Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/dNGa2VkAN9XKQiJxV_3XXTzBObs.roa
File:                     dNGa2VkAN9XKQiJxV_3XXTzBObs.roa (raw, json)
Hash identifier:          pqNGhglCPDCTmCf8/0r7iO86vTjP7BUwo39THfcLdRs=
Subject key identifier:   74:D1:9A:D9:59:00:37:D5:CA:42:22:71:57:FD:D7:5D:3C:C1:39:BB
Certificate issuer:       /CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
Certificate serial:       330387B6
Authority key identifier: 96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/dNGa2VkAN9XKQiJxV_3XXTzBObs.roa
Signing time:             Sat 01 Jan 2022 05:52:08 +0000
ROA not before:           Sat 01 Jan 2022 05:52:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58256
IP address blocks:        185.83.184.0/24 maxlen: 24
                          185.83.186.0/24 maxlen: 24
                          185.83.185.0/24 maxlen: 24
                          185.83.187.0/24 maxlen: 24
                          37.143.145.0/24 maxlen: 24
                          37.143.144.0/24 maxlen: 24
                          185.42.213.0/24 maxlen: 24
                          185.42.212.0/24 maxlen: 24
                          185.42.215.0/24 maxlen: 24
                          185.42.214.0/24 maxlen: 24
                          37.143.151.0/24 maxlen: 24
                          37.143.150.0/24 maxlen: 24
                          37.143.149.0/24 maxlen: 24
                          37.143.148.0/24 maxlen: 24
                          37.143.147.0/24 maxlen: 24
                          37.143.146.0/24 maxlen: 24
                          185.83.31.0/24 maxlen: 24
                          185.83.30.0/24 maxlen: 24
                          185.83.29.0/24 maxlen: 24
                          91.108.132.0/24 maxlen: 24
                          91.108.131.0/24 maxlen: 24
                          91.108.130.0/24 maxlen: 24
                          91.108.129.0/24 maxlen: 24
                          91.108.128.0/24 maxlen: 24
                          91.108.139.0/24 maxlen: 24
                          91.108.133.0/24 maxlen: 24
                          91.108.138.0/24 maxlen: 24
                          91.108.137.0/24 maxlen: 24
                          91.108.136.0/24 maxlen: 24
                          91.108.135.0/24 maxlen: 24
                          91.108.134.0/24 maxlen: 24
                          91.108.140.0/24 maxlen: 24
                          91.108.145.0/24 maxlen: 24
                          91.108.144.0/24 maxlen: 24
                          91.108.143.0/24 maxlen: 24
                          91.108.142.0/24 maxlen: 24
                          91.108.141.0/24 maxlen: 24
                          91.108.152.0/24 maxlen: 24
                          91.108.151.0/24 maxlen: 24
                          91.108.149.0/24 maxlen: 24
                          91.108.148.0/24 maxlen: 24
                          91.108.147.0/24 maxlen: 24
                          91.108.146.0/24 maxlen: 24
                          91.108.154.0/24 maxlen: 24
                          91.108.153.0/24 maxlen: 24
                          91.108.159.0/24 maxlen: 24
                          91.108.158.0/24 maxlen: 24
                          91.108.157.0/24 maxlen: 24
                          91.108.156.0/24 maxlen: 24
                          91.108.155.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 855869366 (0x330387b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
        Validity
            Not Before: Jan  1 05:52:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=74d19ad9590037d5ca42227157fdd75d3cc139bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a3:0a:0f:61:b4:35:01:1a:d7:72:53:ae:26:
                    f5:e5:a0:49:29:91:de:4b:ce:d7:55:f2:e3:22:0b:
                    b4:5c:10:06:1a:ea:fd:2c:2a:39:2c:46:d7:70:74:
                    fc:76:d5:9d:60:00:54:63:a7:3e:fa:d3:3b:c8:08:
                    9c:ba:83:c5:89:c6:61:ee:ec:6c:1c:57:94:53:ad:
                    78:ea:f1:98:fd:49:bf:da:d9:39:29:72:5d:df:f0:
