Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fDs5NAD9M20RWLdDgQhoS1NewyA.roa
File:                     fDs5NAD9M20RWLdDgQhoS1NewyA.roa (raw, json)
Hash identifier:          MtQIpj8LnYaVoeTfgQqkhLOhL1CZpd/9DH/cAGrsCdU=
Subject key identifier:   7C:3B:39:34:00:FD:33:6D:11:58:B7:43:81:08:68:4B:53:5E:C3:20
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01853028A2CFE16A55333C32C67A934CA269
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fDs5NAD9M20RWLdDgQhoS1NewyA.roa
Signing time:             Tue 20 Dec 2022 15:30:47 +0000
ROA not before:           Tue 20 Dec 2022 15:30:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400377
IP address blocks:        62.76.225.0/24 maxlen: 24
                          62.76.226.0/24 maxlen: 24
                          194.87.2.0/24 maxlen: 24
                          194.87.10.0/24 maxlen: 24
                          193.124.18.0/24 maxlen: 24
                          193.124.45.0/24 maxlen: 24
                          194.58.40.0/24 maxlen: 24
                          195.58.51.0/24 maxlen: 24
                          194.58.46.0/24 maxlen: 24
                          194.87.125.0/24 maxlen: 24
                          194.87.124.0/24 maxlen: 24
                          194.87.122.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24
                          194.87.200.0/24 maxlen: 24
                          194.87.205.0/24 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          194.87.252.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24
                          195.133.193.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:30:28:a2:cf:e1:6a:55:33:3c:32:c6:7a:93:4c:a2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 20 15:30:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7c3b393400fd336d1158b7438108684b535ec320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e9:ed:b2:a5:f7:93:ae:5b:f1:2f:26:42:c5:
                    0b:8f:42:4a:93:e3:09:64:4a:01:4d:04:e3:3f:b8:
                    e0:fc:52:5e:ad:5c:e0:b7:98:f2:ac:63:36:95:0a:
                    b0:d7:dc:4d:0c:38:ce:65:e0:9d:24:ac:a7:d6:28:
                    28:ec:7c:7b:17:67:a2:06:dd:f8:37:9f:50:f9:02:
                    2f:a9:12:e5:9f:a2:af:09:bc:e3:bc:8e:7e:e2:37:
                    6e:90:40:ec:23:87:d1:4f:a4:58:19:04:aa:0e:3f:
                    ca:ef:22:4c:16:8e:84:0a:7f:25:7e:d6:74:d0:7c:
                    93:1d:ce:c9:38:ae:b6:22:b5:02:30:24:b6:97:75:
                    32:cc:6d:cb:86:eb:14:d5:ed:ef:fa:a5:63:15:e8:
                    66:06:9b:4c:6f:e9:85:ef:a0:0a:bb:22:8b:f9:c1:
                    0d:cd:49:bf:65:f7:8e:30:f4:6e:a1:a7:3a:0b:72:
                    0e:6e:5f:76:75:5a:30:75:4d:a9:ef:21:0e:1e:34:
                    68:cb:7a:e1:f9:a5:64:8c:57:c8:b9:de:50:9b:88:
                    38:8f:89:12:5d:24:e4:91:ea:a4:5b:53:26:69:fc:
                    d5:38:ee:a6:94:84:8e:db:fc:e3:bd:71:a7:10:65:
                    75:c7:29:98:e0:5b:cb:ae:c9:28:1c:50:b2:c0:10:
                    0d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:3B:39:34:00:FD:33:6D:11:58:B7:43:81:08:68:4B:53:5E:C3:20
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fDs5NAD9M20RWLdDgQhoS1NewyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0-62.76.226.255
