Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6zhiX06Ib9VvD2gsqgko3aMq8xA.roa
File:                     6zhiX06Ib9VvD2gsqgko3aMq8xA.roa (raw, json)
Hash identifier:          igQa6GymJim+UaNDh+UqYQb18FrXE9YKJoSv7Yu9B+o=
Subject key identifier:   EB:38:62:5F:4E:88:6F:D5:6F:0F:68:2C:AA:09:28:DD:A3:2A:F3:10
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0183CB13D0E3440805524A21B668C59E5441
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6zhiX06Ib9VvD2gsqgko3aMq8xA.roa
Signing time:             Wed 12 Oct 2022 07:23:36 +0000
ROA not before:           Wed 12 Oct 2022 07:23:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399471
IP address blocks:        212.193.29.0/24 maxlen: 24
                          194.87.227.0/24 maxlen: 24
                          194.87.35.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          212.192.216.0/22 maxlen: 24
                          194.87.149.0/24 maxlen: 24
                          212.192.11.0/24 maxlen: 24
                          194.87.163.0/24 maxlen: 24
                          194.87.161.0/24 maxlen: 24
                          194.85.250.0/24 maxlen: 24
                          194.85.248.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
                          212.192.244.0/22 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          194.87.83.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:cb:13:d0:e3:44:08:05:52:4a:21:b6:68:c5:9e:54:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 12 07:23:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=eb38625f4e886fd56f0f682caa0928dda32af310
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:ba:88:b8:85:e9:8e:4b:2b:14:bc:f0:c3:
                    08:6d:2c:79:b9:fd:ed:86:b4:77:4e:fb:83:ec:ff:
                    8c:87:51:3a:35:2e:7a:b6:01:7e:b6:81:72:4c:10:
                    24:ef:42:0d:f4:be:a9:02:6c:91:0b:93:9e:7b:00:
                    c7:ac:d8:37:69:fb:cb:2b:58:6f:90:8c:5f:f4:e9:
                    38:d9:21:6e:31:54:8b:37:41:87:69:d3:92:c5:4d:
                    12:f0:8b:90:e8:03:f0:8e:6c:60:62:3e:19:0f:c2:
                    0c:19:a6:59:b0:5d:9b:dd:05:64:f6:3c:86:f6:39:
                    1f:a7:0b:0f:37:d2:e0:45:fb:91:b7:f5:af:08:af:
                    3f:ac:1b:90:20:33:10:3f:26:37:a4:bc:fe:1a:ca:
                    65:56:67:d9:4d:9b:e4:fb:cc:19:41:83:bb:09:ea:
                    a5:cb:35:96:12:d1:d9:4c:ed:98:37:b8:74:e7:96:
                    5b:ba:f5:aa:35:05:42:a9:47:6d:9e:12:e6:49:d2:
                    5f:17:40:a6:21:fb:fd:3d:ac:ba:cd:3a:98:69:88:
                    99:4b:f1:ec:69:37:5c:2c:60:f8:46:fa:ff:d5:7b:
                    6b:c2:dc:a2:8c:a6:cb:64:9c:72:79:04:99:bb:e1:
                    39:ad:7a:e9:f9:5e:a4:10:97:9e:ac:66:78:a1:24:
                    9d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:38:62:5F:4E:88:6F:D5:6F:0F:68:2C:AA:09:28:DD:A3:2A:F3:10
