Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N9BBzvCWSqXsOLJc7-y2H4NjtN8.roa
File:                     N9BBzvCWSqXsOLJc7-y2H4NjtN8.roa (raw, json)
Hash identifier:          bL+tdcpfzoLNnjKce+9UT/ZwXWIwK2YXewvrun0vijo=
Subject key identifier:   37:D0:41:CE:F0:96:4A:A5:EC:38:B2:5C:EF:EC:B6:1F:83:63:B4:DF
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01850FD14EC3A12F81D18FE7A1BD2BD7BBC6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N9BBzvCWSqXsOLJc7-y2H4NjtN8.roa
Signing time:             Wed 14 Dec 2022 08:47:33 +0000
ROA not before:           Wed 14 Dec 2022 08:47:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        193.124.226.0/24 maxlen: 24
                          193.124.224.0/23 maxlen: 23
                          194.87.226.0/24 maxlen: 24
                          194.87.126.0/24 maxlen: 24
                          212.192.208.0/23 maxlen: 24
                          193.124.49.0/24 maxlen: 24
                          194.87.41.0/24 maxlen: 24
                          195.133.22.0/24 maxlen: 24
                          194.135.46.0/24 maxlen: 24
                          212.192.16.0/21 maxlen: 24
                          194.87.61.0/24 maxlen: 24
                          194.87.192.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0f:d1:4e:c3:a1:2f:81:d1:8f:e7:a1:bd:2b:d7:bb:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 14 08:47:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=37d041cef0964aa5ec38b25cefecb61f8363b4df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c4:33:a4:9a:e3:93:95:55:a9:cd:f6:2e:2e:
                    0c:53:48:6d:e3:b1:41:1c:f8:f7:90:18:5d:01:a0:
                    d7:77:2d:84:48:1e:82:7c:4b:86:b0:36:cf:7a:4a:
                    ab:45:52:d8:fc:41:03:7b:2a:12:6a:59:b1:5d:4c:
                    ee:54:11:06:94:16:58:dd:53:cd:57:e5:1b:62:92:
                    8d:31:5f:41:d3:59:eb:b8:e2:86:3e:a8:fb:55:3d:
                    4c:cf:a9:69:9d:5e:c1:7a:b8:fc:11:b3:f5:57:9d:
                    fe:49:d4:96:8f:bc:85:86:34:76:f8:8b:83:05:92:
                    fd:65:e4:68:d8:dc:5b:f1:b1:23:b9:b2:93:72:f4:
                    fe:49:46:d9:c8:f0:3d:b3:7e:56:32:73:d1:0f:dd:
                    d9:00:51:24:49:c3:04:73:7d:d2:c5:dc:51:1c:39:
                    19:c8:75:72:0a:0d:a5:01:91:43:04:ca:8b:ca:90:
                    da:dc:99:0c:aa:96:ef:d3:f7:19:83:1e:d7:e8:7e:
                    70:01:88:19:f5:72:78:be:a0:ef:b9:44:e2:40:fc:
                    46:df:b5:ad:3f:14:f9:44:49:e4:1c:6d:6f:31:03:
                    7e:77:93:7b:e9:b8:0f:99:70:6c:37:6f:85:cf:27:
                    fb:c6:ed:f0:50:8b:a6:93:b9:27:f1:09:f1:be:11:
                    8f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D0:41:CE:F0:96:4A:A5:EC:38:B2:5C:EF:EC:B6:1F:83:63:B4:DF