                    a8:c8:cb:89:8d:ea:04:3b:dc:b4:67:99:64:f7:49:
                    69:b3:75:13:f5:c1:02:16:37:0a:48:ec:94:65:77:
                    1f:c2:cf:2a:50:5f:2a:d4:5c:1d:78:33:00:c7:2f:
                    56:d2:bb:43:0c:a6:73:d6:06:45:a8:43:1a:c2:e8:
                    55:10:3b:66:d1:91:58:30:43:ff:af:10:c9:ad:1a:
                    dd:c8:20:a6:d7:14:21:ba:2b:5d:0a:9c:17:aa:87:
                    08:44:ee:96:eb:c5:63:40:37:63:89:46:62:50:d0:
                    9b:b1:77:73:ca:7c:67:42:5a:0c:7b:8f:43:47:ca:
                    61:91:ca:75:0c:7b:de:5a:ca:d4:0c:0d:c5:53:0c:
                    ee:53:e8:27:c2:7f:00:87:9c:54:c7:1a:1e:2f:04:
                    71:a0:5a:76:e5:56:97:e4:4e:9f:e6:2b:69:2c:b6:
                    32:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D1:9A:D9:59:00:37:D5:CA:42:22:71:57:FD:D7:5D:3C:C1:39:BB
            X509v3 Authority Key Identifier:
                keyid:96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/dNGa2VkAN9XKQiJxV_3XXTzBObs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.144.0/21
                  91.108.128.0-91.108.149.255
                  91.108.151.0-91.108.159.255
                  185.42.212.0/22
                  185.83.29.0-185.83.31.255
                  185.83.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:5b:8e:40:ff:71:5a:65:f0:16:84:8e:ce:9d:09:b1:79:25:
         59:b7:84:75:f3:88:6e:50:0a:a2:99:8f:3f:5b:5c:a1:0c:bc:
         bd:bd:b6:94:98:b0:fe:b9:ec:6a:69:a3:be:72:cc:11:15:ef:
         2c:86:f9:2e:00:b8:dd:c8:65:da:e2:cf:b6:d5:e4:4b:86:3d:
         ba:be:a8:46:07:45:fd:85:3e:57:a9:e1:78:6b:26:7b:c5:32:
         ad:10:cf:79:7e:d9:ca:c0:2b:00:c4:41:d3:01:de:af:ac:0e:
         6e:29:4d:59:3d:b5:b9:0d:b8:4d:f3:dd:54:e7:1c:ab:77:be:
         ef:1b:1d:da:ba:ae:1e:c1:ba:cb:3e:95:42:35:39:3d:f6:4e:
         de:e6:e4:36:d2:2b:ac:cb:28:7e:dc:71:18:f8:2a:27:fc:40:
         02:27:c8:25:74:24:b1:83:1c:f1:e5:85:0a:f5:25:59:e0:cc:
         79:fd:2e:c2:9e:b2:99:a7:0a:c3:e2:0b:5f:17:57:14:92:60:
         60:f9:f3:20:1a:28:4b:68:7d:36:28:ea:00:a0:d9:0f:ab:d0:
         45:1c:22:0b:b0:bc:95:c8:40:20:71:a8:27:56:bb:92:ac:3c:
         fc:23:04:9c:39:77:64:2b:f5:0b:00:e9:99:66:fb:eb:18:45:
         e5:46:30:ad
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEMwOHtjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NmNiY2YyZTk1N2NhOGQ5NDI0NzJhN2IwMDQ0Mjg1YjI2ZGI2YjIyMB4XDTIyMDEw
MTA1NTIwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzRkMTlhZDk1OTAw
MzdkNWNhNDIyMjcxNTdmZGQ3NWQzY2MxMzliYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANajCg9htDUBGtdyU64m9eWgSSmR3kvO11Xy4yILtFwQBhrq
/SwqOSxG13B0/HbVnWAAVGOnPvrTO8gInLqDxYnGYe7sbBxXlFOteOrxmP1Jv9rZ
OSlyXd/wqMjLiY3qBDvctGeZZPdJabN1E/XBAhY3CkjslGV3H8LPKlBfKtRcHXgz
AMcvVtK7Qwymc9YGRahDGsLoVRA7ZtGRWDBD/68Qya0a3cggptcUIborXQqcF6qH
CETuluvFY0A3Y4lGYlDQm7F3c8p8Z0JaDHuPQ0fKYZHKdQx73lrK1AwNxVMM7lPo
J8J/AIecVMcaHi8EcaBaduVWl+ROn+YraSy2MgkCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBR00ZrZWQA31cpCInFX/dddPME5uzAfBgNVHSMEGDAWgBSWy88ulXyo2UJH
KnsARChbJttrIjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xzdlBMcFY4cU5sQ1J5cDdBRVFvV3liYmF5SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvMWI2MGU5LWI2ZTAtNDg5MC05ZGUxLTEzYjQzMTM0MmFiOC8x
L2ROR2EyVmtBTjlYS1FpSnhWXzNYWFR6Qk9icy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
MWI2MGU5LWI2ZTAtNDg5MC05ZGUxLTEzYjQzMTM0MmFiOC8xL2xzdlBMcFY4cU5s
Q1J5cDdBRVFvV3liYmF5SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAyWPkDAMAwQHW2yAAwQBW2yUMAwD
BABbbJcDBAVbbIADBAK5KtQwDAMEALlTHQMEBblTAAMEArlTuDANBgkqhkiG9w0B
AQsFAAOCAQEAaluOQP9xWmXwFoSOzp0JsXklWbeEdfOIblAKopmPP1tcoQy8vb22
lJiw/rnsammjvnLMERXvLIb5LgC43chl2uLPttXkS4Y9ur6oRgdF/YU+V6nheGsm
e8UyrRDPeX7ZysArAMRB0wHer6wObilNWT21uQ24TfPdVOccq3e+7xsd2rquHsG6
yz6VQjU5PfZO3ubkNtIrrMsoftxxGPgqJ/xAAifIJXQksYMc8eWFCvUlWeDMef0u
wp6ymacKw+ILXxdXFJJgYPnzIBooS2h9NijqAKDZD6vQRRwiC7C8lchAIHGoJ1a7
kqw8/CMEnDl3ZCv1CwDpmWb76xhF5UYwrQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:19 2024 by rpki-client on console-ams.rpki-client.org