Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/n_t2iSE9TpN5HvD1PRQnJiSU_ls.roa
File:                     n_t2iSE9TpN5HvD1PRQnJiSU_ls.roa (raw, json)
Hash identifier:          6uB20+ViJubFd1AvoYm71soTQ5HzUadGhNmOYzcFRdU=
Subject key identifier:   9F:FB:76:89:21:3D:4E:93:79:1E:F0:F5:3D:14:27:26:24:94:FE:5B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01845752543C7F278EE644F5358794FEA9AD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/n_t2iSE9TpN5HvD1PRQnJiSU_ls.roa
Signing time:             Tue 08 Nov 2022 12:58:44 +0000
ROA not before:           Tue 08 Nov 2022 12:58:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2118
IP address blocks:        193.124.3.0/24 maxlen: 24
                          62.76.231.0/24 maxlen: 24
                          194.87.1.0/24 maxlen: 24
                          194.87.3.0/24 maxlen: 24
                          194.87.7.0/24 maxlen: 24
                          193.124.18.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
                          194.87.24.0/22 maxlen: 24
                          194.87.104.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.56.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24
                          194.87.83.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          195.133.30.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          212.193.12.0/24 maxlen: 24
                          212.193.15.0/24 maxlen: 24
                          194.58.38.0/24 maxlen: 24
                          194.58.40.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          194.58.46.0/23 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          194.58.59.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          212.193.2.0/24 maxlen: 24
                          194.87.207.0/24 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          194.135.30.0/24 maxlen: 24
                          212.192.10.0/24 maxlen: 24
                          194.87.165.0/24 maxlen: 24
                          194.87.160.0/24 maxlen: 24
                          194.87.163.0/24 maxlen: 24
                          192.124.173.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.180.0/22 maxlen: 24
                          192.124.182.0/23 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          193.124.201.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24
                          193.108.112.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:57:52:54:3c:7f:27:8e:e6:44:f5:35:87:94:fe:a9:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov  8 12:58:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9ffb7689213d4e93791ef0f53d1427262494fe5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c2:c7:9b:3c:06:fe:9e:47:e7:55:26:6e:ff:
                    ca:7d:93:53:07:9e:d4:1b:e3:13:8a:f3:1c:1e:e6:
                    13:89:d6:b2:cd:55:7c:4d:9a:f7:3a:b7:41:55:24:
                    0d:2f:c1:75:ec:20:13:2f:4d:75:bd:29:dc:95:58:
                    fe:ae:9e:38:a4:1d:86:75:dd:26:b9:81:ab:2e:f4:
                    a9:08:4e:ea:b2:8e:6c:e9:5c:71:5c:ac:26:9c:42:
                    14:36:82:82:08:f1:aa:db:f0:fa:0b:d1:a9:85:0d:
                    7c:62:ae:e4:d6:5a:f3:d6:2a:f1:03:83:07:31:76:
                    a4:94:90:c4:86:ab:2a:85:01:16:d4:9b:46:7e:ff:
                    a2:1a:e5:f2:a4:a2:ef:97:71:57:4c:51:54:7e:4d:
                    e7:c1:43:09:55:7e:09:cd:2d:f6:af:bc:7b:fd:ab:
                    10:db:87:10:ac:8b:aa:53:47:29:62:d9:50:6b:19:
                    a8:eb:90:b0:1a:f0:32:af:bc:68:f8:b1:7a:e9:a5:
                    8b:30:63:de:18:d8:4c:79:15:95:dd:d0:31:c7:73:
                    35:c4:f2:85:36:92:4e:51:85:65:23:9a:5b:32:ad:
                    37:ac:43:c8:7f:d6:05:54:6c:c7:fb:7f:2e:09:96:
                    1a:11:f6:36:8e:79:1f:5c:51:9e:f9:0c:86:ae:96:
                    49:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:FB:76:89:21:3D:4E:93:79:1E:F0:F5:3D:14:27:26:24:94:FE:5B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/n_t2iSE9TpN5HvD1PRQnJiSU_ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.231.0/24
