Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/HJHgMM7sT9Ziv_FSHJWCGUaNVxg.roa
File:                     HJHgMM7sT9Ziv_FSHJWCGUaNVxg.roa (raw, json)
Hash identifier:          T1kSFc96VA1+xucl8VAkHgEeq8sxiTXtJpDaWaVYUDQ=
Subject key identifier:   1C:91:E0:30:CE:EC:4F:D6:62:BF:F1:52:1C:95:82:19:46:8D:57:18
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       074415C4
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/HJHgMM7sT9Ziv_FSHJWCGUaNVxg.roa
Signing time:             Tue 25 Jan 2022 12:37:30 +0000
ROA not before:           Tue 25 Jan 2022 12:37:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200019
IP address blocks:        77.90.190.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.150.0/24 maxlen: 24
                          77.90.155.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 121902532 (0x74415c4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan 25 12:37:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1c91e030ceec4fd662bff1521c958219468d5718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:91:15:1e:f9:fc:84:7b:e5:19:25:f7:eb:d3:
                    68:48:23:12:e0:2a:9f:2f:f4:4c:23:40:06:e5:6b:
                    6a:1a:62:5f:eb:f4:73:9d:36:b1:8a:ef:ac:19:75:
                    5a:b7:45:6a:45:64:7c:9b:49:e0:27:d2:87:04:34:
                    e1:38:2f:7a:e7:96:29:6c:42:56:e1:5e:2b:e1:a3:
                    42:b0:32:b9:d3:1d:a6:0c:8e:49:a8:0f:55:53:a5:
                    c8:7e:55:b4:84:95:9a:67:a2:30:0f:fd:a8:da:36:
                    c0:18:86:48:65:94:cf:27:87:29:41:c4:6e:ce:19:
                    c1:f6:70:63:c4:8a:e2:92:63:a2:d4:a2:e7:d8:e9:
                    58:df:70:36:2f:12:68:07:1a:05:02:e6:a5:4b:19:
                    e1:1e:27:3c:d4:d6:8e:bf:44:46:49:d5:81:5e:ce:
                    0e:34:d2:70:4e:4d:d7:74:1e:9d:b8:7f:b8:27:e4:
                    94:4a:8a:ab:7c:62:23:a0:1f:9e:47:7f:c6:0c:d5:
                    d4:35:c3:fc:ae:c9:0f:0e:80:e6:bd:75:4a:23:86:
                    c5:a7:71:8a:ec:dc:d3:62:aa:e3:f5:b7:de:2a:20:
                    d7:87:74:37:be:85:73:7f:16:39:42:ac:b2:c3:66:
                    9d:a0:13:7d:0b:4b:2d:b1:88:f1:74:56:45:11:68:
                    ec:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:91:E0:30:CE:EC:4F:D6:62:BF:F1:52:1C:95:82:19:46:8D:57:18
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/HJHgMM7sT9Ziv_FSHJWCGUaNVxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.139.0/24
                  77.90.145.0/24
                  77.90.150.0/24
                  77.90.155.0/24
                  77.90.166.0/24
                  77.90.178.0/24
                  77.90.190.0/24
                  213.209.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c3:30:57:91:02:f3:fc:50:7f:2f:38:e0:77:cd:6b:ef:4c:
         08:97:58:a8:a8:75:ec:b7:7c:38:bd:4f:a4:73:27:91:44:b5:
         4d:d2:20:8b:19:82:9a:07:55:19:84:e0:df:7c:36:31:26:e4:
         82:85:ba:e0:6c:a3:e3:4a:05:21:c2:0b:c5:87:82:2c:c3:63:
         13:11:1c:e9:9b:5e:26:6c:2a:48:d3:19:4c:a2:d0:f3:91:e9:
         27:81:f8:2d:bb:8d:16:7a:b7:28:74:68:36:4b:01:18:3f:3b:
         b3:1d:a7:c1:2f:91:d8:1f:1e:88:5a:d5:24:83:d3:11:29:26:
         ef:3e:ef:22:67:ae:31:93:84:7a:05:83:ce:70:13:c2:62:f9:
         ae:62:b3:24:fd:06:a2:36:f9:12:59:6f:12:03:7d:5e:16:b2:
         d9:2b:3f:51:e2:61:22:82:bd:3e:8e:5d:9a:11:5d:2b:e1:8a:
         60:bd:49:0b:f9:73:d7:d4:18:40:90:20:d6:fc:67:a8:39:e5:
         1a:5c:cb:9c:83:8b:61:b2:f9:4c:db:17:c2:6a:f0:2d:61:55:
         c9:4e:dc:12:a4:25:9e:83:b1:cf:f2:bf:c2:d7:02:3d:96:cd:
         0f:ab:1a:9a:aa:2d:4e:b3:97:0f:48:44:16:7d:e4:3a:d0:14:
         fd:76:95:da
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEB0QVxDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDEy
NTEyMzczMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWM5MWUwMzBjZWVj
NGZkNjYyYmZmMTUyMWM5NTgyMTk0NjhkNTcxODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALiRFR75/IR75Rkl9+vTaEgjEuAqny/0TCNABuVrahpiX+v0
c502sYrvrBl1WrdFakVkfJtJ4CfShwQ04TgveueWKWxCVuFeK+GjQrAyudMdpgyO
SagPVVOlyH5VtISVmmeiMA/9qNo2wBiGSGWUzyeHKUHEbs4ZwfZwY8SK4pJjotSi
59jpWN9wNi8SaAcaBQLmpUsZ4R4nPNTWjr9ERknVgV7ODjTScE5N13Qenbh/uCfk
lEqKq3xiI6Afnkd/xgzV1DXD/K7JDw6A5r11SiOGxadxiuzc02Kq4/W33iog14d0
N76Fc38WOUKsssNmnaATfQtLLbGI8XRWRRFo7GcCAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBQckeAwzuxP1mK/8VIclYIZRo1XGDAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L0hKSGdNTTdzVDlaaXZfRlNISldDR1VhTlZ4Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAE1aiwMEAE1akQMEAE1algMEAE1a
mwMEAE1apgMEAE1asgMEAE1avgMEANXRnzANBgkqhkiG9w0BAQsFAAOCAQEAZ8Mw
V5EC8/xQfy844HfNa+9MCJdYqKh17Ld8OL1PpHMnkUS1TdIgixmCmgdVGYTg33w2
MSbkgoW64Gyj40oFIcILxYeCLMNjExEc6ZteJmwqSNMZTKLQ85HpJ4H4LbuNFnq3
KHRoNksBGD87sx2nwS+R2B8eiFrVJIPTESkm7z7vImeuMZOEegWDznATwmL5rmKz
JP0Gojb5EllvEgN9Xhay2Ss/UeJhIoK9Po5dmhFdK+GKYL1JC/lz19QYQJAg1vxn
qDnlGlzLnIOLYbL5TNsXwmrwLWFVyU7cEqQlnoOxz/K/wtcCPZbND6samqotTrOX
D0hEFn3kOtAU/XaV2g==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:23 2023 by rpki-client on console-fra.rpki-client.org