Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/JbS2IoakV7yE-L8s1X3GapcqhdY.roa
File:                     JbS2IoakV7yE-L8s1X3GapcqhdY.roa (raw, json)
Hash identifier:          3VPD5ZpJicFVWZ338hvFIX6UTW3ZbZPOA6Ir/zhxL5Y=
Subject key identifier:   25:B4:B6:22:86:A4:57:BC:84:F8:BF:2C:D5:7D:C6:6A:97:2A:85:D6
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01832C624D9A2465CBAF764D6D71B114AD72
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/JbS2IoakV7yE-L8s1X3GapcqhdY.roa
Signing time:             Sun 11 Sep 2022 11:49:43 +0000
ROA not before:           Sun 11 Sep 2022 11:49:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209372
IP address blocks:        213.209.131.0/24 maxlen: 24
                          213.209.139.0/24 maxlen: 24
                          213.209.137.0/24 maxlen: 24
                          213.209.135.0/24 maxlen: 24
                          213.209.152.0/24 maxlen: 24
                          213.209.154.0/24 maxlen: 24
                          213.209.155.0/24 maxlen: 24
                          213.209.153.0/24 maxlen: 24
                          77.90.159.0/24 maxlen: 24
                          77.90.158.0/24 maxlen: 24
                          77.90.165.0/24 maxlen: 24
                          77.90.160.0/24 maxlen: 24
                          77.90.163.0/24 maxlen: 24
                          77.90.161.0/24 maxlen: 24
                          77.90.162.0/24 maxlen: 24
                          77.90.171.0/24 maxlen: 24
                          77.90.172.0/24 maxlen: 24
                          77.90.167.0/24 maxlen: 24
                          77.90.170.0/24 maxlen: 24
                          77.90.169.0/24 maxlen: 24
                          77.90.177.0/24 maxlen: 24
                          77.90.175.0/24 maxlen: 24
                          77.90.182.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:2c:62:4d:9a:24:65:cb:af:76:4d:6d:71:b1:14:ad:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Sep 11 11:49:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=25b4b62286a457bc84f8bf2cd57dc66a972a85d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:39:54:c2:01:b6:a1:19:c6:90:4f:19:ff:77:
                    3b:42:75:e6:cc:7e:f8:f9:24:a0:50:76:01:c4:05:
                    5e:0c:08:99:04:3f:3b:94:d5:2c:32:85:65:63:f3:
                    d1:ef:cb:33:57:45:e3:d8:92:98:ac:3d:05:2a:d1:
                    10:97:1f:62:6d:be:99:8e:98:3a:67:98:45:92:c4:
                    39:eb:2f:6b:20:a3:fd:a0:cc:a1:0d:c8:e2:f8:f7:
                    a7:82:57:e5:ab:bb:7c:83:2f:9f:30:4d:07:d4:70:
                    0b:ca:ce:75:41:35:95:49:71:cd:eb:28:1d:ff:49:
                    82:43:ce:e1:7d:5f:a7:97:4a:29:5b:e3:90:99:e6:
                    c5:91:ca:bc:ed:10:a5:d9:93:f8:f3:5d:fc:1b:7d:
                    17:6a:70:d8:1c:f7:eb:c5:ce:07:88:25:bb:59:af:
                    b6:53:70:5d:97:4c:ac:cc:75:e7:4d:ec:bf:9a:9b:
                    40:a7:c4:99:64:6d:4b:23:14:3f:03:97:c1:6d:94:
                    35:b9:d4:2d:df:dc:e7:47:c4:f5:73:41:af:3b:fa:
                    87:29:b3:5a:2d:28:5c:27:ee:67:3a:eb:9b:82:2f:
                    c7:44:bb:b9:f1:e7:9c:c3:45:11:97:be:9b:2e:19:
