Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/OpDihOMqk0RNkW5J0kDGMnRrvds.roa
File:                     OpDihOMqk0RNkW5J0kDGMnRrvds.roa (raw, json)
Hash identifier:          481wiRCNQnoAIq7fT1IGpDUDbRiPoSx2OBk8TNP/L84=
Subject key identifier:   3A:90:E2:84:E3:2A:93:44:4D:91:6E:49:D2:40:C6:32:74:6B:BD:DB
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       09F692CA
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/OpDihOMqk0RNkW5J0kDGMnRrvds.roa
Signing time:             Fri 01 Jul 2022 09:38:25 +0000
ROA not before:           Fri 01 Jul 2022 09:38:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208911
IP address blocks:        213.209.157.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 167154378 (0x9f692ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul  1 09:38:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3a90e284e32a93444d916e49d240c632746bbddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:51:77:40:8a:97:e4:05:64:a2:95:ca:d6:ba:
                    de:40:0c:c6:27:af:dc:1a:18:70:0d:d7:41:f2:5b:
                    3e:7f:b5:7e:15:1b:dd:ab:1c:60:87:73:82:f9:b0:
                    ca:2c:e7:78:2f:2f:12:6a:32:03:ff:95:fb:ec:60:
                    a2:94:a1:8a:86:62:ed:13:c5:87:6b:5c:dc:87:ea:
                    2c:67:0c:22:95:7f:ad:45:ba:ea:3a:35:40:cf:ff:
                    b2:94:d3:b6:d7:1e:09:64:d9:3f:fb:93:30:68:8f:
                    5d:02:da:df:48:d9:db:fb:aa:8f:b0:31:3f:64:51:
                    5c:28:f9:5c:96:96:94:ea:97:b7:ec:6a:b7:69:7c:
                    9c:f5:39:0e:80:dc:44:8c:3e:97:8b:9a:9c:5a:aa:
                    2f:cf:69:c0:39:2f:63:97:38:f0:02:b6:fd:2a:21:
                    d8:5b:e6:64:f7:f3:d4:23:5f:1e:a9:95:0d:57:f7:
                    59:e1:b8:0c:78:6b:91:d2:4e:9a:c0:2c:a7:6c:cc:
                    0c:93:a3:02:56:1f:f8:f0:2e:c6:39:22:0d:8d:5a:
                    00:9b:89:22:dd:98:fc:a0:48:07:4b:bf:9e:af:ae:
                    10:57:a6:e7:da:8d:da:bb:e2:6d:ba:1c:d6:70:ad:
                    03:9a:3b:8a:ee:4e:9d:58:26:90:35:04:b2:9e:86:
                    1b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:90:E2:84:E3:2A:93:44:4D:91:6E:49:D2:40:C6:32:74:6B:BD:DB
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/OpDihOMqk0RNkW5J0kDGMnRrvds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.156.0/24
                  213.209.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:c4:14:ff:60:b8:fb:89:c6:e5:71:99:fe:b7:56:15:47:45:
         70:25:52:c2:10:98:d9:eb:01:69:89:2c:6c:6e:2e:5c:7e:99:
         ca:7b:83:e6:b3:ac:6a:78:69:db:95:2b:7d:8a:ef:81:c4:d0:
         b8:b5:d2:d6:f4:64:21:f4:31:13:c3:57:18:2d:82:31:b5:63:
         0e:8d:8d:7b:4d:ac:e8:96:75:24:1d:0b:da:03:ff:51:32:06:
         24:bc:7e:4d:21:b4:1f:85:38:fc:d2:cd:40:ed:f7:af:85:4b:
         17:d8:28:0e:14:a1:7a:0d:cc:b6:23:fe:65:00:05:dc:e6:84:
         e2:fb:fd:b9:e3:d4:10:33:e6:0a:a4:b6:8b:0b:2b:7d:fe:55:
         78:82:56:d8:0d:44:04:65:a3:97:e8:b7:60:57:9f:73:3f:0f:
         15:a3:ca:00:7d:40:e7:7c:38:d9:a7:3f:8a:fe:0b:b5:a0:f6:
         24:1c:db:eb:a4:b1:2d:ee:ae:cf:6c:38:ac:01:6f:6b:4f:01:
         64:d9:fd:c7:52:f8:d4:b2:ab:cd:8e:90:34:49:6f:2f:50:fc:
         56:a7:7b:6f:20:ba:e7:40:42:e4:94:2e:9a:84:67:6f:89:23:
         f8:e1:ff:dd:3b:f9:1b:5e:97:29:d0:c0:11:cb:0e:f2:3b:44:
         65:1d:e8:87
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECfaSyjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDcw
MTA5MzgyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2E5MGUyODRlMzJh
OTM0NDRkOTE2ZTQ5ZDI0MGM2MzI3NDZiYmRkYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJxRd0CKl+QFZKKVyta63kAMxiev3BoYcA3XQfJbPn+1fhUb
3ascYIdzgvmwyizneC8vEmoyA/+V++xgopShioZi7RPFh2tc3IfqLGcMIpV/rUW6
6jo1QM//spTTttceCWTZP/uTMGiPXQLa30jZ2/uqj7AxP2RRXCj5XJaWlOqXt+xq
t2l8nPU5DoDcRIw+l4uanFqqL89pwDkvY5c48AK2/Soh2FvmZPfz1CNfHqmVDVf3
WeG4DHhrkdJOmsAsp2zMDJOjAlYf+PAuxjkiDY1aAJuJIt2Y/KBIB0u/nq+uEFem
59qN2rvibboc1nCtA5o7iu5OnVgmkDUEsp6GG2sCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQ6kOKE4yqTRE2RbknSQMYydGu92zAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L09wRGloT01xazBSTmtXNUowa0RHTW5ScnZkcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAE1anAMEANXRnTANBgkqhkiG9w0B
AQsFAAOCAQEAVcQU/2C4+4nG5XGZ/rdWFUdFcCVSwhCY2esBaYksbG4uXH6ZynuD
5rOsanhp25UrfYrvgcTQuLXS1vRkIfQxE8NXGC2CMbVjDo2Ne02s6JZ1JB0L2gP/
UTIGJLx+TSG0H4U4/NLNQO33r4VLF9goDhSheg3MtiP+ZQAF3OaE4vv9uePUEDPm
CqS2iwsrff5VeIJW2A1EBGWjl+i3YFefcz8PFaPKAH1A53w42ac/iv4LtaD2JBzb
66SxLe6uz2w4rAFva08BZNn9x1L41LKrzY6QNElvL1D8Vqd7byC650BC5JQumoRn
b4kj+OH/3Tv5G16XKdDAEcsO8jtEZR3ohw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:08 2023 by rpki-client on console-ams.rpki-client.org