Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cqKG8pbIVgJ4e98mQvZ2ET_yAbk.roa
File:                     cqKG8pbIVgJ4e98mQvZ2ET_yAbk.roa (raw, json)
Hash identifier:          MdHiKkzFFWetpKvw8nRw3FUFMZMeITJidkpYmSIg624=
Subject key identifier:   72:A2:86:F2:96:C8:56:02:78:7B:DF:26:42:F6:76:11:3F:F2:01:B9
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018461CEF27DEA560A5DC31E307385124514
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cqKG8pbIVgJ4e98mQvZ2ET_yAbk.roa
Signing time:             Thu 10 Nov 2022 13:51:03 +0000
ROA not before:           Thu 10 Nov 2022 13:51:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2118
IP address blocks:        193.124.3.0/24 maxlen: 24
                          193.124.9.0/24 maxlen: 24
                          62.76.231.0/24 maxlen: 24
                          194.87.1.0/24 maxlen: 24
                          194.87.3.0/24 maxlen: 24
                          194.87.7.0/24 maxlen: 24
                          193.124.18.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
                          194.87.24.0/22 maxlen: 24
                          194.87.104.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.56.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24
                          194.87.72.0/24 maxlen: 24
                          194.87.83.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          195.133.30.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          212.193.12.0/24 maxlen: 24
                          194.58.38.0/24 maxlen: 24
                          212.192.222.0/24 maxlen: 24
                          194.58.40.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          194.58.46.0/23 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          194.58.59.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.207.0/24 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          194.135.30.0/24 maxlen: 24
                          212.192.10.0/24 maxlen: 24
                          194.87.165.0/24 maxlen: 24
                          194.87.160.0/24 maxlen: 24
                          194.87.163.0/24 maxlen: 24
                          192.124.173.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.180.0/22 maxlen: 24
                          192.124.182.0/23 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          193.124.201.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24
                          193.108.112.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:61:ce:f2:7d:ea:56:0a:5d:c3:1e:30:73:85:12:45:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 10 13:51:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=72a286f296c85602787bdf2642f676113ff201b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f8:41:26:7c:02:08:03:c6:54:bb:8f:f5:c8:
                    cb:7c:6d:db:2c:6b:9e:73:7a:c7:08:a0:57:ad:ae:
                    d4:e1:11:28:30:9e:4d:04:c2:12:52:56:41:6f:a7:
                    42:26:62:59:3b:9c:14:2d:5d:b0:67:40:3a:92:91:
                    bf:29:e7:f2:9b:41:92:a7:33:08:17:0a:b3:08:36:
                    02:ff:a1:9a:e4:a6:d7:91:bb:db:01:a3:7f:d9:22:
                    3a:66:50:48:ee:ec:fe:58:de:84:59:39:c2:cd:9e:
                    63:3c:de:3a:20:7a:44:00:46:51:bd:d7:73:09:00:
                    f5:dc:7f:5d:e4:c8:f9:88:c6:d7:2f:c0:7b:06:fe:
                    d6:d6:eb:bd:91:f3:64:39:ff:18:e5:85:b1:0b:b8:
                    4b:e4:d6:cc:72:b9:47:d7:b8:20:8b:a7:cf:c1:9e:
                    ae:c5:96:73:ee:38:40:27:f6:ee:fd:bb:16:2c:91:
                    10:78:76:1a:5f:22:b1:57:43:81:3e:e8:e2:50:5d:
                    49:21:19:0c:e5:07:23:fa:0e:30:6d:8d:19:ac:a9:
                    f9:05:53:38:a7:dd:2f:b4:7b:c2:e4:c0:46:0a:82:
                    92:cb:9f:0c:6c:e0:d5:10:1b:36:25:c1:cb:62:f8:
                    34:b6:45:c4:8c:46:5b:dc:f0:15:0e:94:e2:74:c0:
                    d2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:A2:86:F2:96:C8:56:02:78:7B:DF:26:42:F6:76:11:3F:F2:01:B9
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cqKG8pbIVgJ4e98mQvZ2ET_yAbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.231.0/24
