Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b1s0QkeSto7db2RlXB4K4SdA_bc.roa
File:                     b1s0QkeSto7db2RlXB4K4SdA_bc.roa (raw, json)
Hash identifier:          l44E2hpUtOKH6PQfszR0S8suUbJXL1k+U+s2JuvoK/w=
Subject key identifier:   6F:5B:34:42:47:92:B6:8E:DD:6F:64:65:5C:1E:0A:E1:27:40:FD:B7
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018529912627C5AF00E11502DB4BA80BCB08
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b1s0QkeSto7db2RlXB4K4SdA_bc.roa
Signing time:             Mon 19 Dec 2022 08:47:36 +0000
ROA not before:           Mon 19 Dec 2022 08:47:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15731
IP address blocks:        193.124.3.0/24 maxlen: 24
                          194.87.1.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          194.87.38.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          195.58.36.0/24 maxlen: 24
                          194.87.166.0/24 maxlen: 24
                          195.133.30.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          195.133.35.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          195.58.56.0/24 maxlen: 24
                          212.192.31.0/24 maxlen: 24
                          194.87.187.0/24 maxlen: 24
                          194.87.130.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          195.133.0.0/24 maxlen: 24
                          194.87.42.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:29:91:26:27:c5:af:00:e1:15:02:db:4b:a8:0b:cb:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 19 08:47:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6f5b34424792b68edd6f64655c1e0ae12740fdb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:09:16:87:04:15:14:74:63:56:cb:91:b5:0d:
                    3d:90:0d:92:7b:9d:60:e7:36:a6:dc:9b:cb:cd:88:
                    f7:73:4e:1f:41:dd:12:ff:32:5d:70:9f:0c:b0:7d:
                    4f:9a:94:89:f8:38:7a:9c:fe:93:ed:25:5e:84:27:
                    a4:3d:67:bb:a7:a9:3f:00:e4:70:ab:fb:e5:cf:c3:
                    bd:f9:c7:b5:7f:02:31:4d:fc:c6:19:d6:9c:74:4c:
                    14:ab:bc:5d:a8:1e:7c:69:52:5d:cb:ea:cd:38:ae:
                    6e:7b:62:36:0c:fa:87:c1:41:07:82:ee:67:d8:6c:
                    33:ec:35:6b:26:1f:bf:fd:6e:2d:f1:80:9a:dc:1e:
                    2a:91:ba:65:a8:42:37:8f:6c:72:29:0f:e7:f4:47:
                    22:b9:b9:54:0f:e7:0f:c2:0e:d9:26:c2:7a:ea:37:
                    08:c2:64:68:dd:8d:93:e9:90:0a:93:00:ae:60:c6:
                    e2:89:93:a3:79:57:b0:8a:94:1c:57:99:20:23:cb:
                    3f:5c:e9:38:26:55:3c:41:c3:b9:26:de:17:30:ad:
                    02:08:c8:5b:52:7b:b3:06:ce:cc:33:f3:28:2b:3f:
                    c6:7d:59:af:ed:db:9e:ba:96:ed:a7:b2:23:c8:58:
                    0c:de:95:43:4a:cd:91:e8:1b:3a:a2:5e:43:5b:c2:
                    86:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:5B:34:42:47:92:B6:8E:DD:6F:64:65:5C:1E:0A:E1:27:40:FD:B7
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b1s0QkeSto7db2RlXB4K4SdA_bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.3.0/24
