Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/8abu0IWrD5tinXqsjZJzwSV1N0M.roa
File:                     8abu0IWrD5tinXqsjZJzwSV1N0M.roa (raw, json)
Hash identifier:          PkGiueRb03ppdSbo2q/KUegqLRcvUqj3+5jLY31b1E0=
Subject key identifier:   F1:A6:EE:D0:85:AB:0F:9B:62:9D:7A:AC:8D:92:73:C1:25:75:37:43
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       09A2C4FC
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/8abu0IWrD5tinXqsjZJzwSV1N0M.roa
Signing time:             Wed 15 Jun 2022 10:31:44 +0000
ROA not before:           Wed 15 Jun 2022 10:31:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209372
IP address blocks:        213.209.131.0/24 maxlen: 24
                          213.209.139.0/24 maxlen: 24
                          213.209.135.0/24 maxlen: 24
                          213.209.152.0/24 maxlen: 24
                          213.209.154.0/24 maxlen: 24
                          213.209.153.0/24 maxlen: 24
                          77.90.159.0/24 maxlen: 24
                          77.90.160.0/22 maxlen: 22
                          77.90.171.0/24 maxlen: 24
                          77.90.172.0/24 maxlen: 24
                          77.90.167.0/24 maxlen: 24
                          77.90.170.0/24 maxlen: 24
                          77.90.169.0/24 maxlen: 24
                          77.90.177.0/24 maxlen: 24
                          77.90.175.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 161662204 (0x9a2c4fc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun 15 10:31:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f1a6eed085ab0f9b629d7aac8d9273c125753743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9b:b5:45:a9:61:c3:87:cc:62:38:ee:4f:9e:
                    34:bd:99:81:42:4d:bf:82:ca:90:fa:67:ea:c3:41:
                    16:bc:66:58:e9:8b:37:98:5d:5d:71:61:70:f2:d9:
                    cc:c3:ee:e1:7a:8d:3a:e6:ae:e0:1d:dc:bf:1e:7c:
                    e7:73:7a:65:17:ad:20:3b:b1:32:71:d2:2c:f2:19:
                    2c:1c:5b:2e:8d:e3:e1:b3:e9:c0:f3:6a:b0:a6:3c:
                    9a:23:25:a1:34:26:24:c6:ea:f0:ab:c9:6a:cc:22:
                    6e:0c:92:7b:f6:56:a4:64:68:7d:8e:13:7d:e2:f3:
                    00:38:8d:da:ce:af:a2:e7:61:c6:fc:15:f9:53:e9:
                    57:e3:df:e7:94:f7:60:01:19:c7:f5:07:07:54:e9:
                    04:15:b3:25:00:8e:57:97:6a:f2:4b:15:24:db:12:
                    df:ce:31:95:68:a9:f0:87:c6:c2:0e:85:1a:4c:cb:
                    8f:3a:a7:90:3d:9c:9c:5e:6e:7e:72:39:47:28:b2:
                    34:53:55:91:c4:9d:4a:de:39:89:cb:23:99:0e:5f:
                    65:88:c8:5a:88:f8:38:ac:7b:65:82:d5:0a:7e:62:
                    83:88:fc:8f:11:9d:5d:e3:87:25:90:9c:f3:71:53:
                    1f:ce:0e:92:c1:64:15:ff:e1:11:d7:99:bf:81:a8:
                    de:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A6:EE:D0:85:AB:0F:9B:62:9D:7A:AC:8D:92:73:C1:25:75:37:43
