Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u0qx-HIl97XRlrSC3PXIqP5Agow.roa
File:                     u0qx-HIl97XRlrSC3PXIqP5Agow.roa (raw, json)
Hash identifier:          /bvVF76+yl+UHFDJtPCiIeDqH1p77rA/U+bs7fsEUEQ=
Subject key identifier:   BB:4A:B1:F8:72:25:F7:B5:D1:96:B4:82:DC:F5:C8:A8:FE:40:82:8C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0182F7E2F6D06E50AA14EDAA598C7D819E7D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u0qx-HIl97XRlrSC3PXIqP5Agow.roa
Signing time:             Thu 01 Sep 2022 07:10:22 +0000
ROA not before:           Thu 01 Sep 2022 07:10:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399471
IP address blocks:        195.133.76.0/24 maxlen: 24
                          212.193.29.0/24 maxlen: 24
                          194.87.227.0/24 maxlen: 24
                          194.87.35.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          212.192.216.0/22 maxlen: 24
                          194.87.149.0/24 maxlen: 24
                          212.192.11.0/24 maxlen: 24
                          194.87.161.0/24 maxlen: 24
                          194.85.250.0/24 maxlen: 24
                          194.85.248.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
                          212.192.244.0/22 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f7:e2:f6:d0:6e:50:aa:14:ed:aa:59:8c:7d:81:9e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep  1 07:10:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bb4ab1f87225f7b5d196b482dcf5c8a8fe40828c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:71:27:42:7d:6c:04:17:a7:0c:67:a3:45:4d:
                    35:49:b7:4d:25:12:59:1a:ab:be:43:76:be:1e:bb:
                    b4:1f:1f:d6:70:56:b7:39:50:8d:b9:1c:9c:62:71:
                    01:e6:d2:df:1e:1b:b1:84:01:7c:94:4b:00:a7:73:
                    81:d0:d5:40:67:d0:c5:f3:d6:97:cc:84:8b:f6:af:
                    7e:b7:52:54:1e:f4:65:15:7e:40:34:75:19:50:82:
                    f4:5b:9f:8d:14:cf:4b:38:49:73:ef:20:8f:35:ac:
                    f5:50:09:67:a2:52:84:6e:df:8c:9d:c6:1f:10:c9:
                    08:a5:8b:34:50:c4:86:a6:90:6f:8f:c6:28:be:9e:
                    3b:6a:84:83:b9:23:ae:e4:cb:0f:74:f6:5a:bd:61:
                    b4:91:e5:8a:b2:3e:ee:f4:fc:49:c4:0a:95:d0:7e:
                    2e:cf:00:83:7e:74:2a:73:4e:db:be:a4:cd:12:ce:
                    1a:9d:0c:ca:7f:79:2c:32:7a:de:d1:05:5d:26:92:
                    86:e3:89:20:8c:1c:de:28:31:d3:ac:dc:c5:51:5b:
                    48:ec:37:8b:9b:70:33:92:52:52:96:fc:e0:30:f4:
                    8c:da:d2:58:09:f4:60:c0:c0:bd:86:c9:aa:28:63:
                    0d:0d:b4:9e:3c:0f:b8:97:02:a1:96:5c:58:f2:58:
                    64:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:4A:B1:F8:72:25:F7:B5:D1:96:B4:82:DC:F5:C8:A8:FE:40:82:8C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u0qx-HIl97XRlrSC3PXIqP5Agow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.203.0/24
