Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Bac_JF8lD5dPjo48sccFEh3Ikww.roa
File:                     Bac_JF8lD5dPjo48sccFEh3Ikww.roa (raw, json)
Hash identifier:          TNOuMQwUImJwvvdlsm/DiSAAbE2Y3AZ8HW7CRnT2kfI=
Subject key identifier:   05:A7:3F:24:5F:25:0F:97:4F:8E:8E:3C:B1:C7:05:12:1D:C8:93:0C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184F630266C7252C2A4453A1FD542A7FD58
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Bac_JF8lD5dPjo48sccFEh3Ikww.roa
Signing time:             Fri 09 Dec 2022 09:21:00 +0000
ROA not before:           Fri 09 Dec 2022 09:21:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        212.193.15.0/24 maxlen: 24
                          212.193.13.0/24 maxlen: 24
                          212.193.12.0/24 maxlen: 24
                          195.133.82.0/24 maxlen: 24
                          194.87.181.0/24 maxlen: 24
                          212.193.1.0/24 maxlen: 24
                          212.193.2.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          212.193.6.0/24 maxlen: 24
                          185.72.9.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          194.87.90.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f6:30:26:6c:72:52:c2:a4:45:3a:1f:d5:42:a7:fd:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec  9 09:21:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=05a73f245f250f974f8e8e3cb1c705121dc8930c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a3:9a:a9:12:ff:22:5e:2f:69:fc:59:68:b0:
                    cc:e4:73:44:2f:bf:9a:57:7e:19:6f:3e:e9:32:2b:
                    31:27:ad:47:96:bf:94:4a:76:04:ad:4a:24:16:66:
                    77:c4:47:18:e6:93:f3:2b:ca:0d:d8:93:38:29:60:
                    ad:ac:50:22:6a:3f:49:ab:b7:32:0c:47:00:a6:8e:
                    e9:58:f3:f1:04:bf:8e:11:0d:b0:c8:39:73:73:13:
                    46:13:2a:26:b6:90:12:ad:50:bf:c1:ed:3a:16:51:
                    a9:b1:ab:b8:56:5d:bd:67:65:0f:5e:08:ca:fa:ad:
                    3b:8c:c7:92:af:bf:8c:ad:82:a2:87:5e:c3:6f:fc:
                    a0:97:a0:8e:3e:24:89:50:03:e3:67:93:63:1c:67:
                    bc:4d:8a:bb:a3:3a:64:71:c6:e7:0a:f4:7e:e1:24:
                    b0:1d:a0:31:9f:d3:e2:a7:ab:14:f2:4a:6b:e0:50:
                    f2:32:1f:7f:67:ce:41:05:8c:e8:65:23:0b:3a:9c:
                    5a:4a:e9:bc:b6:c6:05:2a:8d:d5:ea:96:59:37:fa:
                    6f:a0:9a:31:64:bc:8f:95:f2:8d:be:8c:91:77:41:
                    d2:c1:7d:0e:47:4b:47:ed:99:9a:91:7f:66:1d:9a:
                    2c:92:d0:25:6b:2b:36:ec:57:e4:67:dc:42:aa:b9:
                    de:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A7:3F:24:5F:25:0F:97:4F:8E:8E:3C:B1:C7:05:12:1D:C8:93:0C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Bac_JF8lD5dPjo48sccFEh3Ikww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.9.0/24
