Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tK_tw7Z86XsOCLwz-QJo9O6yyXQ.roa
File:                     tK_tw7Z86XsOCLwz-QJo9O6yyXQ.roa (raw, json)
Hash identifier:          EpcOUWEC5eorr1lIB62zSeBVe3HiEDlD5R+MKVx1Tvs=
Subject key identifier:   B4:AF:ED:C3:B6:7C:E9:7B:0E:08:BC:33:F9:02:68:F4:EE:B2:C9:74
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01845B6D5A998D84C0364C90DC67FD293E43
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tK_tw7Z86XsOCLwz-QJo9O6yyXQ.roa
Signing time:             Wed 09 Nov 2022 08:06:44 +0000
ROA not before:           Wed 09 Nov 2022 08:06:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38377
IP address blocks:        194.58.42.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:5b:6d:5a:99:8d:84:c0:36:4c:90:dc:67:fd:29:3e:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov  9 08:06:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b4afedc3b67ce97b0e08bc33f90268f4eeb2c974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:64:7b:32:7f:31:1a:f3:30:5c:08:15:62:27:
                    5b:a4:45:1a:ef:98:c8:d6:b6:e0:c0:50:20:c5:1b:
                    5a:f5:5a:96:7e:09:d7:b9:af:07:9b:c8:e8:0d:37:
                    be:9c:8d:b1:0b:6b:77:e7:64:2b:22:b0:84:98:39:
                    ad:af:27:d5:ba:92:a3:62:47:9a:f8:de:85:91:36:
                    1e:d1:37:ac:72:bc:68:f1:cb:b5:1b:91:8a:20:a3:
                    66:85:4f:94:0f:23:45:0c:a5:74:5c:89:1c:ee:dc:
                    a1:d7:59:c9:38:7c:d3:fb:fb:23:28:27:78:c0:3e:
                    7c:0e:47:14:29:b8:cc:bb:ff:25:b5:20:30:14:0d:
                    01:80:62:80:d6:08:e0:09:ab:c3:d1:d6:06:51:20:
                    a5:f3:4d:2b:c6:d9:90:be:2a:46:55:00:ce:f8:89:
                    44:9b:09:2a:08:0b:37:05:d8:8a:ba:d3:26:ab:7d:
                    67:17:2d:bf:af:35:a1:a7:d2:93:3a:ac:50:80:8c:
                    d7:1f:bd:9c:96:a2:ee:4c:23:09:3f:af:d8:fd:87:
                    2e:aa:89:98:f6:9e:fb:89:b1:db:37:91:a3:ed:34:
                    5c:eb:9c:95:ec:dd:76:36:3b:63:03:d8:c3:34:8a:
                    7d:1d:2c:0e:5e:45:cb:a6:70:ad:24:7f:41:02:86:
                    58:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:AF:ED:C3:B6:7C:E9:7B:0E:08:BC:33:F9:02:68:F4:EE:B2:C9:74
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tK_tw7Z86XsOCLwz-QJo9O6yyXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d5:20:12:ac:65:fc:e3:cd:8e:32:b1:97:42:68:15:f1:91:
         10:01:8b:1a:f1:0f:38:b0:6d:dc:60:28:5a:82:36:19:63:6c:
         0e:ae:37:f2:4b:f7:a7:8f:64:2b:17:37:a8:da:f8:07:13:1a:
         37:6e:09:5a:53:25:fe:4c:6b:61:65:3e:85:6e:94:20:02:0d:
         2f:ba:c4:42:81:6b:d5:44:e3:dc:c4:6f:a8:34:68:77:29:78:
         a5:44:f7:6b:95:79:fd:6f:5b:09:4e:d7:0b:63:39:50:56:67:
         92:71:38:c4:06:6f:aa:eb:9a:1e:df:3e:53:31:35:65:ba:c0:
         cb:26:8e:2c:43:66:f2:1c:54:50:44:5a:04:3c:ce:9a:59:b9:
         7a:5a:1c:0c:2f:db:de:f6:8d:ab:22:cb:df:09:27:79:62:af:
         45:0f:00:75:30:28:a2:5b:10:10:b2:80:fe:9e:b8:70:bf:72:
         35:1a:b0:85:28:75:6a:b8:63:18:a2:05:6f:09:c3:bd:a0:92:
         f1:d8:5f:c3:ad:d9:78:cf:4f:41:a4:52:24:92:b7:e4:1e:c7:
         69:52:62:bd:23:ad:22:6c:cd:bb:a6:41:36:3b:9b:fa:3a:af:
         47:a5:b6:44:ce:ea:0e:a7:78:56:dc:f6:d7:7a:a9:6d:d5:3c:
         54:05:0a:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYRbbVqZjYTANkyQ3Gf9KT5DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTA5MDgwNjQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGFmZWRjM2I2N2NlOTdiMGUwOGJjMzNmOTAyNjhmNGVlYjJjOTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGR7Mn8xGvMwXAgVYidbpEUa75jI
1rbgwFAgxRta9VqWfgnXua8Hm8joDTe+nI2xC2t352QrIrCEmDmtryfVupKjYkea
+N6FkTYe0Tescrxo8cu1G5GKIKNmhU+UDyNFDKV0XIkc7tyh11nJOHzT+/sjKCd4
wD58DkcUKbjMu/8ltSAwFA0BgGKA1gjgCavD0dYGUSCl800rxtmQvipGVQDO+IlE
mwkqCAs3BdiKutMmq31nFy2/rzWhp9KTOqxQgIzXH72clqLuTCMJP6/Y/YcuqomY
9p77ibHbN5Gj7TRc65yV7N12NjtjA9jDNIp9HSwOXkXLpnCtJH9BAoZYSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSv7cO2fOl7Dgi8M/kCaPTussl0MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdEtfdHc3Wjg2WHNPQ0x3ei1RSm85TzZ5eVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjoqMA0G
CSqGSIb3DQEBCwUAA4IBAQCX1SASrGX8482OMrGXQmgV8ZEQAYsa8Q84sG3cYCha
gjYZY2wOrjfyS/enj2QrFzeo2vgHExo3bglaUyX+TGthZT6FbpQgAg0vusRCgWvV
ROPcxG+oNGh3KXilRPdrlXn9b1sJTtcLYzlQVmeScTjEBm+q65oe3z5TMTVlusDL
Jo4sQ2byHFRQRFoEPM6aWbl6WhwML9ve9o2rIsvfCSd5Yq9FDwB1MCiiWxAQsoD+
nrhwv3I1GrCFKHVquGMYogVvCcO9oJLx2F/Drdl4z09BpFIkkrfkHsdpUmK9I60i
bM27pkE2O5v6Oq9HpbZEzuoOp3hW3PbXeqlt1TxUBQot
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:49 2024 by rpki-client on console-ams.rpki-client.org