Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KvMREpMgRC4pk5aEDoOYcvdzpTQ.roa
File:                     KvMREpMgRC4pk5aEDoOYcvdzpTQ.roa (raw, json)
Hash identifier:          lzeRnZT6A044WJwxnbWHZO1TYIN4FnSOY59NM69CBXA=
Subject key identifier:   2A:F3:11:12:93:20:44:2E:29:93:96:84:0E:83:98:72:F7:73:A5:34
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184575254C2B2902FDC7AF1B4858B177DFA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KvMREpMgRC4pk5aEDoOYcvdzpTQ.roa
Signing time:             Tue 08 Nov 2022 12:58:44 +0000
ROA not before:           Tue 08 Nov 2022 12:58:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15731
IP address blocks:        193.124.3.0/24 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          194.87.38.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          194.87.166.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          195.133.35.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          212.192.31.0/24 maxlen: 24
                          212.193.1.0/24 maxlen: 24
                          212.193.3.0/24 maxlen: 24
                          194.87.130.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          195.133.0.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:57:52:54:c2:b2:90:2f:dc:7a:f1:b4:85:8b:17:7d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov  8 12:58:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2af311129320442e299396840e839872f773a534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f9:1e:a9:c3:6a:9a:8a:4e:32:a9:70:05:79:
                    b1:ee:00:a9:ad:99:ce:70:85:28:58:db:3e:15:83:
                    6e:55:66:37:1d:5c:4a:a5:da:50:cf:38:b1:68:76:
                    c0:55:7c:92:3d:d4:ad:03:61:b1:cf:fe:d3:b3:af:
                    fa:a7:ff:05:90:ae:c8:3c:c5:28:1d:d8:15:b5:ec:
                    88:83:f7:49:45:f1:72:7e:89:0d:05:65:58:b2:51:
                    bb:e3:7e:dc:ec:6a:ca:fd:f1:89:fd:b0:d4:53:c2:
                    9e:1a:14:1c:d4:ad:2a:48:60:c6:e1:d9:1e:3b:83:
                    32:f6:49:bf:1d:2a:6d:69:21:40:aa:a0:cd:1e:fd:
                    8c:3a:04:4e:ca:45:0d:48:0f:67:00:8e:75:58:c5:
                    59:c4:90:3b:35:e0:82:59:f9:4f:b6:69:ed:53:e5:
                    a8:eb:17:91:8b:7d:a5:08:fd:c5:b3:45:ac:86:11:
                    43:43:aa:35:b2:cf:ac:f4:2a:76:fd:54:f0:80:af:
                    67:64:f6:29:fb:ee:ae:da:11:c3:97:95:c5:1c:dd:
                    08:ed:65:ab:04:0a:02:e7:2b:7e:f4:db:66:2a:67:
                    ad:16:35:82:57:3e:21:ef:cc:e6:52:02:65:e3:4c:
                    6e:84:21:6a:a0:25:45:02:4a:02:76:6c:e0:75:70:
                    48:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F3:11:12:93:20:44:2E:29:93:96:84:0E:83:98:72:F7:73:A5:34
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KvMREpMgRC4pk5aEDoOYcvdzpTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.3.0/24
                  194.87.38.0/24
                  194.87.73.0/24
                  194.87.130.0/23
                  194.87.166.0/24
                  194.87.168.0/24
                  194.87.178.0/24
                  194.135.23.0/24
                  195.58.35.0/24
                  195.133.0.0/24
                  195.133.35.0/24
                  212.192.31.0/24
                  212.193.1.0/24
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:03:8a:2d:1d:01:0c:db:5d:73:4f:cf:33:f0:72:d6:94:0e:
         03:c3:07:6c:2f:c7:e1:60:b5:f0:70:9a:ba:f3:82:3e:32:a1:
         13:30:0b:a8:c5:2d:70:9a:a1:ab:90:c6:86:e8:4d:95:e6:5e:
         be:4b:08:d5:7e:dd:0c:ee:4f:da:96:f0:8a:4c:86:aa:37:e3:
         72:3c:75:1a:85:d4:7a:b2:94:a4:52:84:9d:83:a8:2a:d1:fc:
         5a:71:e6:9e:f2:a2:9c:c7:81:9c:cd:74:a7:d2:91:9c:5e:6d:
         14:85:b9:76:92:10:f5:15:13:ea:7c:65:2b:fa:dc:57:2c:65:
         16:47:0c:4d:5d:1a:c3:68:5b:6a:08:29:77:a1:61:29:7e:37:
         46:b5:da:cf:60:8b:80:44:c5:d5:10:aa:21:49:f0:d9:72:04:
         59:c3:97:70:95:e8:36:64:de:93:11:7b:36:a8:4b:3d:a6:10:
         d4:5f:5d:98:8d:c0:33:00:1d:f4:a7:1e:f1:51:40:d6:16:0d:
         21:c6:1e:67:72:0e:45:c6:4a:2f:3e:a0:10:f4:ff:72:bd:6f:
         9f:fa:8d:34:5a:59:be:3b:98:33:e6:f0:f8:a5:52:41:11:f9:
         76:de:2b:fa:6a:2a:c2:43:0b:63:12:3e:9d:5a:0f:81:14:69:
         2d:20:c6:d5
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYRXUlTCspAv3HrxtIWLF336MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTA4MTI1ODQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWYzMTExMjkzMjA0NDJlMjk5Mzk2ODQwZTgzOTg3MmY3NzNhNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/keqcNqmopOMqlwBXmx7gCprZnO
cIUoWNs+FYNuVWY3HVxKpdpQzzixaHbAVXySPdStA2Gxz/7Ts6/6p/8FkK7IPMUo
HdgVteyIg/dJRfFyfokNBWVYslG7437c7GrK/fGJ/bDUU8KeGhQc1K0qSGDG4dke
O4My9km/HSptaSFAqqDNHv2MOgROykUNSA9nAI51WMVZxJA7NeCCWflPtmntU+Wo
6xeRi32lCP3Fs0WshhFDQ6o1ss+s9Cp2/VTwgK9nZPYp++6u2hHDl5XFHN0I7WWr
BAoC5yt+9NtmKmetFjWCVz4h78zmUgJl40xuhCFqoCVFAkoCdmzgdXBIrQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFCrzERKTIEQuKZOWhA6DmHL3c6U0MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS3ZNUkVwTWdSQzRwazVhRURvT1ljdmR6cFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAwXwDAwQA
wlcmAwQAwldJAwQBwleCAwQAwlemAwQAwleoAwQAwleyAwQAwocXAwQAwzojAwQA
w4UAAwQAw4UjAwQA1MAfAwQA1MEBAwQA1MEDMA0GCSqGSIb3DQEBCwUAA4IBAQAM
A4otHQEM211zT88z8HLWlA4DwwdsL8fhYLXwcJq684I+MqETMAuoxS1wmqGrkMaG
6E2V5l6+SwjVft0M7k/alvCKTIaqN+NyPHUahdR6spSkUoSdg6gq0fxaceae8qKc
x4GczXSn0pGcXm0Uhbl2khD1FRPqfGUr+txXLGUWRwxNXRrDaFtqCCl3oWEpfjdG
tdrPYIuARMXVEKohSfDZcgRZw5dwleg2ZN6TEXs2qEs9phDUX12YjcAzAB30px7x
UUDWFg0hxh5ncg5FxkovPqAQ9P9yvW+f+o00Wlm+O5gz5vD4pVJBEfl23iv6airC
QwtjEj6dWg+BFGktIMbV
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:55 2023 by rpki-client on console-ams.rpki-client.org