Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Jq8XmLc1dFm7itHkVMRJxHJF2Vs.roa
File:                     Jq8XmLc1dFm7itHkVMRJxHJF2Vs.roa (raw, json)
Hash identifier:          VcgCDbPpD/FbDCy5jAfl2JspJxfDKdtMtF4ErRJbUHM=
Subject key identifier:   26:AF:17:98:B7:35:74:59:BB:8A:D1:E4:54:C4:49:C4:72:45:D9:5B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       08C4D8C3
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Jq8XmLc1dFm7itHkVMRJxHJF2Vs.roa
Signing time:             Thu 21 Apr 2022 15:25:03 +0000
ROA not before:           Thu 21 Apr 2022 15:25:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.152.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.180.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147118275 (0x8c4d8c3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Apr 21 15:25:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=26af1798b7357459bb8ad1e454c449c47245d95b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:98:07:7e:a5:f4:70:6e:df:71:27:0a:44:f6:
                    98:b0:c6:08:7c:fc:34:4e:0e:ac:3b:c4:a5:ec:ee:
                    44:ea:c6:99:fb:17:4c:3d:13:32:31:e2:de:7b:85:
                    cf:ca:ab:5a:85:bb:a8:9f:ff:25:21:f4:71:3b:85:
                    06:59:23:5f:db:b8:94:72:4c:29:56:cc:32:6a:de:
                    71:a3:12:b9:af:e9:a0:aa:5a:8e:e6:f2:14:44:5f:
                    88:82:c4:35:72:16:c2:9b:79:f5:f5:16:37:a8:90:
                    ae:7a:71:b0:ba:52:13:f7:06:ba:7f:49:a7:53:0e:
                    1d:dc:17:5b:91:e2:85:da:d6:25:71:cb:98:9f:6f:
                    91:6d:ca:17:61:56:03:29:b0:17:6e:0e:33:07:48:
                    09:5f:25:0f:8c:72:8c:9e:17:cf:8f:f0:e1:c2:11:
                    be:aa:f6:11:ce:e3:65:95:e2:31:f2:9f:b5:51:5d:
                    32:7b:aa:e1:06:79:66:f7:98:6b:69:01:67:f7:b2:
                    0a:44:03:b7:0a:f4:7f:07:6a:5f:2b:0a:3d:7e:4b:
                    01:37:4d:37:5d:8b:1b:29:71:95:e7:ad:ac:1e:ee:
                    05:40:3c:eb:74:44:a8:ad:7a:63:d8:f3:05:57:15:
                    e2:60:1a:2f:ce:10:7b:39:d6:f5:88:81:24:05:b5:
                    f4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:AF:17:98:B7:35:74:59:BB:8A:D1:E4:54:C4:49:C4:72:45:D9:5B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Jq8XmLc1dFm7itHkVMRJxHJF2Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.140.255
                  77.90.142.0-77.90.148.255
                  77.90.152.0/24
                  77.90.157.0/24
                  77.90.178.0/24
                  77.90.180.0/24
                  77.90.185.0/24
                  77.90.191.0/24
                  185.230.13.0-185.230.14.255
                  213.209.130.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                  213.209.146.0/23
                  213.209.149.0/24
                  213.209.156.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:35:c1:2e:bd:9a:6c:96:4f:77:ac:38:97:a2:35:b7:da:d1:
         38:38:e7:68:36:4d:0c:39:c4:f2:a9:af:99:22:50:4d:eb:38:
         0d:14:3d:74:55:3b:bc:6f:d2:1b:21:af:a2:66:31:88:9c:1a:
         0c:7c:aa:bf:e5:fa:cb:37:83:cc:ed:89:32:22:2b:ec:e5:79:
         01:9b:73:8a:40:32:cf:0a:01:12:34:4b:5a:6c:04:42:79:e3:
         93:78:84:82:a9:76:91:c2:09:58:1c:c1:91:08:bd:a1:d6:f6:
         25:ee:81:a1:6f:ee:d5:34:a6:19:04:c7:70:61:8a:f4:6d:d6:
         11:6b:2e:5d:65:bf:a9:72:43:72:b6:5b:0c:9f:6b:2b:63:00:
         db:5f:8e:02:da:e7:8a:4a:77:18:b0:29:a4:c8:01:23:cd:52:
         52:75:b9:c1:3e:27:f4:a5:19:3c:ac:be:42:1c:d0:38:e7:a3:
         5b:80:b6:33:38:63:fa:c7:da:c6:dc:fc:67:ea:b6:82:44:79:
         6c:11:17:cc:ab:42:e4:dd:55:e2:29:8f:fe:c5:57:76:db:15:
         0e:dc:4b:a6:89:67:5d:3d:2e:09:fa:86:3d:4e:94:8a:bc:6f:
         c6:fa:eb:00:97:a0:7e:4a:e3:6c:44:49:b3:cf:90:04:18:27:
         90:7a:ff:fe
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIECMTYwzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDQy
MTE1MjUwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjZhZjE3OThiNzM1
NzQ1OWJiOGFkMWU0NTRjNDQ5YzQ3MjQ1ZDk1YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANiYB36l9HBu33EnCkT2mLDGCHz8NE4OrDvEpezuROrGmfsX
TD0TMjHi3nuFz8qrWoW7qJ//JSH0cTuFBlkjX9u4lHJMKVbMMmrecaMSua/poKpa
jubyFERfiILENXIWwpt59fUWN6iQrnpxsLpSE/cGun9Jp1MOHdwXW5HihdrWJXHL
mJ9vkW3KF2FWAymwF24OMwdICV8lD4xyjJ4Xz4/w4cIRvqr2Ec7jZZXiMfKftVFd
Mnuq4QZ5ZveYa2kBZ/eyCkQDtwr0fwdqXysKPX5LATdNN12LGylxleetrB7uBUA8
63REqK16Y9jzBVcV4mAaL84QeznW9YiBJAW19AUCAwEAAaOCAp4wggKaMB0GA1Ud
DgQWBBQmrxeYtzV0WbuK0eRUxEnEckXZWzAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L0pxOFhtTGMxZEZtN2l0SGtWTVJKeEhKRjJWcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
swYIKwYBBQUHAQcBAf8EgaMwgaAwgYcEAgABMIGAMAwDBAdNWoADBABNWoIwDAME
Ak1ahAMEAE1ajDAMAwQBTVqOAwQATVqUAwQATVqYAwQATVqdAwQATVqyAwQATVq0
AwQATVq5AwQATVq/MAwDBAC55g0DBAC55g4DBADV0YIDBADV0YgDBADV0YoDBAHV
0ZIDBADV0ZUDBADV0ZwwFAQCAAIwDgMFACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEB
CwUAA4IBAQCeNcEuvZpslk93rDiXojW32tE4OOdoNk0MOcTyqa+ZIlBN6zgNFD10
VTu8b9IbIa+iZjGInBoMfKq/5frLN4PM7YkyIivs5XkBm3OKQDLPCgESNEtabARC
eeOTeISCqXaRwglYHMGRCL2h1vYl7oGhb+7VNKYZBMdwYYr0bdYRay5dZb+pckNy
tlsMn2srYwDbX44C2ueKSncYsCmkyAEjzVJSdbnBPif0pRk8rL5CHNA456NbgLYz
OGP6x9rG3Pxn6raCRHlsERfMq0Lk3VXiKY/+xVd22xUO3EumiWddPS4J+oY9TpSK
vG/G+usAl6B+SuNsREmzz5AEGCeQev/+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org