Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6PsAWTNGcxpBk354wGXHwtmcMQE.roa
File:                     6PsAWTNGcxpBk354wGXHwtmcMQE.roa (raw, json)
Hash identifier:          CwSJtTe6cogbGUzhhEU5+3W/dWyn2VdzxPfO1vPzv8Y=
Subject key identifier:   E8:FB:00:59:33:46:73:1A:41:93:7E:78:C0:65:C7:C2:D9:9C:31:01
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01850FF8B0A0F2321DC126E8F29D04D22B96
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6PsAWTNGcxpBk354wGXHwtmcMQE.roa
Signing time:             Wed 14 Dec 2022 09:30:34 +0000
ROA not before:           Wed 14 Dec 2022 09:30:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2118
IP address blocks:        193.124.3.0/24 maxlen: 24
                          193.124.9.0/24 maxlen: 24
                          62.76.231.0/24 maxlen: 24
                          194.87.2.0/24 maxlen: 24
                          194.87.7.0/24 maxlen: 24
                          193.124.18.0/24 maxlen: 24
                          194.87.24.0/22 maxlen: 24
                          194.87.104.0/24 maxlen: 24
                          194.87.108.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.123.0/24 maxlen: 24
                          194.87.136.0/24 maxlen: 24
                          194.87.56.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24
                          194.87.83.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          195.133.12.0/24 maxlen: 24
                          195.133.30.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          195.133.195.0/24 maxlen: 24
                          212.193.12.0/24 maxlen: 24
                          194.58.38.0/24 maxlen: 24
                          212.192.222.0/24 maxlen: 24
                          194.58.43.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          194.58.46.0/23 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.50.0/24 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          194.58.59.0/24 maxlen: 24
                          195.58.62.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.202.0/24 maxlen: 24
                          194.87.207.0/24 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          194.135.30.0/24 maxlen: 24
                          194.87.250.0/24 maxlen: 24
                          212.192.0.0/23 maxlen: 24
                          194.87.149.0/24 maxlen: 24
                          212.192.10.0/24 maxlen: 24
                          192.124.172.0/24 maxlen: 24
                          194.87.165.0/24 maxlen: 24
                          194.87.164.0/24 maxlen: 24
                          194.87.161.0/24 maxlen: 24
                          194.87.160.0/24 maxlen: 24
                          194.87.163.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.180.0/22 maxlen: 24
                          192.124.182.0/23 maxlen: 24
                          194.87.171.0/24 maxlen: 24
                          194.87.172.0/24 maxlen: 24
                          194.87.176.0/24 maxlen: 24
                          194.87.182.0/24 maxlen: 24
                          193.124.201.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          193.124.207.0/24 maxlen: 24
