Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TRK_OREIu7feO45soRHah3_SyZ8.roa
File:                     TRK_OREIu7feO45soRHah3_SyZ8.roa (raw, json)
Hash identifier:          sfmMbYQGPGccwBIYQSRram64/ipuV8UOo3sEQSjkMuQ=
Subject key identifier:   4D:12:BF:39:11:08:BB:B7:DE:3B:8E:6C:A1:11:DA:87:7F:D2:C9:9F
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0182ED9253C82C7D9B43753763662F457CBC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TRK_OREIu7feO45soRHah3_SyZ8.roa
Signing time:             Tue 30 Aug 2022 07:06:06 +0000
ROA not before:           Tue 30 Aug 2022 07:06:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2118
IP address blocks:        193.124.3.0/24 maxlen: 24
                          194.87.219.0/24 maxlen: 24
                          194.87.1.0/24 maxlen: 24
                          195.133.80.0/24 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          194.87.24.0/22 maxlen: 24
                          195.133.12.0/22 maxlen: 24
                          192.124.173.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.180.0/22 maxlen: 24
                          192.124.182.0/23 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          192.124.188.0/22 maxlen: 22
                          194.87.179.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ed:92:53:c8:2c:7d:9b:43:75:37:63:66:2f:45:7c:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 30 07:06:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4d12bf391108bbb7de3b8e6ca111da877fd2c99f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:78:8f:ac:ef:6d:32:69:ee:68:86:ef:d4:de:
                    f3:5d:44:74:80:80:0b:c9:58:09:a3:aa:da:06:ea:
                    e0:c7:66:99:da:f3:a3:7e:f4:a1:e9:0f:0c:18:17:
                    35:77:cf:66:59:9f:b6:f5:f4:43:1d:bd:aa:24:9c:
                    95:de:6e:1f:e8:db:8c:74:63:28:b0:98:d3:bc:b1:
                    ae:6c:7f:e2:52:96:5e:3b:88:b3:30:fa:e9:70:85:
                    21:67:96:e0:03:67:fa:f2:31:d9:af:dc:d0:a5:9f:
                    4a:03:20:2b:a7:58:46:6d:38:ca:8e:fc:0a:38:ad:
                    df:3f:d0:55:7e:97:8c:9a:ea:3c:e4:78:63:da:ad:
                    e4:7b:1a:b0:47:5d:ed:e2:cd:79:75:0f:21:da:81:
                    21:ff:fb:f6:e1:14:0c:01:d8:0d:9e:84:bb:16:c2:
                    15:7d:db:e1:cc:59:21:24:96:9a:0e:c1:6f:54:4d:
                    a5:7c:46:1d:f2:d3:21:22:d1:bd:93:25:6f:3f:fb:
                    07:cf:8c:d3:d5:9f:f9:60:6f:33:08:ba:0b:59:25:
                    1d:74:29:ef:fd:29:63:06:d0:7b:27:f1:a8:d0:51:
                    86:26:5e:99:3b:0c:be:f1:a3:be:b6:e0:b1:98:ec:
                    ae:7b:e0:ba:61:a1:bc:fd:ca:73:c5:6b:39:e6:a5:
                    04:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:12:BF:39:11:08:BB:B7:DE:3B:8E:6C:A1:11:DA:87:7F:D2:C9:9F
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TRK_OREIu7feO45soRHah3_SyZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.173.0/24
