Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/drPmTcingvzFLcFtsG0BnLrAU-k.roa
File:                     drPmTcingvzFLcFtsG0BnLrAU-k.roa (raw, json)
Hash identifier:          0dJ/uxNtbjR71Zp8wbqQ5eCnQtgoEQo3/4z3m6arUp8=
Subject key identifier:   76:B3:E6:4D:C8:A7:82:FC:C5:2D:C1:6D:B0:6D:01:9C:BA:C0:53:E9
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018450F872EC643452499807D3FF2171BAE6
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/drPmTcingvzFLcFtsG0BnLrAU-k.roa
Signing time:             Mon 07 Nov 2022 07:22:50 +0000
ROA not before:           Mon 07 Nov 2022 07:22:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:50:f8:72:ec:64:34:52:49:98:07:d3:ff:21:71:ba:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Nov  7 07:22:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=76b3e64dc8a782fcc52dc16db06d019cbac053e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:60:ba:b3:7d:15:65:80:83:bf:1f:77:55:07:
                    8c:c7:ba:cd:2c:ca:71:26:21:ba:b9:65:d3:f6:97:
                    1a:fc:54:67:dd:26:c5:30:85:51:e4:6d:fb:b0:94:
                    32:8a:e4:79:4c:1a:13:a5:4c:b1:e8:bb:54:57:bc:
                    b2:a8:ba:e2:0f:f4:41:9a:4f:52:ad:13:2a:4c:06:
                    b9:45:c8:ee:bd:f4:84:80:08:54:55:cb:51:ba:c9:
                    f8:e8:92:fc:f9:89:ff:01:e5:44:4e:66:70:47:5f:
                    8d:eb:fb:45:a9:1a:75:ee:bc:a2:54:5a:b6:c9:a2:
                    da:8c:54:cd:bb:a5:1c:33:6d:db:83:03:57:38:e0:
                    27:88:88:28:0d:e6:d4:22:4c:4e:63:24:a5:e9:d3:
                    75:6f:c6:df:a8:f3:72:ef:43:9d:22:0a:59:2e:48:
                    c2:72:fd:a9:48:3d:74:0f:65:26:13:c0:75:b1:23:
                    f0:53:c9:6e:12:99:cb:ac:66:7f:fb:d3:d5:ce:47:
                    6b:48:4d:a0:f6:dc:23:9e:0e:55:4c:98:03:31:b2:
                    bd:6f:a9:d8:a3:0a:e3:80:32:5b:20:df:64:a9:75:
                    66:d2:a2:cd:77:70:b0:37:c4:9a:3b:0e:bf:2c:20:
                    8b:9f:aa:2b:a4:7e:35:12:d6:45:86:33:2e:1b:53:
                    32:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B3:E6:4D:C8:A7:82:FC:C5:2D:C1:6D:B0:6D:01:9C:BA:C0:53:E9
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/drPmTcingvzFLcFtsG0BnLrAU-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.139.0-77.90.140.255
                  77.90.142.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  77.90.156.0/24
                  77.90.178.0/24
                  77.90.184.0/24
                  77.90.188.0/24
                  185.230.13.0-185.230.14.255
                  213.209.138.0/24
                  213.209.143.0/24
                  213.209.149.0/24
                  213.209.156.0/23
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:83:23:0b:e9:6f:7d:5c:07:64:f4:51:d6:4f:a7:ea:d6:aa:
         9a:11:af:14:15:7f:09:a9:70:5f:6e:06:06:0c:d4:aa:6d:8d:
         63:93:00:60:8c:db:37:86:e9:8e:50:6b:9b:43:1f:28:e9:2a:
         f9:4e:67:3f:62:b8:94:4a:03:54:dc:0c:26:d5:40:63:de:54:
         ed:df:7c:9f:80:7e:e2:ae:b3:48:7c:e0:52:e4:3b:ca:cb:94:
         c4:03:e0:55:b6:c1:3d:cd:9e:a4:26:2e:39:0b:fc:4c:00:3b:
         ee:ec:8b:8e:13:e2:c6:5e:e2:f2:8e:52:56:d8:9a:2d:59:7f:
         ff:28:6c:71:b2:f5:88:6b:e5:97:63:91:84:67:2c:33:28:d6:
         7a:21:09:13:0f:0f:98:1f:72:12:37:0d:08:fa:14:67:cd:00:
         30:22:12:ed:3f:77:41:c6:0d:d1:f9:29:de:b2:d1:86:57:5f:
         00:bb:b5:c0:7f:81:fc:a0:2f:e3:fb:c2:29:3c:39:9b:a2:1d:
         13:96:e2:33:9a:22:64:ab:52:66:6c:70:c1:7b:4f:c6:db:2d:
         de:ba:08:79:db:5a:d6:43:ec:8b:13:cb:41:51:e4:5b:9d:e4:
         b2:07:dd:23:07:47:24:24:a7:7a:19:eb:cd:de:aa:d2:be:96:
         a1:17:8e:29
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYRQ+HLsZDRSSZgH0/8hcbrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIxMTA3MDcyMjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmIzZTY0ZGM4YTc4MmZjYzUyZGMxNmRiMDZkMDE5Y2JhYzA1M2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWC6s30VZYCDvx93VQeMx7rNLMpx
JiG6uWXT9pca/FRn3SbFMIVR5G37sJQyiuR5TBoTpUyx6LtUV7yyqLriD/RBmk9S
rRMqTAa5RcjuvfSEgAhUVctRusn46JL8+Yn/AeVETmZwR1+N6/tFqRp17ryiVFq2
yaLajFTNu6UcM23bgwNXOOAniIgoDebUIkxOYySl6dN1b8bfqPNy70OdIgpZLkjC
cv2pSD10D2UmE8B1sSPwU8luEpnLrGZ/+9PVzkdrSE2g9twjng5VTJgDMbK9b6nY
owrjgDJbIN9kqXVm0qLNd3CwN8SaOw6/LCCLn6orpH41EtZFhjMuG1MyxQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFHaz5k3Ip4L8xS3BbbBtAZy6wFPpMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvZHJQbVRjaW5ndnpGTGNGdHNHMEJuTHJBVS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBkQQCAAEwgYowDAME
B01agAMEAE1agjAMAwQCTVqEAwQBTVqIMAwDBABNWosDBABNWowwDAMEAU1ajgME
AE1alDAMAwQATVqZAwQATVqaAwQATVqcAwQATVqyAwQATVq4AwQATVq8MAwDBAC5
5g0DBAC55g4DBADV0YoDBADV0Y8DBADV0ZUDBAHV0ZwDBADV0Z8wFAQCAAIwDgMF
ACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQAJgyML6W99XAdk9FHWT6fq
1qqaEa8UFX8JqXBfbgYGDNSqbY1jkwBgjNs3humOUGubQx8o6Sr5Tmc/YriUSgNU
3Awm1UBj3lTt33yfgH7irrNIfOBS5DvKy5TEA+BVtsE9zZ6kJi45C/xMADvu7IuO
E+LGXuLyjlJW2JotWX//KGxxsvWIa+WXY5GEZywzKNZ6IQkTDw+YH3ISNw0I+hRn
zQAwIhLtP3dBxg3R+SnestGGV18Au7XAf4H8oC/j+8IpPDmboh0TluIzmiJkq1Jm
bHDBe0/G2y3eugh521rWQ+yLE8tBUeRbneSyB90jB0ckJKd6GevN3qrSvpahF44p
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org