Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/PMzm6b7_I6boPS1CsbbcbM3x0QA.roa
File:                     PMzm6b7_I6boPS1CsbbcbM3x0QA.roa (raw, json)
Hash identifier:          owHBhh5hMds47o5G2vse2mxPNxGRQZQlZGpE8bRixVA=
Subject key identifier:   3C:CC:E6:E9:BE:FF:23:A6:E8:3D:2D:42:B1:B6:DC:6C:CD:F1:D1:00
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0569ECA5
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/PMzm6b7_I6boPS1CsbbcbM3x0QA.roa
Signing time:             Wed 29 Jun 2022 08:40:03 +0000
ROA not before:           Wed 29 Jun 2022 08:40:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205090
IP address blocks:        185.112.81.0/24 maxlen: 24
                          185.112.102.0/24 maxlen: 24
                          185.117.117.0/24 maxlen: 24
                          185.112.101.0/24 maxlen: 24
                          185.112.103.0/24 maxlen: 24
                          45.9.73.0/24 maxlen: 24
                          45.9.75.0/24 maxlen: 24
                          193.162.143.0/24 maxlen: 24
                          185.105.90.0/24 maxlen: 24
                          185.105.88.0/24 maxlen: 24
                          185.105.91.0/24 maxlen: 24
                          185.105.89.0/24 maxlen: 24
                          185.221.162.0/24 maxlen: 24
                          45.95.202.0/24 maxlen: 24
                          185.102.139.0/24 maxlen: 24
                          45.95.203.0/24 maxlen: 24
                          45.90.216.0/24 maxlen: 24
                          45.90.218.0/24 maxlen: 24
                          45.90.217.0/24 maxlen: 24
                          45.90.219.0/24 maxlen: 24
                          84.252.73.0/24 maxlen: 24
                          84.252.75.0/24 maxlen: 24
                          84.252.74.0/24 maxlen: 24
                          185.128.105.0/24 maxlen: 24
                          45.89.65.0/24 maxlen: 24
                          85.209.2.0/24 maxlen: 24
                          185.103.109.0/24 maxlen: 24
                          185.128.107.0/24 maxlen: 24
                          185.128.106.0/24 maxlen: 24
                          193.168.227.0/24 maxlen: 24
                          185.217.198.0/24 maxlen: 24
                          185.217.199.0/24 maxlen: 24
                          185.104.251.0/24 maxlen: 24
                          2a0e:d603::/32 maxlen: 32
                          2a09:5302::/32 maxlen: 32
                          2a0d:2dc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 90827941 (0x569eca5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jun 29 08:40:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3ccce6e9beff23a6e83d2d42b1b6dc6ccdf1d100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a7:8f:2f:4a:e2:06:42:ad:a2:16:06:29:a7:
                    e9:b4:60:ce:5d:55:0f:43:fe:35:39:8a:98:74:af:
                    52:b2:b8:aa:9f:60:65:a9:3c:01:d1:00:0e:0f:5a:
                    93:a2:32:3b:c8:88:33:4a:89:b2:2c:d9:32:39:63:
                    b1:f8:f8:f8:f1:a8:2c:c6:b6:3a:73:bd:f0:d7:76:
                    34:bc:36:35:33:54:49:b3:21:41:27:47:12:29:c1:
                    eb:7d:1b:9f:65:be:de:c4:ae:32:11:ea:4b:48:ee:
                    e1:90:0c:4e:6d:d9:2f:8f:2d:e1:00:55:19:01:e0:
                    6f:fc:aa:04:0c:51:09:5f:92:d4:7d:5e:f4:1a:4f:
                    e1:21:09:9e:a6:ee:8b:7e:34:35:5c:1c:fd:c5:15:
                    6e:b2:5d:a3:4e:98:d8:5f:b8:6b:c7:d1:d3:7c:b4:
                    4c:89:27:20:0b:a5:bf:59:23:2e:6d:d7:b5:49:fd:
                    3a:5a:13:9f:6f:05:af:fc:6a:18:4d:0c:a2:66:27:
                    92:6f:5d:41:76:89:55:e6:08:32:51:28:38:f5:03:
