Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pqSqkj3YiSfmnexmt8Dj6V3EjyM.roa
File:                     pqSqkj3YiSfmnexmt8Dj6V3EjyM.roa (raw, json)
Hash identifier:          1rgIy8d7uPRkoIb4kc3A8jl0sgUrLGiAo6h7dtMVwqk=
Subject key identifier:   A6:A4:AA:92:3D:D8:89:27:E6:9D:EC:66:B7:C0:E3:E9:5D:C4:8F:23
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184E2CC9519085FE918E96D45940E6DCE6C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pqSqkj3YiSfmnexmt8Dj6V3EjyM.roa
Signing time:             Mon 05 Dec 2022 14:59:29 +0000
ROA not before:           Mon 05 Dec 2022 14:59:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400377
IP address blocks:        62.76.226.0/24 maxlen: 24
                          62.76.225.0/24 maxlen: 24
                          193.124.18.0/24 maxlen: 24
                          193.124.45.0/24 maxlen: 24
                          194.58.40.0/24 maxlen: 24
                          194.58.46.0/24 maxlen: 24
                          194.58.59.0/24 maxlen: 24
                          193.124.133.0/24 maxlen: 24
                          194.87.124.0/24 maxlen: 24
                          194.87.125.0/24 maxlen: 24
                          194.87.122.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24
                          194.87.200.0/24 maxlen: 24
                          194.87.205.0/24 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          194.87.223.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          194.87.252.0/24 maxlen: 24
                          212.192.5.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24
                          195.133.193.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e2:cc:95:19:08:5f:e9:18:e9:6d:45:94:0e:6d:ce:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec  5 14:59:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a6a4aa923dd88927e69dec66b7c0e3e95dc48f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f5:05:42:fd:cc:57:3b:05:8b:a4:d9:ee:d1:
                    98:ab:3f:76:20:8f:af:d4:89:15:f0:1d:7e:ec:fb:
                    9b:a0:27:70:b8:73:00:95:ef:3f:d1:e3:fd:17:ee:
                    70:8a:01:2c:b2:ed:a1:09:61:d0:77:20:2b:8d:6f:
                    9b:a9:f7:3c:2f:80:53:a2:ca:7d:c2:bb:34:9f:ef:
                    7d:45:b3:b7:8a:df:27:8a:48:6d:e8:48:2d:07:df:
                    e4:0a:40:39:35:27:6b:d3:62:9f:b1:69:8b:0e:69:
                    5a:0b:61:a2:83:06:f0:ea:41:76:87:73:8e:2c:d9:
                    d6:95:ee:ff:87:ed:88:ce:55:5a:ba:06:7e:d7:a3:
                    e5:fb:c1:52:7a:ce:8a:78:d1:54:21:ca:5a:f9:92:
                    2f:e4:16:f4:f1:98:c5:fe:52:ce:31:b4:a9:be:84:
                    e3:07:76:6f:ad:83:5c:22:ff:65:2b:f6:50:b2:3e:
                    76:4a:59:fe:6f:01:75:53:5a:a8:d1:7c:1a:7e:0f:
                    9b:80:57:1e:ea:b0:82:b4:2a:cc:f3:84:f3:8f:d3:
                    ff:8b:e2:7b:4b:43:52:b8:ad:f4:dc:d8:58:fd:8c:
                    89:db:4c:6a:cd:6f:ac:56:1d:1d:42:84:51:52:49:
                    17:b9:a4:f9:6a:33:fc:6a:ba:31:b1:49:72:15:21:
                    d3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A4:AA:92:3D:D8:89:27:E6:9D:EC:66:B7:C0:E3:E9:5D:C4:8F:23
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pqSqkj3YiSfmnexmt8Dj6V3EjyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0-62.76.226.255
