Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/PNmg5UFP36ah5N5VY8Yql1brRWw.roa
File:                     PNmg5UFP36ah5N5VY8Yql1brRWw.roa (raw, json)
Hash identifier:          kUZpEwlmb4AwpHI63dPLu11WFuMAlNx6bTAchAS5rkw=
Subject key identifier:   3C:D9:A0:E5:41:4F:DF:A6:A1:E4:DE:55:63:C6:2A:97:56:EB:45:6C
Certificate issuer:       /CN=05bfdbb6a4b1663369da407db97b021f73284a28
Certificate serial:       0182FD87A994736BCFB001D65ADCB38AB1E3
Authority key identifier: 05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/PNmg5UFP36ah5N5VY8Yql1brRWw.roa
Signing time:             Fri 02 Sep 2022 09:28:22 +0000
ROA not before:           Fri 02 Sep 2022 09:28:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42831
IP address blocks:        185.17.24.0/22 maxlen: 22
                          78.157.192.0/19 maxlen: 19
                          78.110.160.0/20 maxlen: 20
                          94.229.64.0/20 maxlen: 20
                          77.74.192.0/21 maxlen: 21
                          31.132.0.0/21 maxlen: 21
                          185.103.96.0/22 maxlen: 22
                          178.159.0.0/20 maxlen: 20
                          37.9.56.0/21 maxlen: 21
                          5.101.136.0/21 maxlen: 21
                          5.101.144.0/21 maxlen: 21
                          77.75.120.0/21 maxlen: 21
                          5.101.168.0/21 maxlen: 21
                          2a01:a500::/32 maxlen: 32
                          2a01:a500:2566::/48 maxlen: 48
                          2a01:a500:1228::/48 maxlen: 48
                          2a01:a500:1::/48 maxlen: 48
                          2a01:a507::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:fd:87:a9:94:73:6b:cf:b0:01:d6:5a:dc:b3:8a:b1:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05bfdbb6a4b1663369da407db97b021f73284a28
        Validity
            Not Before: Sep  2 09:28:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3cd9a0e5414fdfa6a1e4de5563c62a9756eb456c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9f:09:cb:87:d6:b2:d1:24:88:44:7e:05:f0:
                    33:98:53:7a:bc:cc:96:72:51:5c:6b:55:9e:82:f3:
                    0e:55:35:4b:0c:01:d0:4a:99:df:42:f9:65:0c:ed:
                    df:91:7a:c3:1e:64:2b:08:a7:fb:57:32:58:94:2b:
                    f6:53:17:a3:97:de:fa:a5:f5:9d:88:f2:3b:8c:fc:
                    2c:6d:8d:46:a4:c4:63:f6:1d:16:1f:bc:29:74:90:
                    61:84:f6:80:b2:59:5b:12:d0:f2:fd:7a:0d:b2:9f:
                    13:00:e2:16:e6:39:cc:10:b4:51:91:02:6a:61:27:
                    e8:93:39:9f:c1:a5:19:a0:63:fc:32:91:c9:e8:b0:
                    f2:3f:ab:97:f5:09:fd:2f:a3:fb:6b:fc:fc:5c:e6:
                    01:0a:cb:ff:f9:07:0a:3a:7d:94:cd:ca:b4:5a:b2:
                    1a:4b:97:55:ef:9c:d8:8c:7a:cb:92:8a:47:0c:68:
                    b8:43:09:b0:d7:d0:db:05:c0:59:7f:03:ce:9c:54:
                    21:c1:73:c9:21:09:18:de:86:ff:93:e0:c5:c6:6a:
                    56:f9:8c:be:a6:17:cc:87:81:0b:4e:05:83:93:5f:
                    ca:85:ce:6a:6c:8c:6d:0d:b8:ec:de:26:df:9b:cb:
                    ed:f2:11:a4:e9:49:37:5b:2b:59:44:56:09:4c:66:
                    25:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D9:A0:E5:41:4F:DF:A6:A1:E4:DE:55:63:C6:2A:97:56:EB:45:6C
