Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/18mRzBVuPzQOwyaUAqTiImRx4og.roa
File:                     18mRzBVuPzQOwyaUAqTiImRx4og.roa (raw, json)
Hash identifier:          Rkd1jnKjTe2QP02b00Q7MB31NZd4wB3heJ7PcP2f3/E=
Subject key identifier:   D7:C9:91:CC:15:6E:3F:34:0E:C3:26:94:02:A4:E2:22:64:71:E2:88
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0182CA9A749395EFC6FC5AB12C621B3395B2
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/18mRzBVuPzQOwyaUAqTiImRx4og.roa
Signing time:             Tue 23 Aug 2022 12:08:16 +0000
ROA not before:           Tue 23 Aug 2022 12:08:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.190.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.150.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.152.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.155.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.173.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.180.0/24 maxlen: 24
                          77.90.181.0/24 maxlen: 24
                          185.230.12.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.134.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.144.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ca:9a:74:93:95:ef:c6:fc:5a:b1:2c:62:1b:33:95:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug 23 12:08:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d7c991cc156e3f340ec3269402a4e2226471e288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:05:c7:c2:c6:4e:8c:2a:c8:d6:7c:df:e8:cb:
                    f4:79:79:25:10:f5:09:2d:1e:bc:6a:7c:65:d2:b7:
                    1c:e1:3f:8b:18:f5:de:5f:30:3d:f7:b2:7c:a4:0d:
                    3b:29:34:96:fa:d4:bb:ac:ea:23:5e:31:36:1c:81:
                    f2:32:97:34:d9:53:fa:3a:87:1e:d5:45:b9:7a:c8:
                    85:39:69:b3:64:f3:20:3f:bc:21:70:3f:5f:43:8d:
                    e7:53:ac:97:88:ac:cc:4c:52:91:17:5a:8a:9b:5e:
                    d0:8c:db:df:30:96:33:1a:cc:de:c7:67:e1:91:01:
                    e8:c9:f5:75:cb:7d:3e:c4:55:d8:50:69:46:55:9d:
                    dd:6f:4b:8a:12:e5:3c:24:c8:44:e3:cb:70:46:00:
                    f4:91:0e:48:7c:22:44:57:45:72:45:30:29:82:85:
                    bb:60:11:a7:e8:05:97:ea:cb:3e:9f:fc:6f:4b:ef:
                    53:8b:4f:4e:6a:2e:77:91:1f:3e:d2:bc:06:b0:f9:
                    30:5e:f6:94:df:ac:5f:55:3d:b4:a4:07:51:62:dc:
                    81:9c:9b:04:4b:f9:61:85:3f:24:cc:a2:6f:86:f3:
                    65:84:c9:b1:86:65:94:ac:38:3f:29:ec:ed:5e:1c:
                    c6:c4:06:6f:13:2a:24:5e:0d:9f:26:73:46:ca:c4:
                    18:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C9:91:CC:15:6E:3F:34:0E:C3:26:94:02:A4:E2:22:64:71:E2:88
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/18mRzBVuPzQOwyaUAqTiImRx4og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.139.0-77.90.140.255
                  77.90.142.0-77.90.150.255
                  77.90.152.0/22
                  77.90.157.0/24
                  77.90.166.0/24
                  77.90.173.0/24
