Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/eXYDbaJSmLe_cvAsyPu5hByOBzw.roa
File:                     eXYDbaJSmLe_cvAsyPu5hByOBzw.roa (raw, json)
Hash identifier:          XtTTrf2HNXkKOPAwvgg3makATI1wmBA6eO813AtzAj4=
Subject key identifier:   79:76:03:6D:A2:52:98:B7:BF:72:F0:2C:C8:FB:B9:84:1C:8E:07:3C
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07C634EA
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/eXYDbaJSmLe_cvAsyPu5hByOBzw.roa
Signing time:             Tue 08 Mar 2022 07:41:49 +0000
ROA not before:           Tue 08 Mar 2022 07:41:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.164.0/24 maxlen: 24
                          77.90.173.0/24 maxlen: 24
                          185.230.15.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 130430186 (0x7c634ea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar  8 07:41:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7976036da25298b7bf72f02cc8fbb9841c8e073c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:aa:32:d2:96:ea:d6:cb:70:75:08:5c:52:79:
                    e6:cc:90:47:20:7e:cd:49:a4:b4:0d:62:85:66:79:
                    1c:67:ee:9f:45:5a:b2:4a:40:ce:9b:41:f4:b2:22:
                    a4:79:ca:b0:bc:12:a7:70:a9:61:62:26:21:67:8d:
                    11:c7:e0:94:25:50:44:fd:44:76:4f:d1:f0:22:7a:
                    b1:e8:ac:46:cc:cd:0a:b1:ba:2d:ef:7c:3d:f7:b1:
                    23:c5:e7:86:e4:fd:91:dd:e3:a0:d8:09:a5:3f:5e:
                    74:6d:a7:4a:f5:57:26:b3:08:62:f8:72:cf:38:3d:
                    4e:12:2b:9e:7a:83:bc:46:52:28:c8:7f:d3:48:ad:
                    28:b0:6a:6b:4a:0a:a6:59:8c:4d:05:59:ee:72:b1:
                    54:1b:83:1d:e4:9c:c7:ba:ae:1a:7c:ca:b0:ec:f0:
                    00:04:ae:f4:66:3d:04:02:65:f1:7c:d2:bf:d6:d5:
                    0a:65:c6:f7:eb:26:3e:a2:e4:8e:9f:34:17:ba:7b:
                    4a:e8:61:07:f3:03:77:fa:c4:5c:01:60:12:a1:6b:
                    e0:44:0d:43:c4:f0:23:e9:df:4e:f9:5e:7e:7b:c9:
                    1d:b2:0e:05:ff:4b:43:e3:4e:26:5e:93:74:ba:13:
                    6f:03:d8:f0:27:eb:85:8e:51:d8:51:ac:71:e6:6f:
                    56:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:76:03:6D:A2:52:98:B7:BF:72:F0:2C:C8:FB:B9:84:1C:8E:07:3C
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/eXYDbaJSmLe_cvAsyPu5hByOBzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.153.0/24
                  77.90.164.0/24
                  77.90.173.0/24
                  77.90.184.0/24
                  185.230.15.0/24
                  213.209.147.0/24
                  213.209.151.0/24
                  213.209.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:44:2e:c5:62:04:5f:38:f1:7f:6e:ba:dd:1d:b6:e9:0d:fd:
         1f:41:b7:3e:3c:a5:46:7b:9d:85:ca:f4:2c:f4:4a:2c:a4:df:
         08:f2:4e:67:a2:b7:bd:0d:b2:6e:c3:da:9e:85:9d:66:6f:1e:
         17:d5:7a:44:72:86:3c:41:1c:30:c5:35:7e:f3:9f:12:0f:ca:
         4d:9c:d3:7e:43:72:5c:66:cc:d2:cc:75:9b:e8:0d:c3:09:86:
         29:ba:22:09:3d:4e:82:4d:8f:54:e7:06:e5:db:08:da:e8:ed:
         cb:ad:bd:c4:6e:b7:0c:b8:bb:96:46:f7:01:a1:a0:2e:7c:cc:
         d1:ef:8f:8f:c3:fc:8f:e5:b4:7a:ed:47:03:b8:fe:b5:e2:a0:
         d8:f9:22:bd:e0:50:e7:68:82:ed:4c:3e:c6:62:43:20:5e:d8:
         f2:84:e1:d6:c9:c4:f9:6c:4e:b8:c0:77:8e:55:a4:d5:58:f0:
         4d:e4:da:85:7b:2b:d3:23:fd:42:73:00:3f:d8:93:b1:25:77:
         3e:f5:16:ba:46:58:42:c7:e8:f7:43:96:6b:e9:4f:6d:f5:75:
         70:61:70:54:25:1a:75:27:96:68:71:90:ff:f6:73:ba:16:dd:
         b8:62:f5:62:1c:1d:65:34:d5:41:ba:00:fd:20:d4:69:80:f8:
         b6:3a:b8:4c
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEB8Y06jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMw
ODA3NDE0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzk3NjAzNmRhMjUy
OThiN2JmNzJmMDJjYzhmYmI5ODQxYzhlMDczYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANWqMtKW6tbLcHUIXFJ55syQRyB+zUmktA1ihWZ5HGfun0Va
skpAzptB9LIipHnKsLwSp3CpYWImIWeNEcfglCVQRP1Edk/R8CJ6seisRszNCrG6
Le98PfexI8XnhuT9kd3joNgJpT9edG2nSvVXJrMIYvhyzzg9ThIrnnqDvEZSKMh/
00itKLBqa0oKplmMTQVZ7nKxVBuDHeScx7quGnzKsOzwAASu9GY9BAJl8XzSv9bV
CmXG9+smPqLkjp80F7p7SuhhB/MDd/rEXAFgEqFr4EQNQ8TwI+nfTvlefnvJHbIO
Bf9LQ+NOJl6TdLoTbwPY8CfrhY5R2FGsceZvVv8CAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBR5dgNtolKYt79y8CzI+7mEHI4HPDAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L2VYWURiYUpTbUxlX2N2QXN5UHU1aEJ5T0J6dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAE1amQMEAE1apAMEAE1arQMEAE1a
uAMEALnmDwMEANXRkwMEANXRlwMEANXRnjANBgkqhkiG9w0BAQsFAAOCAQEAcUQu
xWIEXzjxf2663R226Q39H0G3PjylRnudhcr0LPRKLKTfCPJOZ6K3vQ2ybsPanoWd
Zm8eF9V6RHKGPEEcMMU1fvOfEg/KTZzTfkNyXGbM0sx1m+gNwwmGKboiCT1Ogk2P
VOcG5dsI2ujty629xG63DLi7lkb3AaGgLnzM0e+Pj8P8j+W0eu1HA7j+teKg2Pki
veBQ52iC7Uw+xmJDIF7Y8oTh1snE+WxOuMB3jlWk1VjwTeTahXsr0yP9QnMAP9iT
sSV3PvUWukZYQsfo90OWa+lPbfV1cGFwVCUadSeWaHGQ//ZzuhbduGL1YhwdZTTV
QboA/SDUaYD4tjq4TA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:23 2023 by rpki-client on console-fra.rpki-client.org