Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ljFkn-g9gcI2Z35lhJz5YsXH540.roa
File:                     ljFkn-g9gcI2Z35lhJz5YsXH540.roa (raw, json)
Hash identifier:          tBTCea9ZAJbhi+wAghUu9CNf+e8Hrx4FWnZdcsQW3Ng=
Subject key identifier:   96:31:64:9F:E8:3D:81:C2:36:67:7E:65:84:9C:F9:62:C5:C7:E7:8D
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       09F157F1
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ljFkn-g9gcI2Z35lhJz5YsXH540.roa
Signing time:             Thu 30 Jun 2022 17:48:02 +0000
ROA not before:           Thu 30 Jun 2022 17:48:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.181.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 166811633 (0x9f157f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun 30 17:48:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9631649fe83d81c236677e65849cf962c5c7e78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c7:f2:5c:81:43:06:da:80:00:ae:1d:94:93:
                    98:7e:65:0e:7d:b7:7a:bf:23:e1:0f:d5:ab:54:17:
                    b7:36:08:3b:37:0d:0c:41:b0:1e:8d:4e:c3:cc:e7:
                    ef:0d:41:06:c8:d3:37:d0:b6:ab:03:88:fd:72:6a:
                    b3:00:e4:7d:60:72:2c:11:86:63:a7:5d:03:ff:b1:
                    70:b4:1a:59:8f:d3:0e:c8:0f:f3:d7:c3:b8:56:29:
                    c3:f0:ee:c1:8d:11:0f:fa:d0:e1:e1:86:17:df:fc:
                    52:55:0a:28:b6:7a:9d:bb:6e:d0:85:74:b3:e3:c7:
                    22:2f:fd:b0:ef:2a:c5:42:b3:c9:4b:fd:94:32:b1:
                    69:44:dc:76:e0:70:2b:f0:4f:b7:9d:da:55:f6:fb:
                    f5:15:1c:8c:1f:40:1e:f2:13:21:7c:6c:6d:57:c1:
                    16:d7:fc:c6:a9:04:d6:b2:21:3a:34:6e:c6:34:2b:
                    94:a4:00:a8:d4:ed:ab:60:20:7d:c0:c4:19:d7:59:
                    41:f4:89:cb:79:bf:0c:d4:31:d2:b7:80:21:e7:ca:
                    89:13:ef:e2:bf:6b:c7:39:30:80:66:62:03:9f:cd:
                    d3:10:22:e0:9f:9b:8f:87:9f:17:a2:75:1b:e8:fe:
                    5f:fc:14:70:9e:1c:77:e7:7f:cf:a2:88:08:a1:f1:
                    a1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:31:64:9F:E8:3D:81:C2:36:67:7E:65:84:9C:F9:62:C5:C7:E7:8D
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ljFkn-g9gcI2Z35lhJz5YsXH540.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.138.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  77.90.156.0/23
                  77.90.166.0/24
                  77.90.179.0/24
                  77.90.181.0/24
                  77.90.191.0/24
                  213.209.130.0/24
                  213.209.138.0/24
                  213.209.147.0/24
                  213.209.149.0/24
                  213.209.151.0/24
                  213.209.158.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:e8:b1:e9:e1:12:9c:f0:46:a1:24:da:be:a1:2f:16:fd:14:
         e5:39:9a:0b:bb:36:14:f0:e1:0b:ca:0f:84:a1:e1:ba:b9:f3:
         87:a8:2a:45:39:fe:7a:58:b9:2b:a8:9d:98:6b:61:9f:c3:35:
         da:b9:9a:2a:3e:fd:17:8f:7b:ee:74:1d:ec:4e:be:97:74:d3:
         9d:2d:43:1d:6a:74:f1:42:89:8b:f1:b3:87:48:31:c6:f5:2c:
         62:6d:bb:ef:2c:98:bb:7a:cc:5c:0e:77:73:60:ed:98:9d:ed:
         02:6d:a6:c6:ae:bd:d1:88:6e:40:34:be:69:1e:6c:16:6f:21:
         47:b9:1c:7c:5f:1e:cb:eb:e8:fe:37:8b:8c:e4:e5:8e:63:14:
         df:62:3e:21:7e:b2:ad:0f:52:7f:c4:21:80:11:7a:b1:f3:7e:
         77:e5:e4:75:80:5d:10:5f:bb:eb:37:a4:82:ad:6f:ba:e0:d3:
         51:ec:b6:05:78:a8:48:32:ce:38:db:24:73:b6:97:43:aa:c9:
         31:22:45:df:e6:64:db:95:40:2b:75:ff:2d:af:0c:f7:ea:ca:
         1b:da:5b:5e:35:64:af:36:02:d4:de:07:b8:6f:4e:06:c2:3c:
         da:4c:0a:af:38:60:23:0d:4e:26:a7:14:71:db:f9:36:1e:94:
         49:49:dd:eb
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIECfFX8TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDYz
MDE3NDgwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTYzMTY0OWZlODNk
ODFjMjM2Njc3ZTY1ODQ5Y2Y5NjJjNWM3ZTc4ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALPH8lyBQwbagACuHZSTmH5lDn23er8j4Q/Vq1QXtzYIOzcN
DEGwHo1Ow8zn7w1BBsjTN9C2qwOI/XJqswDkfWByLBGGY6ddA/+xcLQaWY/TDsgP
89fDuFYpw/DuwY0RD/rQ4eGGF9/8UlUKKLZ6nbtu0IV0s+PHIi/9sO8qxUKzyUv9
lDKxaUTcduBwK/BPt53aVfb79RUcjB9AHvITIXxsbVfBFtf8xqkE1rIhOjRuxjQr
lKQAqNTtq2AgfcDEGddZQfSJy3m/DNQx0reAIefKiRPv4r9rxzkwgGZiA5/N0xAi
4J+bj4efF6J1G+j+X/wUcJ4cd+d/z6KICKHxoaMCAwEAAaOCAqwwggKoMB0GA1Ud
DgQWBBSWMWSf6D2BwjZnfmWEnPlixcfnjTAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L2xqRmtuLWc5Z2NJMlozNWxoSno1WXNYSDU0MC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
wQYIKwYBBQUHAQcBAf8EgbEwga4wgZUEAgABMIGOMAwDBAdNWoADBABNWoIwDAME
Ak1ahAMEAE1aigMEAE1ajDAMAwQBTVqOAwQATVqQMAwDBAFNWpIDBABNWpQwDAME
AE1amQMEAE1amgMEAU1anAMEAE1apgMEAE1aswMEAE1atQMEAE1avwMEANXRggME
ANXRigMEANXRkwMEANXRlQMEANXRlwMEANXRnjAUBAIAAjAOAwUAKgQpwgMFACoE
KccwDQYJKoZIhvcNAQELBQADggEBAAjosenhEpzwRqEk2r6hLxb9FOU5mgu7NhTw
4QvKD4Sh4bq584eoKkU5/npYuSuonZhrYZ/DNdq5mio+/RePe+50HexOvpd0050t
Qx1qdPFCiYvxs4dIMcb1LGJtu+8smLt6zFwOd3Ng7Zid7QJtpsauvdGIbkA0vmke
bBZvIUe5HHxfHsvr6P43i4zk5Y5jFN9iPiF+sq0PUn/EIYARerHzfnfl5HWAXRBf
u+s3pIKtb7rg01HstgV4qEgyzjjbJHO2l0OqyTEiRd/mZNuVQCt1/y2vDPfqyhva
W141ZK82AtTeB7hvTgbCPNpMCq84YCMNTianFHHb+TYelElJ3es=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org