Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KNiPw9vx1nsRwFz80vWQPQkN3HY.roa
File:                     KNiPw9vx1nsRwFz80vWQPQkN3HY.roa (raw, json)
Hash identifier:          O+GkHvjmzRFxcgvxJTtl6tAOBtSM3IT/vd5RBKxCSTw=
Subject key identifier:   28:D8:8F:C3:DB:F1:D6:7B:11:C0:5C:FC:D2:F5:90:3D:09:0D:DC:76
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01841DAC2507FC57079F2367711F9803FEB3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KNiPw9vx1nsRwFz80vWQPQkN3HY.roa
Signing time:             Fri 28 Oct 2022 08:18:51 +0000
ROA not before:           Fri 28 Oct 2022 08:18:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     40676
IP address blocks:        194.87.160.0/24 maxlen: 24
                          192.124.191.0/24 maxlen: 24
                          192.124.189.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:1d:ac:25:07:fc:57:07:9f:23:67:71:1f:98:03:fe:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 28 08:18:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=28d88fc3dbf1d67b11c05cfcd2f5903d090ddc76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1e:40:d6:23:52:20:26:f1:b5:d3:65:06:78:
                    64:30:e6:06:95:33:d6:76:ea:d5:64:c4:9e:f0:b9:
                    24:1c:ea:51:69:25:3d:22:08:af:8c:b6:98:e7:44:
                    90:a7:d0:5b:a0:88:ae:53:8f:85:4e:17:06:fe:ca:
                    17:7b:86:33:77:ba:80:4f:2f:17:ae:b1:ca:80:f5:
                    94:05:54:95:e0:7d:f3:04:8e:95:57:8c:e6:94:5b:
                    a9:7e:45:f2:2a:81:98:c0:5c:c5:0d:46:37:96:5b:
                    e5:32:40:46:19:f7:bf:e1:9b:48:43:d6:d3:e5:eb:
                    95:55:ff:6b:3a:f4:4c:d5:25:b9:a5:0a:66:4e:1b:
                    55:6e:d9:d1:7f:30:6e:b5:c8:9c:42:8c:01:b7:24:
                    1c:aa:dd:38:c7:16:03:e1:5c:42:ed:1a:6c:bb:66:
                    43:21:13:cd:a1:59:26:19:c9:b0:09:f8:7d:22:c4:
                    e0:a5:6b:14:03:29:16:7c:1a:5d:e6:5a:14:03:bc:
                    ac:e8:dc:ea:75:60:e9:d7:f6:97:cf:5f:c7:0b:45:
                    de:e3:e7:d5:a7:02:0c:d6:22:52:54:69:3a:fe:34:
                    26:b7:a2:92:4c:b6:b2:9b:89:4c:ce:c1:e3:57:64:
                    e0:9e:76:a4:8f:f3:0f:b8:4a:6e:22:fb:5f:a7:b8:
                    9e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:D8:8F:C3:DB:F1:D6:7B:11:C0:5C:FC:D2:F5:90:3D:09:0D:DC:76
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KNiPw9vx1nsRwFz80vWQPQkN3HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.189.0/24
                  192.124.191.0/24
                  194.87.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:de:8b:11:d1:10:f7:60:ae:c4:d1:2d:ca:90:dc:35:01:a4:
         4b:a7:06:13:b6:47:31:e0:22:d7:31:c2:d7:87:24:98:94:ac:
         72:e3:fe:cc:d8:3f:ff:9e:1a:91:37:93:ff:f7:4d:89:bb:9c:
         a0:60:5d:0d:51:c8:86:6f:24:23:4b:bb:c0:13:bb:b8:f2:32:
         01:6e:41:e0:e2:a2:cb:5e:f0:1f:f4:7b:e4:1c:56:c3:9c:3e:
         81:e5:31:cf:48:58:55:15:0e:16:fb:bf:d1:0f:0d:61:e7:bc:
         b5:89:10:1f:f9:b2:46:9a:26:b5:bb:31:0a:19:9d:c8:05:89:
         a5:43:2a:23:4f:a0:b8:de:72:af:1d:a7:e0:f4:67:c8:64:6e:
         e5:35:10:21:a5:58:c3:93:32:8d:ef:e7:55:9a:79:5a:da:1d:
         9f:fa:b9:d8:98:41:2c:2b:fb:a4:20:89:61:cb:9d:33:30:2f:
         be:7e:00:a5:a0:f0:aa:83:48:9d:d9:b2:18:fe:77:d7:cd:4f:
         de:ef:ba:88:8c:53:82:bd:4c:ae:56:6a:94:16:6a:6a:8b:5e:
         b8:f3:ef:ea:4f:a0:77:58:32:fe:13:63:a8:9f:67:05:44:8b:
         75:7f:32:28:1f:32:98:d6:55:98:85:d0:bc:29:71:a9:21:d8:
         6a:b5:96:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYQdrCUH/FcHnyNncR+YA/6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDI4MDgxODUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ4OGZjM2RiZjFkNjdiMTFjMDVjZmNkMmY1OTAzZDA5MGRkYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx5A1iNSICbxtdNlBnhkMOYGlTPW
durVZMSe8LkkHOpRaSU9IgivjLaY50SQp9BboIiuU4+FThcG/soXe4Yzd7qATy8X
rrHKgPWUBVSV4H3zBI6VV4zmlFupfkXyKoGYwFzFDUY3llvlMkBGGfe/4ZtIQ9bT
5euVVf9rOvRM1SW5pQpmThtVbtnRfzButcicQowBtyQcqt04xxYD4VxC7Rpsu2ZD
IRPNoVkmGcmwCfh9IsTgpWsUAykWfBpd5loUA7ys6NzqdWDp1/aXz1/HC0Xe4+fV
pwIM1iJSVGk6/jQmt6KSTLaym4lMzsHjV2Tgnnakj/MPuEpuIvtfp7ievQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCjYj8Pb8dZ7EcBc/NL1kD0JDdx2MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS05pUHc5dngxbnNSd0Z6ODB2V1FQUWtOM0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwHy9AwQA
wHy/AwQAwlegMA0GCSqGSIb3DQEBCwUAA4IBAQAn3osR0RD3YK7E0S3KkNw1AaRL
pwYTtkcx4CLXMcLXhySYlKxy4/7M2D//nhqRN5P/902Ju5ygYF0NUciGbyQjS7vA
E7u48jIBbkHg4qLLXvAf9HvkHFbDnD6B5THPSFhVFQ4W+7/RDw1h57y1iRAf+bJG
mia1uzEKGZ3IBYmlQyojT6C43nKvHafg9GfIZG7lNRAhpVjDkzKN7+dVmnla2h2f
+rnYmEEsK/ukIIlhy50zMC++fgCloPCqg0id2bIY/nfXzU/e77qIjFOCvUyuVmqU
Fmpqi1648+/qT6B3WDL+E2Oon2cFRIt1fzIoHzKY1lWYhdC8KXGpIdhqtZZV
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:55 2023 by rpki-client on console-ams.rpki-client.org