                  192.124.173.0/24
                  192.124.180.0/22
                  192.124.209.0/24
                  193.108.112.0/24
                  193.124.3.0/24
                  193.124.9.0/24
                  193.124.18.0/24
                  193.124.200.0/23
                  193.124.203.0/24
                  194.58.38.0/24
                  194.58.40.0/24
                  194.58.42.0/24
                  194.58.45.0-194.58.47.255
                  194.58.59.0/24
                  194.87.1.0/24
                  194.87.3.0/24
                  194.87.7.0/24
                  194.87.16.0/24
                  194.87.24.0/22
                  194.87.56.0/24
                  194.87.72.0/24
                  194.87.76.0/24
                  194.87.82.0/23
                  194.87.104.0/24
                  194.87.118.0/24
                  194.87.160.0/24
                  194.87.163.0/24
                  194.87.165.0/24
                  194.87.170.0/24
                  194.87.179.0/24
                  194.87.198.0/24
                  194.87.207.0-194.87.209.255
                  194.87.222.0/23
                  194.87.233.0/24
                  194.135.30.0/24
                  195.58.56.0/21
                  195.133.30.0/24
                  195.133.55.0/24
                  212.192.10.0/24
                  212.192.222.0/24
                  212.193.0.0/24
                  212.193.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:87:c9:5e:74:10:57:18:a2:3a:c1:ef:2f:c7:d6:87:12:02:
         69:a7:5e:99:49:05:41:bf:0c:60:06:ec:80:9b:66:1f:d0:b7:
         a5:dc:fb:59:21:c8:8e:05:14:52:1b:c4:d0:67:00:23:39:8c:
         e9:ef:eb:29:9c:b9:08:c0:68:44:79:28:d2:5f:fb:7f:a9:3a:
         87:78:07:b0:eb:ca:8d:7c:a5:a2:b2:c2:9f:ff:1f:bc:85:f7:
         6a:11:71:7d:fb:47:5e:2f:b9:ab:26:9e:24:60:d9:13:9e:19:
         7a:93:8a:65:93:4e:02:d4:0a:f0:a7:0a:73:d5:a0:fa:dc:53:
         b1:72:ee:aa:63:a5:18:4a:3f:5b:70:45:53:f3:77:88:9b:ef:
         f9:c6:ee:d5:b2:76:cc:7c:a7:8c:dd:dc:d8:be:0e:fa:84:29:
         79:a0:15:35:21:14:93:90:16:10:9b:a3:73:4a:b1:d9:00:bb:
         d6:8e:a2:60:57:47:8a:65:70:47:80:c6:98:43:2d:f5:e6:32:
         18:af:40:44:f6:f6:b7:0b:8d:23:0f:45:53:10:48:be:e5:bf:
         e2:9d:90:39:f4:f7:9f:31:4c:63:bc:4d:22:2b:93:84:f9:67:
         21:46:c6:db:bd:83:c7:9c:28:a6:ce:a0:e2:d5:3f:da:0b:a0:
         b9:d7:91:a2
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgISAYRhzvJ96lYKXcMeMHOFEkUUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTEwMTM1MTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmEyODZmMjk2Yzg1NjAyNzg3YmRmMjY0MmY2NzYxMTNmZjIwMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/hBJnwCCAPGVLuP9cjLfG3bLGue
c3rHCKBXra7U4REoMJ5NBMISUlZBb6dCJmJZO5wULV2wZ0A6kpG/Kefym0GSpzMI
FwqzCDYC/6Ga5KbXkbvbAaN/2SI6ZlBI7uz+WN6EWTnCzZ5jPN46IHpEAEZRvddz
CQD13H9d5Mj5iMbXL8B7Bv7W1uu9kfNkOf8Y5YWxC7hL5NbMcrlH17ggi6fPwZ6u
xZZz7jhAJ/bu/bsWLJEQeHYaXyKxV0OBPujiUF1JIRkM5Qcj+g4wbY0ZrKn5BVM4
p90vtHvC5MBGCoKSy58MbODVEBs2JcHLYvg0tkXEjEZb3PAVDpTidMDSQQIDAQAB
o4IDHzCCAxswHQYDVR0OBBYEFHKihvKWyFYCeHvfJkL2dhE/8gG5MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY3FLRzhwYklWZ0o0ZTk4bVF2WjJFVF95QWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMwYIKwYBBQUHAQcBAf8EggEiMIIBHjCCARoEAgABMIIB
EgMEAD5M5wMEAMB8rQMEAsB8tAMEAMB80QMEAMFscAMEAMF8AwMEAMF8CQMEAMF8
EgMEAcF8yAMEAMF8ywMEAMI6JgMEAMI6KAMEAMI6KjAMAwQAwjotAwQEwjogAwQA
wjo7AwQAwlcBAwQAwlcDAwQAwlcHAwQAwlcQAwQCwlcYAwQAwlc4AwQAwldIAwQA
wldMAwQBwldSAwQAwldoAwQAwld2AwQAwlegAwQAwlejAwQAwlelAwQAwleqAwQA
wlezAwQAwlfGMAwDBADCV88DBAHCV9ADBAHCV94DBADCV+kDBADChx4DBAPDOjgD
BADDhR4DBADDhTcDBADUwAoDBADUwN4DBADUwQADBADUwQwwDQYJKoZIhvcNAQEL
BQADggEBAJiHyV50EFcYojrB7y/H1ocSAmmnXplJBUG/DGAG7ICbZh/Qt6Xc+1kh
yI4FFFIbxNBnACM5jOnv6ymcuQjAaER5KNJf+3+pOod4B7Dryo18paKywp//H7yF
92oRcX37R14vuasmniRg2ROeGXqTimWTTgLUCvCnCnPVoPrcU7Fy7qpjpRhKP1tw
RVPzd4ib7/nG7tWydsx8p4zd3Ni+DvqEKXmgFTUhFJOQFhCbo3NKsdkAu9aOomBX
R4plcEeAxphDLfXmMhivQET29rcLjSMPRVMQSL7lv+KdkDn0958xTGO8TSIrk4T5
ZyFGxtu9g8ecKKbOoOLVP9oLoLnXkaI=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:02 2023 by rpki-client on console-ams.rpki-client.org