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6zhiX06Ib9VvD2gsqgko3aMq8xA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.248.0/24
                  194.85.250.0/24
                  194.87.32.0/24
                  194.87.35.0/24
                  194.87.82.0/23
                  194.87.149.0/24
                  194.87.161.0/24
                  194.87.163.0/24
                  194.87.227.0/24
                  195.133.39.0/24
                  212.192.11.0/24
                  212.192.216.0/22
                  212.192.244.0/22
                  212.193.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:4f:70:9c:1b:3b:c3:aa:1f:df:75:89:71:54:a7:22:e7:85:
         49:d8:fb:4c:bc:94:f7:29:c8:e2:37:c3:54:b2:3e:69:a9:6b:
         ba:24:23:67:7f:f2:ff:16:a7:9f:9f:3e:b1:3e:83:d1:e0:c4:
         a6:53:43:3d:8b:8e:86:15:44:ca:e2:8f:19:f7:77:34:dd:1f:
         3b:85:c3:6a:b0:d3:81:81:49:2e:e7:73:bf:6f:a5:0a:8e:ff:
         50:30:61:58:f2:fc:6b:fc:0c:7e:67:91:4c:65:88:a3:7f:9e:
         12:32:54:99:93:dd:d2:65:bb:0e:79:3f:69:61:4d:1c:1e:ad:
         d8:cd:a4:48:a6:22:44:8f:69:34:cf:1f:7a:15:fa:4a:b7:a1:
         93:4e:6f:55:ca:b4:db:8a:54:fe:3f:3f:6e:99:a1:cf:4a:0e:
         22:a9:c3:42:25:ad:3e:6a:c2:c9:90:67:b3:c1:bf:6f:41:d6:
         4b:b9:35:e6:e6:72:15:d1:91:d2:fd:fa:d3:d5:9d:87:61:66:
         37:e6:78:99:58:5c:af:b2:6b:ba:19:00:5f:4d:f4:c0:2a:3e:
         64:32:5e:b7:5f:07:92:dc:7b:53:46:53:82:e9:12:ac:4c:25:
         3d:e1:84:c7:1a:00:19:c4:0e:f5:ac:30:e4:8d:15:27:dc:bd:
         0f:50:89:4c
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYPLE9DjRAgFUkohtmjFnlRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDEyMDcyMzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjM4NjI1ZjRlODg2ZmQ1NmYwZjY4MmNhYTA5MjhkZGEzMmFmMzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAW6iLiF6Y5LKxS88MMIbSx5uf3t
hrR3TvuD7P+Mh1E6NS56tgF+toFyTBAk70IN9L6pAmyRC5OeewDHrNg3afvLK1hv
kIxf9Ok42SFuMVSLN0GHadOSxU0S8IuQ6APwjmxgYj4ZD8IMGaZZsF2b3QVk9jyG
9jkfpwsPN9LgRfuRt/WvCK8/rBuQIDMQPyY3pLz+GsplVmfZTZvk+8wZQYO7Ceql
yzWWEtHZTO2YN7h055ZbuvWqNQVCqUdtnhLmSdJfF0CmIfv9Pay6zTqYaYiZS/Hs
aTdcLGD4Rvr/1XtrwtyijKbLZJxyeQSZu+E5rXrp+V6kEJeerGZ4oSSdhQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFOs4Yl9OiG/Vbw9oLKoJKN2jKvMQMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNnpoaVgwNkliOVZ2RDJnc3Fna28zYU1xOHhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAwlX4AwQA
wlX6AwQAwlcgAwQAwlcjAwQBwldSAwQAwleVAwQAwlehAwQAwlejAwQAwlfjAwQA
w4UnAwQA1MALAwQC1MDYAwQC1MD0AwQA1MEdMA0GCSqGSIb3DQEBCwUAA4IBAQAV
T3CcGzvDqh/fdYlxVKci54VJ2PtMvJT3KcjiN8NUsj5pqWu6JCNnf/L/Fqefnz6x
PoPR4MSmU0M9i46GFUTK4o8Z93c03R87hcNqsNOBgUku53O/b6UKjv9QMGFY8vxr
/Ax+Z5FMZYijf54SMlSZk93SZbsOeT9pYU0cHq3YzaRIpiJEj2k0zx96FfpKt6GT
Tm9VyrTbilT+Pz9umaHPSg4iqcNCJa0+asLJkGezwb9vQdZLuTXm5nIV0ZHS/frT
1Z2HYWY35niZWFyvsmu6GQBfTfTAKj5kMl63XweS3HtTRlOC6RKsTCU94YTHGgAZ
xA71rDDkjRUn3L0PUIlM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:07 2024 by rpki-client on console-fra.rpki-client.org