Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4vCB03nILJ-ETMCaSsNE9gYQQJQ.roa
File:                     4vCB03nILJ-ETMCaSsNE9gYQQJQ.roa (raw, json)
Hash identifier:          pZkmOkPwkwkPoKJ47sj+3ExPrQHN9ov4Qgsnf5eCic4=
Subject key identifier:   E2:F0:81:D3:79:C8:2C:9F:84:4C:C0:9A:4A:C3:44:F6:06:10:40:94
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01840EE13A8946FF3B50681D4BB61F51FE2A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4vCB03nILJ-ETMCaSsNE9gYQQJQ.roa
Signing time:             Tue 25 Oct 2022 11:22:32 +0000
ROA not before:           Tue 25 Oct 2022 11:22:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2118
IP address blocks:        212.193.12.0/24 maxlen: 24
                          193.124.3.0/24 maxlen: 24
                          212.193.15.0/24 maxlen: 24
                          62.76.225.0/24 maxlen: 24
                          62.76.229.0/24 maxlen: 24
                          62.76.231.0/24 maxlen: 24
                          194.87.1.0/24 maxlen: 24
                          194.87.3.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
                          194.87.24.0/22 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          194.58.60.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          193.124.95.0/24 maxlen: 24
                          194.87.207.0/24 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.223.0/24 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          194.135.30.0/24 maxlen: 24
                          194.87.165.0/24 maxlen: 24
                          192.124.173.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.180.0/22 maxlen: 24
                          192.124.182.0/23 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24
                          193.108.112.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:0e:e1:3a:89:46:ff:3b:50:68:1d:4b:b6:1f:51:fe:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 25 11:22:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e2f081d379c82c9f844cc09a4ac344f606104094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c5:6b:09:60:6b:5c:48:e9:89:63:cc:69:86:
                    a8:95:27:28:74:ff:b5:ff:a4:1e:ac:e6:b9:31:4b:
                    60:06:c3:14:1b:3a:28:b9:43:45:71:6c:16:c7:1d:
                    93:e0:98:b2:b9:28:12:fd:7a:39:43:dd:58:b5:38:
                    6b:51:61:da:cc:4e:6b:d9:17:b6:4f:84:3c:b6:e8:
                    59:fa:7f:89:69:48:4c:2d:c3:72:1b:cb:0b:f4:9b:
                    d4:69:7a:45:dc:b8:46:ea:e1:9c:9e:50:61:99:64:
                    41:17:f1:46:f7:0d:42:fa:65:f1:94:3e:c9:33:e0:
                    cb:0c:b6:50:4b:26:cb:e1:c6:19:40:1b:97:4e:e6:
                    80:9a:c1:fa:69:c5:33:5c:b1:32:cb:cf:d0:8a:a1:
                    c6:2f:55:26:11:f4:41:5e:42:10:34:3c:a2:26:41:
                    b2:56:69:0e:27:77:cc:ad:f0:f7:0c:3b:89:a9:9e:
                    21:f5:f8:c3:03:14:67:6f:b6:60:2e:3d:16:c7:5f:
                    68:f8:13:e4:0b:59:42:7d:4a:58:ad:f7:4e:63:fa:
                    02:c8:3a:f5:2a:be:d3:00:37:81:39:43:b0:eb:a0:
                    5c:5d:2a:85:19:71:f2:4c:96:b5:76:1a:1c:8a:6e:
                    f7:76:01:6f:f5:ac:2d:b8:2c:5c:fc:5e:89:2f:b1:
                    af:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F0:81:D3:79:C8:2C:9F:84:4C:C0:9A:4A:C3:44:F6:06:10:40:94
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4vCB03nILJ-ETMCaSsNE9gYQQJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0/24
                  62.76.229.0/24
                  62.76.231.0/24
                  192.124.173.0/24