                  194.87.73.0/24
                  194.87.90.0/24
                  194.87.181.0/24
                  194.87.198.0/24
                  195.133.82.0/24
                  212.193.0.0-212.193.2.255
                  212.193.6.0/24
                  212.193.12.0/23
                  212.193.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:67:28:12:61:02:33:a1:d4:ee:a4:63:59:a3:62:75:8f:4f:
         9e:aa:3a:ba:f0:c8:32:fb:ce:c1:a2:fb:49:78:79:44:96:7e:
         1b:9c:a5:00:7e:41:c1:7a:95:99:a8:32:df:35:8b:73:a4:e5:
         36:04:9c:47:ba:70:0d:cb:5d:3f:6a:8b:1c:53:65:76:fe:92:
         bf:91:06:ed:af:74:02:5f:4b:6e:ef:00:83:6f:d5:2a:28:11:
         36:9a:01:30:c6:d8:a5:ab:6c:25:e7:86:3c:6d:13:8a:c2:aa:
         16:c5:eb:95:b2:6a:50:fa:e9:7d:a0:7a:dc:cb:e8:6c:78:13:
         29:b9:fd:41:ff:be:db:32:78:f7:56:73:ac:dc:90:8c:0b:6b:
         38:1c:84:8f:8f:6a:24:93:17:3d:a6:ab:88:5a:b1:bf:24:69:
         d9:a4:9d:99:58:2a:d6:bd:05:2f:84:6b:ef:d9:81:90:16:ab:
         2f:89:85:ee:a3:de:f8:d1:0b:bb:e2:69:e0:23:91:b4:7d:8a:
         c0:29:b0:b6:fb:67:11:43:05:d2:c5:c2:89:50:65:b1:52:bd:
         e8:20:c3:d4:6c:97:ff:58:1d:ea:61:99:a6:1a:c9:b3:96:03:
         d1:fc:b7:5f:b2:cf:9d:da:3e:a5:ad:8e:c3:1b:72:60:d6:76:
         61:a0:5d:b5
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYT2MCZsclLCpEU6H9VCp/1YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjA5MDkyMTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE3M2YyNDVmMjUwZjk3NGY4ZThlM2NiMWM3MDUxMjFkYzg5MzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqOaqRL/Il4vafxZaLDM5HNEL7+a
V34Zbz7pMisxJ61Hlr+USnYErUokFmZ3xEcY5pPzK8oN2JM4KWCtrFAiaj9Jq7cy
DEcApo7pWPPxBL+OEQ2wyDlzcxNGEyomtpASrVC/we06FlGpsau4Vl29Z2UPXgjK
+q07jMeSr7+MrYKih17Db/ygl6COPiSJUAPjZ5NjHGe8TYq7ozpkccbnCvR+4SSw
HaAxn9Pip6sU8kpr4FDyMh9/Z85BBYzoZSMLOpxaSum8tsYFKo3V6pZZN/pvoJox
ZLyPlfKNvoyRd0HSwX0OR0tH7ZmakX9mHZosktAlays27FfkZ9xCqrnebwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFAWnPyRfJQ+XT46OPLHHBRIdyJMMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQmFjX0pGOGxENWRQam80OHNjY0ZFaDNJa3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAATBDAwQAuUgJAwQA
wldJAwQAwldaAwQAwle1AwQAwlfGAwQAw4VSMAsDAwDUwQMEANTBAgMEANTBBgME
AdTBDAMEANTBDzANBgkqhkiG9w0BAQsFAAOCAQEASGcoEmECM6HU7qRjWaNidY9P
nqo6uvDIMvvOwaL7SXh5RJZ+G5ylAH5BwXqVmagy3zWLc6TlNgScR7pwDctdP2qL
HFNldv6Sv5EG7a90Al9Lbu8Ag2/VKigRNpoBMMbYpatsJeeGPG0TisKqFsXrlbJq
UPrpfaB63MvobHgTKbn9Qf++2zJ491ZzrNyQjAtrOByEj49qJJMXPaariFqxvyRp
2aSdmVgq1r0FL4Rr79mBkBarL4mF7qPe+NELu+Jp4CORtH2KwCmwtvtnEUMF0sXC
iVBlsVK96CDD1GyX/1gd6mGZphrJs5YD0fy3X7LPndo+pa2OwxtyYNZ2YaBdtQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:52 2023 by rpki-client on console-ams.rpki-client.org