Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8pxG1FHTmSJd-VuPzsnJ6-QvnHM.roa
File:                     8pxG1FHTmSJd-VuPzsnJ6-QvnHM.roa (raw, json)
Hash identifier:          vlgNhE3xbT3tJQAerw2cKfljM+pnG+LnKVBrM0cIiQw=
Subject key identifier:   F2:9C:46:D4:51:D3:99:22:5D:F9:5B:8F:CE:C9:C9:EB:E4:2F:9C:73
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01840E8C1583232FE3A6EA8D8D18859858D7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8pxG1FHTmSJd-VuPzsnJ6-QvnHM.roa
Signing time:             Tue 25 Oct 2022 09:49:32 +0000
ROA not before:           Tue 25 Oct 2022 09:49:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398343
IP address blocks:        212.193.24.0/22 maxlen: 24
                          194.87.216.0/24 maxlen: 24
                          194.87.218.0/24 maxlen: 24
                          194.87.225.0/24 maxlen: 24
                          194.87.31.0/24 maxlen: 24
                          194.135.38.0/24 maxlen: 24
                          194.135.32.0/24 maxlen: 24
                          195.133.21.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          212.192.14.0/24 maxlen: 24
                          195.133.26.0/23 maxlen: 23
                          195.133.59.0/24 maxlen: 24
                          194.135.104.0/24 maxlen: 24
                          194.87.120.0/23 maxlen: 24
                          195.133.9.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:0e:8c:15:83:23:2f:e3:a6:ea:8d:8d:18:85:98:58:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 25 09:49:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f29c46d451d399225df95b8fcec9c9ebe42f9c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9a:4f:ae:57:05:b9:b8:92:f0:3f:5c:29:d7:
                    66:48:00:f4:48:9b:53:ce:a3:38:13:95:5f:54:93:
                    81:b9:58:a8:ce:6a:8c:dd:11:84:57:1d:eb:a8:11:
                    09:1c:9c:91:9a:2a:23:de:1b:f8:ee:eb:50:0d:22:
                    26:a1:17:be:69:21:76:5b:9e:d3:31:5c:98:9b:d3:
                    1a:12:4a:8f:92:ea:3b:45:ad:d5:b2:0f:4b:40:b6:
                    b7:bf:6e:bc:51:46:14:a9:18:52:fa:25:7e:6b:b1:
                    57:f4:9f:61:3d:e2:72:47:96:69:eb:17:89:45:1e:
                    2c:01:cb:49:8b:6d:a5:cf:0e:34:88:74:15:b0:ca:
                    01:29:22:de:68:0d:c2:c5:a1:5d:0a:f6:c8:87:0a:
                    a9:18:64:60:0c:4b:72:45:d3:42:53:e7:16:48:62:
                    e0:95:06:f6:3a:b6:65:48:71:2b:34:d8:09:6b:3c:
                    cb:8b:62:f2:42:82:b8:54:ad:92:25:db:22:79:08:
                    68:5d:1a:01:47:3f:2b:35:ba:b2:a5:6d:0c:f6:49:
                    2a:b3:0b:a2:ef:d7:75:c9:6f:c1:71:9b:e1:3d:7a:
                    72:46:24:e9:76:63:04:b0:c7:b7:64:17:76:61:36:
                    54:eb:45:fc:f7:eb:72:fe:61:66:d3:49:dd:1a:95:
                    d6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:9C:46:D4:51:D3:99:22:5D:F9:5B:8F:CE:C9:C9:EB:E4:2F:9C:73
