Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/bFxUNY0n_CyTMkW4S4E4vQufmDY.roa
File:                     bFxUNY0n_CyTMkW4S4E4vQufmDY.roa (raw, json)
Hash identifier:          OgWYpCNt91mN9GdjtjSKQX/c3dLNSgZbrZnuujA3Xqk=
Subject key identifier:   6C:5C:54:35:8D:27:FC:2C:93:32:45:B8:4B:81:38:BD:0B:9F:98:36
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018389DE9ED844FCEE480DC8C79A1FD67A69
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/bFxUNY0n_CyTMkW4S4E4vQufmDY.roa
Signing time:             Thu 29 Sep 2022 15:30:11 +0000
ROA not before:           Thu 29 Sep 2022 15:30:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:89:de:9e:d8:44:fc:ee:48:0d:c8:c7:9a:1f:d6:7a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Sep 29 15:30:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6c5c54358d27fc2c933245b84b8138bd0b9f9836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:26:f9:26:c2:15:1c:cb:99:80:fe:fd:22:57:
                    06:22:41:73:68:0f:4c:f1:65:d3:8e:29:03:4d:11:
                    ef:79:c4:2d:06:e1:18:bd:1a:bb:9f:5b:f1:24:97:
                    ac:27:2f:67:ca:73:7a:a3:4c:d9:a9:25:d5:ce:71:
                    a5:83:68:44:6f:cf:f7:60:c3:a0:d7:89:c1:de:8d:
                    3b:eb:e6:2e:8a:be:9d:05:0f:a1:df:e2:e1:b9:39:
                    ad:50:0e:7d:2d:3d:9c:38:49:09:92:4a:18:5b:9e:
                    b7:39:4a:cb:18:5c:6c:94:f7:0f:e0:7f:99:13:11:
                    dd:f3:6e:50:ad:1e:4a:b9:ba:08:40:d6:cb:e2:d9:
                    8d:04:91:90:dd:8c:ce:21:1c:d4:d7:dd:0c:bb:22:
                    30:53:8a:d9:f3:5a:68:40:00:57:f9:c7:78:17:37:
                    92:e9:20:4e:4a:e4:80:d0:67:52:d1:56:9a:c5:7a:
                    63:73:33:db:0d:63:b4:4c:70:56:36:ab:cb:ab:2a:
                    7b:b1:e7:25:7e:41:41:26:d4:1e:3d:df:88:4c:9e:
                    fa:5a:72:b9:b4:3d:da:fd:31:6c:42:59:b8:ed:0c:
                    d5:2a:86:7a:c1:72:6b:ed:ba:2c:69:22:eb:d9:46:
                    8b:e4:08:9e:35:8c:eb:6c:cb:ad:4e:4b:84:d6:c7:
                    91:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5C:54:35:8D:27:FC:2C:93:32:45:B8:4B:81:38:BD:0B:9F:98:36
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/bFxUNY0n_CyTMkW4S4E4vQufmDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.139.0-77.90.140.255
                  77.90.142.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  213.209.138.0/24
                  213.209.143.0/24
                  213.209.149.0/24
                  213.209.157.0/24
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:63:04:e2:e5:9f:ce:fa:be:7a:85:cc:96:81:c3:a3:ba:d5:
         28:f9:15:8f:05:6a:9f:19:78:8f:f0:df:66:19:56:c6:d3:d7:
         91:5c:39:de:72:f2:39:7d:9b:5b:c6:7c:ba:44:84:d0:4b:b4:
         58:44:59:1b:ae:a5:ef:04:30:8d:b3:2f:e2:b6:6f:32:da:13:
         f5:69:e0:f8:b4:96:6c:5e:b0:ca:53:4b:88:52:46:a6:2e:90:
         4c:6e:21:48:7f:c0:3c:f4:2b:9b:a1:e6:2f:b0:7d:ac:8b:b2:
         4d:8b:35:47:b8:c1:07:7d:76:b8:e0:65:5d:3e:7e:20:b7:71:
         30:1b:c6:8e:f5:8b:0a:d9:d0:87:a1:f8:bb:d1:d7:81:76:79:
         39:69:7b:5c:4f:65:83:9e:0f:70:c5:5d:6b:0e:be:6b:66:10:
         86:b2:7a:1e:1b:cd:c5:b1:f6:6e:55:96:14:59:5e:03:1c:8e:
         95:de:3e:f1:e5:18:fe:76:4c:89:5e:0e:7d:d3:f0:d8:ab:05:
         04:f0:3c:94:d6:3c:ea:a4:7c:e6:c7:8a:29:52:e9:45:8d:3d:
         62:08:bb:c6:0a:57:0e:28:6b:a4:05:d3:7e:3a:91:fe:77:14:
         52:9c:61:58:a9:0a:a1:b0:81:c2:e9:7a:81:02:f7:60:b0:ea:
         51:e2:86:50
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAYOJ3p7YRPzuSA3Ix5of1nppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwOTI5MTUzMDExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVjNTQzNThkMjdmYzJjOTMzMjQ1Yjg0YjgxMzhiZDBiOWY5ODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyb5JsIVHMuZgP79IlcGIkFzaA9M
8WXTjikDTRHvecQtBuEYvRq7n1vxJJesJy9nynN6o0zZqSXVznGlg2hEb8/3YMOg
14nB3o076+Yuir6dBQ+h3+LhuTmtUA59LT2cOEkJkkoYW563OUrLGFxslPcP4H+Z
ExHd825QrR5KuboIQNbL4tmNBJGQ3YzOIRzU190MuyIwU4rZ81poQABX+cd4FzeS
6SBOSuSA0GdS0VaaxXpjczPbDWO0THBWNqvLqyp7seclfkFBJtQePd+ITJ76WnK5
tD3a/TFsQlm47QzVKoZ6wXJr7bosaSLr2UaL5AieNYzrbMutTkuE1seR3QIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFGxcVDWNJ/wskzJFuEuBOL0Ln5g2MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvYkZ4VU5ZMG5fQ3lUTWtXNFM0RTR2UXVmbURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGVBggrBgEFBQcBBwEB/wSBhTCBgjBqBAIAATBkMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAU1aiDAMAwQATVqLAwQATVqMMAwDBAFNWo4DBABN
WpQwDAMEAE1amQMEAE1amgMEANXRigMEANXRjwMEANXRlQMEANXRnQMEANXRnzAU
BAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQADggEBAFxjBOLln876
vnqFzJaBw6O61Sj5FY8Fap8ZeI/w32YZVsbT15FcOd5y8jl9m1vGfLpEhNBLtFhE
WRuupe8EMI2zL+K2bzLaE/Vp4Pi0lmxesMpTS4hSRqYukExuIUh/wDz0K5uh5i+w
fayLsk2LNUe4wQd9drjgZV0+fiC3cTAbxo71iwrZ0Ieh+LvR14F2eTlpe1xPZYOe
D3DFXWsOvmtmEIayeh4bzcWx9m5VlhRZXgMcjpXePvHlGP52TIleDn3T8NirBQTw
PJTWPOqkfObHiilS6UWNPWIIu8YKVw4oa6QF0346kf53FFKcYVipCqGwgcLpeoEC
92Cw6lHihlA=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:23 2023 by rpki-client on console-fra.rpki-client.org