Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/nxwAW6WOLNub5F1MhzPRRRaf7Jo.roa
File:                     nxwAW6WOLNub5F1MhzPRRRaf7Jo.roa (raw, json)
Hash identifier:          3yHk/eQJIhDB54fuoh/cLweoUh1v7XtqKwDpKTpCIOI=
Subject key identifier:   9F:1C:00:5B:A5:8E:2C:DB:9B:E4:5D:4C:87:33:D1:45:16:9F:EC:9A
Certificate issuer:       /CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
Certificate serial:       0185640BEE6B42AE64823BF48D50D5C17FDD
Authority key identifier: 62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/nxwAW6WOLNub5F1MhzPRRRaf7Jo.roa
Signing time:             Fri 30 Dec 2022 17:19:41 +0000
ROA not before:           Fri 30 Dec 2022 17:19:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61333
IP address blocks:        94.228.108.0/24 maxlen: 24
                          94.228.107.0/24 maxlen: 24
                          94.228.110.0/24 maxlen: 24
                          94.228.96.0/24 maxlen: 24
                          94.228.96.0/20 maxlen: 24
                          94.228.98.0/24 maxlen: 24
                          94.228.100.0/24 maxlen: 24
                          94.228.104.0/24 maxlen: 24
                          94.228.105.0/24 maxlen: 24
                          149.126.64.0/24 maxlen: 24
                          149.126.64.0/21 maxlen: 24
                          149.126.65.0/24 maxlen: 24
                          149.126.67.0/24 maxlen: 24
                          149.126.66.0/24 maxlen: 24
                          149.126.70.0/24 maxlen: 24
                          194.169.198.0/24 maxlen: 24
                          185.251.52.0/24 maxlen: 24
                          185.251.54.0/24 maxlen: 24
                          185.251.53.0/24 maxlen: 24
                          193.200.249.0/24 maxlen: 24
                          2a00:e30:ed00::/41 maxlen: 48
                          2a00:e30:a00::/40 maxlen: 48
                          2a00:e30:2100::/41 maxlen: 41
                          2a00:e30:3000::/41 maxlen: 41
                          2a00:e30:6900::/41 maxlen: 41

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:64:0b:ee:6b:42:ae:64:82:3b:f4:8d:50:d5:c1:7f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
        Validity
            Not Before: Dec 30 17:19:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9f1c005ba58e2cdb9be45d4c8733d145169fec9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cc:8f:2d:ad:7c:09:e5:92:2b:26:e7:41:71:
                    09:81:51:56:f5:98:18:1f:9c:ac:7e:14:dd:43:31:
                    df:1e:72:11:3e:47:ac:2d:cb:af:3b:df:db:d0:c2:
                    4a:b9:01:f6:8e:be:53:6e:94:72:a0:76:14:94:a8:
                    6b:d7:44:08:ef:b0:c7:a5:51:30:7b:95:56:81:08:
                    0c:31:f3:00:8e:a6:e1:1d:43:56:7e:ae:b0:26:55:
                    70:08:c8:40:86:4c:81:a4:25:a4:46:3e:8e:13:5f:
                    37:c6:e4:b4:ac:73:fe:28:cc:0e:d5:00:9a:fc:78:
                    5b:d5:34:78:da:97:2b:60:d8:29:f9:d1:ad:de:9f:
                    7d:b0:31:2f:a0:45:4d:e3:39:56:2a:20:2e:5b:ac:
                    f1:0c:32:76:35:9d:31:50:4a:e3:31:6d:3e:a2:da:
                    72:81:58:36:2a:e8:f0:4c:07:67:03:c4:c2:a9:10:
                    b4:62:66:23:67:8a:c5:2f:85:df:d5:54:f6:ed:8a:
                    c4:d1:88:18:88:a8:d5:46:50:61:e8:12:27:e6:c6:
                    89:3b:ba:6f:e9:93:7a:07:c9:1a:83:9b:cc:2b:35:
                    a7:4c:29:3e:39:db:4c:53:8a:84:95:4f:39:39:4a:
