Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kIiLe6N7IGCDzrHiw2hKeWtOjgo.roa
File:                     kIiLe6N7IGCDzrHiw2hKeWtOjgo.roa (raw, json)
Hash identifier:          GJIJoqbjti66qqEF/IU4LfWaSK2ayU2aOifMZpD8gbs=
Subject key identifier:   90:88:8B:7B:A3:7B:20:60:83:CE:B1:E2:C3:68:4A:79:6B:4E:8E:0A
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       08BCC88F
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kIiLe6N7IGCDzrHiw2hKeWtOjgo.roa
Signing time:             Wed 20 Apr 2022 12:01:16 +0000
ROA not before:           Wed 20 Apr 2022 12:01:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.189.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.152.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.180.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 146589839 (0x8bcc88f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Apr 20 12:01:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90888b7ba37b206083ceb1e2c3684a796b4e8e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4f:59:8b:38:81:a2:ae:36:34:06:45:5c:bf:
                    29:12:40:b2:43:b7:93:17:d9:28:28:0f:bf:01:c8:
                    46:97:76:1e:98:07:aa:fd:3b:9f:55:20:90:0f:ab:
                    a2:6e:e8:dc:05:e9:fd:11:79:fd:5d:5f:ec:1e:eb:
                    e7:ab:ac:ac:c7:c9:f6:62:9b:57:0a:b3:7c:d1:f6:
                    a5:cd:1f:98:df:ae:1d:55:af:f6:02:f9:aa:77:85:
                    b2:de:1c:38:12:4b:e9:b3:74:9e:2e:68:4c:b8:73:
                    de:ca:59:05:3a:6b:6c:f0:c9:cb:99:08:59:a2:02:
                    43:21:82:5b:14:88:bd:e2:15:ff:72:96:51:21:3f:
                    89:a4:aa:4d:3d:46:33:8d:84:00:4b:ae:bd:92:c9:
                    77:51:9c:98:d4:19:a3:2e:f3:72:af:be:08:a1:f1:
                    dc:20:fe:b3:c1:63:49:76:fb:b3:1e:1b:09:4c:06:
                    db:db:a5:45:74:bc:13:98:b7:1f:4f:49:c9:ab:5a:
                    19:9d:41:7f:41:50:e1:86:0f:9e:3f:ad:7a:42:38:
                    b9:e7:c1:08:33:89:db:b9:61:68:29:1d:ef:eb:7e:
                    6a:f1:55:e6:1a:3c:c6:fa:63:c8:87:f8:e3:ca:aa:
                    ae:89:c9:21:9f:42:6b:48:d8:ef:8c:be:dc:52:28:
                    36:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:88:8B:7B:A3:7B:20:60:83:CE:B1:E2:C3:68:4A:79:6B:4E:8E:0A
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/kIiLe6N7IGCDzrHiw2hKeWtOjgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.138.255
                  77.90.140.0/24
                  77.90.142.0-77.90.148.255
                  77.90.152.0/24
                  77.90.157.0/24
                  77.90.180.0/24
                  77.90.185.0/24
                  77.90.189.0/24
                  77.90.191.0/24
                  185.230.13.0-185.230.14.255