                    74:86:74:3b:3f:33:7a:e2:a1:11:86:c3:3b:e6:e8:
                    24:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:B4:B6:22:86:A4:57:BC:84:F8:BF:2C:D5:7D:C6:6A:97:2A:85:D6
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/JbS2IoakV7yE-L8s1X3GapcqhdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.158.0-77.90.163.255
                  77.90.165.0/24
                  77.90.167.0/24
                  77.90.169.0-77.90.172.255
                  77.90.175.0/24
                  77.90.177.0/24
                  77.90.182.0/24
                  77.90.186.0/24
                  213.209.131.0/24
                  213.209.135.0/24
                  213.209.137.0/24
                  213.209.139.0/24
                  213.209.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:de:2a:ca:dd:82:40:f6:79:99:8a:e2:2b:66:74:d2:fe:9d:
         4f:6d:54:9b:28:8a:8d:21:b8:ce:5a:e7:27:47:12:c5:d9:99:
         20:0f:1e:e2:e5:63:bb:3e:f4:28:e0:cd:d7:a0:eb:0b:92:9b:
         34:c0:b2:c2:fb:e1:83:3d:ed:0e:1c:12:c3:9f:bc:b1:a1:0b:
         33:ad:84:2a:f3:84:fd:cf:d1:c3:fd:8a:79:b8:93:33:ff:58:
         e5:7f:38:a7:42:39:93:fa:4f:0e:28:67:4b:c2:2a:06:ab:93:
         62:6c:fa:6e:22:8b:b4:79:18:24:2b:cf:ae:57:37:70:fb:21:
         97:45:97:6f:55:07:e9:0f:75:09:1d:31:89:2a:f5:39:c0:8e:
         77:6a:36:3b:2f:60:83:5c:14:62:a4:9d:9e:4a:db:b2:32:b0:
         90:b9:80:35:f8:08:f8:23:02:2a:c4:cd:b4:3c:c4:5a:68:71:
         57:8a:ff:32:cf:f2:80:7c:3b:41:b6:57:8b:6a:33:04:7c:2b:
         98:cf:e0:cb:dc:d9:ac:e1:93:8d:fd:62:8f:bc:b0:a8:35:17:
         68:d1:68:ce:51:2d:bf:d1:22:e4:13:36:40:d0:f0:14:f9:1a:
         b4:ab:72:c7:33:74:91:46:4a:af:ee:d5:42:d6:33:03:b6:09:
         21:79:4a:a9
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYMsYk2aJGXLr3ZNbXGxFK1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwOTExMTE0OTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWI0YjYyMjg2YTQ1N2JjODRmOGJmMmNkNTdkYzY2YTk3MmE4NWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzlUwgG2oRnGkE8Z/3c7QnXmzH74
+SSgUHYBxAVeDAiZBD87lNUsMoVlY/PR78szV0Xj2JKYrD0FKtEQlx9ibb6Zjpg6
Z5hFksQ56y9rIKP9oMyhDcji+Penglflq7t8gy+fME0H1HALys51QTWVSXHN6ygd
/0mCQ87hfV+nl0opW+OQmebFkcq87RCl2ZP48138G30XanDYHPfrxc4HiCW7Wa+2
U3Bdl0yszHXnTey/mptAp8SZZG1LIxQ/A5fBbZQ1udQt39znR8T1c0GvO/qHKbNa
LShcJ+5nOuubgi/HRLu58eecw0URl76bLhl0hnQ7PzN64qERhsM75ugk1QIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFCW0tiKGpFe8hPi/LNV9xmqXKoXWMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvSmJTMklvYWtWN3lFLUw4czFYM0dhcGNxaGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeMAwDBAFNWp4D
BAJNWqADBABNWqUDBABNWqcwDAMEAE1aqQMEAE1arAMEAE1arwMEAE1asQMEAE1a
tgMEAE1augMEANXRgwMEANXRhwMEANXRiQMEANXRiwMEAtXRmDANBgkqhkiG9w0B
AQsFAAOCAQEAIN4qyt2CQPZ5mYriK2Z00v6dT21UmyiKjSG4zlrnJ0cSxdmZIA8e
4uVjuz70KODN16DrC5KbNMCywvvhgz3tDhwSw5+8saELM62EKvOE/c/Rw/2KebiT
M/9Y5X84p0I5k/pPDihnS8IqBquTYmz6biKLtHkYJCvPrlc3cPshl0WXb1UH6Q91
CR0xiSr1OcCOd2o2Oy9gg1wUYqSdnkrbsjKwkLmANfgI+CMCKsTNtDzEWmhxV4r/
Ms/ygHw7QbZXi2ozBHwrmM/gy9zZrOGTjf1ij7ywqDUXaNFozlEtv9Ei5BM2QNDw
FPkatKtyxzN0kUZKr+7VQtYzA7YJIXlKqQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org