                  192.124.178.0/24
                  192.124.180.0/22
                  192.124.188.0/22
                  192.124.209.0/24
                  193.124.3.0/24
                  193.124.203.0/24
                  194.87.1.0/24
                  194.87.24.0/22
                  194.87.179.0/24
                  194.87.219.0/24
                  194.87.222.0/23
                  194.135.23.0/24
                  195.133.12.0/22
                  195.133.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:cb:84:41:02:41:7c:04:73:13:78:e3:6e:ad:f1:7f:63:60:
         da:bf:8b:31:53:a9:c4:e4:03:a6:22:43:6a:8c:b0:74:c1:3e:
         9d:07:d1:41:d6:1f:15:f9:f4:c1:dd:79:e4:1e:9a:5e:50:0a:
         d0:9d:4e:af:c1:ff:92:6e:21:bf:75:a0:28:e3:5d:4e:1d:f7:
         91:0e:bf:53:dd:32:db:90:e6:7f:43:dc:6b:0e:cd:82:db:a2:
         be:55:55:22:04:af:c6:43:35:40:6c:5c:27:40:2a:9c:bc:46:
         42:ea:0e:f5:aa:c3:f1:5b:00:79:70:22:14:e8:1d:57:65:f4:
         5f:e6:6e:1c:d2:e8:a6:2e:d5:d5:2f:44:15:e6:e5:54:ec:71:
         ef:04:b5:7b:cf:51:fe:bd:4b:e8:a0:8a:74:01:36:6a:b2:38:
         88:be:61:d3:48:81:ce:62:05:37:39:5a:78:3c:0b:a5:c1:77:
         49:10:0d:14:1e:dd:8f:3f:ae:84:d2:2d:f7:15:a7:2c:ce:f2:
         de:a1:88:a2:b6:60:a3:bf:b6:3a:fa:23:88:69:e3:25:73:b5:
         12:ef:eb:26:de:cc:00:c1:97:57:c8:c3:ab:d9:9e:d3:2f:b3:
         e2:d0:af:61:af:90:c9:ce:8a:e0:1a:f5:3f:6b:56:6c:9c:28:
         e9:0a:80:29
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYLtklPILH2bQ3U3Y2YvRXy8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIwODMwMDcwNjA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDEyYmYzOTExMDhiYmI3ZGUzYjhlNmNhMTExZGE4NzdmZDJjOTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXiPrO9tMmnuaIbv1N7zXUR0gIAL
yVgJo6raBurgx2aZ2vOjfvSh6Q8MGBc1d89mWZ+29fRDHb2qJJyV3m4f6NuMdGMo
sJjTvLGubH/iUpZeO4izMPrpcIUhZ5bgA2f68jHZr9zQpZ9KAyArp1hGbTjKjvwK
OK3fP9BVfpeMmuo85Hhj2q3kexqwR13t4s15dQ8h2oEh//v24RQMAdgNnoS7FsIV
fdvhzFkhJJaaDsFvVE2lfEYd8tMhItG9kyVvP/sHz4zT1Z/5YG8zCLoLWSUddCnv
/SljBtB7J/Go0FGGJl6ZOwy+8aO+tuCxmOyue+C6YaG8/cpzxWs55qUEtQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFE0SvzkRCLu33juObKER2od/0smfMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVFJLX09SRUl1N2ZlTzQ1c29SSGFoM19TeVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAwHytAwQA
wHyyAwQCwHy0AwQCwHy8AwQAwHzRAwQAwXwDAwQAwXzLAwQAwlcBAwQCwlcYAwQA
wlezAwQAwlfbAwQBwlfeAwQAwocXAwQCw4UMAwQAw4VQMA0GCSqGSIb3DQEBCwUA
A4IBAQACy4RBAkF8BHMTeONurfF/Y2Dav4sxU6nE5AOmIkNqjLB0wT6dB9FB1h8V
+fTB3XnkHppeUArQnU6vwf+SbiG/daAo411OHfeRDr9T3TLbkOZ/Q9xrDs2C26K+
VVUiBK/GQzVAbFwnQCqcvEZC6g71qsPxWwB5cCIU6B1XZfRf5m4c0uimLtXVL0QV
5uVU7HHvBLV7z1H+vUvooIp0ATZqsjiIvmHTSIHOYgU3OVp4PAulwXdJEA0UHt2P
P66E0i33FacszvLeoYiitmCjv7Y6+iOIaeMlc7US7+sm3swAwZdXyMOr2Z7TL7Pi
0K9hr5DJzorgGvU/a1ZsnCjpCoAp
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:58 2023 by rpki-client on console-ams.rpki-client.org