                  192.124.180.0/24
                  192.124.183.0/24
                  193.124.18.0/24
                  193.124.45.0/24
                  193.124.90.0/24
                  193.124.133.0/24
                  193.124.200.0/24
                  194.58.40.0/24
                  194.58.46.0/24
                  194.58.59.0/24
                  194.87.122.0/24
                  194.87.124.0/23
                  194.87.200.0/24
                  194.87.205.0/24
                  194.87.223.0/24
                  194.87.226.0/24
                  194.87.233.0/24
                  194.87.252.0/24
                  195.133.76.0/24
                  195.133.193.0/24
                  212.192.5.0/24
                  212.192.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:84:a1:77:81:6e:74:29:90:97:f0:9d:5f:b7:6e:19:43:86:
         f0:21:cc:62:d3:47:3a:d5:d1:2f:36:41:91:9f:9a:a9:ff:9f:
         17:c4:8b:74:a8:cf:58:49:5b:d6:b2:7c:64:0a:b7:76:cd:c5:
         3d:2b:df:23:cd:25:e5:4b:e0:d8:c3:63:70:99:d2:dd:6b:b3:
         03:b3:76:57:ab:57:aa:bb:7d:3f:eb:a8:32:e2:cc:db:ea:9d:
         56:e8:84:67:71:73:96:9e:3c:98:17:f2:c8:22:2f:a8:51:20:
         1e:f1:cd:13:55:e4:55:64:ef:e4:88:ac:69:ac:9d:82:93:6c:
         7f:b9:39:15:75:59:cc:91:7e:40:0b:64:b4:f1:c3:7f:68:65:
         63:60:6f:ba:b0:c1:22:c6:0a:7e:0a:37:eb:a9:ef:34:2f:b3:
         54:0a:e3:55:8c:40:ed:3c:e6:c4:d0:c4:a4:67:3a:aa:e3:1b:
         2e:b5:10:47:88:bf:58:02:89:c8:a0:98:dd:bd:fc:a5:51:3a:
         d9:ed:55:12:52:73:ae:67:d2:3c:a3:87:e5:10:68:53:e7:54:
         22:92:58:9d:c0:ff:6c:5d:af:eb:f6:0d:b5:09:be:7d:f8:d5:
         d4:bf:b8:4f:40:d3:59:01:d4:3d:19:fd:52:7d:f0:11:33:aa:
         29:4a:be:3b
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYTizJUZCF/pGOltRZQObc5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjA1MTQ1OTI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmE0YWE5MjNkZDg4OTI3ZTY5ZGVjNjZiN2MwZTNlOTVkYzQ4ZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfUFQv3MVzsFi6TZ7tGYqz92II+v
1IkV8B1+7PuboCdwuHMAle8/0eP9F+5wigEssu2hCWHQdyArjW+bqfc8L4BTosp9
wrs0n+99RbO3it8nikht6EgtB9/kCkA5NSdr02KfsWmLDmlaC2Gigwbw6kF2h3OO
LNnWle7/h+2IzlVaugZ+16Pl+8FSes6KeNFUIcpa+ZIv5Bb08ZjF/lLOMbSpvoTj
B3ZvrYNcIv9lK/ZQsj52Sln+bwF1U1qo0Xwafg+bgFce6rCCtCrM84Tzj9P/i+J7
S0NSuK303NhY/YyJ20xqzW+sVh0dQoRRUkkXuaT5ajP8aroxsUlyFSHTgwIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFKakqpI92Ikn5p3sZrfA4+ldxI8jMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcHFTcWtqM1lpU2ZtbmV4bXQ4RGo2VjNFanlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBmQQCAAEwgZIwDAME
AD5M4QMEAD5M4gMEAMB8tAMEAMB8twMEAMF8EgMEAMF8LQMEAMF8WgMEAMF8hQME
AMF8yAMEAMI6KAMEAMI6LgMEAMI6OwMEAMJXegMEAcJXfAMEAMJXyAMEAMJXzQME
AMJX3wMEAMJX4gMEAMJX6QMEAMJX/AMEAMOFTAMEAMOFwQMEANTABQMEANTACTAN
BgkqhkiG9w0BAQsFAAOCAQEAEIShd4FudCmQl/CdX7duGUOG8CHMYtNHOtXRLzZB
kZ+aqf+fF8SLdKjPWElb1rJ8ZAq3ds3FPSvfI80l5Uvg2MNjcJnS3WuzA7N2V6tX
qrt9P+uoMuLM2+qdVuiEZ3Fzlp48mBfyyCIvqFEgHvHNE1XkVWTv5IisaaydgpNs
f7k5FXVZzJF+QAtktPHDf2hlY2BvurDBIsYKfgo366nvNC+zVArjVYxA7TzmxNDE
pGc6quMbLrUQR4i/WAKJyKCY3b38pVE62e1VElJzrmfSPKOH5RBoU+dUIpJYncD/
bF2v6/YNtQm+ffjV1L+4T0DTWQHUPRn9Un3wETOqKUq+Ow==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:27 2024 by rpki-client on console-fra.rpki-client.org