Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/evffey2oBE4XT_41JuJtJzm1XsU.roa
File:                     evffey2oBE4XT_41JuJtJzm1XsU.roa (raw, json)
Hash identifier:          9fLBwmQu80X2w1AXU6zcL5K4czgXiWuoHKtCLjzc1mg=
Subject key identifier:   7A:F7:DF:7B:2D:A8:04:4E:17:4F:FE:35:26:E2:6D:27:39:B5:5E:C5
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0185346A787FAFCD93CBABE8F5E9A91EEF66
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/evffey2oBE4XT_41JuJtJzm1XsU.roa
Signing time:             Wed 21 Dec 2022 11:21:10 +0000
ROA not before:           Wed 21 Dec 2022 11:21:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204843
IP address blocks:        194.87.3.0/24 maxlen: 24
                          193.124.16.0/24 maxlen: 24
                          195.133.86.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
                          194.87.22.0/24 maxlen: 24
                          194.87.37.0/24 maxlen: 24
                          194.87.36.0/24 maxlen: 24
                          194.58.39.0/24 maxlen: 24
                          194.58.47.0/24 maxlen: 24
                          192.124.190.0/24 maxlen: 24
                          195.58.58.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          194.87.177.0/24 maxlen: 24
                          194.87.190.0/24 maxlen: 24
                          193.124.202.0/24 maxlen: 24
                          212.193.8.0/24 maxlen: 24
                          195.133.194.0/24 maxlen: 24
                          212.192.211.0/24 maxlen: 24
                          194.87.83.0/24 maxlen: 24
                          193.124.93.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:34:6a:78:7f:af:cd:93:cb:ab:e8:f5:e9:a9:1e:ef:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 21 11:21:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7af7df7b2da8044e174ffe3526e26d2739b55ec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e0:b3:8d:fc:3a:ef:18:ad:8d:86:f4:1c:83:
                    20:03:55:83:1e:c4:9f:ad:fd:71:81:0c:bc:6d:44:
                    c3:0c:13:b1:55:01:ac:11:09:54:16:9f:01:17:61:
                    3f:15:b8:78:0e:e4:e9:85:3a:83:6d:8e:68:a9:5c:
                    fb:93:e6:7d:94:56:ae:d3:ec:68:5d:03:11:92:c9:
                    ef:02:00:20:98:79:8c:7f:0f:5e:d6:42:8c:6f:b5:
                    7b:dc:ac:b0:80:2d:47:02:e5:92:76:9f:b8:12:a5:
                    ab:fa:66:84:ae:79:f2:17:9e:15:31:12:20:80:96:
                    fe:ea:d6:6c:0c:dc:09:ef:94:84:88:a8:07:14:5e:
                    98:82:7b:52:03:76:63:86:75:f6:84:e3:17:f5:be:
                    79:35:2a:30:34:f9:0f:c0:49:ed:ba:bf:c6:fa:8d:
                    58:63:2b:ce:80:b9:d6:57:e8:e0:ac:b6:83:6b:f7:
                    b0:ad:0c:fb:6a:34:d4:aa:5b:9a:9e:63:cd:63:4b:
                    6e:43:40:be:98:e7:2e:0e:10:9c:0a:9e:4e:d0:b4:
                    26:21:cb:43:84:30:db:fe:15:bf:b0:65:f1:30:1f:
                    3b:85:e6:aa:4c:81:65:91:51:fb:3f:d3:59:1f:86:
                    9e:f4:ae:83:a7:36:fb:83:d0:80:cf:32:cf:f6:2d:
                    d9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F7:DF:7B:2D:A8:04:4E:17:4F:FE:35:26:E2:6D:27:39:B5:5E:C5