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/8abu0IWrD5tinXqsjZJzwSV1N0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.159.0-77.90.163.255
                  77.90.167.0/24
                  77.90.169.0-77.90.172.255
                  77.90.175.0/24
                  77.90.177.0/24
                  77.90.186.0/24
                  213.209.131.0/24
                  213.209.135.0/24
                  213.209.139.0/24
                  213.209.152.0-213.209.154.255

    Signature Algorithm: sha256WithRSAEncryption
         27:10:64:b7:9d:12:77:b3:cf:11:5a:41:e6:75:ba:e9:7b:46:
         e4:7c:71:e0:e4:09:79:ad:24:79:4c:31:84:0b:3a:5a:4e:f0:
         47:24:23:f6:2b:8d:e9:26:6e:b9:8e:33:ea:e3:2e:b6:1c:0b:
         9b:b8:74:13:97:e4:40:de:2c:ca:6c:1b:a1:aa:62:2c:8f:3d:
         cf:0c:95:f4:76:3a:94:f0:15:3d:54:39:3e:2e:8e:b8:bf:f7:
         ee:ce:79:cc:82:22:65:d1:2b:dd:d8:5b:48:0f:bd:a5:25:5b:
         0e:8d:11:65:fe:d1:4a:ad:a8:e0:db:28:d5:9a:3a:d7:aa:b0:
         2d:14:6c:09:fb:f0:ed:66:a4:9c:32:46:24:f6:62:df:13:07:
         52:db:3e:b1:e9:60:c6:7e:f9:c0:1e:e5:8f:2a:42:bc:13:2f:
         80:c9:24:70:2b:29:99:31:3b:fd:a5:68:96:04:e5:65:80:3b:
         14:64:d3:75:9d:f7:79:80:9b:0e:d3:1a:82:2d:86:7d:15:18:
         e8:8a:87:ac:cb:40:c9:04:95:a2:9d:98:46:2c:36:79:d8:e3:
         7d:a2:06:8f:d6:c2:2c:02:ae:db:60:57:b3:f0:cb:e4:ed:b9:
         12:7f:5f:94:91:4f:ac:e7:4d:aa:fb:b0:f6:1b:f0:68:fc:d3:
         6c:f1:1b:5a
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIECaLE/DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDYx
NTEwMzE0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjFhNmVlZDA4NWFi
MGY5YjYyOWQ3YWFjOGQ5MjczYzEyNTc1Mzc0MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJebtUWpYcOHzGI47k+eNL2ZgUJNv4LKkPpn6sNBFrxmWOmL
N5hdXXFhcPLZzMPu4XqNOuau4B3cvx5853N6ZRetIDuxMnHSLPIZLBxbLo3j4bPp
wPNqsKY8miMloTQmJMbq8KvJaswibgySe/ZWpGRofY4TfeLzADiN2s6voudhxvwV
+VPpV+Pf55T3YAEZx/UHB1TpBBWzJQCOV5dq8ksVJNsS384xlWip8IfGwg6FGkzL
jzqnkD2cnF5ufnI5RyiyNFNVkcSdSt45icsjmQ5fZYjIWoj4OKx7ZYLVCn5ig4j8
jxGdXeOHJZCc83FTH84OksFkFf/hEdeZv4Go3l8CAwEAAaOCAlcwggJTMB0GA1Ud
DgQWBBTxpu7QhasPm2KdeqyNknPBJXU3QzAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
LzhhYnUwSVdyRDV0aW5YcXNqWkp6d1NWMU4wTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBt
BggrBgEFBQcBBwEB/wReMFwwWgQCAAEwVDAMAwQATVqfAwQCTVqgAwQATVqnMAwD
BABNWqkDBABNWqwDBABNWq8DBABNWrEDBABNWroDBADV0YMDBADV0YcDBADV0Ysw
DAMEA9XRmAMEANXRmjANBgkqhkiG9w0BAQsFAAOCAQEAJxBkt50Sd7PPEVpB5nW6
6XtG5Hxx4OQJea0keUwxhAs6Wk7wRyQj9iuN6SZuuY4z6uMuthwLm7h0E5fkQN4s
ymwboapiLI89zwyV9HY6lPAVPVQ5Pi6OuL/37s55zIIiZdEr3dhbSA+9pSVbDo0R
Zf7RSq2o4Nso1Zo616qwLRRsCfvw7WaknDJGJPZi3xMHUts+selgxn75wB7ljypC
vBMvgMkkcCspmTE7/aVolgTlZYA7FGTTdZ33eYCbDtMagi2GfRUY6IqHrMtAyQSV
op2YRiw2edjjfaIGj9bCLAKu22BXs/DL5O25En9flJFPrOdNqvuw9hvwaPzTbPEb
Wg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:24 2024 by rpki-client on console-ams.rpki-client.org