                  194.87.1.0/24
                  194.87.38.0/24
                  194.87.42.0/24
                  194.87.73.0/24
                  194.87.130.0/23
                  194.87.166.0/24
                  194.87.168.0/24
                  194.87.178.0/23
                  194.87.187.0/24
                  194.135.18.0/24
                  194.135.23.0/24
                  195.58.35.0-195.58.36.255
                  195.58.56.0/24
                  195.133.0.0/24
                  195.133.30.0/24
                  195.133.35.0/24
                  212.192.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:58:6b:f8:6a:6b:01:95:3a:67:30:7d:cd:a0:0b:c1:2b:f6:
         8e:e2:28:4d:4a:ce:29:96:12:98:9f:6d:f9:db:88:31:7b:01:
         f2:54:56:79:33:8e:80:23:30:69:47:24:38:ef:a4:ce:47:e4:
         27:27:b6:46:4e:dc:e4:9d:a4:6f:38:2f:ea:ca:f9:c7:3f:93:
         19:9a:67:3a:8a:0d:f2:d5:00:77:a6:6d:4f:7a:fd:15:c1:90:
         fd:72:6a:78:9e:90:2a:3d:07:52:b8:1e:d0:fb:5e:34:94:48:
         0b:10:74:83:a1:67:86:ae:d9:97:06:cf:7f:23:06:6e:b1:bd:
         c8:55:b0:df:81:ca:8e:57:85:d8:0f:d1:e2:07:c6:a1:7b:68:
         7f:e9:67:7d:ee:89:79:47:ef:ab:3a:f0:f6:24:ab:5b:75:92:
         36:31:1f:50:34:c0:12:76:fc:52:62:fd:fe:f1:ad:01:33:08:
         9f:0f:f9:0c:51:ff:6c:4d:e5:5c:02:e1:a5:d2:9f:c9:fa:5c:
         8f:49:92:4b:e8:f4:1e:78:67:ab:71:35:f0:3b:8a:a0:5f:71:
         ee:ba:b7:7a:ad:cc:c0:d8:8c:b2:a5:37:0b:44:a0:4c:f4:73:
         34:3b:ce:45:be:6d:66:4f:4a:2a:d4:14:4e:e0:9c:33:2c:04:
         ce:c2:4b:76
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYUpkSYnxa8A4RUC20uoC8sIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjE5MDg0NzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjViMzQ0MjQ3OTJiNjhlZGQ2ZjY0NjU1YzFlMGFlMTI3NDBmZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAkWhwQVFHRjVsuRtQ09kA2Se51g
5zam3JvLzYj3c04fQd0S/zJdcJ8MsH1PmpSJ+Dh6nP6T7SVehCekPWe7p6k/AORw
q/vlz8O9+ce1fwIxTfzGGdacdEwUq7xdqB58aVJdy+rNOK5ue2I2DPqHwUEHgu5n
2Gwz7DVrJh+//W4t8YCa3B4qkbplqEI3j2xyKQ/n9EciublUD+cPwg7ZJsJ66jcI
wmRo3Y2T6ZAKkwCuYMbiiZOjeVewipQcV5kgI8s/XOk4JlU8QcO5Jt4XMK0CCMhb
UnuzBs7MM/MoKz/GfVmv7dueupbtp7IjyFgM3pVDSs2R6Bs6ol5DW8KGMQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFG9bNEJHkraO3W9kZVweCuEnQP23MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYjFzMFFrZVN0bzdkYjJSbFhCNEs0U2RBX2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAMF8AwME
AMJXAQMEAMJXJgMEAMJXKgMEAMJXSQMEAcJXggMEAMJXpgMEAMJXqAMEAcJXsgME
AMJXuwMEAMKHEgMEAMKHFzAMAwQAwzojAwQAwzokAwQAwzo4AwQAw4UAAwQAw4Ue
AwQAw4UjAwQA1MAfMA0GCSqGSIb3DQEBCwUAA4IBAQBKWGv4amsBlTpnMH3NoAvB
K/aO4ihNSs4plhKYn23524gxewHyVFZ5M46AIzBpRyQ476TOR+QnJ7ZGTtzknaRv
OC/qyvnHP5MZmmc6ig3y1QB3pm1Pev0VwZD9cmp4npAqPQdSuB7Q+140lEgLEHSD
oWeGrtmXBs9/IwZusb3IVbDfgcqOV4XYD9HiB8ahe2h/6Wd97ol5R++rOvD2JKtb
dZI2MR9QNMASdvxSYv3+8a0BMwifD/kMUf9sTeVcAuGl0p/J+lyPSZJL6PQeeGer
cTXwO4qgX3Huurd6rczA2IyypTcLRKBM9HM0O85Fvm1mT0oq1BRO4JwzLATOwkt2
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:01 2023 by rpki-client on console-ams.rpki-client.org