Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/yzI5PXCDC-kI_dv51qiArQFptws.roa
File:                     yzI5PXCDC-kI_dv51qiArQFptws.roa (raw, json)
Hash identifier:          HQhWHS+B4MSkUYVgT9ZWS6ijTGPnnP2i6sH1BxWlPIY=
Subject key identifier:   CB:32:39:3D:70:83:0B:E9:08:FD:DB:F9:D6:A8:80:AD:01:69:B7:0B
Certificate issuer:       /CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
Certificate serial:       11872184
Authority key identifier: 38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/yzI5PXCDC-kI_dv51qiArQFptws.roa
Signing time:             Sun 27 Mar 2022 10:02:59 +0000
ROA not before:           Sun 27 Mar 2022 10:02:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60268
IP address blocks:        193.19.97.0/24 maxlen: 24
                          193.19.96.0/24 maxlen: 24
                          193.19.96.0/23 maxlen: 23
                          185.97.132.0/22 maxlen: 24
                          185.97.132.0/23 maxlen: 24
                          185.97.132.0/24 maxlen: 24
                          185.97.133.0/24 maxlen: 24
                          185.97.134.0/23 maxlen: 24
                          185.97.134.0/24 maxlen: 24
                          185.97.135.0/24 maxlen: 24
                          185.33.171.0/24 maxlen: 24
                          185.33.169.0/24 maxlen: 24
                          185.33.170.0/23 maxlen: 24
                          185.33.170.0/24 maxlen: 24
                          185.33.168.0/23 maxlen: 24
                          185.33.168.0/24 maxlen: 24
                          185.33.168.0/22 maxlen: 22
                          193.19.72.0/24 maxlen: 24
                          193.19.73.0/24 maxlen: 24
                          2a00:cee0:dcc::/48 maxlen: 48
                          2a00:cee6:cafe::/48 maxlen: 48
                          2a00:cee6::/32 maxlen: 48
                          2a00:cee0::/32 maxlen: 48
                          2a00:cee2:dcc::/48 maxlen: 48
                          2a00:cee6:dcc::/48 maxlen: 48
                          2a00:cee2::/32 maxlen: 48
                          2a00:cee3:dcc::/48 maxlen: 48
                          2a00:cee5::/32 maxlen: 48
                          2a00:cee5:cafe::/48 maxlen: 48
                          2a00:cee2:cafe::/48 maxlen: 48
                          2a00:cee4:dcc::/48 maxlen: 48
                          2a00:cee0::/29 maxlen: 29
                          2a00:cee3::/32 maxlen: 48
                          2a00:cee1:cafe::/48 maxlen: 48
                          2a00:cee5:dcc::/48 maxlen: 48
                          2a00:cee4:cafe::/48 maxlen: 48
                          2a00:cee0:cafe::/48 maxlen: 48
                          2a00:cee1::/32 maxlen: 48
                          2a00:cee3:cafe::/48 maxlen: 48
                          2a00:cee4::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 294068612 (0x11872184)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
        Validity
            Not Before: Mar 27 10:02:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cb32393d70830be908fddbf9d6a880ad0169b70b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1a:5f:85:09:55:ff:6c:4b:db:47:4f:56:62:
                    8e:74:81:b5:5d:29:ab:64:90:1f:39:9e:bc:94:f0:
                    90:a4:5d:b4:e4:64:f1:f1:71:b8:ce:36:00:b6:4b:
                    7d:8f:90:8b:f7:c9:cf:f9:ff:6c:b1:1c:00:d9:a7:
                    a1:52:c9:b5:c9:9b:83:7b:59:cb:ab:df:98:67:26:
                    f1:ba:5e:95:02:71:92:fd:ce:e1:46:a9:8e:dd:96:
                    71:a5:0f:ff:d6:aa:56:3d:cc:24:dc:49:83:8e:78:
                    e8:1b:ec:be:8a:b2:4e:20:2c:0a:56:f2:d5:56:74:
                    89:39:59:25:cd:11:5a:95:14:1e:e4:56:13:8b:c8:
