Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/mtvxv-yx2qqCPclUtQlAG2xYQjY.roa
File:                     mtvxv-yx2qqCPclUtQlAG2xYQjY.roa (raw, json)
Hash identifier:          lEzQScg57g23PHnpzE+vVDX5L4wXtZOA4SfC8CoQ0os=
Subject key identifier:   9A:DB:F1:BF:EC:B1:DA:AA:82:3D:C9:54:B5:09:40:1B:6C:58:42:36
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018471D10E7242596D8DF16DFB4518CF01EE
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/mtvxv-yx2qqCPclUtQlAG2xYQjY.roa
Signing time:             Sun 13 Nov 2022 16:27:16 +0000
ROA not before:           Sun 13 Nov 2022 16:27:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:71:d1:0e:72:42:59:6d:8d:f1:6d:fb:45:18:cf:01:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Nov 13 16:27:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9adbf1bfecb1daaa823dc954b509401b6c584236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c7:76:18:39:d4:f1:ec:a2:3c:3b:2d:ed:44:
                    f5:26:39:b4:52:64:04:d9:25:0b:e3:53:5a:0c:4d:
                    a9:2d:ec:07:cc:00:51:4a:ee:22:65:6d:a5:a7:f3:
                    68:bf:da:72:b3:40:df:9d:61:d4:b0:9f:58:0d:30:
                    d1:fb:64:e7:49:6c:17:7e:7c:66:6d:e2:74:8e:de:
                    6f:69:04:f5:7a:8c:f9:18:34:ca:3a:b5:8d:a6:ac:
                    76:1a:22:02:46:6f:cb:fa:69:4a:c4:fc:76:cf:4b:
                    bd:1d:13:d9:37:32:39:c1:9e:4f:7f:02:9b:77:ff:
                    6d:e0:b3:aa:c1:3c:94:4d:26:ac:56:bf:bd:d6:94:
                    90:41:ae:51:e7:28:b3:b8:91:ed:6c:02:62:d7:f3:
                    bf:84:19:19:b9:4a:1e:b3:2d:ce:7e:a6:44:86:5a:
                    55:24:00:4b:30:56:7d:b7:0b:c8:d0:f6:54:35:40:
                    0a:2b:8c:3d:82:2e:cc:05:5b:83:5a:8a:58:c6:a3:
                    02:07:54:86:c0:f1:57:0f:97:0a:6d:2e:71:06:06:
                    5d:15:c2:c2:75:12:cc:56:2b:4e:f4:ca:78:b9:0e:
                    6a:2f:35:ad:43:e9:05:09:6f:02:29:bc:28:ab:b1:
                    8f:24:b9:c5:7c:28:67:b5:0c:9b:9c:51:ec:af:d5:
                    85:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:DB:F1:BF:EC:B1:DA:AA:82:3D:C9:54:B5:09:40:1B:6C:58:42:36
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/mtvxv-yx2qqCPclUtQlAG2xYQjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.139.0-77.90.140.255
                  77.90.142.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  77.90.156.0/24
                  77.90.178.0/24
                  77.90.184.0/23
                  77.90.188.0/24
                  185.230.13.0-185.230.14.255
                  213.209.138.0/24
                  213.209.143.0/24
                  213.209.149.0/24
                  213.209.156.0/23
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:68:18:8a:92:d6:63:f6:d0:d4:ef:16:02:37:f2:c2:25:3c:
         bc:9e:12:70:76:6c:0a:b2:7f:68:03:5f:4f:98:02:f5:d4:d9:
         bb:e0:44:48:f4:fc:c0:c2:3b:df:18:e7:3a:60:77:6f:65:70:
         86:8d:1a:59:d0:0c:f1:01:8c:7a:85:a5:19:21:1f:38:aa:0e:
         59:7f:06:a2:b2:6d:bf:80:28:a8:25:39:5b:02:64:5c:90:9a:
         4a:be:63:c0:1d:6a:3e:8f:50:7a:e2:d8:4c:c8:85:69:e0:64:
         fd:9f:87:c2:05:ef:d5:ce:47:68:a6:22:c1:b2:90:50:68:73:
         78:d4:0a:02:a0:20:28:e7:40:0d:76:29:a1:5f:0d:40:c0:c2:
         c2:72:e0:e5:92:c7:f3:14:df:fd:d4:e7:89:df:32:54:a8:e4:
         e5:61:52:f1:8d:4e:59:de:1d:a8:fb:37:f0:6c:00:fd:f6:1c:
         28:ec:fa:3a:b6:99:70:1d:c3:de:1b:65:bb:1f:df:75:19:53:
         6e:1f:a7:78:53:9b:87:21:b6:0f:79:f1:a1:9a:68:9c:ea:56:
         0d:a1:f9:4a:ae:89:60:36:7c:54:75:aa:f2:44:1f:e5:46:ad:
         ee:2b:3f:a3:c8:0e:da:32:f4:ff:38:16:18:f8:96:4e:d7:21:
         e9:59:04:54
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYRx0Q5yQlltjfFt+0UYzwHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIxMTEzMTYyNzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWRiZjFiZmVjYjFkYWFhODIzZGM5NTRiNTA5NDAxYjZjNTg0MjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsd2GDnU8eyiPDst7UT1Jjm0UmQE
2SUL41NaDE2pLewHzABRSu4iZW2lp/Nov9pys0DfnWHUsJ9YDTDR+2TnSWwXfnxm
beJ0jt5vaQT1eoz5GDTKOrWNpqx2GiICRm/L+mlKxPx2z0u9HRPZNzI5wZ5PfwKb
d/9t4LOqwTyUTSasVr+91pSQQa5R5yizuJHtbAJi1/O/hBkZuUoesy3OfqZEhlpV
JABLMFZ9twvI0PZUNUAKK4w9gi7MBVuDWopYxqMCB1SGwPFXD5cKbS5xBgZdFcLC
dRLMVitO9Mp4uQ5qLzWtQ+kFCW8CKbwoq7GPJLnFfChntQybnFHsr9WFQQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFJrb8b/ssdqqgj3JVLUJQBtsWEI2MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvbXR2eHYteXgycXFDUGNsVXRRbEFHMnhZUWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBkQQCAAEwgYowDAME
B01agAMEAE1agjAMAwQCTVqEAwQBTVqIMAwDBABNWosDBABNWowwDAMEAU1ajgME
AE1alDAMAwQATVqZAwQATVqaAwQATVqcAwQATVqyAwQBTVq4AwQATVq8MAwDBAC5
5g0DBAC55g4DBADV0YoDBADV0Y8DBADV0ZUDBAHV0ZwDBADV0Z8wFAQCAAIwDgMF
ACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQAdaBiKktZj9tDU7xYCN/LC
JTy8nhJwdmwKsn9oA19PmAL11Nm74ERI9PzAwjvfGOc6YHdvZXCGjRpZ0AzxAYx6
haUZIR84qg5Zfwaism2/gCioJTlbAmRckJpKvmPAHWo+j1B64thMyIVp4GT9n4fC
Be/VzkdopiLBspBQaHN41AoCoCAo50ANdimhXw1AwMLCcuDlksfzFN/91OeJ3zJU
qOTlYVLxjU5Z3h2o+zfwbAD99hwo7Po6tplwHcPeG2W7H991GVNuH6d4U5uHIbYP
efGhmmic6lYNoflKrolgNnxUdaryRB/lRq3uKz+jyA7aMvT/OBYY+JZO1yHpWQRU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org