Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/RX64lYIRUgb4bvamKX3MMFTo-Lw.roa
File:                     RX64lYIRUgb4bvamKX3MMFTo-Lw.roa (raw, json)
Hash identifier:          on3FCR2I0smQwc81jTHLNNPWvGodxtVfQOFuWS+GUh8=
Subject key identifier:   45:7E:B8:95:82:11:52:06:F8:6E:F6:A6:29:7D:CC:30:54:E8:F8:BC
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07CA675D
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/RX64lYIRUgb4bvamKX3MMFTo-Lw.roa
Signing time:             Wed 09 Mar 2022 07:28:27 +0000
ROA not before:           Wed 09 Mar 2022 07:28:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 130705245 (0x7ca675d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar  9 07:28:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=457eb89582115206f86ef6a6297dcc3054e8f8bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:44:14:92:18:85:1e:71:d0:ae:39:bf:29:dd:
                    d0:45:5f:25:b0:80:cc:88:71:a5:13:58:c1:bf:74:
                    4c:37:11:80:1b:5d:ea:88:18:67:b6:ef:20:96:9e:
                    ad:ec:b2:09:c8:40:9f:9e:d2:d5:1f:9d:1c:ae:cf:
                    1e:1e:c3:61:8d:d3:6a:41:25:b3:c0:d0:87:7e:ef:
                    df:b3:23:72:49:ac:53:12:2c:da:a4:77:26:e6:2b:
                    d7:21:30:b3:94:b5:49:07:27:78:13:fb:7d:74:29:
                    5b:ac:05:ec:bf:d7:41:4b:f7:34:7f:7b:16:81:f3:
                    27:c4:6e:61:e6:83:40:41:6a:04:a2:fa:56:5c:d9:
                    0a:a1:06:64:93:3a:5d:5e:14:dd:8f:d1:92:0b:49:
                    ee:86:ca:c4:74:83:c1:45:aa:c0:64:ea:1d:a6:77:
                    88:67:32:ab:18:0c:a7:40:5d:4c:c2:71:e6:1f:a3:
                    24:e3:b4:d0:fb:08:ca:a4:3a:ad:2a:25:08:e5:c0:
                    b3:8d:63:ca:af:3b:40:50:22:f4:86:aa:19:81:0e:
                    db:a0:dd:c9:37:04:2c:19:2a:d2:80:02:a1:34:a7:
                    1c:f8:13:ad:d7:f3:2f:33:e8:d4:fb:38:51:8b:61:
                    2e:35:cb:b8:95:b0:29:01:6f:40:84:5b:f9:a5:e8:
                    2d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7E:B8:95:82:11:52:06:F8:6E:F6:A6:29:7D:CC:30:54:E8:F8:BC
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/RX64lYIRUgb4bvamKX3MMFTo-Lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.179.0/24
                  213.209.130.0/24
                  213.209.133.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:93:98:4b:0b:fc:2a:47:0d:e1:23:94:08:f0:3c:ca:aa:83:
         95:00:83:80:18:38:55:85:52:13:db:31:19:ce:07:3e:5f:54:
         cf:0c:c1:e8:96:2d:d2:2c:09:97:1c:3e:90:f5:e9:d6:d0:e1:
         18:0f:e8:3d:02:8f:ac:ed:7a:9b:81:31:d7:73:83:a8:26:b1:
         59:75:b3:df:19:79:ff:61:3f:ef:bf:c2:8d:72:90:d3:91:1d:
         58:c0:27:58:bb:c2:4d:45:9f:79:8d:0a:74:7d:ab:44:2e:af:
         26:50:25:95:4a:5e:e4:d5:ef:e4:10:fa:41:d3:aa:65:9e:57:
         8f:a4:58:f5:e9:b8:57:cd:f7:d3:8b:2b:8b:48:0b:e5:73:a4:
         af:50:03:3f:28:fe:97:d6:c9:62:99:9e:dd:7b:16:2e:b3:07:
         e6:61:8a:4e:42:c3:90:9e:5a:66:13:8b:3a:58:53:46:ad:d0:
         ee:93:a1:c9:0b:34:6c:44:32:f7:d3:5e:3d:bf:9e:f7:0a:29:
         d2:8a:b4:05:ba:91:16:18:0d:18:86:b9:68:80:cc:e4:38:6a:
         5f:f1:25:4a:50:52:ca:f7:40:25:c0:da:bd:17:2d:6a:bd:2d:
         8f:ea:a8:87:a4:cd:d0:90:c5:13:85:93:56:ee:62:eb:64:1d:
         f9:59:62:4c
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgIEB8pnXTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMw
OTA3MjgyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDU3ZWI4OTU4MjEx
NTIwNmY4NmVmNmE2Mjk3ZGNjMzA1NGU4ZjhiYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALJEFJIYhR5x0K45vynd0EVfJbCAzIhxpRNYwb90TDcRgBtd
6ogYZ7bvIJaereyyCchAn57S1R+dHK7PHh7DYY3TakEls8DQh37v37MjckmsUxIs
2qR3JuYr1yEws5S1SQcneBP7fXQpW6wF7L/XQUv3NH97FoHzJ8RuYeaDQEFqBKL6
VlzZCqEGZJM6XV4U3Y/RkgtJ7obKxHSDwUWqwGTqHaZ3iGcyqxgMp0BdTMJx5h+j
JOO00PsIyqQ6rSolCOXAs41jyq87QFAi9IaqGYEO26DdyTcELBkq0oACoTSnHPgT
rdfzLzPo1Ps4UYthLjXLuJWwKQFvQIRb+aXoLRUCAwEAAaOCAnYwggJyMB0GA1Ud
DgQWBBRFfriVghFSBvhu9qYpfcwwVOj4vDAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L1JYNjRsWUlSVWdiNGJ2YW1LWDNNTUZUby1Mdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
iwYIKwYBBQUHAQcBAf8EfDB6MGIEAgABMFwwDAMEB01agAMEAE1agjAMAwQCTVqE
AwQBTVqIAwQATVqMMAwDBAFNWo4DBABNWpAwDAMEAU1akgMEAE1alAMEAE1aswME
ANXRggMEANXRhQMEANXRiAMEANXRijAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJ
KoZIhvcNAQELBQADggEBAHOTmEsL/CpHDeEjlAjwPMqqg5UAg4AYOFWFUhPbMRnO
Bz5fVM8MweiWLdIsCZccPpD16dbQ4RgP6D0Cj6ztepuBMddzg6gmsVl1s98Zef9h
P++/wo1ykNORHVjAJ1i7wk1Fn3mNCnR9q0QuryZQJZVKXuTV7+QQ+kHTqmWeV4+k
WPXpuFfN99OLK4tIC+VzpK9QAz8o/pfWyWKZnt17Fi6zB+Zhik5Cw5CeWmYTizpY
U0at0O6TockLNGxEMvfTXj2/nvcKKdKKtAW6kRYYDRiGuWiAzOQ4al/xJUpQUsr3
QCXA2r0XLWq9LY/qqIekzdCQxROFk1buYutkHflZYkw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org