Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kzWopVC9KRM30yLW-Opsf65dFjM.roa
File:                     kzWopVC9KRM30yLW-Opsf65dFjM.roa (raw, json)
Hash identifier:          X0UaB+ekUCPXV+dU7i3vvh0fctEC00gyUzfa66Xm7iY=
Subject key identifier:   93:35:A8:A5:50:BD:29:13:37:D3:22:D6:F8:EA:6C:7F:AE:5D:16:33
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01847C66D1BE923D41BBA9EBF4C6D130CC53
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kzWopVC9KRM30yLW-Opsf65dFjM.roa
Signing time:             Tue 15 Nov 2022 17:47:03 +0000
ROA not before:           Tue 15 Nov 2022 17:47:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30823
IP address blocks:        213.209.129.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7c:66:d1:be:92:3d:41:bb:a9:eb:f4:c6:d1:30:cc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Nov 15 17:47:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9335a8a550bd291337d322d6f8ea6c7fae5d1633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9b:af:a8:80:c5:69:91:3c:f3:b6:6d:7a:43:
                    95:ec:98:4b:3b:4b:b7:75:04:f0:ca:14:53:06:96:
                    82:06:70:5a:e0:fa:91:2b:35:27:15:81:29:f5:6d:
                    40:f6:7b:14:1d:42:52:f5:6c:63:6b:07:2c:ad:59:
                    4a:cd:95:3f:89:a4:0d:6e:e9:b7:d1:e8:6d:72:7b:
                    3c:47:55:1e:03:58:02:d5:dc:e6:7a:a8:de:16:50:
                    7a:6c:e7:9d:07:bf:76:1b:1d:98:d3:38:51:3b:ee:
                    a7:bf:7e:3e:44:ee:28:61:76:93:a6:f5:55:49:73:
                    4a:a8:8f:67:ce:17:11:2a:8d:0f:17:38:fb:13:2e:
                    b1:65:12:9a:bb:45:7d:e3:df:15:c5:5f:5d:51:5c:
                    5a:c0:5e:75:56:a4:03:5d:53:11:e3:42:dd:5f:8c:
                    ac:c9:38:c7:b5:06:a4:30:69:f0:8e:9b:55:21:df:
                    a6:79:f2:97:e9:fc:8d:94:d4:e5:9a:bc:01:4d:bb:
                    38:1d:a6:46:de:76:7b:f7:0d:61:99:51:41:f8:75:
                    78:66:0f:d0:87:9a:d5:2c:b6:d8:ea:51:6e:1d:f7:
                    cf:a8:02:da:34:58:e0:98:3e:96:3a:38:b5:d3:b6:
                    12:c6:fe:52:0a:ab:8a:68:cd:d6:50:6d:a8:c2:41:
                    44:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:35:A8:A5:50:BD:29:13:37:D3:22:D6:F8:EA:6C:7F:AE:5D:16:33
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kzWopVC9KRM30yLW-Opsf65dFjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.13.0/24
                  213.209.129.0/24
                  213.209.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:29:66:f6:d2:49:c8:e7:a6:f0:ad:00:cf:3e:51:33:4c:a1:
         02:6e:bb:4a:e1:e9:49:d6:c4:79:e7:dd:b8:04:9b:a1:2b:70:
         58:b5:8b:3a:ba:5f:18:3c:ff:90:da:68:1d:d5:85:11:41:aa:
         ad:b9:f9:2b:39:f7:50:17:25:1d:12:6d:e0:f8:e5:4d:ac:f1:
         ab:ae:8d:0f:35:4a:23:b8:63:de:1f:45:30:8d:07:6e:c9:24:
         87:18:5a:57:46:db:44:ba:b3:0a:f2:80:26:9f:6e:15:ed:ec:
         02:6e:fc:75:df:a0:91:35:90:98:c4:e7:4f:af:ad:00:b3:26:
         de:25:ac:bd:a4:5b:de:73:f4:e8:26:2a:0f:4f:06:be:5e:0c:
         a1:0a:af:5f:92:2e:01:f6:80:74:ce:40:ac:8e:0e:79:18:49:
         dc:77:48:65:ea:23:2b:a9:72:51:9c:96:f6:27:46:ee:2b:b4:
         ee:b0:e7:f3:78:c2:ad:38:34:75:44:e4:5f:eb:df:34:1e:27:
         43:00:59:2a:e5:f8:2c:f3:86:83:87:66:2d:1b:0d:e6:b4:2e:
         cb:67:40:47:02:a6:7c:5e:86:bf:b6:06:bd:28:1c:5e:2d:28:
         6c:b9:0a:79:2f:99:36:e4:4e:a7:a7:4d:72:ec:35:ee:9e:04:
         52:24:04:36
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYR8ZtG+kj1Bu6nr9MbRMMxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIxMTE1MTc0NzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzM1YThhNTUwYmQyOTEzMzdkMzIyZDZmOGVhNmM3ZmFlNWQxNjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJuvqIDFaZE887ZtekOV7JhLO0u3
dQTwyhRTBpaCBnBa4PqRKzUnFYEp9W1A9nsUHUJS9WxjawcsrVlKzZU/iaQNbum3
0ehtcns8R1UeA1gC1dzmeqjeFlB6bOedB792Gx2Y0zhRO+6nv34+RO4oYXaTpvVV
SXNKqI9nzhcRKo0PFzj7Ey6xZRKau0V9498VxV9dUVxawF51VqQDXVMR40LdX4ys
yTjHtQakMGnwjptVId+mefKX6fyNlNTlmrwBTbs4HaZG3nZ79w1hmVFB+HV4Zg/Q
h5rVLLbY6lFuHffPqALaNFjgmD6WOji107YSxv5SCquKaM3WUG2owkFE6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJM1qKVQvSkTN9Mi1vjqbH+uXRYzMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEva3pXb3BWQzlLUk0zMHlMVy1PcHNmNjVkRmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAueYNAwQA
1dGBAwQA1dGXMA0GCSqGSIb3DQEBCwUAA4IBAQBTKWb20knI56bwrQDPPlEzTKEC
brtK4elJ1sR55924BJuhK3BYtYs6ul8YPP+Q2mgd1YURQaqtufkrOfdQFyUdEm3g
+OVNrPGrro0PNUojuGPeH0UwjQduySSHGFpXRttEurMK8oAmn24V7ewCbvx136CR
NZCYxOdPr60AsybeJay9pFvec/ToJioPTwa+XgyhCq9fki4B9oB0zkCsjg55GEnc
d0hl6iMrqXJRnJb2J0buK7TusOfzeMKtODR1RORf6980HidDAFkq5fgs84aDh2Yt
Gw3mtC7LZ0BHAqZ8Xoa/tga9KBxeLShsuQp5L5k25E6np01y7DXungRSJAQ2
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:08 2023 by rpki-client on console-ams.rpki-client.org