Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/XM-qrOLatwleGZqanDRjdkh9N9I.roa
File:                     XM-qrOLatwleGZqanDRjdkh9N9I.roa (raw, json)
Hash identifier:          DjrYMHTSQZ/4egyKW2FIDbpSbKpb2z+52kcxEKTMyfs=
Subject key identifier:   5C:CF:AA:AC:E2:DA:B7:09:5E:19:9A:9A:9C:34:63:76:48:7D:37:D2
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       092BAFC6
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/XM-qrOLatwleGZqanDRjdkh9N9I.roa
Signing time:             Tue 17 May 2022 13:01:30 +0000
ROA not before:           Tue 17 May 2022 13:01:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        185.230.14.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.150.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 153857990 (0x92bafc6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: May 17 13:01:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5ccfaaace2dab7095e199a9a9c346376487d37d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ae:56:2c:66:d7:68:65:43:6d:34:11:75:95:
                    2b:57:22:bb:15:4d:70:96:40:05:a9:bf:da:14:ae:
                    05:c6:26:21:c1:8a:27:ca:d9:ba:6b:ce:fa:8b:1f:
                    be:3f:8e:22:ce:f1:db:bf:1c:0f:2d:d5:22:f2:c2:
                    28:3d:af:c3:b8:19:d0:67:7a:55:51:48:0f:9b:81:
                    a7:5d:44:fd:e6:30:92:01:14:f9:92:74:c6:f7:d4:
                    2d:0f:3f:b2:a0:91:9b:15:e3:ba:f2:c3:d7:78:c4:
                    ae:b9:42:6e:3d:9b:ac:f4:c9:ff:06:d3:c0:0d:26:
                    1d:8f:f9:0b:0a:0c:ef:b5:4c:b7:80:75:dc:c0:94:
                    a9:99:a3:82:84:00:49:2c:a6:c5:91:4c:e0:bb:1c:
                    34:06:14:64:c9:04:15:48:ce:6e:9f:21:80:4a:10:
                    5d:a4:71:16:40:9c:5e:13:9c:8f:18:af:82:3e:f3:
                    f7:94:ad:80:8c:d9:c6:1c:c6:3b:4b:b0:91:6f:c1:
                    8b:d9:bd:69:ca:77:75:82:aa:4f:5e:cd:c4:35:c1:
                    f8:82:2c:3f:6b:2b:f3:57:49:0e:17:d3:2d:78:55:
                    dc:57:f6:d0:cf:7d:6e:22:01:ad:4f:48:78:01:48:
                    89:0b:93:a8:19:b9:37:b6:7d:9a:82:c4:3b:d4:02:
                    9c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CF:AA:AC:E2:DA:B7:09:5E:19:9A:9A:9C:34:63:76:48:7D:37:D2
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/XM-qrOLatwleGZqanDRjdkh9N9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.138.0/24
                  77.90.149.0-77.90.150.255
                  77.90.153.0/24
                  77.90.157.0/24
                  77.90.179.0/24
                  77.90.185.0/24
                  185.230.14.0/24
                  213.209.129.0/24
                  213.209.143.0/24
                  213.209.145.0-213.209.147.255
                  213.209.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:d0:89:72:f7:7c:06:eb:7a:49:ab:0f:88:e9:c0:db:ef:e4:
         ed:8b:7c:91:8c:87:a0:7f:ec:2d:71:8e:f2:12:04:7f:3b:b0:
         09:a2:43:dc:33:46:f1:59:a2:1c:6f:fb:2f:a4:98:dd:b5:14:
         84:a0:67:34:05:17:95:b1:2c:27:1c:d7:38:fa:05:39:df:50:
         6e:21:12:fa:2f:a9:0c:f1:fa:33:bc:00:fb:b6:0e:89:96:15:
         6f:ee:86:74:4d:06:26:4b:54:f5:e2:78:c9:58:2b:a6:9e:1e:
         e7:8f:4c:c9:8b:43:95:85:e8:d1:e7:6f:f8:75:40:13:6b:9b:
         4a:c3:3f:78:dc:a3:ab:01:8d:60:1e:ff:3f:3b:31:d6:43:54:
         f2:fe:55:ec:b3:33:07:2f:0f:b5:f5:57:ab:2a:84:d1:73:74:
         a2:dc:5d:d3:7b:1d:81:21:12:db:78:95:59:84:58:bf:6c:ec:
         3f:ab:a1:7c:c7:b3:7d:7e:57:4c:2c:fa:7a:47:8b:50:b5:f6:
         07:34:cf:66:2e:f7:48:26:62:78:f2:2c:09:e4:fd:21:8d:71:
         b9:34:bd:fb:d1:f2:33:65:68:8c:89:7a:2e:da:9c:ca:58:e5:
         7d:52:5d:55:f9:23:50:f2:e6:f9:95:18:18:b5:83:68:95:28:
         df:13:79:0c
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIECSuvxjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDUx
NzEzMDEzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWNjZmFhYWNlMmRh
YjcwOTVlMTk5YTlhOWMzNDYzNzY0ODdkMzdkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANKuVixm12hlQ200EXWVK1ciuxVNcJZABam/2hSuBcYmIcGK
J8rZumvO+osfvj+OIs7x278cDy3VIvLCKD2vw7gZ0Gd6VVFID5uBp11E/eYwkgEU
+ZJ0xvfULQ8/sqCRmxXjuvLD13jErrlCbj2brPTJ/wbTwA0mHY/5CwoM77VMt4B1
3MCUqZmjgoQASSymxZFM4LscNAYUZMkEFUjObp8hgEoQXaRxFkCcXhOcjxivgj7z
95StgIzZxhzGO0uwkW/Bi9m9acp3dYKqT17NxDXB+IIsP2sr81dJDhfTLXhV3Ff2
0M99biIBrU9IeAFIiQuTqBm5N7Z9moLEO9QCnAkCAwEAAaOCAlUwggJRMB0GA1Ud
DgQWBBRcz6qs4tq3CV4ZmpqcNGN2SH030jAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L1hNLXFyT0xhdHdsZUdacWFuRFJqZGtoOU45SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBr
BggrBgEFBQcBBwEB/wRcMFowWAQCAAEwUgMEAE1aijAMAwQATVqVAwQATVqWAwQA
TVqZAwQATVqdAwQATVqzAwQATVq5AwQAueYOAwQA1dGBAwQA1dGPMAwDBADV0ZED
BALV0ZADBADV0Z4wDQYJKoZIhvcNAQELBQADggEBAInQiXL3fAbrekmrD4jpwNvv
5O2LfJGMh6B/7C1xjvISBH87sAmiQ9wzRvFZohxv+y+kmN21FISgZzQFF5WxLCcc
1zj6BTnfUG4hEvovqQzx+jO8APu2DomWFW/uhnRNBiZLVPXieMlYK6aeHuePTMmL
Q5WF6NHnb/h1QBNrm0rDP3jco6sBjWAe/z87MdZDVPL+VeyzMwcvD7X1V6sqhNFz
dKLcXdN7HYEhEtt4lVmEWL9s7D+roXzHs31+V0ws+npHi1C19gc0z2Yu90gmYnjy
LAnk/SGNcbk0vfvR8jNlaIyJei7anMpY5X1SXVX5I1Dy5vmVGBi1g2iVKN8TeQw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org