Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X9xtg8D9peE_6fYhhGoSLSOSubo.roa
File:                     X9xtg8D9peE_6fYhhGoSLSOSubo.roa (raw, json)
Hash identifier:          4McytjBxan8nhb1rugoY6x0kHC+z16syaeQDmzVjCJQ=
Subject key identifier:   5F:DC:6D:83:C0:FD:A5:E1:3F:E9:F6:21:84:6A:12:2D:23:92:B9:BA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0181F7527E3E5960F78C0382C81468B05CF8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X9xtg8D9peE_6fYhhGoSLSOSubo.roa
Signing time:             Wed 13 Jul 2022 11:29:47 +0000
ROA not before:           Wed 13 Jul 2022 11:29:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2118
IP address blocks:        194.87.1.0/24 maxlen: 24
                          194.87.7.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          194.87.32.0/22 maxlen: 24
                          194.87.166.0/24 maxlen: 24
                          192.124.173.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.182.0/23 maxlen: 24
                          192.124.180.0/22 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          192.124.188.0/22 maxlen: 22
                          194.87.179.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24
                          194.87.116.0/22 maxlen: 24
                          194.135.124.0/24 maxlen: 24
                          194.87.64.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f7:52:7e:3e:59:60:f7:8c:03:82:c8:14:68:b0:5c:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul 13 11:29:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5fdc6d83c0fda5e13fe9f621846a122d2392b9ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:0e:60:5b:a3:f6:cc:11:ba:34:10:46:e2:b1:
                    a8:23:af:a3:a7:4b:06:f6:dc:68:85:da:a1:e9:fd:
                    b6:87:cd:ef:83:04:d3:8b:e0:9a:e7:29:58:3b:b2:
                    92:fa:de:98:48:d7:9f:e9:82:89:d4:c7:6f:c0:91:
                    49:ea:4a:d2:21:55:7c:ae:9a:62:8f:fb:81:68:c9:
                    7d:ec:ba:0d:e8:62:43:bb:f8:3f:c1:d3:9f:0c:a1:
                    b7:8b:29:59:3e:18:a2:1d:4e:45:6b:33:ea:9c:a5:
                    91:19:70:3e:eb:12:bf:b0:b9:f0:8c:03:82:0d:ef:
                    0a:58:37:f9:e3:88:45:49:4c:31:c8:87:14:1e:2d:
                    76:16:7c:7b:16:88:41:1e:93:bb:7d:46:70:4b:79:
                    13:bc:87:9d:55:f1:5b:fb:22:d2:5f:d6:45:b3:81:
                    ba:00:a1:0b:be:d0:0c:45:61:dd:db:8c:4a:92:4f:
                    af:8e:7e:21:1d:35:cf:ca:f7:a4:f4:26:e4:de:e3:
                    7a:54:f0:a1:51:01:b0:f3:3b:35:f6:96:43:b6:aa:
                    c1:79:a2:82:03:ee:30:b4:35:79:e5:11:b9:5e:86:
                    7e:0f:6d:88:01:66:8c:f9:24:52:18:4f:39:4c:9e:
                    ae:7c:37:bc:09:7c:12:2a:ee:86:26:7b:1b:ee:2e:
                    15:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:DC:6D:83:C0:FD:A5:E1:3F:E9:F6:21:84:6A:12:2D:23:92:B9:BA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X9xtg8D9peE_6fYhhGoSLSOSubo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.173.0/24