                          194.87.199.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          212.192.210.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0f:f8:b0:a0:f2:32:1d:c1:26:e8:f2:9d:04:d2:2b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 14 09:30:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e8fb00593346731a41937e78c065c7c2d99c3101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:86:fd:bd:cd:cd:a6:4f:c7:a8:c0:28:31:c8:
                    fd:18:e9:7f:0f:01:f4:11:f1:71:4b:40:12:ba:cb:
                    d9:2c:6c:3d:dd:fc:bb:87:e7:73:fe:fd:ea:82:4b:
                    c7:7f:a5:04:39:b8:32:76:e2:34:6f:41:6d:fb:1e:
                    39:b5:50:77:c9:01:95:ad:0f:d9:ae:5e:47:ae:a0:
                    87:1d:a3:07:14:9e:1e:52:8d:d1:de:ba:e9:fe:dd:
                    95:2f:42:d9:58:33:d9:c1:12:51:24:16:ae:3f:cd:
                    d5:36:f5:1c:d1:94:72:20:ab:dc:cc:a2:f5:9c:da:
                    73:5e:25:79:ea:ad:f9:c1:9f:1a:45:84:17:21:66:
                    f5:5b:cf:56:7e:b8:77:f2:95:5c:8c:67:4f:0d:0b:
                    c4:5d:4e:23:81:4d:3e:85:08:07:35:b4:d5:f7:49:
                    14:bc:25:ad:f1:69:3a:ed:5e:6c:b3:4f:cc:f7:bc:
                    c8:11:ef:ac:52:8b:48:b4:20:e7:99:7c:05:da:c1:
                    3a:2b:46:30:51:9a:1f:b5:2c:7f:c1:95:b0:3f:f3:
                    20:4a:b1:0c:5e:dc:9d:a5:3d:7e:c5:86:5a:ff:9e:
                    2a:95:69:de:93:f4:d7:7f:dc:50:38:b1:88:82:80:
                    d5:2b:cf:4c:8f:4b:8c:f6:d4:47:b6:82:83:e5:be:
                    a8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:FB:00:59:33:46:73:1A:41:93:7E:78:C0:65:C7:C2:D9:9C:31:01
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6PsAWTNGcxpBk354wGXHwtmcMQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.231.0/24
                  192.124.172.0/24
                  192.124.178.0/24
                  192.124.180.0/22
                  193.124.3.0/24
                  193.124.9.0/24
                  193.124.18.0/24
                  193.124.201.0/24
                  193.124.203.0/24
                  193.124.207.0/24
                  194.58.38.0/24
                  194.58.42.0/23
                  194.58.45.0-194.58.47.255
                  194.58.59.0/24
                  194.87.2.0/24
                  194.87.7.0/24
                  194.87.24.0/22
                  194.87.56.0/24
                  194.87.76.0/24
                  194.87.82.0/23
                  194.87.104.0/24
                  194.87.108.0/24
                  194.87.118.0/24
                  194.87.123.0/24
                  194.87.136.0/24
                  194.87.149.0/24
                  194.87.160.0/23
                  194.87.163.0-194.87.165.255
                  194.87.171.0-194.87.172.255
                  194.87.176.0/24
                  194.87.182.0/24
                  194.87.198.0/23
                  194.87.202.0/24
                  194.87.207.0-194.87.209.255
                  194.87.222.0/23
                  194.87.233.0/24
                  194.87.250.0/24
                  194.135.30.0/24
                  195.58.50.0/24