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/evffey2oBE4XT_41JuJtJzm1XsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.190.0/24
                  193.124.16.0/24
                  193.124.93.0/24
                  193.124.202.0/24
                  194.58.39.0/24
                  194.58.47.0/24
                  194.87.3.0/24
                  194.87.16.0/24
                  194.87.22.0/24
                  194.87.36.0/23
                  194.87.83.0/24
                  194.87.177.0/24
                  194.87.190.0/24
                  195.58.54.0/24
                  195.58.58.0/24
                  195.133.86.0/24
                  195.133.194.0/24
                  212.192.211.0/24
                  212.193.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:25:ff:e8:27:68:53:dd:91:54:f7:34:c2:50:e7:cf:0e:21:
         73:74:e6:91:e0:5f:5a:eb:34:9d:87:69:ba:85:d5:36:71:b8:
         6c:8c:2d:0d:a9:de:e8:74:82:47:29:55:7a:08:9b:43:f6:db:
         00:6e:50:5f:03:86:0e:7e:cd:05:5d:85:27:33:93:38:c8:a3:
         b6:71:34:e7:1a:46:4e:72:cc:03:e5:53:0d:f4:88:72:20:67:
         fb:db:52:17:9a:7d:c0:30:bc:22:bc:74:54:c2:bc:63:17:59:
         d6:69:b7:2d:2b:7f:ca:58:cb:16:22:81:ed:31:89:61:4a:8d:
         f6:05:92:65:a8:ad:20:e2:d2:1e:2c:9b:2e:4c:16:9e:0e:e8:
         dc:8a:6f:76:70:85:61:80:c6:b6:31:15:72:ed:82:7d:ae:9f:
         f9:e0:aa:41:62:d1:1d:3c:45:7c:f2:ab:c6:86:85:bb:73:1f:
         a7:fd:89:fc:4a:32:8a:40:3f:17:53:ae:63:97:bc:92:2e:41:
         f2:27:5c:17:12:c6:c4:0f:2a:f7:6d:70:27:82:25:42:90:01:
         bc:df:2a:d4:9f:a6:e8:81:02:f6:b7:27:98:28:88:7d:17:7b:
         38:93:8b:08:0b:b2:83:89:38:9f:0f:3a:e2:2f:ca:74:85:8b:
         49:e0:19:a7
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAYU0anh/r82Ty6vo9empHu9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjIxMTEyMTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWY3ZGY3YjJkYTgwNDRlMTc0ZmZlMzUyNmUyNmQyNzM5YjU1ZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+Czjfw67xitjYb0HIMgA1WDHsSf
rf1xgQy8bUTDDBOxVQGsEQlUFp8BF2E/Fbh4DuTphTqDbY5oqVz7k+Z9lFau0+xo
XQMRksnvAgAgmHmMfw9e1kKMb7V73KywgC1HAuWSdp+4EqWr+maErnnyF54VMRIg
gJb+6tZsDNwJ75SEiKgHFF6YgntSA3ZjhnX2hOMX9b55NSowNPkPwEntur/G+o1Y
YyvOgLnWV+jgrLaDa/ewrQz7ajTUqluanmPNY0tuQ0C+mOcuDhCcCp5O0LQmIctD
hDDb/hW/sGXxMB87heaqTIFlkVH7P9NZH4ae9K6Dpzb7g9CAzzLP9i3ZjQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFHr333stqAROF0/+NSbibSc5tV7FMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZXZmZmV5Mm9CRTRYVF80MUp1SnRKem0xWHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEAMB8vgME
AMF8EAMEAMF8XQMEAMF8ygMEAMI6JwMEAMI6LwMEAMJXAwMEAMJXEAMEAMJXFgME
AcJXJAMEAMJXUwMEAMJXsQMEAMJXvgMEAMM6NgMEAMM6OgMEAMOFVgMEAMOFwgME
ANTA0wMEANTBCDANBgkqhkiG9w0BAQsFAAOCAQEARiX/6CdoU92RVPc0wlDnzw4h
c3TmkeBfWus0nYdpuoXVNnG4bIwtDane6HSCRylVegibQ/bbAG5QXwOGDn7NBV2F
JzOTOMijtnE05xpGTnLMA+VTDfSIciBn+9tSF5p9wDC8Irx0VMK8YxdZ1mm3LSt/
yljLFiKB7TGJYUqN9gWSZaitIOLSHiybLkwWng7o3IpvdnCFYYDGtjEVcu2Cfa6f
+eCqQWLRHTxFfPKrxoaFu3Mfp/2J/EoyikA/F1OuY5e8ki5B8idcFxLGxA8q921w
J4IlQpABvN8q1J+m6IEC9rcnmCiIfRd7OJOLCAuyg4k4nw864i/KdIWLSeAZpw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:02 2023 by rpki-client on console-ams.rpki-client.org