Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/fulH42wKUwdbRoIwjgh7QNsZbmM.roa
File:                     fulH42wKUwdbRoIwjgh7QNsZbmM.roa (raw, json)
Hash identifier:          Qxd2Nx43yfWgbX+ajAefy/XmQoYcmeTv6mcNQhkFdjU=
Subject key identifier:   7E:E9:47:E3:6C:0A:53:07:5B:46:82:30:8E:08:7B:40:DB:19:6E:63
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07BD5EA4
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/fulH42wKUwdbRoIwjgh7QNsZbmM.roa
Signing time:             Mon 07 Mar 2022 11:03:47 +0000
ROA not before:           Mon 07 Mar 2022 11:03:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.164.0/24 maxlen: 24
                          77.90.173.0/24 maxlen: 24
                          185.230.15.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 129851044 (0x7bd5ea4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar  7 11:03:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7ee947e36c0a53075b4682308e087b40db196e63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0a:c6:be:ca:03:d0:c4:19:9f:4f:f5:5f:27:
                    8b:db:68:fc:dd:97:6e:22:dc:d8:04:00:dd:82:02:
                    de:76:c1:6d:74:95:a7:f9:a1:e9:a4:7c:a1:0b:0f:
                    d1:0a:ad:7e:94:28:6c:bf:35:82:d3:a9:0a:46:8b:
                    63:89:86:9d:bd:6a:bb:4a:42:6d:c6:11:34:e3:30:
                    f9:20:f6:43:ec:e1:38:c6:86:4e:f6:07:73:7d:22:
                    d2:62:a1:92:69:be:6a:e9:5b:93:aa:07:3d:55:49:
                    a6:52:41:83:a5:66:ce:30:08:a0:23:0e:82:65:b4:
                    72:b4:f4:ea:8a:8b:75:fa:36:35:65:99:aa:40:90:
                    6b:d0:2d:ce:63:67:6d:35:2d:eb:e0:62:4a:85:8e:
                    5f:ec:15:d3:76:95:0e:89:e4:10:57:ad:94:56:95:
                    62:0c:a6:73:7a:2c:54:1f:b3:9e:31:97:68:42:ad:
                    59:86:00:87:02:d9:14:f6:b6:4c:61:dd:ea:38:54:
                    e1:80:36:1f:35:ea:0c:7c:c2:4b:39:21:80:68:ea:
                    4c:4c:fd:64:3b:d3:28:8a:fa:1d:23:79:92:91:b0:
                    52:0c:22:59:f4:56:c4:b0:c5:db:30:2b:f7:8c:77:
                    f5:14:80:76:53:0a:41:57:06:a6:3c:8f:85:7c:d6:
                    97:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E9:47:E3:6C:0A:53:07:5B:46:82:30:8E:08:7B:40:DB:19:6E:63
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/fulH42wKUwdbRoIwjgh7QNsZbmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.153.0/24
                  77.90.164.0/24
                  77.90.173.0/24
                  77.90.184.0/24
                  185.230.15.0/24
                  213.209.147.0/24
                  213.209.151.0/24
                  213.209.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:fd:6e:de:5f:f6:09:0d:13:18:3b:fa:5e:bc:bc:5c:ae:0a:
         c4:0f:f8:55:5d:a2:44:47:25:2d:7c:33:91:73:08:f0:7b:26:
         bd:a0:cb:e5:09:0d:84:4c:81:67:b7:9f:cd:13:c1:b3:d6:dc:
         1c:f2:ee:a8:8e:c1:62:80:fe:10:cf:c6:a6:a1:34:cc:5c:b7:
         38:77:75:10:ea:43:bb:94:5c:55:9f:33:b4:6b:91:d4:32:48:
         fc:23:ae:fe:c6:11:11:94:78:da:5a:d8:f8:75:d1:5e:55:9d:
         f5:50:a4:23:16:16:d9:8f:88:14:bd:52:b6:3b:da:8a:27:5d:
         43:8a:68:c2:8e:73:fe:ef:12:20:82:7b:29:f1:3c:50:3e:9d:
         92:b5:cb:15:be:4a:d7:c6:b1:09:72:ed:2e:44:41:d3:d8:42:
         fb:ed:5b:a3:af:85:a9:68:e3:80:42:e5:b3:3b:97:0e:f4:59:
         8b:11:6d:75:c4:e7:02:34:45:05:b5:d1:c9:36:5b:44:09:35:
         ee:9f:38:ff:f3:38:6c:c8:83:72:98:97:ab:d7:3f:b4:53:8b:
         6c:da:a2:c7:8f:6f:4d:b6:e0:51:ac:47:f3:ff:bc:ba:09:e3:
         af:56:aa:c6:cc:4e:2a:df:c1:73:51:11:36:53:90:b6:e3:6a:
         6e:05:c9:8e
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEB71epDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMw
NzExMDM0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2VlOTQ3ZTM2YzBh
NTMwNzViNDY4MjMwOGUwODdiNDBkYjE5NmU2MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMIKxr7KA9DEGZ9P9V8ni9to/N2XbiLc2AQA3YIC3nbBbXSV
p/mh6aR8oQsP0QqtfpQobL81gtOpCkaLY4mGnb1qu0pCbcYRNOMw+SD2Q+zhOMaG
TvYHc30i0mKhkmm+aulbk6oHPVVJplJBg6VmzjAIoCMOgmW0crT06oqLdfo2NWWZ
qkCQa9AtzmNnbTUt6+BiSoWOX+wV03aVDonkEFetlFaVYgymc3osVB+znjGXaEKt
WYYAhwLZFPa2TGHd6jhU4YA2HzXqDHzCSzkhgGjqTEz9ZDvTKIr6HSN5kpGwUgwi
WfRWxLDF2zAr94x39RSAdlMKQVcGpjyPhXzWlzUCAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBR+6UfjbApTB1tGgjCOCHtA2xluYzAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L2Z1bEg0MndLVXdkYlJvSXdqZ2g3UU5zWmJtTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAE1amQMEAE1apAMEAE1arQMEAE1a
uAMEALnmDwMEANXRkwMEANXRlwMEANXRnjANBgkqhkiG9w0BAQsFAAOCAQEAq/1u
3l/2CQ0TGDv6Xry8XK4KxA/4VV2iREclLXwzkXMI8HsmvaDL5QkNhEyBZ7efzRPB
s9bcHPLuqI7BYoD+EM/GpqE0zFy3OHd1EOpDu5RcVZ8ztGuR1DJI/COu/sYREZR4
2lrY+HXRXlWd9VCkIxYW2Y+IFL1StjvaiiddQ4powo5z/u8SIIJ7KfE8UD6dkrXL
Fb5K18axCXLtLkRB09hC++1bo6+FqWjjgELlszuXDvRZixFtdcTnAjRFBbXRyTZb
RAk17p84//M4bMiDcpiXq9c/tFOLbNqix49vTbbgUaxH8/+8ugnjr1aqxsxOKt/B
c1ERNlOQtuNqbgXJjg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:08 2023 by rpki-client on console-ams.rpki-client.org