Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3BO_bjh45P7Sf29MZtkzHv20ZXs.roa
File:                     3BO_bjh45P7Sf29MZtkzHv20ZXs.roa (raw, json)
Hash identifier:          ouPeD6gQBAlvJJrUp11AZTYFNS8lrzalr7Xu9sRECyE=
Subject key identifier:   DC:13:BF:6E:38:78:E4:FE:D2:7F:6F:4C:66:D9:33:1E:FD:B4:65:7B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       083D93C0
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3BO_bjh45P7Sf29MZtkzHv20ZXs.roa
Signing time:             Tue 22 Mar 2022 10:37:30 +0000
ROA not before:           Tue 22 Mar 2022 10:37:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 138253248 (0x83d93c0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 22 10:37:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dc13bf6e3878e4fed27f6f4c66d9331efdb4657b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:99:ea:92:2f:79:55:7b:8b:96:21:bf:5c:60:
                    cb:0e:d4:3f:d2:00:a9:7d:b6:d1:0c:52:b4:08:09:
                    7e:11:b4:81:b4:63:ed:e6:79:3d:1c:9d:fb:7e:57:
                    8f:11:83:df:b9:b2:2f:60:15:53:27:db:a6:5e:ce:
                    b7:03:70:30:16:75:da:15:49:bf:af:a2:e3:45:52:
                    d6:b1:18:27:6f:d8:69:06:7c:4a:cd:1e:3e:1c:f7:
                    dd:58:1d:e9:c5:2c:89:54:27:02:d1:42:73:ec:e3:
                    27:31:90:02:08:31:68:84:51:6b:ca:8d:2b:d7:97:
                    06:a7:81:5d:13:66:1b:3b:06:de:cf:8a:03:84:38:
                    db:ff:e1:87:9f:04:9a:e6:20:51:78:aa:b1:03:1a:
                    f6:cc:bd:11:ff:70:21:bf:ff:7b:50:ab:7c:55:0a:
                    1c:71:5d:29:2e:70:98:b0:b4:2e:2e:e1:4d:30:d4:
                    f3:17:be:98:b5:aa:e0:b9:ad:f6:91:6d:dc:87:80:
                    28:d2:c4:4d:29:74:2b:63:7e:07:c4:bf:11:65:03:
                    41:d1:e0:70:39:69:1f:3c:14:d2:9d:e2:f1:a0:7b:
                    a4:e1:59:d3:84:79:be:e2:67:62:12:3e:c1:e7:56:
                    f5:cd:a1:cc:0f:24:ba:6c:ad:49:b6:01:8e:a8:e9:
                    43:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:13:BF:6E:38:78:E4:FE:D2:7F:6F:4C:66:D9:33:1E:FD:B4:65:7B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3BO_bjh45P7Sf29MZtkzHv20ZXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.138.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.157.0/24
                  185.230.14.0/24
                  213.209.130.0/24
                  213.209.133.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:49:53:35:3f:c5:a2:f6:fb:b6:0a:97:fd:48:f2:32:5d:8e:
         20:58:12:dd:12:c9:94:48:2d:e8:90:01:9c:af:ef:6e:4f:0f:
         3f:9e:30:c3:e5:fb:66:a8:aa:f8:91:67:29:5d:6e:b8:b5:b4:
         67:60:6a:94:f5:d2:d9:4e:bc:41:23:dd:41:e1:67:d1:fa:56:
         c1:90:5e:da:8a:7b:71:5f:a9:19:52:c7:4e:b9:3f:ca:df:7b:
         e3:d6:0a:7c:73:0b:e9:b2:7e:83:61:79:cb:22:2b:dd:d6:ec:
         be:c7:c2:d8:02:ca:75:e3:b1:2d:bd:f6:3a:8e:61:9e:59:8a:
         f9:d6:8f:21:e7:b6:3a:c5:ae:ce:7b:b6:2b:41:6b:ae:77:b1:
         ed:c4:98:dd:22:13:3d:48:a7:d7:19:aa:6f:aa:df:e4:5a:54:
         09:5a:01:4b:74:16:a2:34:50:f7:17:9e:ff:69:89:b5:cb:2c:
         e1:c9:6c:91:f8:c9:e8:9b:a7:46:ae:d4:5a:9b:58:40:6c:4c:
         c7:a4:2c:29:e5:0e:3a:c3:2a:f5:c4:23:d0:98:e1:b5:2d:0f:
         11:45:f4:2b:64:b9:2d:29:93:f8:68:1c:4e:a8:03:68:c5:09:
         b3:3b:dc:cf:b8:3d:3d:7d:70:ac:5d:2c:54:e6:15:c5:60:f7:
         1e:54:17:bd
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgIECD2TwDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMy
MjEwMzczMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGMxM2JmNmUzODc4
ZTRmZWQyN2Y2ZjRjNjZkOTMzMWVmZGI0NjU3YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANOZ6pIveVV7i5Yhv1xgyw7UP9IAqX220QxStAgJfhG0gbRj
7eZ5PRyd+35XjxGD37myL2AVUyfbpl7OtwNwMBZ12hVJv6+i40VS1rEYJ2/YaQZ8
Ss0ePhz33Vgd6cUsiVQnAtFCc+zjJzGQAggxaIRRa8qNK9eXBqeBXRNmGzsG3s+K
A4Q42//hh58EmuYgUXiqsQMa9sy9Ef9wIb//e1CrfFUKHHFdKS5wmLC0Li7hTTDU
8xe+mLWq4Lmt9pFt3IeAKNLETSl0K2N+B8S/EWUDQdHgcDlpHzwU0p3i8aB7pOFZ
04R5vuJnYhI+wedW9c2hzA8kumytSbYBjqjpQ/0CAwEAAaOCAn4wggJ6MB0GA1Ud
DgQWBBTcE79uOHjk/tJ/b0xm2TMe/bRlezAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
LzNCT19iamg0NVA3U2YyOU1adGt6SHYyMFpYcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
kwYIKwYBBQUHAQcBAf8EgYMwgYAwaAQCAAEwYjAMAwQHTVqAAwQATVqCMAwDBAJN
WoQDBABNWooDBABNWowwDAMEAU1ajgMEAE1akDAMAwQBTVqSAwQATVqUAwQATVqd
AwQAueYOAwQA1dGCAwQA1dGFAwQA1dGIAwQA1dGKMBQEAgACMA4DBQAqBCnCAwUA
KgQpxzANBgkqhkiG9w0BAQsFAAOCAQEAJ0lTNT/Fovb7tgqX/UjyMl2OIFgS3RLJ
lEgt6JABnK/vbk8PP54ww+X7Zqiq+JFnKV1uuLW0Z2BqlPXS2U68QSPdQeFn0fpW
wZBe2op7cV+pGVLHTrk/yt9749YKfHML6bJ+g2F5yyIr3dbsvsfC2ALKdeOxLb32
Oo5hnlmK+daPIee2OsWuznu2K0Frrnex7cSY3SITPUin1xmqb6rf5FpUCVoBS3QW
ojRQ9xee/2mJtcss4clskfjJ6JunRq7UWptYQGxMx6QsKeUOOsMq9cQj0JjhtS0P
EUX0K2S5LSmT+GgcTqgDaMUJszvcz7g9PX1wrF0sVOYVxWD3HlQXvQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:08 2023 by rpki-client on console-ams.rpki-client.org