Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3IhWLB0AWOtClAhCc1Wx6pIh8o4.roa
File:                     3IhWLB0AWOtClAhCc1Wx6pIh8o4.roa (raw, json)
Hash identifier:          yWb40/6NHb8x82sTHtmxya4o7CyOFf/NEpXl2Sv5SJ8=
Subject key identifier:   DC:88:56:2C:1D:00:58:EB:42:94:08:42:73:55:B1:EA:92:21:F2:8E
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01823FE6C01C663899F83F1EC3CBC5FE3D65
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3IhWLB0AWOtClAhCc1Wx6pIh8o4.roa
Signing time:             Wed 27 Jul 2022 13:44:23 +0000
ROA not before:           Wed 27 Jul 2022 13:44:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        213.209.136.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3f:e6:c0:1c:66:38:99:f8:3f:1e:c3:cb:c5:fe:3d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 27 13:44:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dc88562c1d0058eb429408427355b1ea9221f28e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d7:ec:9e:e3:04:97:89:2a:b2:46:12:1a:7e:
                    5f:f3:29:30:ca:ae:83:90:d8:58:a0:9a:3f:fe:a9:
                    13:67:68:e2:53:50:09:c5:c5:63:f3:82:7b:1a:c1:
                    59:d6:84:81:ed:ec:7d:33:ac:b3:1b:7a:7e:96:e0:
                    5e:5a:77:1f:2f:1e:8c:cf:8a:3a:4d:5d:86:82:24:
                    32:92:e5:e9:cf:59:5f:a6:65:b0:c6:41:95:b5:68:
                    3a:d7:0b:7a:37:e6:02:97:be:9d:68:09:74:91:7d:
                    35:92:cc:c8:4e:a9:de:fb:f6:4f:b6:13:a6:5d:ac:
                    a0:1d:dc:6f:82:40:bb:78:0f:62:f0:d0:49:a2:bf:
                    ed:71:41:88:27:9c:64:ed:12:05:87:e2:26:8b:b2:
                    ae:4e:c5:61:0e:b9:1f:dc:d7:cc:2a:d1:2b:e2:7b:
                    f4:a3:44:27:ee:24:12:42:1a:06:ba:6b:d3:60:59:
                    c8:8f:c9:36:43:dd:2f:db:19:8b:24:1d:71:f5:54:
                    27:0d:b3:f6:5f:f9:e6:6d:d8:62:45:c1:94:e7:45:
                    54:84:f3:37:2b:c8:0e:bf:1a:a4:0a:c6:63:f8:f2:
                    f1:4e:d7:f2:22:14:d9:35:e8:57:28:28:38:69:a8:
                    85:91:78:00:47:04:e1:cd:22:4c:5f:b3:a0:10:86:
                    29:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:88:56:2C:1D:00:58:EB:42:94:08:42:73:55:B1:EA:92:21:F2:8E
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3IhWLB0AWOtClAhCc1Wx6pIh8o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.166.0/24
                  77.90.178.0/24
                  77.90.185.0/24
                  185.230.13.0-185.230.14.255
                  213.209.136.0/24
                  213.209.143.0/24
                  213.209.146.0/24
                  213.209.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:18:76:dc:04:6c:80:a7:a4:46:51:89:c9:2c:a5:0f:83:d3:
         86:d2:c1:8c:68:4a:48:ef:19:c5:c8:5c:5e:fc:fd:1f:46:15:
         ac:b8:01:c0:9e:ff:8a:f5:5a:ea:1b:3c:b8:cf:8f:b6:e3:17:
         85:9a:8f:13:53:28:05:3d:9b:3c:42:7f:d3:c2:8d:65:a6:fb:
         a3:22:c6:5a:8f:c8:00:3f:a3:59:7c:09:ad:82:a7:03:b2:c0:
         a9:a3:49:b5:f6:60:7c:1a:47:eb:3d:b5:1f:f2:af:f4:de:24:
         3c:7c:85:1b:66:c6:99:f0:16:79:52:9c:c1:3a:f8:9b:53:e6:
         91:f4:82:d2:62:50:a9:dc:57:2b:73:9b:79:7b:d0:c1:56:e5:
         ea:75:f0:3a:4f:39:8b:21:85:a8:dd:0c:b9:01:22:90:0e:c0:
         19:58:4e:2a:68:98:9e:86:6b:85:ea:b5:e2:cd:73:39:b5:26:
         9e:6b:91:29:1d:04:57:56:7c:77:f5:39:f5:72:58:38:14:c6:
         30:5b:dd:6a:b7:b5:e5:0a:e2:aa:0b:71:16:8d:ec:a6:9c:c3:
         98:ea:a2:0d:5a:1f:86:c6:43:e9:9e:59:56:9e:7e:d5:a5:02:
         0c:48:2f:02:57:21:b7:a4:98:bf:3a:99:dd:50:06:87:f6:69:
         b0:38:f4:6b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYI/5sAcZjiZ+D8ew8vF/j1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzI3MTM0NDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzg4NTYyYzFkMDA1OGViNDI5NDA4NDI3MzU1YjFlYTkyMjFmMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9fsnuMEl4kqskYSGn5f8ykwyq6D
kNhYoJo//qkTZ2jiU1AJxcVj84J7GsFZ1oSB7ex9M6yzG3p+luBeWncfLx6Mz4o6
TV2GgiQykuXpz1lfpmWwxkGVtWg61wt6N+YCl76daAl0kX01kszITqne+/ZPthOm
XaygHdxvgkC7eA9i8NBJor/tcUGIJ5xk7RIFh+Imi7KuTsVhDrkf3NfMKtEr4nv0
o0Qn7iQSQhoGumvTYFnIj8k2Q90v2xmLJB1x9VQnDbP2X/nmbdhiRcGU50VUhPM3
K8gOvxqkCsZj+PLxTtfyIhTZNehXKCg4aaiFkXgARwThzSJMX7OgEIYpzwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNyIViwdAFjrQpQIQnNVseqSIfKOMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvM0loV0xCMEFXT3RDbEFoQ2MxV3g2cEloOG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQATVqmAwQA
TVqyAwQATVq5MAwDBAC55g0DBAC55g4DBADV0YgDBADV0Y8DBADV0ZIDBADV0Zww
DQYJKoZIhvcNAQELBQADggEBABAYdtwEbICnpEZRickspQ+D04bSwYxoSkjvGcXI
XF78/R9GFay4AcCe/4r1WuobPLjPj7bjF4WajxNTKAU9mzxCf9PCjWWm+6MixlqP
yAA/o1l8Ca2CpwOywKmjSbX2YHwaR+s9tR/yr/TeJDx8hRtmxpnwFnlSnME6+JtT
5pH0gtJiUKncVytzm3l70MFW5ep18DpPOYshhajdDLkBIpAOwBlYTipomJ6Ga4Xq
teLNczm1Jp5rkSkdBFdWfHf1OfVyWDgUxjBb3Wq3teUK4qoLcRaN7Kacw5jqog1a
H4bGQ+meWVaeftWlAgxILwJXIbekmL86md1QBof2abA49Gs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:02 2024 by rpki-client on console-fra.rpki-client.org