Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/joop1JwcUXrf5puC1UNf_MLovTY.roa
File:                     joop1JwcUXrf5puC1UNf_MLovTY.roa (raw, json)
Hash identifier:          RSinKJycFQ6WM+PkmQcBYzEZ2bI8pKA82AbSYSHjbbo=
Subject key identifier:   8E:8A:29:D4:9C:1C:51:7A:DF:E6:9B:82:D5:43:5F:FC:C2:E8:BD:36
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       10A9B25F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/joop1JwcUXrf5puC1UNf_MLovTY.roa
Signing time:             Sat 02 Jul 2022 10:01:25 +0000
ROA not before:           Sat 02 Jul 2022 10:01:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49999
IP address blocks:        194.87.219.0/24 maxlen: 24
                          195.133.80.0/24 maxlen: 24
                          194.87.24.0/22 maxlen: 24
                          195.133.12.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 279556703 (0x10a9b25f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  2 10:01:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8e8a29d49c1c517adfe69b82d5435ffcc2e8bd36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a9:e8:08:90:16:06:48:ee:aa:b1:eb:37:60:
                    f6:22:7b:fa:01:de:cb:ac:e7:6d:49:e5:04:41:cb:
                    4a:ab:f5:29:c6:24:d6:92:fd:80:88:8c:ff:db:5b:
                    4b:78:41:23:25:0b:ae:fa:a4:53:3b:ee:00:c5:83:
                    7e:ee:a8:8d:63:e1:e3:10:84:05:84:e7:8e:ec:8a:
                    7f:bf:8e:90:41:6f:f9:21:64:1f:3f:17:c3:41:72:
                    ff:59:58:28:7a:62:ad:95:e3:19:2a:03:ee:18:97:
                    6d:52:0e:e6:f4:8c:47:e1:67:0b:00:ab:46:c0:1a:
                    e9:a4:7c:a4:3e:e3:db:a3:3c:4e:93:8e:c8:36:f0:
                    f1:7d:80:8b:f7:53:c0:3e:0e:67:1b:82:89:f8:6f:
                    57:3c:32:89:8d:41:1b:06:9a:61:62:47:b4:2b:0d:
                    52:45:d7:c8:d6:5f:5d:af:fe:ba:a0:12:ae:5b:10:
                    aa:87:72:ba:ba:93:32:32:10:bb:78:07:8d:2d:ad:
                    f4:85:58:20:9e:7e:ad:cd:ab:a4:8a:47:b8:73:0b:
                    84:59:62:43:bb:43:ae:98:36:c7:6c:ea:11:95:1b:
                    ba:93:4c:4b:1e:d4:47:dd:6c:83:dc:aa:59:cf:5c:
                    b3:0c:41:49:89:19:fb:7a:8b:9d:f3:99:2b:8a:f1:
                    2d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:8A:29:D4:9C:1C:51:7A:DF:E6:9B:82:D5:43:5F:FC:C2:E8:BD:36
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/joop1JwcUXrf5puC1UNf_MLovTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.24.0/22
                  194.87.219.0/24
                  195.133.12.0/22
                  195.133.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:39:1e:14:ea:9a:b9:c0:be:1f:20:af:78:31:f1:fd:41:19:
