Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/H-J8Qko3kmoXQ1J955lxQ9wMPXs.roa
File:                     H-J8Qko3kmoXQ1J955lxQ9wMPXs.roa (raw, json)
Hash identifier:          a0H0zu78b8iWkDFXQaG3oS3OCKqJTtCMRakLOqqhqXk=
Subject key identifier:   1F:E2:7C:42:4A:37:92:6A:17:43:52:7D:E7:99:71:43:DC:0C:3D:7B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0181F971BE89CDBAD202914C0EF715CA9950
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/H-J8Qko3kmoXQ1J955lxQ9wMPXs.roa
Signing time:             Wed 13 Jul 2022 21:23:09 +0000
ROA not before:           Wed 13 Jul 2022 21:23:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        185.230.12.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.134.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.155.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f9:71:be:89:cd:ba:d2:02:91:4c:0e:f7:15:ca:99:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 13 21:23:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1fe27c424a37926a1743527de7997143dc0c3d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8c:43:78:f7:b2:79:8a:e8:b2:88:e4:f2:f7:
                    e7:80:b6:07:83:10:dd:88:db:07:ec:b2:c4:10:9a:
                    30:b0:48:b7:51:06:38:d8:de:a3:cf:6e:c3:1a:20:
                    be:4e:3a:d2:6e:b7:76:e2:e7:49:f9:5f:24:c9:ee:
                    61:40:dd:81:9c:f2:2e:1b:eb:6c:ab:21:b0:b9:04:
                    7a:76:f1:0f:7a:c2:d5:e0:28:d5:84:c1:e0:00:2e:
                    25:0e:fc:7f:10:f3:b1:60:d8:57:46:25:ba:e2:20:
                    96:c1:f4:26:cc:89:d9:40:0b:49:3e:ea:05:97:25:
                    7a:7f:f7:60:27:07:8c:20:20:0a:7c:91:31:8f:64:
                    3c:50:af:ce:20:f4:d5:b5:e5:77:60:24:77:02:1d:
                    96:a2:f3:74:4c:a3:a8:3c:94:98:46:6d:52:dc:a1:
                    00:69:29:f7:d8:3d:f4:be:ab:c5:08:aa:54:88:1c:
                    18:96:4a:f9:8f:7c:10:42:1d:fd:01:af:c0:fe:80:
                    91:e0:a2:81:bd:f8:fe:a9:cb:a4:e3:95:3d:48:bc:
                    20:e9:81:80:2c:80:40:4a:ee:bb:96:f3:3c:14:18:
                    0b:d6:59:8a:69:e1:f7:e4:76:16:39:3e:d2:47:7e:
                    2f:ae:cf:77:20:4e:6f:af:d1:c7:84:03:c4:42:32:
                    60:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E2:7C:42:4A:37:92:6A:17:43:52:7D:E7:99:71:43:DC:0C:3D:7B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/H-J8Qko3kmoXQ1J955lxQ9wMPXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.138.0/23
                  77.90.145.0/24
                  77.90.153.0-77.90.155.255
                  77.90.157.0/24
                  77.90.179.0/24
                  77.90.184.0/24
                  77.90.191.0/24
                  185.230.12.0/24
                  213.209.129.0/24
                  213.209.133.0-213.209.134.255
                  213.209.147.0/24
                  213.209.149.0/24
                  213.209.151.0/24
                  213.209.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:a6:16:da:f9:e5:ed:f3:9b:a1:70:7b:5a:7d:89:00:06:a9:
         4d:fe:a2:c8:5f:fc:2e:49:69:1c:f8:84:89:8c:7b:7b:bc:c4:
         a8:f2:25:02:b1:4b:a7:45:56:51:78:07:63:21:e0:16:15:4e:
         41:39:e6:51:56:f4:73:7c:77:a2:73:3e:8c:ef:d8:eb:de:d3:
         ed:f0:a6:cd:6d:9c:b5:5b:2c:7e:f8:df:7d:f9:21:48:c5:2d:
         73:e6:e8:25:ad:cb:48:18:f3:6f:f4:fc:d3:9d:6c:4a:7d:53:
         01:11:26:93:4c:c5:ed:3e:e5:99:f3:e3:34:77:18:e5:5c:a1:
         57:48:a3:18:bc:6f:68:3c:d5:89:e0:d7:5b:9d:ef:80:d5:7d:
         15:7c:e1:dc:8b:96:17:fc:74:74:9e:c8:b8:27:8f:fa:80:d2:
         ca:36:45:a3:79:e1:a7:72:65:c4:6c:c6:d5:68:68:96:5f:f4:
         46:e8:d9:d7:fa:9f:7e:78:57:0f:f3:0b:30:e4:90:6f:01:01:
         ba:3e:dc:ba:f3:a6:9c:bf:ab:a1:67:3f:da:21:7b:cf:99:e4:
         8a:dc:da:f3:7d:c3:d9:6f:f5:ff:7a:e8:e2:89:fc:d2:0c:c7:
         cd:5a:02:c8:6d:33:5c:f3:77:46:a4:0a:f0:95:a6:09:5a:96:
         69:43:e1:52
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYH5cb6JzbrSApFMDvcVyplQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzEzMjEyMzA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmUyN2M0MjRhMzc5MjZhMTc0MzUyN2RlNzk5NzE0M2RjMGMzZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4xDePeyeYrosojk8vfngLYHgxDd
iNsH7LLEEJowsEi3UQY42N6jz27DGiC+TjrSbrd24udJ+V8kye5hQN2BnPIuG+ts
qyGwuQR6dvEPesLV4CjVhMHgAC4lDvx/EPOxYNhXRiW64iCWwfQmzInZQAtJPuoF
lyV6f/dgJweMICAKfJExj2Q8UK/OIPTVteV3YCR3Ah2WovN0TKOoPJSYRm1S3KEA
aSn32D30vqvFCKpUiBwYlkr5j3wQQh39Aa/A/oCR4KKBvfj+qcuk45U9SLwg6YGA
LIBASu67lvM8FBgL1lmKaeH35HYWOT7SR34vrs93IE5vr9HHhAPEQjJgLwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFB/ifEJKN5JqF0NSfeeZcUPcDD17MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvSC1KOFFrbzNrbW9YUTFKOTU1bHhROXdNUFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQBTVqKAwQA
TVqRMAwDBABNWpkDBAJNWpgDBABNWp0DBABNWrMDBABNWrgDBABNWr8DBAC55gwD
BADV0YEwDAMEANXRhQMEANXRhgMEANXRkwMEANXRlQMEANXRlwMEAdXRnjANBgkq
hkiG9w0BAQsFAAOCAQEAnKYW2vnl7fOboXB7Wn2JAAapTf6iyF/8LklpHPiEiYx7
e7zEqPIlArFLp0VWUXgHYyHgFhVOQTnmUVb0c3x3onM+jO/Y697T7fCmzW2ctVss
fvjfffkhSMUtc+boJa3LSBjzb/T8051sSn1TAREmk0zF7T7lmfPjNHcY5VyhV0ij
GLxvaDzVieDXW53vgNV9FXzh3IuWF/x0dJ7IuCeP+oDSyjZFo3nhp3JlxGzG1Who
ll/0RujZ1/qffnhXD/MLMOSQbwEBuj7cuvOmnL+roWc/2iF7z5nkitza833D2W/1
/3ro4on80gzHzVoCyG0zXPN3RqQK8JWmCVqWaUPhUg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org