Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Dfd9rB3BqHACPPEKhDPkxnRJF1M.roa
File:                     Dfd9rB3BqHACPPEKhDPkxnRJF1M.roa (raw, json)
Hash identifier:          6j27LPmh/cSLp8ZKn5ncypT6du5/H6pvquLWycDkl9g=
Subject key identifier:   0D:F7:7D:AC:1D:C1:A8:70:02:3C:F1:0A:84:33:E4:C6:74:49:17:53
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01827230E5532B999631054E9E0D2E4F2440
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Dfd9rB3BqHACPPEKhDPkxnRJF1M.roa
Signing time:             Sat 06 Aug 2022 08:06:23 +0000
ROA not before:           Sat 06 Aug 2022 08:06:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.12.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.190.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.150.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.152.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.164.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.173.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.144.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:72:30:e5:53:2b:99:96:31:05:4e:9e:0d:2e:4f:24:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug  6 08:06:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0df77dac1dc1a870023cf10a8433e4c674491753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7b:ce:6c:be:c9:78:1b:d1:4a:0b:d3:b6:2a:
                    f1:39:58:b5:dc:64:f4:57:dd:1f:c7:fa:50:37:ee:
                    02:ff:db:f7:2d:40:57:62:b3:32:87:56:3e:71:4a:
                    05:88:c5:27:80:aa:59:a6:85:c9:38:71:0b:c6:8f:
                    cd:13:43:68:be:41:4b:11:26:0a:4c:7c:a0:a3:cb:
                    81:14:7b:f7:f7:00:ec:2c:02:ad:63:d7:57:ec:10:
                    2c:01:6d:f2:a8:2f:14:7a:a1:31:2e:fe:be:60:e1:
                    8d:55:35:09:54:f6:dc:99:73:ec:9a:10:f4:5f:38:
                    69:57:a1:f6:3a:00:b7:9e:88:2a:e2:dc:7a:9b:29:
                    dc:bd:b1:e8:53:e1:67:b3:bb:97:c7:37:8d:c2:50:
                    b2:c2:ac:a5:d0:b5:6b:f1:59:c0:f4:d3:15:40:50:
                    61:4a:b3:31:3c:0b:ca:23:dd:a6:7a:54:a4:e2:a7:
                    40:40:df:e5:52:b0:07:1b:9d:fb:69:20:4f:83:99:
                    50:58:50:e9:d8:60:8b:21:94:38:0d:b0:b3:e5:a1:
                    c4:af:df:1c:e6:e8:57:b1:ae:6c:0a:9f:93:74:b4:
                    6f:40:22:63:9e:aa:99:bc:53:6b:77:2f:3d:6a:5e:
                    27:1a:e0:bf:b2:69:79:9d:52:50:2c:aa:7e:4a:81:
                    27:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:F7:7D:AC:1D:C1:A8:70:02:3C:F1:0A:84:33:E4:C6:74:49:17:53
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Dfd9rB3BqHACPPEKhDPkxnRJF1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.150.255
                  77.90.152.0/24
                  77.90.154.0/24
                  77.90.156.0/23
                  77.90.164.0/24
                  77.90.166.0/24