                    f1:0b:3b:f9:49:c9:b8:d8:fb:c0:39:53:80:6c:9c:
                    a3:c1:5d:11:34:c9:b6:d8:4c:96:18:93:1b:b3:a1:
                    7c:d8:e5:63:ec:f8:47:2d:f4:22:ee:b8:b9:2e:2f:
                    ea:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CC:E6:E9:BE:FF:23:A6:E8:3D:2D:42:B1:B6:DC:6C:CD:F1:D1:00
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/PMzm6b7_I6boPS1CsbbcbM3x0QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.73.0/24
                  45.9.75.0/24
                  45.89.65.0/24
                  45.90.216.0/22
                  45.95.202.0/23
                  84.252.73.0-84.252.75.255
                  85.209.2.0/24
                  185.102.139.0/24
                  185.103.109.0/24
                  185.104.251.0/24
                  185.105.88.0/22
                  185.112.81.0/24
                  185.112.101.0-185.112.103.255
                  185.117.117.0/24
                  185.128.105.0-185.128.107.255
                  185.217.198.0/23
                  185.221.162.0/24
                  193.162.143.0/24
                  193.168.227.0/24
                IPv6:
                  2a09:5302::/32
                  2a0d:2dc0::/29
                  2a0e:d603::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:78:e5:4f:f8:83:5c:9c:f3:40:4e:70:53:c6:ac:67:d3:25:
         de:55:9c:4e:76:af:f0:30:a9:0d:b8:36:91:19:16:b4:84:47:
         18:5c:e8:31:05:f5:cf:31:02:04:c0:f2:25:8b:f2:00:2b:74:
         8e:7f:71:c0:1d:87:8c:52:cd:1e:f1:56:22:d9:74:f4:7f:56:
         a9:bc:18:82:92:c3:5a:1f:fd:1a:17:cb:6a:78:eb:f7:59:d8:
         81:d9:a0:4d:1c:b7:5f:21:8b:7e:3d:52:40:94:d3:ee:8d:5c:
         cb:e2:2a:84:9c:c5:cc:e7:02:00:2c:6c:33:09:bb:77:22:54:
         c9:60:97:b1:5d:47:d7:e0:32:b3:b0:f7:ae:ac:ca:1a:6c:5b:
         d1:e6:45:2d:c3:5e:f6:f6:b4:9e:09:e6:fa:d2:c7:c4:7a:d9:
         9d:e9:62:60:05:ac:22:6d:3f:40:e1:df:c1:32:15:d6:d4:89:
         76:57:76:6f:d1:46:01:98:0e:f5:59:44:a5:05:4c:10:7f:ff:
         7b:0f:c4:ad:83:8e:07:e7:2e:9b:7e:ea:04:bf:cc:b9:67:c5:
         5d:15:ea:72:16:d7:9b:2e:be:cb:89:a3:9c:0a:27:d2:9a:f3:
         fc:a1:e5:6f:8c:a0:c2:4f:b3:1a:f5:76:39:b3:c9:f4:fd:25:
         6f:e3:a1:3c
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIEBWnspTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDYy
OTA4NDAwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2NjY2U2ZTliZWZm
MjNhNmU4M2QyZDQyYjFiNmRjNmNjZGYxZDEwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKKnjy9K4gZCraIWBimn6bRgzl1VD0P+NTmKmHSvUrK4qp9g
Zak8AdEADg9ak6IyO8iIM0qJsizZMjljsfj4+PGoLMa2OnO98Nd2NLw2NTNUSbMh
QSdHEinB630bn2W+3sSuMhHqS0ju4ZAMTm3ZL48t4QBVGQHgb/yqBAxRCV+S1H1e
9BpP4SEJnqbui340NVwc/cUVbrJdo06Y2F+4a8fR03y0TIknIAulv1kjLm3XtUn9
OloTn28Fr/xqGE0MomYnkm9dQXaJVeYIMlEoOPUD8Qs7+UnJuNj7wDlTgGyco8Fd
ETTJtthMlhiTG7OhfNjlY+z4Ry30Iu64uS4v6ksCAwEAAaOCAq8wggKrMB0GA1Ud
DgQWBBQ8zObpvv8jpug9LUKxttxszfHRADAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L1BNem02YjdfSTZib1BTMUNzYmJjYk0zeDBRQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
xAYIKwYBBQUHAQcBAf8EgbQwgbEwgZEEAgABMIGKAwQALQlJAwQALQlLAwQALVlB
AwQCLVrYAwQBLV/KMAwDBABU/EkDBAJU/EgDBABV0QIDBAC5ZosDBAC5Z20DBAC5
aPsDBAK5aVgDBAC5cFEwDAMEALlwZQMEA7lwYAMEALl1dTAMAwQAuYBpAwQCuYBo
AwQBudnGAwQAud2iAwQAwaKPAwQAwajjMBsEAgACMBUDBQAqCVMCAwUDKg0twAMF
ACoO1gMwDQYJKoZIhvcNAQELBQADggEBAEN45U/4g1yc80BOcFPGrGfTJd5VnE52
r/AwqQ24NpEZFrSERxhc6DEF9c8xAgTA8iWL8gArdI5/ccAdh4xSzR7xViLZdPR/
Vqm8GIKSw1of/RoXy2p46/dZ2IHZoE0ct18hi349UkCU0+6NXMviKoScxcznAgAs
bDMJu3ciVMlgl7FdR9fgMrOw966syhpsW9HmRS3DXvb2tJ4J5vrSx8R62Z3pYmAF
rCJtP0Dh38EyFdbUiXZXdm/RRgGYDvVZRKUFTBB//3sPxK2DjgfnLpt+6gS/zLln
xV0V6nIW15suvsuJo5wKJ9Ka8/yh5W+MoMJPsxr1djmzyfT9JW/joTw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org