Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/m474LGB9lk7FBESst06AzYIIwIc.roa
File:                     m474LGB9lk7FBESst06AzYIIwIc.roa (raw, json)
Hash identifier:          zaxcAyLxZd8u/Ku3s0tBbi3Wt7JNjk+UecgGPoXt2IA=
Subject key identifier:   9B:8E:F8:2C:60:7D:96:4E:C5:04:44:AC:B7:4E:80:CD:82:08:C0:87
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184E157F8244B70B9E8064B2B0A2AF93247
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/m474LGB9lk7FBESst06AzYIIwIc.roa
Signing time:             Mon 05 Dec 2022 08:12:29 +0000
ROA not before:           Mon 05 Dec 2022 08:12:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213035
IP address blocks:        195.133.75.0/24 maxlen: 24
                          212.193.31.0/24 maxlen: 24
                          193.124.227.0/24 maxlen: 24
                          212.193.28.0/24 maxlen: 24
                          193.124.41.0/24 maxlen: 24
                          195.133.14.0/24 maxlen: 24
                          195.133.13.0/24 maxlen: 24
                          212.192.4.0/24 maxlen: 24
                          195.133.31.0/24 maxlen: 24
                          195.133.29.0/24 maxlen: 24
                          195.133.37.0/24 maxlen: 24
                          192.124.182.0/24 maxlen: 24
                          212.192.240.0/24 maxlen: 24
                          194.85.251.0/24 maxlen: 24
                          194.85.249.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          195.133.40.0/22 maxlen: 24
                          195.58.59.0/24 maxlen: 24
                          194.58.60.0/24 maxlen: 24
                          194.87.187.0/24 maxlen: 24
                          193.124.91.0/24 maxlen: 24
                          193.124.95.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e1:57:f8:24:4b:70:b9:e8:06:4b:2b:0a:2a:f9:32:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec  5 08:12:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9b8ef82c607d964ec50444acb74e80cd8208c087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3c:52:b7:cb:1a:46:17:91:95:e8:1e:60:5c:
                    bb:69:4c:16:87:a4:cc:2d:71:71:18:4f:6d:b1:ef:
                    49:0d:09:35:3f:c9:cf:e3:03:0c:03:6f:2f:13:e7:
                    f1:f8:d4:3f:10:c9:14:e5:41:20:e6:5e:cb:e5:0f:
                    6d:8b:66:2f:44:5f:25:4c:17:1a:19:0b:66:4d:79:
                    4d:76:8b:f4:07:91:8b:79:72:2e:dd:26:b8:0f:56:
                    a1:c4:5b:55:28:b2:89:47:e7:45:2a:f8:e9:f4:b0:
                    87:c2:66:d9:b0:24:fc:fc:b2:33:42:32:7d:ce:3a:
                    34:b2:40:7d:5f:44:85:54:cf:db:a3:3c:0a:df:e6:
                    f4:b7:69:16:90:30:e3:6e:73:79:f6:0b:04:5d:3f:
                    44:b2:8b:27:a5:08:8d:a0:f5:2f:2d:ce:01:ef:d9:
                    99:8d:c6:de:11:5b:db:38:42:23:ae:74:0f:31:2a:
                    09:a6:8c:b1:53:b0:43:ed:c0:23:43:c4:7f:a5:7a:
                    6d:10:bb:5f:83:a8:f9:36:f4:ca:d1:37:50:c1:c8:
                    d6:7f:11:bf:cf:ed:e8:18:5d:6c:bb:3a:db:73:e1:
                    4b:69:90:ac:4c:9a:55:80:24:f0:93:fa:0f:5b:1c:
                    36:57:0a:62:1a:7e:6b:63:e2:3d:f9:ec:6b:b2:46:
                    a8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:8E:F8:2C:60:7D:96:4E:C5:04:44:AC:B7:4E:80:CD:82:08:C0:87