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N9BBzvCWSqXsOLJc7-y2H4NjtN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.49.0/24
                  193.124.224.0-193.124.226.255
                  194.87.41.0/24
                  194.87.61.0/24
                  194.87.126.0/24
                  194.87.192.0/22
                  194.87.226.0/24
                  194.135.46.0/24
                  195.133.22.0/24
                  212.192.16.0/21
                  212.192.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:6f:10:84:1e:b0:fc:17:1f:48:6a:4d:94:cc:47:ec:7a:f5:
         ba:f8:8f:4b:91:e5:b5:ea:37:a2:80:04:8d:e3:5b:b3:f5:45:
         2f:5d:9e:9f:4a:a2:9a:27:f9:a0:14:2b:1a:a7:a8:dd:d1:20:
         93:22:a2:d9:4e:c9:94:0a:6c:d2:db:00:bb:54:b5:2d:32:99:
         1f:61:2a:8a:6b:39:a0:31:e4:a4:e3:14:94:f7:f9:77:cd:37:
         86:06:90:39:cc:fc:78:18:66:23:54:60:6e:61:3c:6b:ce:51:
         c5:c2:92:08:7e:90:b0:2b:e1:de:1b:91:47:eb:17:5b:da:84:
         58:53:1f:da:ba:6b:7d:15:82:0e:cf:66:73:8a:ef:47:d8:c2:
         51:53:a5:64:ff:2a:ab:ea:f8:94:b4:7a:f0:2c:69:6b:ac:1e:
         6b:ac:e7:49:a9:d5:a0:bb:51:0f:50:71:69:4b:3f:8e:6c:4a:
         ab:cc:18:ee:e3:59:a5:ea:3e:d6:0c:91:7f:97:14:1f:1a:b2:
         6c:c3:e4:61:51:e5:64:ee:2b:0e:7e:9b:46:e6:de:c8:81:2f:
         6a:fb:b3:57:03:ea:fc:64:3c:67:2b:49:49:4d:00:2d:46:32:
         fd:5b:72:f4:78:d1:4f:f0:af:f9:be:25:91:86:fb:8d:49:71:
         33:b5:94:3d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYUP0U7DoS+B0Y/nob0r17vGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjE0MDg0NzMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2QwNDFjZWYwOTY0YWE1ZWMzOGIyNWNlZmVjYjYxZjgzNjNiNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosQzpJrjk5VVqc32Li4MU0ht47FB
HPj3kBhdAaDXdy2ESB6CfEuGsDbPekqrRVLY/EEDeyoSalmxXUzuVBEGlBZY3VPN
V+UbYpKNMV9B01nruOKGPqj7VT1Mz6lpnV7Berj8EbP1V53+SdSWj7yFhjR2+IuD
BZL9ZeRo2Nxb8bEjubKTcvT+SUbZyPA9s35WMnPRD93ZAFEkScMEc33SxdxRHDkZ
yHVyCg2lAZFDBMqLypDa3JkMqpbv0/cZgx7X6H5wAYgZ9XJ4vqDvuUTiQPxG37Wt
PxT5REnkHG1vMQN+d5N76bgPmXBsN2+Fzyf7xu3wUIumk7kn8QnxvhGPoQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFDfQQc7wlkql7DiyXO/sth+DY7TfMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTjlCQnp2Q1dTcVhzT0xKYzcteTJINE5qdE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAwXwxMAwD
BAXBfOADBADBfOIDBADCVykDBADCVz0DBADCV34DBALCV8ADBADCV+IDBADChy4D
BADDhRYDBAPUwBADBAHUwNAwDQYJKoZIhvcNAQELBQADggEBAEhvEIQesPwXH0hq
TZTMR+x69br4j0uR5bXqN6KABI3jW7P1RS9dnp9Kopon+aAUKxqnqN3RIJMiotlO
yZQKbNLbALtUtS0ymR9hKoprOaAx5KTjFJT3+XfNN4YGkDnM/HgYZiNUYG5hPGvO
UcXCkgh+kLAr4d4bkUfrF1vahFhTH9q6a30Vgg7PZnOK70fYwlFTpWT/Kqvq+JS0
evAsaWusHmus50mp1aC7UQ9QcWlLP45sSqvMGO7jWaXqPtYMkX+XFB8asmzD5GFR
5WTuKw5+m0bm3siBL2r7s1cD6vxkPGcrSUlNAC1GMv1bcvR40U/wr/m+JZGG+41J
cTO1lD0=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:56 2023 by rpki-client on console-ams.rpki-client.org