                  195.58.56.0/21
                  195.133.12.0/24
                  195.133.15.0/24
                  195.133.30.0/24
                  195.133.55.0/24
                  195.133.195.0/24
                  212.192.0.0/23
                  212.192.10.0/24
                  212.192.210.0/24
                  212.192.222.0/24
                  212.193.0.0/24
                  212.193.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:23:1e:07:63:73:13:82:de:ce:d1:cb:a4:8b:f5:1f:b3:0c:
         5f:3a:de:11:86:cc:0c:06:65:41:cc:8c:f1:93:00:db:14:b3:
         70:2e:d5:34:6c:5c:89:de:80:36:56:cd:bc:ec:1e:94:53:a7:
         5c:3f:d8:34:53:5d:45:58:f1:02:eb:85:a2:5c:bb:8e:ee:fe:
         46:7b:b6:6e:8d:7d:8a:50:f2:9a:41:f5:cd:70:b5:d7:ee:f9:
         61:8f:45:40:a2:4c:8e:11:07:61:7a:d4:5c:ea:5a:ac:68:19:
         d2:a2:f0:cb:08:3c:a7:a8:23:5c:e2:3d:19:0a:24:c8:02:b3:
         a4:3a:98:0b:ad:11:b3:7e:db:fc:99:cb:d3:98:36:db:87:b2:
         b7:82:a6:f6:0b:43:aa:37:d8:5c:93:d2:51:ed:3f:71:d7:02:
         36:c7:e9:3a:36:22:f8:55:83:8b:b6:f1:b8:2d:25:4b:63:5a:
         45:13:0e:f3:de:c0:6d:8b:5f:90:dc:75:67:57:0a:b6:b6:53:
         01:39:11:ce:15:49:4f:14:90:53:47:f3:33:60:22:a4:f0:e7:
         7e:d2:ae:fc:09:7f:77:1c:94:58:f6:87:e5:76:95:e6:c8:97:
         fc:21:2f:e0:8f:da:1b:97:f8:5f:42:e2:18:b7:80:40:f3:8d:
         49:be:c1:b2
-----BEGIN CERTIFICATE-----
MIIGUzCCBTugAwIBAgISAYUP+LCg8jIdwSbo8p0E0iuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjE0MDkzMDM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGZiMDA1OTMzNDY3MzFhNDE5MzdlNzhjMDY1YzdjMmQ5OWMzMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvob9vc3Npk/HqMAoMcj9GOl/DwH0
EfFxS0ASusvZLGw93fy7h+dz/v3qgkvHf6UEObgyduI0b0Ft+x45tVB3yQGVrQ/Z
rl5HrqCHHaMHFJ4eUo3R3rrp/t2VL0LZWDPZwRJRJBauP83VNvUc0ZRyIKvczKL1
nNpzXiV56q35wZ8aRYQXIWb1W89Wfrh38pVcjGdPDQvEXU4jgU0+hQgHNbTV90kU
vCWt8Wk67V5ss0/M97zIEe+sUotItCDnmXwF2sE6K0YwUZoftSx/wZWwP/MgSrEM
XtydpT1+xYZa/54qlWnek/TXf9xQOLGIgoDVK89Mj0uM9tRHtoKD5b6o1wIDAQAB
o4IDXzCCA1swHQYDVR0OBBYEFOj7AFkzRnMaQZN+eMBlx8LZnDEBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNlBzQVdUTkdjeHBCazM1NHdHWEh3dG1jTVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBcwYIKwYBBQUHAQcBAf8EggFiMIIBXjCCAVoEAgABMIIB
UgMEAD5M5wMEAMB8rAMEAMB8sgMEAsB8tAMEAMF8AwMEAMF8CQMEAMF8EgMEAMF8
yQMEAMF8ywMEAMF8zwMEAMI6JgMEAcI6KjAMAwQAwjotAwQEwjogAwQAwjo7AwQA
wlcCAwQAwlcHAwQCwlcYAwQAwlc4AwQAwldMAwQBwldSAwQAwldoAwQAwldsAwQA
wld2AwQAwld7AwQAwleIAwQAwleVAwQBwlegMAwDBADCV6MDBAHCV6QwDAMEAMJX
qwMEAMJXrAMEAMJXsAMEAMJXtgMEAcJXxgMEAMJXyjAMAwQAwlfPAwQBwlfQAwQB
wlfeAwQAwlfpAwQAwlf6AwQAwoceAwQAwzoyAwQDwzo4AwQAw4UMAwQAw4UPAwQA
w4UeAwQAw4U3AwQAw4XDAwQB1MAAAwQA1MAKAwQA1MDSAwQA1MDeAwQA1MEAAwQA
1MEMMA0GCSqGSIb3DQEBCwUAA4IBAQCEIx4HY3MTgt7O0cuki/UfswxfOt4RhswM
BmVBzIzxkwDbFLNwLtU0bFyJ3oA2Vs287B6UU6dcP9g0U11FWPEC64WiXLuO7v5G
e7ZujX2KUPKaQfXNcLXX7vlhj0VAokyOEQdhetRc6lqsaBnSovDLCDynqCNc4j0Z
CiTIArOkOpgLrRGzftv8mcvTmDbbh7K3gqb2C0OqN9hck9JR7T9x1wI2x+k6NiL4
VYOLtvG4LSVLY1pFEw7z3sBti1+Q3HVnVwq2tlMBORHOFUlPFJBTR/MzYCKk8Od+
0q78CX93HJRY9ofldpXmyJf8IS/gj9obl/hfQuIYt4BA841JvsGy
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:50 2023 by rpki-client on console-ams.rpki-client.org