                  192.124.178.0/24
                  192.124.180.0/22
                  192.124.188.0/22
                  192.124.209.0/24
                  193.124.203.0/24
                  194.87.1.0/24
                  194.87.7.0/24
                  194.87.16.0/24
                  194.87.32.0/22
                  194.87.64.0/24
                  194.87.116.0/22
                  194.87.166.0/24
                  194.87.179.0/24
                  194.135.23.0/24
                  194.135.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ba:f8:17:09:81:04:91:0e:eb:06:53:60:4f:b2:1a:72:cd:
         af:64:37:c4:40:0c:b6:aa:5c:e8:2f:ee:63:df:3a:e3:c2:df:
         47:b8:94:ec:13:9d:f3:62:83:9c:a3:0e:cb:72:0a:5d:9d:67:
         0e:02:93:2f:9f:2d:65:2b:34:cb:a6:b5:5c:bc:5a:8e:ad:88:
         1c:58:5c:53:b6:e0:f2:fb:a0:11:8b:1a:cc:98:f0:7a:a0:fa:
         20:86:c2:cd:39:35:95:b4:aa:54:ec:ef:b0:26:ca:86:f5:50:
         5b:eb:9f:ca:1f:cd:58:21:1c:bb:02:0b:3d:ec:37:28:c9:09:
         e2:4e:cc:58:40:fc:e2:cc:ad:01:93:c7:e1:96:73:a3:d3:3d:
         5e:43:99:3d:22:70:e4:0e:7f:cd:54:c3:e2:48:28:3b:68:5e:
         ad:e1:9b:d2:13:7a:80:33:01:87:a9:f4:51:0a:b9:28:0c:19:
         b1:23:ea:d7:d3:09:13:82:cf:46:0c:c0:3a:0a:3a:bc:ee:19:
         bd:35:65:f6:0b:50:2f:65:d3:09:a8:f4:00:18:fc:32:f2:9a:
         7c:67:22:2d:21:d7:1a:c8:1c:32:db:1e:d6:7b:24:d5:9e:e1:
         c0:af:c8:f0:27:c4:46:82:fc:48:5e:ea:c0:f4:d8:e3:d5:91:
         3b:b8:3c:67
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYH3Un4+WWD3jAOCyBRosFz4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIwNzEzMTEyOTQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmRjNmQ4M2MwZmRhNWUxM2ZlOWY2MjE4NDZhMTIyZDIzOTJiOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Q5gW6P2zBG6NBBG4rGoI6+jp0sG
9txohdqh6f22h83vgwTTi+Ca5ylYO7KS+t6YSNef6YKJ1MdvwJFJ6krSIVV8rppi
j/uBaMl97LoN6GJDu/g/wdOfDKG3iylZPhiiHU5FazPqnKWRGXA+6xK/sLnwjAOC
De8KWDf544hFSUwxyIcUHi12Fnx7FohBHpO7fUZwS3kTvIedVfFb+yLSX9ZFs4G6
AKELvtAMRWHd24xKkk+vjn4hHTXPyvek9Cbk3uN6VPChUQGw8zs19pZDtqrBeaKC
A+4wtDV55RG5XoZ+D22IAWaM+SRSGE85TJ6ufDe8CXwSKu6GJnsb7i4VLQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFF/cbYPA/aXhP+n2IYRqEi0jkrm6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWDl4dGc4RDlwZUVfNmZZaGhHb1NMU09TdWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAwHytAwQA
wHyyAwQCwHy0AwQCwHy8AwQAwHzRAwQAwXzLAwQAwlcBAwQAwlcHAwQAwlcQAwQC
wlcgAwQAwldAAwQCwld0AwQAwlemAwQAwlezAwQAwocXAwQAwod8MA0GCSqGSIb3
DQEBCwUAA4IBAQA+uvgXCYEEkQ7rBlNgT7Iacs2vZDfEQAy2qlzoL+5j3zrjwt9H
uJTsE53zYoOcow7LcgpdnWcOApMvny1lKzTLprVcvFqOrYgcWFxTtuDy+6ARixrM
mPB6oPoghsLNOTWVtKpU7O+wJsqG9VBb65/KH81YIRy7Ags97DcoyQniTsxYQPzi
zK0Bk8fhlnOj0z1eQ5k9InDkDn/NVMPiSCg7aF6t4ZvSE3qAMwGHqfRRCrkoDBmx
I+rX0wkTgs9GDMA6Cjq87hm9NWX2C1AvZdMJqPQAGPwy8pp8ZyItIdcayBwy2x7W
eyTVnuHAr8jwJ8RGgvxIXurA9Njj1ZE7uDxn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:18 2024 by rpki-client on console-fra.rpki-client.org