Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aaCzxJCNJjxHnZiph_T-pb4z1Eg.roa
File:                     aaCzxJCNJjxHnZiph_T-pb4z1Eg.roa (raw, json)
Hash identifier:          tCzDM/DGW8oSALTRVzVP+zwPU6OP/cjznORc+7fhOEs=
Subject key identifier:   69:A0:B3:C4:90:8D:26:3C:47:9D:98:A9:87:F4:FE:A5:BE:33:D4:48
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184437DD2F2E6807BAA0AF77E8FEF79DD30
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aaCzxJCNJjxHnZiph_T-pb4z1Eg.roa
Signing time:             Fri 04 Nov 2022 16:33:50 +0000
ROA not before:           Fri 04 Nov 2022 16:33:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400377
IP address blocks:        194.87.200.0/24 maxlen: 24
                          62.76.226.0/24 maxlen: 24
                          62.76.225.0/24 maxlen: 24
                          194.87.223.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.252.0/24 maxlen: 24
                          212.192.5.0/24 maxlen: 24
                          212.192.10.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          195.58.56.0/23 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          194.87.199.0/24 maxlen: 24
                          195.133.193.0/24 maxlen: 24
                          193.124.133.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:43:7d:d2:f2:e6:80:7b:aa:0a:f7:7e:8f:ef:79:dd:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov  4 16:33:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=69a0b3c4908d263c479d98a987f4fea5be33d448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:22:94:34:ba:f2:47:b6:f1:5a:72:41:4b:c5:
                    69:96:78:6c:40:6a:8c:ed:98:22:22:6a:8b:d4:c2:
                    de:eb:be:7e:8b:fb:16:d5:99:7a:e8:7d:89:ac:30:
                    c7:6a:23:4e:9c:0d:bc:8b:c9:26:94:4a:5a:f4:71:
                    a6:a2:87:ae:97:6a:da:b9:41:79:5b:a1:f4:06:c7:
                    87:49:47:60:e7:6a:69:76:97:38:7b:75:88:cd:e3:
                    40:d9:69:29:e5:eb:eb:24:b1:d6:91:14:d2:72:59:
                    5c:54:0b:5c:34:44:70:46:2b:a1:a8:5f:f1:a7:87:
                    14:53:90:41:5c:0b:61:f8:c2:e0:32:cd:fc:84:5a:
                    55:d6:27:31:c2:ac:07:f5:93:7d:9a:3d:f1:94:c0:
                    92:5b:08:24:f8:cc:77:b6:2e:9d:fa:6c:18:99:e8:
                    aa:72:78:9c:55:42:19:ea:9b:be:b2:d9:be:ea:74:
                    4f:56:58:19:54:87:c4:25:4d:13:5d:9f:be:f2:78:
                    23:be:43:9d:ad:f6:12:fe:69:2e:bc:55:14:02:f0:
                    c6:6c:4e:19:7c:aa:45:c5:9e:8b:aa:49:e1:9c:58:
                    ca:cc:98:cc:ec:10:c0:e3:f2:9d:65:ca:c7:9c:36:
                    94:5b:81:c8:6a:a2:72:75:f3:12:38:ed:73:78:c6:
                    2c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A0:B3:C4:90:8D:26:3C:47:9D:98:A9:87:F4:FE:A5:BE:33:D4:48
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aaCzxJCNJjxHnZiph_T-pb4z1Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0-62.76.226.255