                  77.90.173.0/24
                  77.90.188.0/24
                  77.90.190.0/23
                  185.230.12.0/24
                  213.209.130.0/24
                  213.209.133.0/24
                  213.209.138.0/24
                  213.209.144.0/23
                  213.209.157.0-213.209.159.255
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:df:c2:bb:6a:75:00:b6:d5:c5:f4:d1:bd:49:4f:6b:e1:b6:
         f7:4c:dd:d4:05:b0:19:b9:6c:a4:b8:b4:cf:50:b6:b6:e8:88:
         9f:d9:3f:8d:47:b9:ff:4a:56:aa:aa:f6:92:78:ee:e6:46:90:
         54:24:be:8b:e4:39:27:04:14:e0:33:63:96:35:77:2b:60:f4:
         80:29:54:0e:12:51:a4:ac:f7:f9:d4:41:6d:1e:ac:e4:eb:54:
         25:b6:4a:e6:7c:a4:ea:c4:7a:35:57:d8:5e:f7:05:75:54:26:
         78:0f:a5:82:a6:fc:05:5b:e9:d4:2a:2f:32:d9:85:64:4d:de:
         28:38:9e:8e:b6:ec:99:ba:41:8b:49:0c:72:ba:a5:0a:77:65:
         97:e3:5c:38:64:b9:b8:a4:58:03:70:a2:8d:af:ff:d5:20:0c:
         2e:0c:30:fe:20:b6:97:c7:eb:d2:bb:35:30:cb:ed:bf:af:ac:
         55:4c:80:a9:48:a2:be:3c:f4:d7:97:6b:67:58:2e:60:da:40:
         eb:1b:c7:cf:5b:ce:63:9f:bb:aa:11:d1:75:b5:98:01:ff:5d:
         5d:a0:77:c1:93:f5:32:6e:3f:3f:48:7e:b3:8b:44:33:0a:3b:
         92:5e:51:8e:c4:7b:ab:bd:fe:fc:4a:7f:97:a2:25:64:be:40:
         72:46:e0:f6
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYJyMOVTK5mWMQVOng0uTyRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwODA2MDgwNjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGY3N2RhYzFkYzFhODcwMDIzY2YxMGE4NDMzZTRjNjc0NDkxNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnvObL7JeBvRSgvTtirxOVi13GT0
V90fx/pQN+4C/9v3LUBXYrMyh1Y+cUoFiMUngKpZpoXJOHELxo/NE0NovkFLESYK
THygo8uBFHv39wDsLAKtY9dX7BAsAW3yqC8UeqExLv6+YOGNVTUJVPbcmXPsmhD0
XzhpV6H2OgC3nogq4tx6myncvbHoU+Fns7uXxzeNwlCywqyl0LVr8VnA9NMVQFBh
SrMxPAvKI92melSk4qdAQN/lUrAHG537aSBPg5lQWFDp2GCLIZQ4DbCz5aHEr98c
5uhXsa5sCp+TdLRvQCJjnqqZvFNrdy89al4nGuC/sml5nVJQLKp+SoEnCQIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFA33fawdwahwAjzxCoQz5MZ0SRdTMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvRGZkOXJCM0JxSEFDUFBFS2hEUGt4blJKRjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBoQQCAAEwgZowDAME
B01agAMEAE1agjAMAwQCTVqEAwQBTVqIAwQATVqMMAwDBAFNWo4DBABNWpAwDAME
AU1akgMEAE1algMEAE1amAMEAE1amgMEAU1anAMEAE1apAMEAE1apgMEAE1arQME
AE1avAMEAU1avgMEALnmDAMEANXRggMEANXRhQMEANXRigMEAdXRkDAMAwQA1dGd
AwQF1dGAMBQEAgACMA4DBQAqBCnCAwUAKgQpxzANBgkqhkiG9w0BAQsFAAOCAQEA
VN/Cu2p1ALbVxfTRvUlPa+G290zd1AWwGblspLi0z1C2tuiIn9k/jUe5/0pWqqr2
knju5kaQVCS+i+Q5JwQU4DNjljV3K2D0gClUDhJRpKz3+dRBbR6s5OtUJbZK5nyk
6sR6NVfYXvcFdVQmeA+lgqb8BVvp1CovMtmFZE3eKDiejrbsmbpBi0kMcrqlCndl
l+NcOGS5uKRYA3Cija//1SAMLgww/iC2l8fr0rs1MMvtv6+sVUyAqUiivjz015dr
Z1guYNpA6xvHz1vOY5+7qhHRdbWYAf9dXaB3wZP1Mm4/P0h+s4tEMwo7kl5RjsR7
q73+/Ep/l6IlZL5Ackbg9g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org