                  192.124.173.0/24
                  192.124.180.0/22
                  192.124.209.0/24
                  193.108.112.0/24
                  193.124.3.0/24
                  193.124.18.0/24
                  193.124.200.0/23
                  193.124.203.0/24
                  194.58.38.0/24
                  194.58.40.0/24
                  194.58.42.0/24
                  194.58.45.0-194.58.47.255
                  194.58.59.0/24
                  194.87.1.0/24
                  194.87.3.0/24
                  194.87.7.0/24
                  194.87.16.0/24
                  194.87.24.0/22
                  194.87.56.0/24
                  194.87.76.0/24
                  194.87.82.0/23
                  194.87.104.0/24
                  194.87.118.0/24
                  194.87.160.0/24
                  194.87.163.0/24
                  194.87.165.0/24
                  194.87.170.0/24
                  194.87.179.0/24
                  194.87.198.0/24
                  194.87.207.0-194.87.209.255
                  194.87.222.0/23
                  194.87.233.0/24
                  194.135.30.0/24
                  195.58.56.0/21
                  195.133.30.0/24
                  195.133.55.0/24
                  195.133.76.0/24
                  212.192.10.0/24
                  212.193.0.0/24
                  212.193.2.0/24
                  212.193.12.0/24
                  212.193.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a2:ef:46:50:f3:24:38:e0:b6:d7:b3:53:56:55:ab:40:c5:
         66:21:46:24:7c:20:b7:f3:ba:28:c9:39:d3:91:fc:60:0b:51:
         1d:c8:f7:46:c0:c8:de:f7:52:65:05:d2:c4:8b:3e:e4:fe:0b:
         99:99:d0:5f:da:53:48:84:41:3f:56:07:f5:15:a5:12:3f:95:
         c5:b7:d2:9c:0b:e0:e5:7a:21:a2:60:9b:ee:c6:cb:4e:a3:90:
         19:4d:00:3b:58:81:98:3c:59:58:0b:fa:fb:e6:d9:8a:1a:95:
         1f:cc:d0:38:37:5f:9e:fc:5a:63:c5:30:5f:85:e5:e9:0e:9a:
         b9:b2:93:66:6d:60:d0:1e:be:e5:32:09:00:f0:f2:cf:c8:b1:
         ba:a6:45:f5:ca:3e:67:d6:37:97:56:ad:3b:30:a0:8f:d4:c1:
         38:7d:e8:9e:06:c8:c6:01:b9:46:7c:cb:09:cf:ef:6a:90:32:
         7b:f9:eb:6e:7d:05:61:a4:6a:46:4c:9d:49:22:6f:27:2e:17:
         45:30:88:cd:c1:69:ff:bd:74:3f:9b:e0:b0:8d:e9:41:fb:a0:
         2b:3f:e6:75:5f:7e:d4:95:6e:40:4e:ed:a4:47:93:20:e0:87:
         0c:0a:b2:0a:1c:14:30:9a:88:d7:ac:7c:4e:1e:d7:3c:a0:fa:
         46:29:0e:13
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgISAYRXUlQ8fyeO5kT1NYeU/qmtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTA4MTI1ODQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmZiNzY4OTIxM2Q0ZTkzNzkxZWYwZjUzZDE0MjcyNjI0OTRmZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsLHmzwG/p5H51Umbv/KfZNTB57U
G+MTivMcHuYTidayzVV8TZr3OrdBVSQNL8F17CATL011vSnclVj+rp44pB2Gdd0m
uYGrLvSpCE7qso5s6VxxXKwmnEIUNoKCCPGq2/D6C9GphQ18Yq7k1lrz1irxA4MH
MXaklJDEhqsqhQEW1JtGfv+iGuXypKLvl3FXTFFUfk3nwUMJVX4JzS32r7x7/asQ
24cQrIuqU0cpYtlQaxmo65CwGvAyr7xo+LF66aWLMGPeGNhMeRWV3dAxx3M1xPKF
NpJOUYVlI5pbMq03rEPIf9YFVGzH+38uCZYaEfY2jnkfXFGe+QyGrpZJbwIDAQAB
o4IDHzCCAxswHQYDVR0OBBYEFJ/7dokhPU6TeR7w9T0UJyYklP5bMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbl90MmlTRTlUcE41SHZEMVBSUW5KaVNVX2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMwYIKwYBBQUHAQcBAf8EggEiMIIBHjCCARoEAgABMIIB
EgMEAD5M5wMEAMB8rQMEAsB8tAMEAMB80QMEAMFscAMEAMF8AwMEAMF8EgMEAcF8
yAMEAMF8ywMEAMI6JgMEAMI6KAMEAMI6KjAMAwQAwjotAwQEwjogAwQAwjo7AwQA
wlcBAwQAwlcDAwQAwlcHAwQAwlcQAwQCwlcYAwQAwlc4AwQAwldMAwQBwldSAwQA
wldoAwQAwld2AwQAwlegAwQAwlejAwQAwlelAwQAwleqAwQAwlezAwQAwlfGMAwD
BADCV88DBAHCV9ADBAHCV94DBADCV+kDBADChx4DBAPDOjgDBADDhR4DBADDhTcD
BADDhUwDBADUwAoDBADUwQADBADUwQIDBADUwQwDBADUwQ8wDQYJKoZIhvcNAQEL
BQADggEBAEui70ZQ8yQ44LbXs1NWVatAxWYhRiR8ILfzuijJOdOR/GALUR3I90bA
yN73UmUF0sSLPuT+C5mZ0F/aU0iEQT9WB/UVpRI/lcW30pwL4OV6IaJgm+7Gy06j
kBlNADtYgZg8WVgL+vvm2YoalR/M0Dg3X578WmPFMF+F5ekOmrmyk2ZtYNAevuUy
CQDw8s/IsbqmRfXKPmfWN5dWrTswoI/UwTh96J4GyMYBuUZ8ywnP72qQMnv56259
BWGkakZMnUkibycuF0UwiM3Baf+9dD+b4LCN6UH7oCs/5nVfftSVbkBO7aRHkyDg
hwwKsgocFDCaiNesfE4e1zyg+kYpDhM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:46 2024 by rpki-client on console-ams.rpki-client.org