Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/hAGZ17j_kZ4WmCqukH5CKp8uBEQ.roa
File:                     hAGZ17j_kZ4WmCqukH5CKp8uBEQ.roa (raw, json)
Hash identifier:          6IeuAAwGhAnv1CvazJbc4TIMpZPJGGh0f6rAHRnynvs=
Subject key identifier:   84:01:99:D7:B8:FF:91:9E:16:98:2A:AE:90:7E:42:2A:9F:2E:04:44
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01854E713E240ADEBABFF974F2C36C375F62
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/hAGZ17j_kZ4WmCqukH5CKp8uBEQ.roa
Signing time:             Mon 26 Dec 2022 12:38:42 +0000
ROA not before:           Mon 26 Dec 2022 12:38:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:4e:71:3e:24:0a:de:ba:bf:f9:74:f2:c3:6c:37:5f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Dec 26 12:38:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=840199d7b8ff919e16982aae907e422a9f2e0444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a0:78:17:83:13:ce:d1:7e:aa:27:0b:ce:ad:
                    60:22:9d:6f:41:51:48:c2:8a:95:f5:03:42:39:bb:
                    1e:68:ca:a8:3f:f7:f4:b9:63:6f:eb:a2:d2:f1:16:
                    cd:18:12:3e:fb:73:3a:15:f6:48:d3:03:d4:88:b8:
                    95:7d:90:13:73:ee:91:dd:6a:57:5c:87:07:a6:7d:
                    d6:74:0e:a7:76:c0:ba:8c:79:fc:f3:f7:af:54:f5:
                    bf:ab:dd:88:af:cf:dd:26:6f:1a:f6:1e:4b:e1:a0:
                    69:9c:2d:ab:d2:54:85:29:e3:f8:b1:84:55:19:bf:
                    b9:de:52:c0:40:f4:e8:97:44:87:56:52:f8:e9:a7:
                    95:3b:a4:47:2f:73:8b:95:58:fc:ed:22:ed:2f:f8:
                    53:64:a1:3d:d8:e7:80:71:2b:d6:4a:db:8c:45:8f:
                    55:d0:05:6a:43:e2:c5:61:16:e3:ad:e0:e1:7b:58:
                    83:87:20:da:c0:3f:ee:a5:8a:06:b6:bd:40:66:7a:
                    f7:de:dc:c9:82:37:4f:04:ec:7b:15:cf:a2:bb:1e:
                    3e:6b:29:70:53:08:92:f1:2b:76:93:96:0e:03:a8:
                    59:2c:43:29:e6:11:e6:30:50:c0:05:b7:e8:25:44:
                    a3:ae:5b:c5:9e:3e:4d:fa:92:64:04:37:fa:e5:26:
                    db:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:01:99:D7:B8:FF:91:9E:16:98:2A:AE:90:7E:42:2A:9F:2E:04:44
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/hAGZ17j_kZ4WmCqukH5CKp8uBEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.153.0/24
                  77.90.156.0/24
                  77.90.184.0/24
                  185.230.14.0/24
                  213.209.129.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                  213.209.150.0/23
                  213.209.157.0/24
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:f9:1f:d2:64:71:17:78:d5:7c:a5:73:85:91:38:38:15:7b:
         62:1a:a8:22:4f:eb:a8:fe:35:d6:68:89:3d:78:b3:d2:5e:77:
         de:d4:ae:9c:bc:03:61:e6:53:3a:9b:62:62:8d:dd:2d:e4:d8:
         1e:5b:c9:72:7b:37:f8:02:85:e1:5d:8d:50:3b:07:51:c2:69:
         f9:d2:6f:aa:81:d6:0d:a7:b2:ef:6f:50:99:c6:ff:f0:96:1a:
         e3:99:00:82:c5:72:ac:ed:e9:01:16:85:54:ca:7b:94:de:85:
         5e:69:e1:5e:7c:91:e0:49:61:c4:cf:f3:04:b8:58:c4:5a:c9:
         2f:45:e7:38:b3:4b:21:20:3c:a7:09:05:2b:cf:4c:84:a4:a2:
         4a:3e:6d:ef:a0:c5:59:02:6b:c7:4b:2b:ad:25:94:a8:f1:9d:
         ad:c8:a4:29:5e:d4:d2:6c:d4:51:11:1a:9d:2e:08:c8:43:fa:
         0e:be:a0:10:d8:e3:b8:04:9f:6c:40:66:7f:ce:1f:73:65:03:
         9c:b5:49:3c:f7:58:64:63:1c:d4:0d:66:f3:6e:ee:8d:f9:12:
         95:6c:ea:78:8e:b6:ed:dd:9c:cf:d6:5b:e8:d1:a9:de:97:75:
         d0:1c:c4:3e:fe:4b:e5:98:7c:83:a0:dd:74:e4:7d:f3:53:95:
         18:be:8e:9e
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgISAYVOcT4kCt66v/l08sNsN19iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIxMjI2MTIzODQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDAxOTlkN2I4ZmY5MTllMTY5ODJhYWU5MDdlNDIyYTlmMmUwNDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqB4F4MTztF+qicLzq1gIp1vQVFI
woqV9QNCObseaMqoP/f0uWNv66LS8RbNGBI++3M6FfZI0wPUiLiVfZATc+6R3WpX
XIcHpn3WdA6ndsC6jHn88/evVPW/q92Ir8/dJm8a9h5L4aBpnC2r0lSFKeP4sYRV
Gb+53lLAQPTol0SHVlL46aeVO6RHL3OLlVj87SLtL/hTZKE92OeAcSvWStuMRY9V
0AVqQ+LFYRbjreDhe1iDhyDawD/upYoGtr1AZnr33tzJgjdPBOx7Fc+iux4+aylw
UwiS8St2k5YOA6hZLEMp5hHmMFDABbfoJUSjrlvFnj5N+pJkBDf65SbbjQIDAQAB
o4IClzCCApMwHQYDVR0OBBYEFIQBmde4/5GeFpgqrpB+QiqfLgREMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvaEFHWjE3al9rWjRXbUNxdWtINUNLcDh1QkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGsBggrBgEFBQcBBwEB/wSBnDCBmTCBgAQCAAEwejAMAwQH
TVqAAwQATVqCMAwDBAJNWoQDBAFNWogDBABNWowwDAMEAU1ajgMEAE1akDAMAwQB
TVqSAwQATVqUAwQATVqZAwQATVqcAwQATVq4AwQAueYOAwQA1dGBAwQA1dGIAwQA
1dGKAwQB1dGWAwQA1dGdAwQA1dGfMBQEAgACMA4DBQAqBCnCAwUAKgQpxzANBgkq
hkiG9w0BAQsFAAOCAQEAtfkf0mRxF3jVfKVzhZE4OBV7YhqoIk/rqP411miJPXiz
0l533tSunLwDYeZTOptiYo3dLeTYHlvJcns3+AKF4V2NUDsHUcJp+dJvqoHWDaey
729Qmcb/8JYa45kAgsVyrO3pARaFVMp7lN6FXmnhXnyR4ElhxM/zBLhYxFrJL0Xn
OLNLISA8pwkFK89MhKSiSj5t76DFWQJrx0srrSWUqPGdrcikKV7U0mzUUREanS4I
yEP6Dr6gENjjuASfbEBmf84fc2UDnLVJPPdYZGMc1A1m827ujfkSlWzqeI627d2c
z9Zb6NGp3pd10BzEPv5L5Zh8g6DddOR981OVGL6Ong==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org