                    23:0a:73:ca:80:0b:d7:05:4e:c5:ec:e7:91:a8:06:
                    82:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:1C:00:5B:A5:8E:2C:DB:9B:E4:5D:4C:87:33:D1:45:16:9F:EC:9A
            X509v3 Authority Key Identifier:
                keyid:62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/nxwAW6WOLNub5F1MhzPRRRaf7Jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.96.0/20
                  149.126.64.0/21
                  185.251.52.0-185.251.54.255
                  193.200.249.0/24
                  194.169.198.0/24
                IPv6:
                  2a00:e30:a00::/40
                  2a00:e30:2100::/41
                  2a00:e30:3000::/41
                  2a00:e30:6900::/41
                  2a00:e30:ed00::/41

    Signature Algorithm: sha256WithRSAEncryption
         85:6a:ca:08:48:e1:9d:c2:2a:55:8d:a8:bb:a2:b5:6e:28:a8:
         c3:65:73:94:cd:72:87:5c:cd:30:e7:44:cf:38:0e:17:0a:77:
         51:dd:63:42:d5:3a:ea:1e:86:dc:59:d4:d5:fa:06:c4:83:a9:
         77:3a:4b:12:53:5b:de:55:c1:f5:59:c2:51:ac:ba:d9:ab:46:
         93:e9:98:14:e3:86:41:c6:24:77:9b:97:d0:b0:1a:89:c9:ce:
         52:6a:32:1d:6d:0d:ed:f7:20:38:0e:62:ca:fa:13:d2:93:a3:
         5a:44:0b:ce:a7:79:61:03:e9:20:63:65:9f:b5:e2:9f:22:4b:
         ec:26:89:ec:64:25:7d:a8:b7:fe:ec:a4:b1:ca:11:2d:fc:37:
         1b:7e:94:67:b4:a3:1f:ac:e8:f5:8f:f0:5f:3a:6a:98:24:79:
         bf:2e:54:82:02:73:ab:87:a5:a5:8e:13:07:20:46:ea:ba:4c:
         47:05:14:aa:c1:b8:68:4a:ef:ed:56:38:c3:2e:25:54:99:2e:
         26:d1:5e:15:9d:87:6e:a2:35:19:ce:4c:ff:68:96:cb:65:b9:
         6d:bd:8b:18:eb:6a:dc:81:13:c5:52:dd:4d:75:fe:cb:57:9d:
         44:dd:3a:d7:d1:21:94:ee:59:f0:5d:5a:73:03:86:6c:eb:d3:
         c5:d4:cf:82
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYVkC+5rQq5kgjv0jVDVwX/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMzUyNmFkOWZiZWM1NzRmYTRlYzNkOWJhZGI1NDMzZmRh
YWNhN2IwHhcNMjIxMjMwMTcxOTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjFjMDA1YmE1OGUyY2RiOWJlNDVkNGM4NzMzZDE0NTE2OWZlYzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMyPLa18CeWSKybnQXEJgVFW9ZgY
H5ysfhTdQzHfHnIRPkesLcuvO9/b0MJKuQH2jr5TbpRyoHYUlKhr10QI77DHpVEw
e5VWgQgMMfMAjqbhHUNWfq6wJlVwCMhAhkyBpCWkRj6OE183xuS0rHP+KMwO1QCa
/Hhb1TR42pcrYNgp+dGt3p99sDEvoEVN4zlWKiAuW6zxDDJ2NZ0xUErjMW0+otpy
gVg2KujwTAdnA8TCqRC0YmYjZ4rFL4Xf1VT27YrE0YgYiKjVRlBh6BIn5saJO7pv
6ZN6B8kag5vMKzWnTCk+OdtMU4qElU85OUojCnPKgAvXBU7F7OeRqAaCOwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFJ8cAFuljizbm+RdTIcz0UUWn+yaMB8GA1UdIwQY
MBaAFGI1Jq2fvsV0+k7D2brbVDP9qsp7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2Yt
ODFjOGNlNzUwMTI0LzEvbnh3QVc2V09MTnViNUYxTWh6UFJSUmFmN0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2YtODFjOGNlNzUwMTI0
LzEvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjAsBAIAATAmAwQEXuRgAwQD
lX5AMAwDBAK5+zQDBAC5+zYDBADByPkDBADCqcYwMgQCAAIwLAMGACoADjAKAwcH
KgAOMCEAAwcHKgAOMDAAAwcHKgAOMGkAAwcHKgAOMO0AMA0GCSqGSIb3DQEBCwUA
A4IBAQCFasoISOGdwipVjai7orVuKKjDZXOUzXKHXM0w50TPOA4XCndR3WNC1Trq
HobcWdTV+gbEg6l3OksSU1veVcH1WcJRrLrZq0aT6ZgU44ZBxiR3m5fQsBqJyc5S
ajIdbQ3t9yA4DmLK+hPSk6NaRAvOp3lhA+kgY2WfteKfIkvsJonsZCV9qLf+7KSx
yhEt/DcbfpRntKMfrOj1j/BfOmqYJHm/LlSCAnOrh6WljhMHIEbqukxHBRSqwbho
Su/tVjjDLiVUmS4m0V4VnYduojUZzkz/aJbLZbltvYsY62rcgRPFUt1Ndf7LV51E
3TrX0SGU7lnwXVpzA4Zs69PF1M+C
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:03 2024 by rpki-client on console-fra.rpki-client.org