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8pxG1FHTmSJd-VuPzsnJ6-QvnHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.31.0/24
                  194.87.120.0/23
                  194.87.216.0/24
                  194.87.218.0/24
                  194.87.225.0/24
                  194.135.32.0/24
                  194.135.38.0/24
                  194.135.104.0/24
                  195.133.9.0/24
                  195.133.21.0/24
                  195.133.25.0-195.133.27.255
                  195.133.59.0/24
                  212.192.14.0/24
                  212.193.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:ca:71:68:2d:2f:ec:d3:d0:ba:03:17:d3:cc:b6:20:32:0d:
         cd:e3:24:76:fc:73:d9:95:8f:02:e1:fb:b0:4d:65:2c:3e:e7:
         88:7d:91:9d:10:ab:b1:8f:6b:35:67:c9:d6:73:db:b0:d4:be:
         d8:60:9e:c2:0a:28:e7:59:d5:0a:0a:0e:ed:cd:46:f9:6a:74:
         60:0f:39:3b:81:24:fc:2d:ac:ef:1e:d8:7d:02:c8:2f:3b:f1:
         99:2c:01:42:af:47:b2:b3:87:f9:ae:48:f3:d9:77:96:47:4e:
         30:c9:c4:65:49:3f:cc:dd:5c:f6:b7:6b:4d:8f:27:74:aa:73:
         fc:38:bf:1b:b1:f6:3e:64:99:7f:5d:25:b9:59:40:61:54:fd:
         83:e2:70:93:13:b3:c6:30:be:5f:ec:ef:73:44:3f:45:5c:e7:
         3c:10:eb:30:c7:0c:a5:4c:f7:c4:6b:e0:a7:70:85:6a:36:f7:
         c9:11:da:8e:af:c5:84:2a:34:e7:62:a8:23:ca:fa:dc:60:bb:
         73:df:25:4e:11:7e:0f:70:73:24:a5:7c:7d:32:06:c9:6e:78:
         9d:c7:1d:f4:2c:58:cf:87:22:06:30:df:7e:87:57:10:90:34:
         e9:4c:1d:9c:3b:44:8c:a0:fe:0b:2b:5d:26:a7:de:30:96:a1:
         d1:75:e8:d2
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYQOjBWDIy/jpuqNjRiFmFjXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDI1MDk0OTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjljNDZkNDUxZDM5OTIyNWRmOTViOGZjZWM5YzllYmU0MmY5YzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJpPrlcFubiS8D9cKddmSAD0SJtT
zqM4E5VfVJOBuViozmqM3RGEVx3rqBEJHJyRmioj3hv47utQDSImoRe+aSF2W57T
MVyYm9MaEkqPkuo7Ra3Vsg9LQLa3v268UUYUqRhS+iV+a7FX9J9hPeJyR5Zp6xeJ
RR4sActJi22lzw40iHQVsMoBKSLeaA3CxaFdCvbIhwqpGGRgDEtyRdNCU+cWSGLg
lQb2OrZlSHErNNgJazzLi2LyQoK4VK2SJdsieQhoXRoBRz8rNbqypW0M9kkqswui
79d1yW/BcZvhPXpyRiTpdmMEsMe3ZBd2YTZU60X89+ty/mFm00ndGpXWvwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFPKcRtRR05kiXflbj87JyevkL5xzMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOHB4RzFGSFRtU0pkLVZ1UHpzbko2LVF2bkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAwlcfAwQB
wld4AwQAwlfYAwQAwlfaAwQAwlfhAwQAwocgAwQAwocmAwQAwodoAwQAw4UJAwQA
w4UVMAwDBADDhRkDBALDhRgDBADDhTsDBADUwA4DBALUwRgwDQYJKoZIhvcNAQEL
BQADggEBAIjKcWgtL+zT0LoDF9PMtiAyDc3jJHb8c9mVjwLh+7BNZSw+54h9kZ0Q
q7GPazVnydZz27DUvthgnsIKKOdZ1QoKDu3NRvlqdGAPOTuBJPwtrO8e2H0CyC87
8ZksAUKvR7Kzh/muSPPZd5ZHTjDJxGVJP8zdXPa3a02PJ3Sqc/w4vxux9j5kmX9d
JblZQGFU/YPicJMTs8Ywvl/s73NEP0Vc5zwQ6zDHDKVM98Rr4KdwhWo298kR2o6v
xYQqNOdiqCPK+txgu3PfJU4Rfg9wcySlfH0yBslueJ3HHfQsWM+HIgYw336HVxCQ
NOlMHZw7RIyg/gsrXSan3jCWodF16NI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:07 2024 by rpki-client on console-fra.rpki-client.org