Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/NDScLG1bW7Hv3tiUKxeGW4l3t4E.roa
File:                     NDScLG1bW7Hv3tiUKxeGW4l3t4E.roa (raw, json)
Hash identifier:          kzuFZh+OJ+PH9Wt3NRwzeDKDC3GUeKGdddbTW3PyFz0=
Subject key identifier:   34:34:9C:2C:6D:5B:5B:B1:EF:DE:D8:94:2B:17:86:5B:89:77:B7:81
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01850FDE1F4EF3BE05D4ACF81F91519B30A9
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/NDScLG1bW7Hv3tiUKxeGW4l3t4E.roa
Signing time:             Wed 14 Dec 2022 09:01:33 +0000
ROA not before:           Wed 14 Dec 2022 09:01:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        77.90.138.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0f:de:1f:4e:f3:be:05:d4:ac:f8:1f:91:51:9b:30:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Dec 14 09:01:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=34349c2c6d5b5bb1efded8942b17865b8977b781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c5:5a:53:dc:26:38:61:95:9c:aa:16:75:f1:
                    c4:a4:a4:75:2b:2d:51:e3:be:47:a7:43:51:a0:84:
                    fa:82:0d:db:c3:1c:ca:62:87:f3:71:77:47:4c:9c:
                    a1:72:59:9a:e4:5e:46:b8:38:72:71:cd:67:5b:fb:
                    82:45:85:4e:f9:0d:4c:a0:74:6c:6c:b7:c6:76:e2:
                    d6:3b:14:b5:82:5e:db:22:13:35:2f:d8:55:ca:b8:
                    4d:5c:70:c9:91:c6:0a:8c:9a:95:31:4d:73:6e:5c:
                    a1:7c:2d:68:39:db:e4:5f:e5:9a:49:38:d9:38:53:
                    ba:5e:ea:dc:72:7a:04:1e:64:57:a2:ec:b2:8c:6f:
                    e5:e1:7f:6e:97:0f:2b:20:1a:de:9b:87:ca:13:e9:
                    96:4e:c8:9a:2c:7a:b7:8f:7c:0f:dd:bc:bb:7b:80:
                    b1:8a:a4:18:ea:b8:5e:65:e3:61:ab:2b:70:cf:98:
                    44:88:5d:46:a2:ac:e4:e0:53:8e:ad:45:06:ce:34:
                    20:27:c7:3a:6d:b3:c4:b3:b1:2e:60:e5:b4:dd:05:
                    2d:fe:51:75:69:1f:2f:fe:51:cc:b9:3e:09:a4:e6:
                    45:7f:2e:b3:79:59:ab:b1:6f:80:e7:63:63:4d:55:
                    18:38:91:32:0f:a5:d2:71:7c:36:42:a6:0c:7a:2e:
                    22:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:34:9C:2C:6D:5B:5B:B1:EF:DE:D8:94:2B:17:86:5B:89:77:B7:81
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/NDScLG1bW7Hv3tiUKxeGW4l3t4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:30:3c:a8:30:d8:53:ae:82:a6:e6:3a:36:00:5c:2e:a6:16:
         26:a6:c3:c2:88:f8:3d:d6:86:b9:11:64:18:29:ba:ea:8c:b0:
         13:ad:51:7e:d3:7c:63:88:ac:ee:45:15:a3:26:05:7c:7e:a7:
         8b:78:d1:4c:a6:de:72:b4:61:23:7f:67:ac:09:2e:81:ce:10:
         8b:d9:58:d1:48:48:cb:29:ad:8d:a6:37:fe:4e:94:e3:d9:32:
         a6:1b:cb:a0:0b:53:34:26:a3:a2:81:87:1e:89:89:5e:11:67:
         05:c8:32:c5:d7:bf:e1:02:f1:6d:6f:24:a1:d1:63:33:b4:df:
         a1:c9:49:38:28:69:37:b0:34:4a:0b:18:e8:86:4c:65:22:66:
         10:1f:04:a5:68:32:89:01:07:54:d3:bf:fa:d0:05:76:59:ab:
         8a:75:b0:00:8f:db:14:e3:de:73:c8:75:dd:b7:92:4c:17:d2:
         a4:5b:cb:31:22:e6:2f:87:5f:5c:d7:1f:6d:a3:1a:f2:4e:39:
         ef:17:70:ee:73:95:e3:4b:09:80:80:b3:55:4f:7e:9f:ca:c5:
         a2:05:9a:50:e8:fd:97:e6:52:c1:cb:ab:fd:ae:02:32:51:a6:
         35:d0:c9:50:c9:d7:08:3b:67:55:bd:3d:1c:f1:b8:73:5e:19:
         35:20:2c:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUP3h9O874F1Kz4H5FRmzCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIxMjE0MDkwMTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDM0OWMyYzZkNWI1YmIxZWZkZWQ4OTQyYjE3ODY1Yjg5NzdiNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsVaU9wmOGGVnKoWdfHEpKR1Ky1R
475Hp0NRoIT6gg3bwxzKYofzcXdHTJyhclma5F5GuDhycc1nW/uCRYVO+Q1MoHRs
bLfGduLWOxS1gl7bIhM1L9hVyrhNXHDJkcYKjJqVMU1zblyhfC1oOdvkX+WaSTjZ
OFO6XurccnoEHmRXouyyjG/l4X9ulw8rIBrem4fKE+mWTsiaLHq3j3wP3by7e4Cx
iqQY6rheZeNhqytwz5hEiF1Goqzk4FOOrUUGzjQgJ8c6bbPEs7EuYOW03QUt/lF1
aR8v/lHMuT4JpOZFfy6zeVmrsW+A52NjTVUYOJEyD6XScXw2QqYMei4ijwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQ0nCxtW1ux797YlCsXhluJd7eBMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvTkRTY0xHMWJXN0h2M3RpVUt4ZUdXNGwzdDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqKMA0G
CSqGSIb3DQEBCwUAA4IBAQBuMDyoMNhTroKm5jo2AFwuphYmpsPCiPg91oa5EWQY
KbrqjLATrVF+03xjiKzuRRWjJgV8fqeLeNFMpt5ytGEjf2esCS6BzhCL2VjRSEjL
Ka2Npjf+TpTj2TKmG8ugC1M0JqOigYceiYleEWcFyDLF17/hAvFtbySh0WMztN+h
yUk4KGk3sDRKCxjohkxlImYQHwSlaDKJAQdU07/60AV2WauKdbAAj9sU495zyHXd
t5JMF9KkW8sxIuYvh19c1x9toxryTjnvF3Duc5XjSwmAgLNVT36fysWiBZpQ6P2X
5lLBy6v9rgIyUaY10MlQydcIO2dVvT0c8bhzXhk1ICxl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org