Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/K27nhZY1txGgdBLpyoG_h9n7vpM.roa
File:                     K27nhZY1txGgdBLpyoG_h9n7vpM.roa (raw, json)
Hash identifier:          JFsatXzLqbketKFSjWN4hGWZriLDmoJsypANp4lVc88=
Subject key identifier:   2B:6E:E7:85:96:35:B7:11:A0:74:12:E9:CA:81:BF:87:D9:FB:BE:93
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0182203818515F614B63C7DAAC1F420F1001
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/K27nhZY1txGgdBLpyoG_h9n7vpM.roa
Signing time:             Thu 21 Jul 2022 10:05:23 +0000
ROA not before:           Thu 21 Jul 2022 10:05:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211851
IP address blocks:        212.193.12.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:20:38:18:51:5f:61:4b:63:c7:da:ac:1f:42:0f:10:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul 21 10:05:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2b6ee7859635b711a07412e9ca81bf87d9fbbe93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c7:99:d2:5d:79:09:f4:ca:a8:55:6f:a6:c6:
                    ce:95:93:3d:3b:4d:47:a5:75:02:f2:f5:3a:fa:27:
                    9c:86:ec:f8:8c:fc:e1:5d:69:d2:6e:10:e8:b2:2a:
                    e8:9c:6d:fd:b6:06:f1:45:f4:0b:ab:3a:43:4d:c1:
                    ee:cb:2c:5d:84:a8:d6:c7:c0:0a:c7:b4:e9:51:6f:
                    39:19:74:29:42:ab:9f:6f:61:54:72:82:55:14:9c:
                    65:99:54:74:f9:75:c1:5a:55:ac:f4:42:48:57:6a:
                    26:cf:ce:a4:00:34:97:cd:bb:d5:ad:62:6d:9c:13:
                    13:fd:69:90:1d:6c:19:03:2d:96:a2:db:ca:51:25:
                    eb:e4:26:ae:f1:1d:9f:d5:9c:f5:18:e5:8e:5d:bf:
                    71:fd:a5:cd:22:70:22:12:af:d4:ed:af:54:a0:a0:
                    7c:81:00:fa:0a:7f:80:c9:13:a9:53:2f:17:03:1b:
                    22:bc:5f:97:8b:3c:9c:29:5c:22:64:3f:d6:d8:78:
                    22:5c:8c:d4:ee:98:54:5d:0b:bd:d1:86:38:c6:02:
                    ba:f1:ae:54:a9:45:13:43:a6:02:62:3d:b8:61:ac:
                    ca:82:f2:ff:98:24:9c:92:01:0b:bf:51:90:03:53:
                    b9:62:8d:4b:a7:7d:79:00:96:37:fa:a0:78:f5:6f:
                    ea:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6E:E7:85:96:35:B7:11:A0:74:12:E9:CA:81:BF:87:D9:FB:BE:93
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/K27nhZY1txGgdBLpyoG_h9n7vpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:94:00:eb:8e:d4:3f:99:62:96:8c:bc:72:cc:ca:05:df:ed:
         2a:f7:e6:88:00:25:cd:33:44:b6:03:18:98:4a:16:3e:d9:12:
         1c:8c:c8:51:8b:4f:fd:b7:f1:f5:06:58:01:45:e3:d1:87:77:
         49:bc:08:94:05:a6:1c:aa:2a:0c:bf:70:ba:e4:c3:19:3d:36:
         3a:69:81:ae:66:6f:d7:d9:93:db:92:49:7c:db:1f:93:14:6e:
         d8:75:93:54:1c:32:63:7f:e0:f6:a6:0a:fe:6e:e6:00:05:1c:
         92:56:a7:1d:16:d8:11:02:96:be:ae:16:55:bb:d2:3e:e8:fc:
         88:6b:94:ac:f9:94:04:d3:c3:ca:91:3f:df:21:11:dd:02:0e:
         87:6e:aa:2f:f1:ca:26:0f:cb:09:50:17:7f:38:d9:9e:71:57:
         38:55:f4:13:5c:73:01:3a:df:92:69:36:98:37:b7:89:6f:71:
         28:ae:e9:7e:22:0c:0d:55:02:d3:25:fa:f3:64:2c:38:e1:07:
         7d:f3:55:6f:bc:3c:5a:18:5a:53:a5:3f:77:51:35:17:cf:24:
         35:29:cb:d0:b5:c0:af:1c:b2:db:8e:b3:12:cf:3b:b4:da:f2:
         4b:53:83:ec:f4:ab:d2:b3:22:c2:eb:3b:b6:52:0f:0e:6f:7d:
         65:2a:dc:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYIgOBhRX2FLY8farB9CDxABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIwNzIxMTAwNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjZlZTc4NTk2MzViNzExYTA3NDEyZTljYTgxYmY4N2Q5ZmJiZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1seZ0l15CfTKqFVvpsbOlZM9O01H
pXUC8vU6+iechuz4jPzhXWnSbhDosironG39tgbxRfQLqzpDTcHuyyxdhKjWx8AK
x7TpUW85GXQpQqufb2FUcoJVFJxlmVR0+XXBWlWs9EJIV2omz86kADSXzbvVrWJt
nBMT/WmQHWwZAy2WotvKUSXr5Cau8R2f1Zz1GOWOXb9x/aXNInAiEq/U7a9UoKB8
gQD6Cn+AyROpUy8XAxsivF+XizycKVwiZD/W2HgiXIzU7phUXQu90YY4xgK68a5U
qUUTQ6YCYj24YazKgvL/mCSckgELv1GQA1O5Yo1Lp315AJY3+qB49W/q4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtu54WWNbcRoHQS6cqBv4fZ+76TMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSzI3bmhaWTF0eEdnZEJMcHlvR19oOW43dnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEMMA0G
CSqGSIb3DQEBCwUAA4IBAQCJlADrjtQ/mWKWjLxyzMoF3+0q9+aIACXNM0S2AxiY
ShY+2RIcjMhRi0/9t/H1BlgBRePRh3dJvAiUBaYcqioMv3C65MMZPTY6aYGuZm/X
2ZPbkkl82x+TFG7YdZNUHDJjf+D2pgr+buYABRySVqcdFtgRApa+rhZVu9I+6PyI
a5Ss+ZQE08PKkT/fIRHdAg6Hbqov8comD8sJUBd/ONmecVc4VfQTXHMBOt+SaTaY
N7eJb3Eorul+IgwNVQLTJfrzZCw44Qd981VvvDxaGFpTpT93UTUXzyQ1KcvQtcCv
HLLbjrMSzzu02vJLU4Ps9KvSsyLC6zu2Ug8Ob31lKtwM
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:55 2023 by rpki-client on console-ams.rpki-client.org