Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JSI9XGRTpi2CwL3UZR8x8G8yZkQ.roa
File:                     JSI9XGRTpi2CwL3UZR8x8G8yZkQ.roa (raw, json)
Hash identifier:          cbZYmN5CQ22SNpwpoBex71TfmsuQYSbdFY7HFx5A7N0=
Subject key identifier:   25:22:3D:5C:64:53:A6:2D:82:C0:BD:D4:65:1F:31:F0:6F:32:66:44
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184C274BF93E6DDE100E0780AA7410BE7AF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JSI9XGRTpi2CwL3UZR8x8G8yZkQ.roa
Signing time:             Tue 29 Nov 2022 08:15:41 +0000
ROA not before:           Tue 29 Nov 2022 08:15:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     138687
IP address blocks:        212.192.7.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          194.87.180.0/24 maxlen: 24
                          195.58.61.0/24 maxlen: 24
                          194.58.61.0/24 maxlen: 24
                          193.124.94.0/24 maxlen: 24
                          212.193.5.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c2:74:bf:93:e6:dd:e1:00:e0:78:0a:a7:41:0b:e7:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 29 08:15:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=25223d5c6453a62d82c0bdd4651f31f06f326644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fc:88:5d:27:45:db:97:81:3d:73:d0:07:04:
                    dd:ea:74:e6:c3:d6:07:58:c0:b3:f7:6e:0b:5c:37:
                    d1:f6:03:ff:e2:58:96:79:3c:1e:da:99:cf:e2:44:
                    12:a7:55:84:21:38:df:48:1e:35:76:7a:ec:a8:f1:
                    f4:6c:ae:87:01:89:73:7e:5a:28:17:10:44:e6:bb:
                    af:f3:3a:ee:bc:fd:20:b9:e0:91:0e:54:a5:1b:1d:
                    5e:48:1c:63:a4:e9:c2:9d:cc:79:89:5c:70:e8:ea:
                    c4:f7:bb:ec:88:8a:44:d8:58:08:51:5c:5f:1b:26:
                    2e:12:31:3d:12:53:94:7d:4b:0a:09:d9:61:e6:1e:
                    d0:13:9d:5e:f7:8a:be:68:79:d9:55:59:9e:11:0e:
                    bb:e2:f0:74:95:aa:70:78:7d:3a:70:00:5f:19:69:
                    77:45:56:f8:67:a8:44:30:4a:16:52:47:d2:ff:54:
                    81:06:3e:2c:ff:02:c9:ed:9c:5a:84:a8:ec:1a:e9:
                    ea:91:30:fb:1c:5b:20:c7:b4:12:18:60:43:34:63:
                    19:12:17:ed:0c:fb:12:a0:ae:aa:87:b9:0e:95:29:
                    53:e3:27:6e:80:29:ed:c2:cf:f3:42:ff:8b:16:26:
                    bd:c6:1d:ef:03:1a:a1:b1:94:81:e1:ed:62:12:f4:
                    33:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:22:3D:5C:64:53:A6:2D:82:C0:BD:D4:65:1F:31:F0:6F:32:66:44
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JSI9XGRTpi2CwL3UZR8x8G8yZkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.181.0/24
                  193.124.94.0/24
                  194.58.61.0/24
                  194.87.180.0/24
                  195.58.61.0/24
                  212.192.7.0/24
                  212.193.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:c1:87:cc:e9:76:a0:c0:bb:c7:42:44:62:9b:fb:0a:70:67:
         82:0b:7d:14:98:df:ff:cd:c8:8f:c5:18:cc:2b:0b:c5:1e:6d:
         94:5d:97:b3:b5:c1:dc:a9:c0:af:5a:14:f4:14:5a:06:53:6a:
         95:ae:26:c0:1f:cd:44:f0:79:27:b4:ba:69:ba:0b:76:34:bd:
         e1:d5:17:32:f3:37:d6:4c:5f:b9:64:06:ef:cc:9c:d0:9e:a6:
         0c:78:fc:c6:6d:ae:ea:7f:d2:d5:39:33:e3:b9:a4:1f:c0:9d:
         6b:78:93:7d:02:fa:ea:ec:45:a9:3e:c9:4a:53:f1:46:6d:c8:
         26:7e:56:0b:f4:11:ba:6b:cc:e5:ce:28:76:75:77:7e:d8:87:
         56:7a:12:a0:30:43:51:d5:05:de:4a:a2:e0:d5:ce:35:3f:5c:
         42:06:4b:f4:39:36:7d:8b:d4:e2:d9:2b:20:3e:06:57:09:e1:
         9c:52:f2:6a:7b:b9:b2:50:22:76:2d:3e:03:ab:b1:17:ad:1e:
         31:c9:c2:b0:5e:f8:2d:f2:a5:13:2b:73:19:0e:8b:3f:42:f4:
         fb:7a:47:3a:de:97:da:0b:59:d5:a0:67:ef:70:3a:06:6c:24:
         b8:a3:bd:b8:28:e2:d8:e1:be:9e:e2:b5:3a:4f:ff:f8:d6:dc:
         69:fa:3b:b4
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYTCdL+T5t3hAOB4CqdBC+evMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTI5MDgxNTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTIyM2Q1YzY0NTNhNjJkODJjMGJkZDQ2NTFmMzFmMDZmMzI2NjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovyIXSdF25eBPXPQBwTd6nTmw9YH
WMCz924LXDfR9gP/4liWeTwe2pnP4kQSp1WEITjfSB41dnrsqPH0bK6HAYlzfloo
FxBE5ruv8zruvP0gueCRDlSlGx1eSBxjpOnCncx5iVxw6OrE97vsiIpE2FgIUVxf
GyYuEjE9ElOUfUsKCdlh5h7QE51e94q+aHnZVVmeEQ674vB0lapweH06cABfGWl3
RVb4Z6hEMEoWUkfS/1SBBj4s/wLJ7ZxahKjsGunqkTD7HFsgx7QSGGBDNGMZEhft
DPsSoK6qh7kOlSlT4ydugCntws/zQv+LFia9xh3vAxqhsZSB4e1iEvQzPQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCUiPVxkU6YtgsC91GUfMfBvMmZEMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSlNJOVhHUlRwaTJDd0wzVVpSOHg4Rzh5WmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwHy1AwQA
wXxeAwQAwjo9AwQAwle0AwQAwzo9AwQA1MAHAwQA1MEFMA0GCSqGSIb3DQEBCwUA
A4IBAQAhwYfM6XagwLvHQkRim/sKcGeCC30UmN//zciPxRjMKwvFHm2UXZeztcHc
qcCvWhT0FFoGU2qVribAH81E8HkntLppugt2NL3h1Rcy8zfWTF+5ZAbvzJzQnqYM
ePzGba7qf9LVOTPjuaQfwJ1reJN9Avrq7EWpPslKU/FGbcgmflYL9BG6a8zlzih2
dXd+2IdWehKgMENR1QXeSqLg1c41P1xCBkv0OTZ9i9Ti2SsgPgZXCeGcUvJqe7my
UCJ2LT4Dq7EXrR4xycKwXvgt8qUTK3MZDos/QvT7ekc63pfaC1nVoGfvcDoGbCS4
o724KOLY4b6e4rU6T//41txp+ju0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:12 2024 by rpki-client on console-fra.rpki-client.org