Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8rn0JQCecHa-X2QHaOJxFV_KAeY.roa
File:                     8rn0JQCecHa-X2QHaOJxFV_KAeY.roa (raw, json)
Hash identifier:          Clze/Pn1d85bL+M44LUPI6PaWE5eTvltYrsVZr66TT4=
Subject key identifier:   F2:B9:F4:25:00:9E:70:76:BE:5F:64:07:68:E2:71:15:5F:CA:01:E6
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0183F5908276AC53CA85B1B624811715C009
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8rn0JQCecHa-X2QHaOJxFV_KAeY.roa
Signing time:             Thu 20 Oct 2022 13:23:52 +0000
ROA not before:           Thu 20 Oct 2022 13:23:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2118
IP address blocks:        212.193.12.0/24 maxlen: 24
                          193.124.3.0/24 maxlen: 24
                          212.193.15.0/24 maxlen: 24
                          62.76.225.0/24 maxlen: 24
                          62.76.229.0/24 maxlen: 24
                          62.76.231.0/24 maxlen: 24
                          194.87.1.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
                          194.87.24.0/22 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          194.58.60.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.117.0/24 maxlen: 24
                          193.124.95.0/24 maxlen: 24
                          194.87.207.0/24 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.223.0/24 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          194.135.30.0/24 maxlen: 24
                          194.87.165.0/24 maxlen: 24
                          192.124.173.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.180.0/22 maxlen: 24
                          192.124.182.0/23 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24
                          193.108.112.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:f5:90:82:76:ac:53:ca:85:b1:b6:24:81:17:15:c0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 20 13:23:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f2b9f425009e7076be5f640768e271155fca01e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:a8:37:11:92:d7:f1:ec:85:bc:08:34:9e:
                    63:32:1c:56:54:e1:18:86:b9:49:a5:01:ca:9d:b9:
                    58:2a:13:b0:ce:5b:b9:51:cb:b7:28:01:0c:ae:b6:
                    06:7c:bb:61:00:8d:7c:b6:70:de:95:d2:3d:d1:78:
                    7d:61:5c:a0:21:e6:b1:de:9e:92:b3:9d:52:4c:3d:
                    da:cc:3f:64:b4:6e:b0:b1:a5:49:d4:ba:d9:88:d6:
                    4c:79:89:26:d4:1b:10:42:47:27:b2:13:14:73:56:
                    3f:05:dd:26:db:c5:37:5b:51:45:58:11:8b:d1:d6:
                    52:86:9d:a2:34:3f:a4:7f:16:39:df:ab:7b:a9:29:
                    24:46:6e:06:a0:79:75:6f:15:25:44:1e:bd:eb:81:
                    91:26:7f:42:c9:91:a5:38:3c:eb:d0:34:65:a7:8a:
                    a4:b5:2b:af:a9:5d:b2:21:4f:1a:3c:2f:5c:db:f4:
                    18:82:e3:11:05:f0:e6:e9:26:75:3a:f6:8b:1a:ae:
                    ee:78:5f:04:66:ad:1c:ce:3b:52:a7:b8:80:45:8a:
                    dc:5e:ef:5c:5d:c5:dc:5b:9e:dd:01:95:b3:48:93:
                    1d:3e:57:9f:a5:db:cc:c9:dc:fd:fb:34:21:48:d3:
                    77:8f:a0:55:5d:72:30:c7:db:a3:b6:bc:6d:1e:af:
                    19:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B9:F4:25:00:9E:70:76:BE:5F:64:07:68:E2:71:15:5F:CA:01:E6
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8rn0JQCecHa-X2QHaOJxFV_KAeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0/24
                  62.76.229.0/24
                  62.76.231.0/24
