Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DymuwIc0tT3lNOysFnkUMM49KBE.roa
File:                     DymuwIc0tT3lNOysFnkUMM49KBE.roa (raw, json)
Hash identifier:          ESw2SG7lYWgtn9D3MYw70Vsu8agCDWEdeQbeOhnPr98=
Subject key identifier:   0F:29:AE:C0:87:34:B5:3D:E5:34:EC:AC:16:79:14:30:CE:3D:28:11
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       09E1E81D
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DymuwIc0tT3lNOysFnkUMM49KBE.roa
Signing time:             Fri 24 Jun 2022 17:33:23 +0000
ROA not before:           Fri 24 Jun 2022 17:33:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.181.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 165799965 (0x9e1e81d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun 24 17:33:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0f29aec08734b53de534ecac16791430ce3d2811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:06:42:ff:77:41:2a:17:d6:68:c2:5b:ae:fd:
                    1c:7a:0b:03:01:a6:67:c5:89:fa:3d:08:44:44:7d:
                    b3:5a:70:28:b1:ac:cc:1f:4a:6b:ae:97:46:6b:24:
                    8f:d5:47:97:a9:1c:37:bb:79:0d:ad:e1:84:b2:21:
                    04:34:1c:57:89:1b:6e:34:cd:34:9e:29:7f:c3:3f:
                    40:f2:3a:f1:16:8e:ae:d1:88:4f:3c:bf:a3:28:6e:
                    c5:23:94:bb:83:f4:2b:93:d7:40:6d:a2:4f:3a:d9:
                    41:63:53:6f:b8:bd:d6:56:c4:55:f9:fe:b2:4a:5c:
                    9d:8b:e9:c1:35:1b:9b:7c:cd:7b:80:13:06:19:65:
                    ff:56:d0:2d:04:f1:4d:15:8b:05:45:e0:a8:0e:61:
                    eb:95:e3:0f:b5:7a:68:73:30:98:b7:f1:98:0b:dc:
                    48:55:75:27:29:f0:08:eb:d7:2d:dc:04:11:e8:99:
                    31:c5:fa:30:95:aa:f0:b5:85:4f:96:db:33:f5:1b:
                    c9:70:df:b9:91:2c:29:43:14:83:b1:b0:ef:a6:65:
                    30:88:fd:a4:40:30:9c:56:a6:f7:3e:70:8c:29:b4:
                    72:50:20:49:7c:0e:60:a4:94:7c:d5:69:96:91:c1:
                    d7:c0:38:14:3f:21:e4:c5:e1:a0:cf:42:51:41:fc:
                    3f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:29:AE:C0:87:34:B5:3D:E5:34:EC:AC:16:79:14:30:CE:3D:28:11
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DymuwIc0tT3lNOysFnkUMM49KBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.138.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  77.90.156.0/24
                  77.90.166.0/24
                  77.90.179.0/24
                  77.90.181.0/24
                  77.90.191.0/24
                  213.209.130.0/24
                  213.209.138.0/24
                  213.209.147.0/24
                  213.209.151.0/24
                  213.209.158.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:c1:bc:db:a2:3e:7f:5a:36:05:62:5d:6a:bc:05:75:ce:ed:
         9d:c6:0e:62:f8:54:4a:81:03:d5:ba:03:d3:03:35:b7:45:18:
         86:07:64:98:45:aa:77:02:59:30:54:cf:92:72:2b:5d:47:e7:
         25:c0:a1:b1:06:c2:50:50:bc:51:35:03:84:3b:e4:e9:b6:08:
         d2:ff:3d:34:1b:97:f2:8a:16:b9:38:dd:2a:96:02:3c:44:7b:
         96:09:7a:1f:b3:d7:65:02:f0:eb:fa:ea:47:b0:e4:10:fa:73:
         d6:2e:96:52:61:49:d0:e9:da:e2:cb:e0:6d:c9:b6:43:d5:75:
         15:c5:34:9b:06:ee:1d:a4:f3:e6:fd:90:04:21:20:03:40:96:
         2f:7b:7e:f2:ce:fe:64:28:54:1a:84:26:6e:c3:3e:ba:2c:80:
         97:86:71:3d:05:5f:09:e3:7e:c3:97:c3:97:99:28:82:ac:92:
         a7:ba:e1:1f:2d:5b:b6:ae:26:8f:d6:d6:f7:da:58:dc:a1:ba:
         b8:42:de:7a:2d:44:c0:ba:64:e1:12:25:4b:6b:7f:75:40:0e:
         75:82:ab:ba:cf:2c:f8:4b:8f:d8:cf:55:f5:25:67:4c:60:33:
         cb:48:2c:07:c2:a8:52:21:44:f4:0b:23:4f:83:67:03:d5:65:
         c8:98:d0:5b
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIECeHoHTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDYy
NDE3MzMyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGYyOWFlYzA4NzM0
YjUzZGU1MzRlY2FjMTY3OTE0MzBjZTNkMjgxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALIGQv93QSoX1mjCW679HHoLAwGmZ8WJ+j0IRER9s1pwKLGs
zB9Ka66XRmskj9VHl6kcN7t5Da3hhLIhBDQcV4kbbjTNNJ4pf8M/QPI68RaOrtGI
Tzy/oyhuxSOUu4P0K5PXQG2iTzrZQWNTb7i91lbEVfn+skpcnYvpwTUbm3zNe4AT
Bhll/1bQLQTxTRWLBUXgqA5h65XjD7V6aHMwmLfxmAvcSFV1JynwCOvXLdwEEeiZ
McX6MJWq8LWFT5bbM/UbyXDfuZEsKUMUg7Gw76ZlMIj9pEAwnFam9z5wjCm0clAg
SXwOYKSUfNVplpHB18A4FD8h5MXhoM9CUUH8PzsCAwEAAaOCAqYwggKiMB0GA1Ud
DgQWBBQPKa7AhzS1PeU07KwWeRQwzj0oETAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L0R5bXV3SWMwdFQzbE5PeXNGbmtVTU00OUtCRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
uwYIKwYBBQUHAQcBAf8EgaswgagwgY8EAgABMIGIMAwDBAdNWoADBABNWoIwDAME
Ak1ahAMEAE1aigMEAE1ajDAMAwQBTVqOAwQATVqQMAwDBAFNWpIDBABNWpQwDAME
AE1amQMEAE1amgMEAE1anAMEAE1apgMEAE1aswMEAE1atQMEAE1avwMEANXRggME
ANXRigMEANXRkwMEANXRlwMEANXRnjAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJ
KoZIhvcNAQELBQADggEBABDBvNuiPn9aNgViXWq8BXXO7Z3GDmL4VEqBA9W6A9MD
NbdFGIYHZJhFqncCWTBUz5JyK11H5yXAobEGwlBQvFE1A4Q75Om2CNL/PTQbl/KK
Frk43SqWAjxEe5YJeh+z12UC8Ov66kew5BD6c9YullJhSdDp2uLL4G3JtkPVdRXF
NJsG7h2k8+b9kAQhIANAli97fvLO/mQoVBqEJm7DProsgJeGcT0FXwnjfsOXw5eZ
KIKskqe64R8tW7auJo/W1vfaWNyhurhC3notRMC6ZOESJUtrf3VADnWCq7rPLPhL
j9jPVfUlZ0xgM8tILAfCqFIhRPQLI0+DZwPVZciY0Fs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org