Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/QjzhvXcDdmHlB6gkFlVKHJq8g2A.roa
File:                     QjzhvXcDdmHlB6gkFlVKHJq8g2A.roa (raw, json)
Hash identifier:          HdBJOQAGjHg1Uggg2mzbNm/l0wvItzFV5I1Od6qgYbk=
Subject key identifier:   42:3C:E1:BD:77:03:76:61:E5:07:A8:24:16:55:4A:1C:9A:BC:83:60
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       084FC622
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/QjzhvXcDdmHlB6gkFlVKHJq8g2A.roa
Signing time:             Thu 24 Mar 2022 11:09:55 +0000
ROA not before:           Thu 24 Mar 2022 11:09:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 139445794 (0x84fc622)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 24 11:09:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=423ce1bd77037661e507a82416554a1c9abc8360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:05:b4:93:ea:d3:54:b5:b8:8b:6b:68:1f:03:
                    3e:02:01:94:12:db:23:e9:f0:00:b6:a0:99:6c:be:
                    74:de:5e:1f:a7:92:1c:a6:6e:95:c3:cd:c6:38:10:
                    90:b4:7e:79:c9:6b:06:33:00:15:84:9c:92:74:b9:
                    c9:31:a7:05:11:84:2f:97:62:db:7a:b3:94:d8:40:
                    a7:6d:c9:81:78:8e:cc:be:16:0d:fc:76:e8:db:d5:
                    f4:b5:74:73:0f:7e:55:8a:bd:b3:ce:e1:a3:30:2c:
                    af:b6:9e:b2:2f:85:74:de:64:d4:86:82:3c:74:40:
                    11:15:9d:e1:51:83:ba:d3:a8:c6:96:20:2b:d1:8b:
                    59:2b:b2:d6:d7:1e:9f:98:f2:ad:63:c7:a8:d1:1c:
                    1f:a1:8c:4f:63:0b:48:8b:4b:50:6a:66:94:22:4e:
                    e1:d4:cb:62:10:77:ee:40:57:05:1a:4f:d6:21:db:
                    14:14:13:33:31:08:ef:c9:5e:98:43:21:db:30:b5:
                    50:f8:f0:c5:2d:be:53:f7:96:37:9b:e0:ce:df:12:
                    a3:00:0c:9e:fb:4c:cb:10:23:99:79:0b:eb:06:05:
                    aa:bd:17:10:06:1c:1d:82:5c:98:e1:4e:4f:33:39:
                    29:14:8b:92:1b:03:13:c3:df:0a:95:63:e8:ed:6d:
                    09:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3C:E1:BD:77:03:76:61:E5:07:A8:24:16:55:4A:1C:9A:BC:83:60
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/QjzhvXcDdmHlB6gkFlVKHJq8g2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.138.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.153.0/24
                  77.90.157.0/24
                  185.230.13.0-185.230.14.255
                  213.209.130.0/24
                  213.209.133.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                  213.209.147.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:ac:a4:ce:ad:6d:89:a1:2f:4f:2d:65:93:ae:48:ef:b8:77:
         ea:8b:d7:59:28:05:c8:69:bd:70:9d:53:5e:b0:07:fa:50:c7:
         19:02:61:37:99:52:4c:aa:c7:1c:91:b9:d3:87:87:8c:7c:bd:
         a8:31:d7:3a:83:98:b9:cc:1c:24:2e:ce:06:37:ec:8e:8c:a3:
         f6:41:e8:37:9b:79:6a:a2:be:b5:47:80:74:b6:56:a8:92:8d:
         e1:c5:fb:25:6f:fc:98:f1:cf:82:5a:7e:50:05:15:c4:8e:d6:
         3e:49:b6:0e:99:34:a3:8b:0b:34:bc:e1:27:55:4d:92:9b:34:
         07:9c:4f:83:84:f1:15:20:78:f7:77:6a:75:c0:a0:90:b0:fe:
         a6:b4:e2:fa:18:d4:4e:8a:d4:64:d3:66:2c:c4:27:b6:b4:5b:
         a4:4b:75:fd:3c:e7:19:c8:f3:bb:97:e1:a4:98:30:d9:08:c7:
         a3:e2:4e:50:d1:ed:4c:4d:c8:e5:81:9a:3b:47:dc:5a:a7:ca:
         43:a2:c7:7d:6c:92:3e:a6:23:15:3a:8a:43:b9:20:b3:e2:58:
         d4:20:7c:3c:35:08:77:2d:10:33:f4:73:22:4e:6b:c7:9f:44:
         e4:73:b7:b9:b9:84:18:7c:be:8c:48:ff:fc:fb:1d:37:ac:e6:
         bc:8c:6f:f4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIECE/GIjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMy
NDExMDk1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDIzY2UxYmQ3NzAz
NzY2MWU1MDdhODI0MTY1NTRhMWM5YWJjODM2MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALkFtJPq01S1uItraB8DPgIBlBLbI+nwALagmWy+dN5eH6eS
HKZulcPNxjgQkLR+eclrBjMAFYScknS5yTGnBRGEL5di23qzlNhAp23JgXiOzL4W
Dfx26NvV9LV0cw9+VYq9s87hozAsr7aesi+FdN5k1IaCPHRAERWd4VGDutOoxpYg
K9GLWSuy1tcen5jyrWPHqNEcH6GMT2MLSItLUGpmlCJO4dTLYhB37kBXBRpP1iHb
FBQTMzEI78lemEMh2zC1UPjwxS2+U/eWN5vgzt8SowAMnvtMyxAjmXkL6wYFqr0X
EAYcHYJcmOFOTzM5KRSLkhsDE8PfCpVj6O1tCVsCAwEAAaOCApIwggKOMB0GA1Ud
DgQWBBRCPOG9dwN2YeUHqCQWVUocmryDYDAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L1Fqemh2WGNEZG1IbEI2Z2tGbFZLSEpxOGcyQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
pwYIKwYBBQUHAQcBAf8EgZcwgZQwfAQCAAEwdjAMAwQHTVqAAwQATVqCMAwDBAJN
WoQDBABNWooDBABNWowwDAMEAU1ajgMEAE1akDAMAwQBTVqSAwQATVqUAwQATVqZ
AwQATVqdMAwDBAC55g0DBAC55g4DBADV0YIDBADV0YUDBADV0YgDBADV0YoDBADV
0ZMwFAQCAAIwDgMFACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQCmrKTO
rW2JoS9PLWWTrkjvuHfqi9dZKAXIab1wnVNesAf6UMcZAmE3mVJMqscckbnTh4eM
fL2oMdc6g5i5zBwkLs4GN+yOjKP2Qeg3m3lqor61R4B0tlaoko3hxfslb/yY8c+C
Wn5QBRXEjtY+SbYOmTSjiws0vOEnVU2SmzQHnE+DhPEVIHj3d2p1wKCQsP6mtOL6
GNROitRk02YsxCe2tFukS3X9POcZyPO7l+GkmDDZCMej4k5Q0e1MTcjlgZo7R9xa
p8pDosd9bJI+piMVOopDuSCz4ljUIHw8NQh3LRAz9HMiTmvHn0Tkc7e5uYQYfL6M
SP/8+x03rOa8jG/0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org