         6c:57:4a:0f:38:bb:b9:d1:38:cf:f6:43:b2:32:fe:99:a3:8f:
         07:97:e4:ac:63:05:ba:dd:82:a5:6c:e5:21:1f:67:18:59:41:
         82:f0:a5:00:53:dd:21:70:01:b8:bf:91:d7:7d:e1:e1:34:cd:
         76:ce:8e:84:ab:5f:88:04:31:43:fb:70:6a:2c:7c:4c:9f:01:
         1e:55:b1:76:62:0a:72:d6:b0:27:0c:17:69:1e:be:b0:9f:97:
         e1:49:c3:87:a8:29:1e:ae:70:bb:39:e1:72:9d:8f:af:cc:01:
         71:a8:e2:7d:f5:f3:3e:1c:18:a3:97:de:03:a8:5f:c6:57:0b:
         e3:d0:7c:ca:d0:7c:de:5c:12:9b:c6:16:94:78:e4:9f:a0:d9:
         6c:13:75:e5:07:bb:7b:ef:bd:fe:bc:17:ae:bc:c2:07:01:19:
         24:1c:eb:af:67:29:67:40:01:11:0c:2f:4f:73:77:a1:8e:9d:
         76:94:a0:8d:8e:85:ca:cf:30:4b:0f:76:bf:b5:e4:7c:d8:56:
         3d:94:37:16:c6:ab:ee:93:cd:b3:c6:ba:e8:de:cb:02:08:c7:
         88:63:ca:56:ab:39:17:a2:ce:fa:79:e3:24:d2:8d:6f:d6:5f:
         85:64:c2:a1
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEEKmyXzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTY5MGY1ZTMyZDVjODZhZjFlMTM0OWRmZDRlOGNlZWI3MGUxYWM3MB4XDTIyMDcw
MjEwMDEyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGU4YTI5ZDQ5YzFj
NTE3YWRmZTY5YjgyZDU0MzVmZmNjMmU4YmQzNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK6p6AiQFgZI7qqx6zdg9iJ7+gHey6znbUnlBEHLSqv1KcYk
1pL9gIiM/9tbS3hBIyULrvqkUzvuAMWDfu6ojWPh4xCEBYTnjuyKf7+OkEFv+SFk
Hz8Xw0Fy/1lYKHpirZXjGSoD7hiXbVIO5vSMR+FnCwCrRsAa6aR8pD7j26M8TpOO
yDbw8X2Ai/dTwD4OZxuCifhvVzwyiY1BGwaaYWJHtCsNUkXXyNZfXa/+uqASrlsQ
qodyurqTMjIQu3gHjS2t9IVYIJ5+rc2rpIpHuHMLhFliQ7tDrpg2x2zqEZUbupNM
Sx7UR91sg9yqWc9cswxBSYkZ+3qLnfOZK4rxLasCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSOiinUnBxRet/mm4LVQ1/8wui9NjAfBgNVHSMEGDAWgBQ1aQ9eMtXIavHh
NJ39Tozutw4axzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05Xa1BYakxWeUdyeDRUU2RfVTZNN3JjT0dzYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDAvZTE0NDdhLThmMTgtNGE4MC1hNDIyLTVhNDI0MjhmMTE0My8x
L2pvb3AxSndjVVhyZjVwdUMxVU5mX01Mb3ZUWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAv
ZTE0NDdhLThmMTgtNGE4MC1hNDIyLTVhNDI0MjhmMTE0My8xL05Xa1BYakxWeUdy
eDRUU2RfVTZNN3JjT0dzYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAsJXGAMEAMJX2wMEAsOFDAMEAMOF
UDANBgkqhkiG9w0BAQsFAAOCAQEAKTkeFOqaucC+HyCveDHx/UEZbFdKDzi7udE4
z/ZDsjL+maOPB5fkrGMFut2CpWzlIR9nGFlBgvClAFPdIXABuL+R133h4TTNds6O
hKtfiAQxQ/twaix8TJ8BHlWxdmIKctawJwwXaR6+sJ+X4UnDh6gpHq5wuznhcp2P
r8wBcajiffXzPhwYo5feA6hfxlcL49B8ytB83lwSm8YWlHjkn6DZbBN15Qe7e++9
/rwXrrzCBwEZJBzrr2cpZ0ABEQwvT3N3oY6ddpSgjY6Fys8wSw92v7XkfNhWPZQ3
Fsar7pPNs8a66N7LAgjHiGPKVqs5F6LO+nnjJNKNb9ZfhWTCoQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:04 2023 by rpki-client on console-ams.rpki-client.org