                  213.209.130.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                  213.209.146.0/23
                  213.209.149.0/24
                  213.209.156.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:3c:f1:3e:d9:e2:39:d7:bb:ce:79:f2:80:e8:45:b1:ae:ac:
         9a:0d:b6:9d:91:cf:97:ef:5c:4c:14:9e:80:71:93:0e:b1:f5:
         3b:2e:85:33:93:82:b0:4b:96:db:59:87:e2:8c:24:f5:c5:76:
         32:84:10:70:42:7a:ec:e8:22:e3:1f:c5:9c:cd:a6:89:74:7a:
         70:99:d3:90:77:1a:71:e2:3e:f1:32:e1:dd:02:e4:da:d1:00:
         d0:ba:5a:3f:e6:24:de:44:d0:04:78:22:60:cf:24:93:85:46:
         fd:5b:51:1a:81:f2:5b:6e:6b:e1:90:34:c4:ae:88:cc:ff:f2:
         2f:ba:9c:07:db:09:20:2a:fb:95:84:e9:bb:25:61:57:0d:a7:
         42:ea:04:b1:2f:47:1e:86:1a:c1:5f:e5:00:49:7b:c2:90:96:
         bd:cd:dd:19:aa:ea:13:8f:a4:2d:1f:ba:a8:a7:0f:9d:51:f1:
         76:d2:5b:83:ed:18:be:e0:ab:d3:e0:6a:9e:8d:d2:75:2a:99:
         1e:31:4b:a8:89:80:32:20:61:f0:83:e1:13:c4:1d:17:b6:d3:
         90:f8:15:17:5c:b3:5a:1c:2b:db:62:ef:8d:e7:88:33:92:b2:
         7d:72:17:09:98:6b:9e:1c:5f:81:f3:4a:90:a3:e8:93:e6:b8:
         9c:41:36:7f
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgIECLzIjzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDQy
MDEyMDExNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTA4ODhiN2JhMzdi
MjA2MDgzY2ViMWUyYzM2ODRhNzk2YjRlOGUwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANtPWYs4gaKuNjQGRVy/KRJAskO3kxfZKCgPvwHIRpd2HpgH
qv07n1UgkA+rom7o3AXp/RF5/V1f7B7r56usrMfJ9mKbVwqzfNH2pc0fmN+uHVWv
9gL5qneFst4cOBJL6bN0ni5oTLhz3spZBTprbPDJy5kIWaICQyGCWxSIveIV/3KW
USE/iaSqTT1GM42EAEuuvZLJd1GcmNQZoy7zcq++CKHx3CD+s8FjSXb7sx4bCUwG
29ulRXS8E5i3H09JyataGZ1Bf0FQ4YYPnj+tekI4uefBCDOJ27lhaCkd7+t+avFV
5ho8xvpjyIf448qqronJIZ9Ca0jY74y+3FIoNlkCAwEAAaOCAqQwggKgMB0GA1Ud
DgQWBBSQiIt7o3sgYIPOseLDaEp5a06OCjAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L2tJaUxlNk43SUdDRHpySGl3MmhLZVd0T2pnby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
uQYIKwYBBQUHAQcBAf8EgakwgaYwgY0EAgABMIGGMAwDBAdNWoADBABNWoIwDAME
Ak1ahAMEAE1aigMEAE1ajDAMAwQBTVqOAwQATVqUAwQATVqYAwQATVqdAwQATVq0
AwQATVq5AwQATVq9AwQATVq/MAwDBAC55g0DBAC55g4DBADV0YIDBADV0YgDBADV
0YoDBAHV0ZIDBADV0ZUDBADV0ZwwFAQCAAIwDgMFACoEKcIDBQAqBCnHMA0GCSqG
SIb3DQEBCwUAA4IBAQARPPE+2eI517vOefKA6EWxrqyaDbadkc+X71xMFJ6AcZMO
sfU7LoUzk4KwS5bbWYfijCT1xXYyhBBwQnrs6CLjH8WczaaJdHpwmdOQdxpx4j7x
MuHdAuTa0QDQulo/5iTeRNAEeCJgzySThUb9W1EagfJbbmvhkDTErojM//IvupwH
2wkgKvuVhOm7JWFXDadC6gSxL0cehhrBX+UASXvCkJa9zd0ZquoTj6QtH7qopw+d
UfF20luD7Ri+4KvT4GqejdJ1KpkeMUuoiYAyIGHwg+ETxB0XttOQ+BUXXLNaHCvb
Yu+N54gzkrJ9chcJmGueHF+B80qQo+iT5ricQTZ/
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:23 2023 by rpki-client on console-fra.rpki-client.org