                  192.124.178.0/24
                  192.124.180.0/22
                  192.124.209.0/24
                  193.108.112.0/24
                  193.124.3.0/24
                  193.124.95.0/24
                  193.124.203.0/24
                  194.58.45.0/24
                  194.58.60.0/24
                  194.87.1.0/24
                  194.87.3.0/24
                  194.87.16.0/24
                  194.87.24.0/22
                  194.87.118.0/24
                  194.87.165.0/24
                  194.87.170.0/24
                  194.87.178.0/23
                  194.87.198.0/24
                  194.87.207.0-194.87.209.255
                  194.87.222.0/23
                  194.87.226.0/24
                  194.135.23.0/24
                  194.135.30.0/24
                  195.58.54.0/24
                  195.133.55.0/24
                  195.133.76.0/24
                  212.193.0.0/24
                  212.193.12.0/24
                  212.193.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:fc:d0:5c:b5:64:6c:8b:80:fc:7c:8f:af:73:6d:9d:2f:63:
         7f:b2:78:15:9c:7f:f7:73:73:81:65:d1:38:73:4b:af:77:d6:
         23:b2:2a:21:8d:bd:66:4b:a9:2f:1a:d8:29:5e:0f:35:29:e4:
         26:fd:d0:93:64:43:4f:9e:b8:29:c8:ca:32:ad:1a:ff:2f:12:
         e2:b1:f6:e2:b6:36:55:a1:dd:fa:5f:1e:5f:4a:1f:ab:04:78:
         d2:0c:14:f5:5f:16:c5:62:7a:23:55:1b:af:a7:a0:71:9e:3e:
         eb:fe:59:1b:1f:43:1a:fa:63:b4:9f:f4:f8:6a:a7:8a:bc:03:
         65:9e:3b:a6:1f:db:24:45:35:8f:63:56:03:8e:8e:58:f9:7a:
         40:bb:e5:41:a8:87:5c:01:aa:fc:02:51:ed:68:32:4f:58:9c:
         cb:50:40:ce:e8:bb:05:e0:a8:ba:5a:1d:78:bb:88:d3:45:9f:
         c7:36:9c:a1:3e:27:27:6b:41:5d:9c:32:75:b9:f9:5e:72:05:
         f6:3b:70:81:24:68:77:92:b4:03:fb:3a:2f:27:7b:b9:ef:7d:
         51:a7:c6:88:53:fb:59:46:ce:6e:d3:eb:39:8f:75:f6:9f:ac:
         86:e8:57:40:cd:17:fc:cb:d0:27:59:55:90:1d:bb:da:59:11:
         ba:94:02:8d
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAYQO4TqJRv87UGgdS7YfUf4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDI1MTEyMjMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmYwODFkMzc5YzgyYzlmODQ0Y2MwOWE0YWMzNDRmNjA2MTA0MDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcVrCWBrXEjpiWPMaYaolScodP+1
/6QerOa5MUtgBsMUGzoouUNFcWwWxx2T4JiyuSgS/Xo5Q91YtThrUWHazE5r2Re2
T4Q8tuhZ+n+JaUhMLcNyG8sL9JvUaXpF3LhG6uGcnlBhmWRBF/FG9w1C+mXxlD7J
M+DLDLZQSybL4cYZQBuXTuaAmsH6acUzXLEyy8/QiqHGL1UmEfRBXkIQNDyiJkGy
VmkOJ3fMrfD3DDuJqZ4h9fjDAxRnb7ZgLj0Wx19o+BPkC1lCfUpYrfdOY/oCyDr1
Kr7TADeBOUOw66BcXSqFGXHyTJa1dhocim73dgFv9awtuCxc/F6JL7GvdQIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFOLwgdN5yCyfhEzAmkrDRPYGEECUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNHZDQjAzbklMSi1FVE1DYVNzTkU5Z1lRUUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCB1QQCAAEwgc4DBAA+
TOEDBAA+TOUDBAA+TOcDBADAfK0DBADAfLIDBALAfLQDBADAfNEDBADBbHADBADB
fAMDBADBfF8DBADBfMsDBADCOi0DBADCOjwDBADCVwEDBADCVwMDBADCVxADBALC
VxgDBADCV3YDBADCV6UDBADCV6oDBAHCV7IDBADCV8YwDAMEAMJXzwMEAcJX0AME
AcJX3gMEAMJX4gMEAMKHFwMEAMKHHgMEAMM6NgMEAMOFNwMEAMOFTAMEANTBAAME
ANTBDAMEANTBDzANBgkqhkiG9w0BAQsFAAOCAQEAk/zQXLVkbIuA/HyPr3NtnS9j
f7J4FZx/93NzgWXROHNLr3fWI7IqIY29ZkupLxrYKV4PNSnkJv3Qk2RDT564KcjK
Mq0a/y8S4rH24rY2VaHd+l8eX0ofqwR40gwU9V8WxWJ6I1Ubr6egcZ4+6/5ZGx9D
GvpjtJ/0+GqnirwDZZ47ph/bJEU1j2NWA46OWPl6QLvlQaiHXAGq/AJR7WgyT1ic
y1BAzui7BeCoulodeLuI00WfxzacoT4nJ2tBXZwydbn5XnIF9jtwgSRod5K0A/s6
Lyd7ue99UafGiFP7WUbObtPrOY919p+shuhXQM0X/MvQJ1lVkB272lkRupQCjQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:06 2024 by rpki-client on console-fra.rpki-client.org