                  192.124.173.0/24
                  192.124.178.0/24
                  192.124.180.0/22
                  192.124.209.0/24
                  193.108.112.0/24
                  193.124.3.0/24
                  193.124.95.0/24
                  193.124.203.0/24
                  194.58.45.0/24
                  194.58.60.0/24
                  194.87.1.0/24
                  194.87.16.0/24
                  194.87.24.0/22
                  194.87.117.0-194.87.118.255
                  194.87.165.0/24
                  194.87.170.0/24
                  194.87.178.0/23
                  194.87.198.0/24
                  194.87.207.0-194.87.209.255
                  194.87.222.0/23
                  194.87.226.0/24
                  194.135.23.0/24
                  194.135.30.0/24
                  195.58.54.0/24
                  195.133.76.0/24
                  212.193.0.0/24
                  212.193.12.0/24
                  212.193.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:02:1c:fc:32:6b:96:ff:67:3f:60:58:94:dc:82:2c:da:15:
         3a:34:4f:b1:e3:3a:7d:1d:87:a5:1b:c7:45:ce:18:e2:d5:59:
         e6:29:f3:7a:2b:99:1a:95:27:d5:fb:af:57:a2:3c:19:20:fc:
         c4:0f:cc:6e:08:cf:5e:b3:37:8c:48:7c:17:0b:ac:00:59:8b:
         22:d5:bf:6c:80:4d:21:c9:4f:79:3e:43:fe:6b:cf:a9:8f:4f:
         39:34:6d:7d:9b:ba:1b:f9:d5:99:73:36:89:c3:f4:c0:15:1c:
         34:ba:5c:30:ae:d7:20:e8:50:3d:c4:72:cf:2c:92:f4:03:77:
         0a:16:9c:cb:2d:d6:96:5c:72:3b:26:fa:1a:77:d5:f9:96:cf:
         2a:a1:71:00:41:24:01:74:45:c7:fe:93:a1:f5:d7:ba:df:c8:
         0f:33:bc:23:09:13:09:7b:7d:ce:09:14:5e:46:d2:73:4e:f1:
         0b:b6:a7:eb:8b:be:13:d4:de:7b:b5:c8:c7:0e:41:3b:c3:46:
         30:fa:e5:f9:49:85:50:84:71:c5:59:2e:96:d9:b3:ad:6b:25:
         e7:d6:90:ba:cf:89:87:f6:7d:cc:7a:dd:bd:6a:34:d3:71:db:
         45:54:f7:de:78:c7:e7:46:b6:68:6d:f8:44:21:88:13:bc:df:
         9e:05:72:14
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAYP1kIJ2rFPKhbG2JIEXFcAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDIwMTMyMzUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmI5ZjQyNTAwOWU3MDc2YmU1ZjY0MDc2OGUyNzExNTVmY2EwMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW+oNxGS1/HshbwINJ5jMhxWVOEY
hrlJpQHKnblYKhOwzlu5Ucu3KAEMrrYGfLthAI18tnDeldI90Xh9YVygIeax3p6S
s51STD3azD9ktG6wsaVJ1LrZiNZMeYkm1BsQQkcnshMUc1Y/Bd0m28U3W1FFWBGL
0dZShp2iND+kfxY536t7qSkkRm4GoHl1bxUlRB6964GRJn9CyZGlODzr0DRlp4qk
tSuvqV2yIU8aPC9c2/QYguMRBfDm6SZ1OvaLGq7ueF8EZq0czjtSp7iARYrcXu9c
XcXcW57dAZWzSJMdPlefpdvMydz9+zQhSNN3j6BVXXIwx9ujtrxtHq8ZawIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFPK59CUAnnB2vl9kB2jicRVfygHmMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOHJuMEpRQ2VjSGEtWDJRSGFPSnhGVl9LQWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCB0QQCAAEwgcoDBAA+
TOEDBAA+TOUDBAA+TOcDBADAfK0DBADAfLIDBALAfLQDBADAfNEDBADBbHADBADB
fAMDBADBfF8DBADBfMsDBADCOi0DBADCOjwDBADCVwEDBADCVxADBALCVxgwDAME
AMJXdQMEAMJXdgMEAMJXpQMEAMJXqgMEAcJXsgMEAMJXxjAMAwQAwlfPAwQBwlfQ
AwQBwlfeAwQAwlfiAwQAwocXAwQAwoceAwQAwzo2AwQAw4VMAwQA1MEAAwQA1MEM
AwQA1MEPMA0GCSqGSIb3DQEBCwUAA4IBAQBQAhz8MmuW/2c/YFiU3IIs2hU6NE+x
4zp9HYelG8dFzhji1VnmKfN6K5kalSfV+69XojwZIPzED8xuCM9eszeMSHwXC6wA
WYsi1b9sgE0hyU95PkP+a8+pj085NG19m7ob+dWZczaJw/TAFRw0ulwwrtcg6FA9
xHLPLJL0A3cKFpzLLdaWXHI7Jvoad9X5ls8qoXEAQSQBdEXH/pOh9de638gPM7wj
CRMJe33OCRReRtJzTvELtqfri74T1N57tcjHDkE7w0Yw+uX5SYVQhHHFWS6W2bOt
ayXn1pC6z4mH9n3Met29ajTTcdtFVPfeeMfnRrZobfhEIYgTvN+eBXIU
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:51 2023 by rpki-client on console-ams.rpki-client.org