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/m474LGB9lk7FBESst06AzYIIwIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.182.0/24
                  192.124.188.0/24
                  193.124.41.0/24
                  193.124.91.0/24
                  193.124.95.0/24
                  193.124.227.0/24
                  194.58.60.0/24
                  194.85.249.0/24
                  194.85.251.0/24
                  194.87.187.0/24
                  195.58.59.0/24
                  195.133.13.0-195.133.14.255
                  195.133.29.0/24
                  195.133.31.0/24
                  195.133.37.0/24
                  195.133.39.0-195.133.43.255
                  195.133.75.0/24
                  212.192.4.0/24
                  212.192.240.0/24
                  212.193.28.0/24
                  212.193.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1e:57:fe:af:e8:57:b3:b5:d7:b8:c0:25:47:76:54:20:05:
         1d:7d:c9:e3:b3:9c:c3:6b:0a:6b:1e:de:e4:93:c0:55:95:c9:
         6e:c1:09:9b:01:e6:d5:bc:2d:a9:a2:00:94:7f:52:d7:3b:6d:
         f6:4a:2b:4c:8f:29:4b:5a:9d:ab:c6:28:f3:7b:62:72:61:6a:
         11:2f:18:cf:8e:19:4f:07:a5:6f:cd:da:60:9f:be:11:20:df:
         3a:8f:7b:ec:9c:91:34:c8:a3:1c:69:c2:05:88:c3:84:c6:a0:
         e7:93:46:67:47:f3:de:1a:dd:f8:a7:c2:f9:2c:b3:2a:a4:1c:
         1c:4a:0c:2c:38:b9:e6:d1:55:fe:3d:eb:be:81:5f:41:8f:3b:
         a2:4a:19:2d:ff:2d:bc:11:c6:12:5b:ba:40:9e:bb:b8:58:ae:
         2a:3b:e3:a9:76:f9:9c:5d:9f:72:5e:9d:5f:bc:ec:05:d2:03:
         d6:39:5e:ff:72:dd:70:cb:7e:18:3f:9f:30:33:e9:57:45:b1:
         fc:68:b1:4c:fc:33:0a:4a:07:73:cb:03:22:fe:84:b6:45:49:
         10:3d:61:41:4e:3f:dc:4d:b9:50:9c:d5:71:2e:79:a2:6b:60:
         cd:ba:ac:cc:1f:d9:e6:b7:33:9a:cc:f2:04:28:02:ad:04:f5:
         4e:46:79:07
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYThV/gkS3C56AZLKwoq+TJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjA1MDgxMjI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjhlZjgyYzYwN2Q5NjRlYzUwNDQ0YWNiNzRlODBjZDgyMDhjMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDxSt8saRheRlegeYFy7aUwWh6TM
LXFxGE9tse9JDQk1P8nP4wMMA28vE+fx+NQ/EMkU5UEg5l7L5Q9ti2YvRF8lTBca
GQtmTXlNdov0B5GLeXIu3Sa4D1ahxFtVKLKJR+dFKvjp9LCHwmbZsCT8/LIzQjJ9
zjo0skB9X0SFVM/bozwK3+b0t2kWkDDjbnN59gsEXT9EsosnpQiNoPUvLc4B79mZ
jcbeEVvbOEIjrnQPMSoJpoyxU7BD7cAjQ8R/pXptELtfg6j5NvTK0TdQwcjWfxG/
z+3oGF1suzrbc+FLaZCsTJpVgCTwk/oPWxw2VwpiGn5rY+I9+exrskaofwIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFJuO+CxgfZZOxQRErLdOgM2CCMCHMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbTQ3NExHQjlsazdGQkVTc3QwNkF6WUlJd0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBADA
fLYDBADAfLwDBADBfCkDBADBfFsDBADBfF8DBADBfOMDBADCOjwDBADCVfkDBADC
VfsDBADCV7sDBADDOjswDAMEAMOFDQMEAMOFDgMEAMOFHQMEAMOFHwMEAMOFJTAM
AwQAw4UnAwQCw4UoAwQAw4VLAwQA1MAEAwQA1MDwAwQA1MEcAwQA1MEfMA0GCSqG
SIb3DQEBCwUAA4IBAQAtHlf+r+hXs7XXuMAlR3ZUIAUdfcnjs5zDawprHt7kk8BV
lcluwQmbAebVvC2pogCUf1LXO232SitMjylLWp2rxijze2JyYWoRLxjPjhlPB6Vv
zdpgn74RIN86j3vsnJE0yKMcacIFiMOExqDnk0ZnR/PeGt34p8L5LLMqpBwcSgws
OLnm0VX+Peu+gV9BjzuiShkt/y28EcYSW7pAnru4WK4qO+OpdvmcXZ9yXp1fvOwF
0gPWOV7/ct1wy34YP58wM+lXRbH8aLFM/DMKSgdzywMi/oS2RUkQPWFBTj/cTblQ
nNVxLnmia2DNuqzMH9nmtzOazPIEKAKtBPVORnkH
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:25 2024 by rpki-client on console-fra.rpki-client.org