                  192.124.180.0/24
                  192.124.183.0/24
                  193.124.18.0/24
                  193.124.45.0/24
                  193.124.90.0/24
                  193.124.200.0/24
                  194.58.40.0/24
                  194.58.46.0/24
                  194.87.2.0/24
                  194.87.10.0/24
                  194.87.122.0/24
                  194.87.124.0/23
                  194.87.170.0/24
                  194.87.200.0/24
                  194.87.205.0/24
                  194.87.233.0/24
                  194.87.252.0/24
                  195.58.51.0/24
                  195.133.76.0/24
                  195.133.193.0/24
                  212.192.1.0/24
                  212.192.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ca:c3:66:fb:85:e6:54:2e:09:69:08:5c:70:99:74:3d:89:
         87:48:80:00:6a:ca:1c:e3:e1:4a:e4:df:e0:1a:2c:ec:31:7a:
         71:b9:26:ec:1a:b8:62:87:ee:51:70:c0:5d:13:c4:32:1a:00:
         9b:5c:8b:de:e4:b5:7f:35:c1:02:73:90:8b:3c:69:19:ed:26:
         63:41:82:72:d7:30:a0:c5:be:f9:45:41:6c:14:66:2d:a2:fa:
         03:41:bd:5a:43:21:5a:ac:58:a4:0d:87:e0:a4:4e:46:fa:a4:
         ae:f3:4e:02:7a:49:59:00:d4:f8:40:e3:94:75:ea:46:ec:c3:
         5e:89:e1:9f:98:c6:72:85:db:2b:2e:59:3c:a5:57:cc:3d:ab:
         b6:04:fc:19:9b:02:b0:3e:c7:9b:20:27:8c:22:64:d8:14:7a:
         eb:88:34:d4:5c:8c:c0:02:fc:8f:aa:79:bc:f9:a7:86:e6:28:
         e1:52:42:21:43:5a:04:9c:d9:6c:f4:73:ec:7c:dc:ab:ed:e7:
         f7:8a:25:b6:ff:96:5b:7a:94:5f:12:f5:25:2f:7b:27:3c:64:
         f7:eb:80:9c:ca:2b:b3:b0:b3:11:1f:28:e0:65:32:38:f4:38:
         e3:61:9c:32:0a:7e:5b:97:a4:a9:fd:81:15:f3:8f:2d:59:5d:
         73:33:a3:f7
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYUwKKLP4WpVMzwyxnqTTKJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjIwMTUzMDQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzNiMzkzNDAwZmQzMzZkMTE1OGI3NDM4MTA4Njg0YjUzNWVjMzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsentsqX3k65b8S8mQsULj0JKk+MJ
ZEoBTQTjP7jg/FJerVzgt5jyrGM2lQqw19xNDDjOZeCdJKyn1igo7Hx7F2eiBt34
N59Q+QIvqRLln6KvCbzjvI5+4jdukEDsI4fRT6RYGQSqDj/K7yJMFo6ECn8lftZ0
0HyTHc7JOK62IrUCMCS2l3UyzG3LhusU1e3v+qVjFehmBptMb+mF76AKuyKL+cEN
zUm/ZfeOMPRuoac6C3IObl92dVowdU2p7yEOHjRoy3rh+aVkjFfIud5Qm4g4j4kS
XSTkkeqkW1MmafzVOO6mlISO2/zjvXGnEGV1xymY4FvLrskoHFCywBANnQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFHw7OTQA/TNtEVi3Q4EIaEtTXsMgMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZkRzNU5BRDlNMjBSV0xkRGdRaG9TMU5ld3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBmQQCAAEwgZIwDAME
AD5M4QMEAD5M4gMEAMB8tAMEAMB8twMEAMF8EgMEAMF8LQMEAMF8WgMEAMF8yAME
AMI6KAMEAMI6LgMEAMJXAgMEAMJXCgMEAMJXegMEAcJXfAMEAMJXqgMEAMJXyAME
AMJXzQMEAMJX6QMEAMJX/AMEAMM6MwMEAMOFTAMEAMOFwQMEANTAAQMEANTACTAN
BgkqhkiG9w0BAQsFAAOCAQEALMrDZvuF5lQuCWkIXHCZdD2Jh0iAAGrKHOPhSuTf
4Bos7DF6cbkm7Bq4YofuUXDAXRPEMhoAm1yL3uS1fzXBAnOQizxpGe0mY0GCctcw
oMW++UVBbBRmLaL6A0G9WkMhWqxYpA2H4KRORvqkrvNOAnpJWQDU+EDjlHXqRuzD
Xonhn5jGcoXbKy5ZPKVXzD2rtgT8GZsCsD7HmyAnjCJk2BR664g01FyMwAL8j6p5
vPmnhuYo4VJCIUNaBJzZbPRz7Hzcq+3n94oltv+WW3qUXxL1JS97Jzxk9+uAnMor
s7CzER8o4GUyOPQ442GcMgp+W5ekqf2BFfOPLVldczOj9w==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:03 2023 by rpki-client on console-ams.rpki-client.org