mncGdHqjNGvG/VbeleNBmYSX0g2/1OFt27Ek6zRPpKr77uzvfjEoUJ1gnDCUd6xI
W+sMwwX2Lr9rrloVPRJ8/Jw0MNeqducg5crMmOvhcEbK/APwbOcLhfs/f8A0
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:50 2023 by rpki-client on console-ams.rpki-client.org