                  77.90.179.0-77.90.181.255
                  77.90.188.0/24
                  77.90.190.0/23
                  185.230.12.0/24
                  213.209.130.0/24
                  213.209.133.0-213.209.134.255
                  213.209.138.0/24
                  213.209.144.0/23
                  213.209.147.0/24
                  213.209.149.0-213.209.150.255
                  213.209.157.0-213.209.159.255
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:1e:9b:01:47:b7:7e:e4:65:6f:d4:23:ad:26:ed:19:b2:66:
         aa:8c:d2:56:50:a9:72:af:10:12:5c:2e:51:05:1a:af:62:d3:
         ac:45:75:9a:61:78:3b:47:ea:78:f3:f5:4a:39:f3:3d:91:e6:
         3a:bc:b0:42:7d:18:ea:0a:ea:33:eb:97:9c:b5:c6:d9:c3:a6:
         34:86:20:89:5c:4a:8a:44:bc:cb:2c:1c:0e:5e:75:d5:1b:82:
         3e:7a:5f:3a:79:d1:28:2e:db:88:8c:98:54:3b:3f:1f:92:ae:
         52:e1:cc:42:44:cd:49:1c:b8:fc:1b:80:62:f6:eb:c3:c1:73:
         28:49:4b:1a:18:a1:e2:10:8e:d3:81:ec:fb:48:44:b4:08:8d:
         b1:94:0a:40:3b:6d:78:7c:ae:91:c0:49:ca:8f:34:c4:54:b3:
         eb:54:e6:e4:cd:b4:6c:c6:7f:db:60:51:8e:86:39:05:8f:1f:
         e0:e8:28:a8:ef:25:73:74:f7:99:46:3b:a4:60:48:02:a5:b2:
         d2:19:2f:20:34:81:e4:fc:96:d6:43:0f:1d:a9:d6:f9:5c:80:
         1f:07:cf:35:0e:e3:bf:b4:bf:d5:fb:3a:41:e4:4d:10:a2:d2:
         43:29:e4:49:7d:57:94:b5:4e:b2:b4:09:6c:e6:c8:7a:0e:c6:
         f0:c1:f3:93
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgISAYLKmnSTle/G/FqxLGIbM5WyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwODIzMTIwODE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M5OTFjYzE1NmUzZjM0MGVjMzI2OTQwMmE0ZTIyMjY0NzFlMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAXHwsZOjCrI1nzf6Mv0eXklEPUJ
LR68anxl0rcc4T+LGPXeXzA997J8pA07KTSW+tS7rOojXjE2HIHyMpc02VP6Ooce
1UW5esiFOWmzZPMgP7whcD9fQ43nU6yXiKzMTFKRF1qKm17QjNvfMJYzGszex2fh
kQHoyfV1y30+xFXYUGlGVZ3db0uKEuU8JMhE48twRgD0kQ5IfCJEV0VyRTApgoW7
YBGn6AWX6ss+n/xvS+9Ti09Oai53kR8+0rwGsPkwXvaU36xfVT20pAdRYtyBnJsE
S/lhhT8kzKJvhvNlhMmxhmWUrDg/KeztXhzGxAZvEyokXg2fJnNGysQYQwIDAQAB
o4IC0DCCAswwHQYDVR0OBBYEFNfJkcwVbj80DsMmlAKk4iJkceKIMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvMThtUnpCVnVQelFPd3lhVUFxVGlJbVJ4NG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHlBggrBgEFBQcBBwEB/wSB1TCB0jCBuQQCAAEwgbIwDAME
B01agAMEAE1agjAMAwQCTVqEAwQBTVqIMAwDBABNWosDBABNWowwDAMEAU1ajgME
AE1algMEAk1amAMEAE1anQMEAE1apgMEAE1arTAMAwQATVqzAwQBTVq0AwQATVq8
AwQBTVq+AwQAueYMAwQA1dGCMAwDBADV0YUDBADV0YYDBADV0YoDBAHV0ZADBADV
0ZMwDAMEANXRlQMEANXRljAMAwQA1dGdAwQF1dGAMBQEAgACMA4DBQAqBCnCAwUA
KgQpxzANBgkqhkiG9w0BAQsFAAOCAQEAPB6bAUe3fuRlb9QjrSbtGbJmqozSVlCp
cq8QElwuUQUar2LTrEV1mmF4O0fqePP1SjnzPZHmOrywQn0Y6grqM+uXnLXG2cOm
NIYgiVxKikS8yywcDl511RuCPnpfOnnRKC7biIyYVDs/H5KuUuHMQkTNSRy4/BuA
Yvbrw8FzKElLGhih4hCO04Hs+0hEtAiNsZQKQDtteHyukcBJyo80xFSz61Tm5M20
bMZ/22BRjoY5BY8f4OgoqO8lc3T3mUY7pGBIAqWy0hkvIDSB5PyW1kMPHanW+VyA
HwfPNQ7jv7S/1fs6QeRNEKLSQynkSX1XlLVOsrQJbObIeg7G8MHzkw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:22 2023 by rpki-client on console-fra.rpki-client.org