Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/Ppmo53V8_XSdq_1HZWmv7n-fZsA.roa
File:                     Ppmo53V8_XSdq_1HZWmv7n-fZsA.roa (raw, json)
Hash identifier:          QG2M1KzgsA6eqq6hoJvZIox6RltXunjyrpm+fF8WztY=
Subject key identifier:   3E:99:A8:E7:75:7C:FD:74:9D:AB:FD:47:65:69:AF:EE:7F:9F:66:C0
Certificate issuer:       /CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
Certificate serial:       10C5A986
Authority key identifier: 38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/Ppmo53V8_XSdq_1HZWmv7n-fZsA.roa
Signing time:             Sat 01 Jan 2022 02:59:47 +0000
ROA not before:           Sat 01 Jan 2022 02:59:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60268
IP address blocks:        185.97.132.0/22 maxlen: 24
                          185.97.132.0/24 maxlen: 24
                          185.97.132.0/23 maxlen: 24
                          185.97.133.0/24 maxlen: 24
                          185.97.134.0/23 maxlen: 24
                          185.97.134.0/24 maxlen: 24
                          185.97.135.0/24 maxlen: 24
                          185.33.171.0/24 maxlen: 24
                          185.33.169.0/24 maxlen: 24
                          185.33.170.0/24 maxlen: 24
                          185.33.170.0/23 maxlen: 24
                          185.33.168.0/24 maxlen: 24
                          185.33.168.0/23 maxlen: 24
                          185.33.168.0/22 maxlen: 22
                          2a00:cee0:dcc::/48 maxlen: 48
                          2a00:cee6:cafe::/48 maxlen: 48
                          2a00:cee6::/32 maxlen: 48
                          2a00:cee0::/32 maxlen: 48
                          2a00:cee2:dcc::/48 maxlen: 48
                          2a00:cee6:dcc::/48 maxlen: 48
                          2a00:cee2::/32 maxlen: 48
                          2a00:cee3:dcc::/48 maxlen: 48
                          2a00:cee5::/32 maxlen: 48
                          2a00:cee5:cafe::/48 maxlen: 48
                          2a00:cee2:cafe::/48 maxlen: 48
                          2a00:cee4:dcc::/48 maxlen: 48
                          2a00:cee0::/29 maxlen: 29
                          2a00:cee3::/32 maxlen: 48
                          2a00:cee1:cafe::/48 maxlen: 48
                          2a00:cee5:dcc::/48 maxlen: 48
                          2a00:cee4:cafe::/48 maxlen: 48
                          2a00:cee0:cafe::/48 maxlen: 48
                          2a00:cee1::/32 maxlen: 48
                          2a00:cee3:cafe::/48 maxlen: 48
                          2a00:cee4::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 281389446 (0x10c5a986)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
        Validity
            Not Before: Jan  1 02:59:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3e99a8e7757cfd749dabfd476569afee7f9f66c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7c:f4:51:1a:d4:76:1e:c6:7d:e7:d2:e5:db:
                    f0:c5:c8:26:9e:33:21:75:24:f7:6c:75:24:bd:e6:
                    6f:2a:3c:12:94:b3:54:9a:5f:3d:9c:65:94:32:32:
                    56:4b:18:9d:b7:74:d9:6c:2c:26:d7:c7:77:5e:6c:
                    53:70:12:c0:47:de:5c:24:ed:cf:e1:de:98:05:52:
                    b9:d2:a2:d7:d5:45:a5:89:c3:9f:66:af:f8:b9:22:
                    6b:67:d6:fb:2f:77:9d:f5:40:9b:0c:8b:af:94:b1:
                    4e:49:b3:48:22:25:91:eb:20:68:94:06:89:9b:80:
                    57:81:59:1d:45:d8:f6:f6:aa:4d:24:fe:bb:b8:be:
                    3a:60:87:83:2b:c1:20:33:79:12:54:58:8d:0e:f0:
                    ce:3f:73:45:f3:ae:f5:d1:3c:0a:9a:6c:c9:c9:04:
                    1e:09:56:d1:2c:79:22:89:d3:1b:9a:94:8c:50:1f:
                    8c:19:0f:c1:98:7c:10:dc:b7:12:27:29:f4:58:df:
                    94:39:6d:82:5d:bf:51:fd:23:f8:10:67:d9:1e:1e:
                    ff:e6:81:c2:8a:22:cb:f2:ef:3a:6e:28:2e:a6:7f:
                    e7:ba:fd:2a:bd:22:8a:aa:e8:77:d4:2c:6e:d7:8a:
                    6a:d4:75:7b:d3:a2:bf:9c:7f:49:6d:6e:0a:fd:4d:
                    cf:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:99:A8:E7:75:7C:FD:74:9D:AB:FD:47:65:69:AF:EE:7F:9F:66:C0
            X509v3 Authority Key Identifier:
                keyid:38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/Ppmo53V8_XSdq_1HZWmv7n-fZsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.168.0/22
                  185.97.132.0/22
                IPv6:
                  2a00:cee0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:0f:3f:66:2c:c2:ae:a1:22:08:a3:a8:4f:c8:a3:74:37:3b:
         15:c5:af:6b:8b:36:f4:dc:41:10:6d:2f:07:2f:b5:01:5d:20:
         67:10:9c:88:86:0e:d3:52:3d:74:97:49:c6:ea:cc:09:a0:63:
         3a:89:e8:74:7e:11:1d:95:86:8d:a1:11:e7:f9:47:08:e4:08:
         b3:44:57:5e:e9:a0:76:38:c4:90:aa:4d:c6:09:8e:3a:8e:22:
         38:13:b2:24:79:a4:95:e3:07:0f:d3:37:49:79:5f:db:7b:ce:
         2b:92:57:5a:6f:95:94:1a:94:9c:ac:9e:e4:40:8a:bc:38:cf:
         4a:4e:ad:84:7e:31:cc:91:0f:d4:9f:34:af:68:ca:3a:00:f8:
         fa:d2:ad:12:80:e3:a9:1c:69:f4:37:2d:52:74:b3:37:78:a2:
         66:5b:c5:33:e8:29:52:ca:30:a9:83:d9:8d:c0:6a:9f:e0:21:
         1b:90:ce:7c:7d:e6:98:ae:34:cc:b4:cc:fb:20:d2:0c:27:0e:
         c3:2c:87:a7:24:27:42:84:c8:9d:8e:de:33:00:f1:a1:b4:df:
         51:e1:8b:3a:91:49:54:7a:db:55:52:ab:cf:f2:ae:a4:5e:c0:
         2f:13:bf:b7:91:fa:2c:47:f9:5f:0e:30:a8:03:ae:e5:f1:f0:
         7e:ee:66:c5
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEEMWphjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OGNhM2YzOGQ4ZTVhMzAxZWFmNjkyNGI5MjRmZThmNTdhYWM2OTBkMB4XDTIyMDEw
MTAyNTk0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2U5OWE4ZTc3NTdj
ZmQ3NDlkYWJmZDQ3NjU2OWFmZWU3ZjlmNjZjMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMV89FEa1HYexn3n0uXb8MXIJp4zIXUk92x1JL3mbyo8EpSz
VJpfPZxllDIyVksYnbd02WwsJtfHd15sU3ASwEfeXCTtz+HemAVSudKi19VFpYnD
n2av+Lkia2fW+y93nfVAmwyLr5SxTkmzSCIlkesgaJQGiZuAV4FZHUXY9vaqTST+
u7i+OmCHgyvBIDN5ElRYjQ7wzj9zRfOu9dE8CppsyckEHglW0Sx5IonTG5qUjFAf
jBkPwZh8ENy3Eicp9FjflDltgl2/Uf0j+BBn2R4e/+aBwooiy/LvOm4oLqZ/57r9
Kr0iiqrod9QsbteKatR1e9Oiv5x/SW1uCv1Nz9UCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQ+majndXz9dJ2r/Udlaa/uf59mwDAfBgNVHSMEGDAWgBQ4yj842OWjAer2
kkuST+j1eqxpDTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09Nb19PTmpsb3dIcTlwSkxra19vOVhxc2FRMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYmE2NzU1LTQyNzMtNDhlMS04NTgyLTcxMmZhNjVhMjViYS8x
L1BwbW81M1Y4X1hTZHFfMUhaV212N24tZlpzQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YmE2NzU1LTQyNzMtNDhlMS04NTgyLTcxMmZhNjVhMjViYS8xL09Nb19PTmpsb3dI
cTlwSkxra19vOVhxc2FRMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArkhqAMEArlhhDANBAIAAjAHAwUD
KgDO4DANBgkqhkiG9w0BAQsFAAOCAQEAaQ8/ZizCrqEiCKOoT8ijdDc7FcWva4s2
9NxBEG0vBy+1AV0gZxCciIYO01I9dJdJxurMCaBjOonodH4RHZWGjaER5/lHCOQI
s0RXXumgdjjEkKpNxgmOOo4iOBOyJHmkleMHD9M3SXlf23vOK5JXWm+VlBqUnKye
5ECKvDjPSk6thH4xzJEP1J80r2jKOgD4+tKtEoDjqRxp9DctUnSzN3iiZlvFM+gp
UsowqYPZjcBqn+AhG5DOfH3mmK40zLTM+yDSDCcOwyyHpyQnQoTInY7eMwDxobTf
UeGLOpFJVHrbVVKrz/KupF7ALxO/t5H6LEf5Xw4wqAOu5fHwfu5mxQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:37 2024 by rpki-client on console-ams.rpki-client.org