                  194.85.248.0/24
                  194.85.250.0/24
                  194.87.32.0/24
                  194.87.35.0/24
                  194.87.82.0/24
                  194.87.149.0/24
                  194.87.161.0/24
                  194.87.227.0/24
                  195.133.15.0/24
                  195.133.39.0/24
                  195.133.76.0/24
                  212.192.11.0/24
                  212.192.216.0/22
                  212.192.244.0/22
                  212.193.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:b3:94:75:de:5a:5f:df:5b:7a:da:b2:87:e6:b7:9f:cd:a3:
         42:35:4c:a9:64:6f:81:28:c9:70:c2:44:03:14:07:cd:c3:e8:
         4d:7a:d0:a3:eb:3f:28:f4:e6:41:bd:46:d8:42:a5:0d:f3:8f:
         c2:17:f0:f9:60:3f:12:33:81:bd:92:87:10:27:70:57:62:94:
         6d:7c:37:9a:37:07:b2:3f:1e:ce:38:6c:d2:a8:44:f2:ed:20:
         8b:20:e1:cf:4d:17:7a:ec:34:b1:4e:ba:2b:b0:1e:f5:d6:32:
         58:33:d4:69:36:08:e3:36:27:46:85:42:7a:37:f7:6e:86:dc:
         b9:03:ec:c0:9f:65:c4:e9:10:a4:66:53:bc:c1:9d:06:23:f9:
         cf:b9:36:81:34:10:34:c0:5d:f5:e6:1f:ae:f4:e2:09:19:22:
         24:84:43:36:f2:18:cc:84:bb:5e:0b:57:e9:4a:e0:eb:a6:f9:
         65:5b:cf:34:f4:d6:d8:6b:9d:d5:c5:ff:6b:a6:62:62:5b:a6:
         bb:16:0c:8e:f5:96:3a:d0:e5:a3:ee:94:00:55:a9:03:a4:b7:
         0d:00:de:2b:5b:99:4d:b5:d0:c5:ee:96:ce:a7:43:f8:f1:71:
         35:b9:7c:7a:8e:0a:2d:70:99:d3:d6:41:5f:f3:ba:9c:cf:90:
         24:ce:4d:20
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYL34vbQblCqFO2qWYx9gZ59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIwOTAxMDcxMDIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjRhYjFmODcyMjVmN2I1ZDE5NmI0ODJkY2Y1YzhhOGZlNDA4MjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3EnQn1sBBenDGejRU01SbdNJRJZ
Gqu+Q3a+Hru0Hx/WcFa3OVCNuRycYnEB5tLfHhuxhAF8lEsAp3OB0NVAZ9DF89aX
zISL9q9+t1JUHvRlFX5ANHUZUIL0W5+NFM9LOElz7yCPNaz1UAlnolKEbt+MncYf
EMkIpYs0UMSGppBvj8Yovp47aoSDuSOu5MsPdPZavWG0keWKsj7u9PxJxAqV0H4u
zwCDfnQqc07bvqTNEs4anQzKf3ksMnre0QVdJpKG44kgjBzeKDHTrNzFUVtI7DeL
m3AzklJSlvzgMPSM2tJYCfRgwMC9hsmqKGMNDbSePA+4lwKhllxY8lhkbQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFLtKsfhyJfe10Za0gtz1yKj+QIKMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdTBxeC1ISWw5N1hSbHJTQzNQWElxUDVBZ293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAwXzLAwQA
wlX4AwQAwlX6AwQAwlcgAwQAwlcjAwQAwldSAwQAwleVAwQAwlehAwQAwlfjAwQA
w4UPAwQAw4UnAwQAw4VMAwQA1MALAwQC1MDYAwQC1MD0AwQA1MEdMA0GCSqGSIb3
DQEBCwUAA4IBAQAds5R13lpf31t62rKH5refzaNCNUypZG+BKMlwwkQDFAfNw+hN
etCj6z8o9OZBvUbYQqUN84/CF/D5YD8SM4G9kocQJ3BXYpRtfDeaNweyPx7OOGzS
qETy7SCLIOHPTRd67DSxTrorsB711jJYM9RpNgjjNidGhUJ6N/duhty5A+zAn2XE
6RCkZlO8wZ0GI/nPuTaBNBA0wF315h+u9OIJGSIkhEM28hjMhLteC1fpSuDrpvll
W8809NbYa53Vxf9rpmJiW6a7FgyO9ZY60OWj7pQAVakDpLcNAN4rW5lNtdDF7pbO
p0P48XE1uXx6jgotcJnT1kFf87qcz5Akzk0g
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:49 2024 by rpki-client on console-ams.rpki-client.org