                    bf:73:7b:3d:46:c4:2e:d5:75:e1:a9:ef:18:3f:a4:
                    f9:01:2b:2e:6a:ae:9b:3d:eb:57:71:08:8f:b6:fe:
                    06:40:42:48:c8:22:db:c3:da:f3:93:73:9a:38:bc:
                    6b:c1:d7:1b:89:5f:e2:b3:fc:2d:0c:42:2c:8e:76:
                    b8:2e:98:e9:a1:23:5d:e3:d7:eb:a6:54:25:4c:b1:
                    64:a7:ed:5c:3e:53:7a:d3:80:f4:19:64:95:10:bf:
                    4a:69:75:96:39:19:56:fe:c5:d4:3f:da:f2:40:4b:
                    6e:0a:5c:4b:8a:98:7e:37:e8:f3:c2:88:98:f3:4d:
                    0d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:32:39:3D:70:83:0B:E9:08:FD:DB:F9:D6:A8:80:AD:01:69:B7:0B
            X509v3 Authority Key Identifier:
                keyid:38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/yzI5PXCDC-kI_dv51qiArQFptws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.168.0/22
                  185.97.132.0/22
                  193.19.72.0/23
                  193.19.96.0/23
                IPv6:
                  2a00:cee0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:c9:ea:40:ec:60:f8:7e:4a:06:c9:a8:8a:b4:99:e6:63:54:
         ff:29:15:b4:19:4c:b7:31:54:cb:ee:d0:fd:58:45:b2:f5:5d:
         18:ec:83:b5:0d:04:20:ca:b5:0f:aa:e3:5d:62:d5:4f:ae:b7:
         96:3d:8e:76:c1:f2:81:a8:a7:f5:6a:3b:b0:6f:c7:1d:6c:68:
         ae:ac:f8:68:59:74:bc:44:c7:60:e6:b9:6b:62:6f:5c:6f:0f:
         1e:6b:b2:45:35:6b:d9:6e:6f:3d:1c:12:08:ed:38:29:19:c0:
         2d:7b:dc:57:86:79:20:33:db:7c:05:d5:ba:46:04:ca:0c:3b:
         95:24:41:37:c7:e5:c8:8d:3e:cf:00:38:5c:89:ff:f7:3d:34:
         e9:51:d3:a8:e7:15:3b:66:54:58:06:da:34:5c:19:b3:dc:35:
         50:4b:77:02:6f:5f:ab:62:07:4c:40:f2:9a:ee:97:d7:73:47:
         a2:f3:77:e1:93:99:52:d3:fe:e9:bc:59:6f:36:06:66:44:25:
         4b:2a:05:36:c2:eb:30:22:1e:d3:cb:07:78:fb:c3:fa:99:a7:
         e5:43:9d:d1:37:0b:39:87:0e:33:b3:f0:0b:7e:9b:ce:9f:da:
         8d:c1:35:db:7c:77:6e:b2:76:70:ec:94:98:75:7a:86:7f:45:
         a4:66:a7:3b
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEEYchhDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OGNhM2YzOGQ4ZTVhMzAxZWFmNjkyNGI5MjRmZThmNTdhYWM2OTBkMB4XDTIyMDMy
NzEwMDI1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2IzMjM5M2Q3MDgz
MGJlOTA4ZmRkYmY5ZDZhODgwYWQwMTY5YjcwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANYaX4UJVf9sS9tHT1ZijnSBtV0pq2SQHzmevJTwkKRdtORk
8fFxuM42ALZLfY+Qi/fJz/n/bLEcANmnoVLJtcmbg3tZy6vfmGcm8bpelQJxkv3O
4Uapjt2WcaUP/9aqVj3MJNxJg4546BvsvoqyTiAsClby1VZ0iTlZJc0RWpUUHuRW
E4vIv3N7PUbELtV14anvGD+k+QErLmqumz3rV3EIj7b+BkBCSMgi28Pa85Nzmji8
a8HXG4lf4rP8LQxCLI52uC6Y6aEjXePX66ZUJUyxZKftXD5TetOA9BlklRC/Sml1
ljkZVv7F1D/a8kBLbgpcS4qYfjfo88KImPNNDT8CAwEAAaOCAiowggImMB0GA1Ud
DgQWBBTLMjk9cIML6Qj92/nWqICtAWm3CzAfBgNVHSMEGDAWgBQ4yj842OWjAer2
kkuST+j1eqxpDTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09Nb19PTmpsb3dIcTlwSkxra19vOVhxc2FRMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYmE2NzU1LTQyNzMtNDhlMS04NTgyLTcxMmZhNjVhMjViYS8x
L3l6STVQWENEQy1rSV9kdjUxcWlBclFGcHR3cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YmE2NzU1LTQyNzMtNDhlMS04NTgyLTcxMmZhNjVhMjViYS8xL09Nb19PTmpsb3dI
cTlwSkxra19vOVhxc2FRMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEArkhqAMEArlhhAMEAcETSAMEAcET
YDANBAIAAjAHAwUDKgDO4DANBgkqhkiG9w0BAQsFAAOCAQEAOsnqQOxg+H5KBsmo
irSZ5mNU/ykVtBlMtzFUy+7Q/VhFsvVdGOyDtQ0EIMq1D6rjXWLVT663lj2OdsHy
gain9Wo7sG/HHWxorqz4aFl0vETHYOa5a2JvXG8PHmuyRTVr2W5vPRwSCO04KRnA
LXvcV4Z5IDPbfAXVukYEygw7lSRBN8flyI0+zwA4XIn/9z006VHTqOcVO2ZUWAba
NFwZs9w1UEt3Am9fq2IHTEDymu6X13NHovN34ZOZUtP+6bxZbzYGZkQlSyoFNsLr
MCIe08sHePvD+pmn5UOd0TcLOYcOM7PwC36bzp/ajcE123x3brJ2cOyUmHV6hn9F
pGanOw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:37 2024 by rpki-client on console-ams.rpki-client.org