                  192.124.180.0/24
                  192.124.183.0/24
                  193.124.90.0/24
                  193.124.133.0/24
                  194.87.199.0-194.87.200.255
                  194.87.223.0/24
                  194.87.226.0/24
                  194.87.252.0/24
                  195.58.54.0/24
                  195.58.56.0/23
                  195.133.193.0/24
                  212.192.5.0/24
                  212.192.9.0-212.192.10.255

    Signature Algorithm: sha256WithRSAEncryption
         43:da:26:05:1d:ff:47:3d:75:75:75:b3:c2:bc:0c:0e:b6:8e:
         09:e2:5d:95:a3:e6:3e:2f:4a:6e:c2:1d:6c:1f:d9:53:02:aa:
         55:3e:6b:1b:f9:75:6b:f8:2f:9e:2e:be:e6:03:7b:7e:1a:bd:
         69:f6:25:2d:bb:a1:58:89:d2:6d:80:11:27:09:36:ba:33:36:
         2c:6a:a5:e0:db:c0:f6:95:d2:13:ae:f2:45:3d:78:fc:63:dd:
         cb:c0:bd:78:fb:dc:7c:27:b6:17:d7:68:7b:e2:a8:21:f6:d5:
         84:c6:51:d5:86:e7:cf:53:9f:0a:ad:43:df:b5:97:eb:df:32:
         10:1a:ec:d4:56:b4:a5:bc:d5:6f:f1:5c:ec:05:93:6e:2a:c0:
         69:1a:35:86:a7:71:52:53:4e:ac:10:f0:e1:f0:ee:cf:ed:98:
         b0:d4:7c:f6:d5:b2:a2:ae:d2:95:dc:ec:5e:dd:07:90:84:2b:
         3e:84:7b:cd:bd:d6:52:19:a1:55:01:5c:b5:8e:2e:7d:74:74:
         bb:56:bf:1f:09:f0:67:12:14:60:d7:86:98:2f:c9:89:fc:d7:
         05:ab:a8:7a:c9:19:31:2e:24:97:4e:b0:aa:c5:37:ba:a2:83:
         ee:59:d3:c1:8d:32:19:0e:5d:52:27:f2:e4:2a:eb:d2:70:64:
         7d:b2:9f:1c
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAYRDfdLy5oB7qgr3fo/ved0wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTA0MTYzMzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEwYjNjNDkwOGQyNjNjNDc5ZDk4YTk4N2Y0ZmVhNWJlMzNkNDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCKUNLryR7bxWnJBS8VplnhsQGqM
7ZgiImqL1MLe675+i/sW1Zl66H2JrDDHaiNOnA28i8kmlEpa9HGmooeul2rauUF5
W6H0BseHSUdg52ppdpc4e3WIzeNA2Wkp5evrJLHWkRTScllcVAtcNERwRiuhqF/x
p4cUU5BBXAth+MLgMs38hFpV1icxwqwH9ZN9mj3xlMCSWwgk+Mx3ti6d+mwYmeiq
cnicVUIZ6pu+stm+6nRPVlgZVIfEJU0TXZ++8ngjvkOdrfYS/mkuvFUUAvDGbE4Z
fKpFxZ6LqknhnFjKzJjM7BDA4/KdZcrHnDaUW4HIaqJydfMSOO1zeMYsKQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFGmgs8SQjSY8R52YqYf0/qW+M9RIMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYWFDenhKQ05KanhIblppcGhfVC1wYjR6MUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAEwbDAMAwQAPkzh
AwQAPkziAwQAwHy0AwQAwHy3AwQAwXxaAwQAwXyFMAwDBADCV8cDBADCV8gDBADC
V98DBADCV+IDBADCV/wDBADDOjYDBAHDOjgDBADDhcEDBADUwAUwDAMEANTACQME
ANTACjANBgkqhkiG9w0BAQsFAAOCAQEAQ9omBR3/Rz11dXWzwrwMDraOCeJdlaPm
Pi9KbsIdbB/ZUwKqVT5rG/l1a/gvni6+5gN7fhq9afYlLbuhWInSbYARJwk2ujM2
LGql4NvA9pXSE67yRT14/GPdy8C9ePvcfCe2F9doe+KoIfbVhMZR1Ybnz1OfCq1D
37WX698yEBrs1Fa0pbzVb/Fc7AWTbirAaRo1hqdxUlNOrBDw4fDuz+2YsNR89tWy
oq7SldzsXt0HkIQrPoR7zb3WUhmhVQFctY4ufXR0u1a/HwnwZxIUYNeGmC/JifzX
BauoeskZMS4kl06wqsU3uqKD7lnTwY0yGQ5dUify5Crr0nBkfbKfHA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:01 2023 by rpki-client on console-ams.rpki-client.org