            X509v3 Authority Key Identifier:
                keyid:05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/PNmg5UFP36ah5N5VY8Yql1brRWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.136.0-5.101.151.255
                  5.101.168.0/21
                  31.132.0.0/21
                  37.9.56.0/21
                  77.74.192.0/21
                  77.75.120.0/21
                  78.110.160.0/20
                  78.157.192.0/19
                  94.229.64.0/20
                  178.159.0.0/20
                  185.17.24.0/22
                  185.103.96.0/22
                IPv6:
                  2a01:a500::/32
                  2a01:a507::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:d0:31:18:44:1f:c8:6d:16:2c:8d:f5:3d:ac:cf:b4:42:db:
         26:00:b0:d7:8f:eb:74:47:73:29:4a:96:98:ad:40:47:67:5f:
         12:7f:85:55:81:ba:64:29:87:a4:a7:92:79:c3:7c:d5:5f:89:
         c4:27:a4:d8:bf:54:d7:97:90:6c:02:d0:26:79:62:70:17:8e:
         7a:d3:fa:e6:a7:79:a3:47:ab:13:79:2a:bd:58:38:d5:02:ef:
         74:8a:8b:3f:e7:91:1a:8d:2e:87:35:05:8f:5d:40:32:18:72:
         42:fe:85:1a:56:90:1a:56:b4:84:11:e9:fa:f7:6a:4c:a2:4c:
         9e:14:c0:28:49:53:f5:5f:ac:f7:0f:77:12:9a:00:c6:f8:1d:
         a8:d7:24:95:e7:96:40:58:6e:78:eb:10:3f:2c:6d:e8:9a:fe:
         96:ef:e7:01:33:36:e3:e7:14:be:40:6b:5a:6e:af:4b:6d:5a:
         fb:ee:a5:ce:6a:34:14:c7:21:d7:17:24:88:ac:20:3d:d3:84:
         32:c0:0c:0f:d4:d3:e9:17:95:2a:d9:da:c2:10:fb:7f:34:90:
         6e:1b:bf:74:0b:13:ba:bd:e5:1e:84:b8:77:24:88:be:09:9a:
         d9:df:b7:8b:f2:0e:2b:c2:5f:48:ea:a0:04:5f:87:e1:19:eb:
         c9:47:7b:53
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYL9h6mUc2vPsAHWWtyzirHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YmZkYmI2YTRiMTY2MzM2OWRhNDA3ZGI5N2IwMjFmNzMy
ODRhMjgwHhcNMjIwOTAyMDkyODIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Q5YTBlNTQxNGZkZmE2YTFlNGRlNTU2M2M2MmE5NzU2ZWI0NTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp8Jy4fWstEkiER+BfAzmFN6vMyW
clFca1WegvMOVTVLDAHQSpnfQvllDO3fkXrDHmQrCKf7VzJYlCv2Uxejl976pfWd
iPI7jPwsbY1GpMRj9h0WH7wpdJBhhPaAsllbEtDy/XoNsp8TAOIW5jnMELRRkQJq
YSfokzmfwaUZoGP8MpHJ6LDyP6uX9Qn9L6P7a/z8XOYBCsv/+QcKOn2Uzcq0WrIa
S5dV75zYjHrLkopHDGi4Qwmw19DbBcBZfwPOnFQhwXPJIQkY3ob/k+DFxmpW+Yy+
phfMh4ELTgWDk1/Khc5qbIxtDbjs3ibfm8vt8hGk6Uk3WytZRFYJTGYliwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFDzZoOVBT9+moeTeVWPGKpdW60VsMB8GA1UdIwQY
MBaAFAW/27aksWYzadpAfbl7Ah9zKEooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMt
MDYwZGFjZmViZTBmLzEvUE5tZzVVRlAzNmFoNU41Vlk4WXFsMWJyUld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMtMDYwZGFjZmViZTBm
LzEvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQMAwDBAMFZYgD
BAMFZZADBAMFZagDBAMfhAADBAMlCTgDBANNSsADBANNS3gDBARObqADBAVOncAD
BARe5UADBASynwADBAK5ERgDBAK5Z2AwFAQCAAIwDgMFACoBpQADBQAqAaUHMA0G
CSqGSIb3DQEBCwUAA4IBAQBI0DEYRB/IbRYsjfU9rM+0QtsmALDXj+t0R3MpSpaY
rUBHZ18Sf4VVgbpkKYekp5J5w3zVX4nEJ6TYv1TXl5BsAtAmeWJwF4560/rmp3mj
R6sTeSq9WDjVAu90ios/55EajS6HNQWPXUAyGHJC/oUaVpAaVrSEEen692pMokye
FMAoSVP1X6z3D3cSmgDG+B2o1ySV55ZAWG546xA/LG3omv6W7+cBMzbj5xS+QGta
bq9LbVr77qXOajQUxyHXFySIrCA904QywAwP1NPpF5Uq2drCEPt/NJBuG790CxO6
veUehLh3JIi+CZrZ37eL8g4rwl9I6qAEX4fhGevJR3tT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:36 2024 by rpki-client on console-fra.rpki-client.org