Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nlBcrBgnC_maZMSohSLGaVDqXMU.roa
File:                     nlBcrBgnC_maZMSohSLGaVDqXMU.roa (raw, json)
Hash identifier:          yB2MfwfbrInrWgTtYDHoZy9+5Hv3QH/ITe9B/Cn2Dhw=
Subject key identifier:   9E:50:5C:AC:18:27:0B:F9:9A:64:C4:A8:85:22:C6:69:50:EA:5C:C5
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07C29EEA
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nlBcrBgnC_maZMSohSLGaVDqXMU.roa
Signing time:             Mon 07 Mar 2022 20:30:49 +0000
ROA not before:           Mon 07 Mar 2022 20:30:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 130195178 (0x7c29eea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar  7 20:30:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9e505cac18270bf99a64c4a88522c66950ea5cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:21:46:da:f4:dc:e0:9a:ae:d5:01:a1:f0:6b:
                    18:93:7d:d4:1a:46:1c:7e:85:86:bd:39:38:e7:c8:
                    47:0a:16:d6:b2:0c:4d:34:05:f6:c6:4c:c9:12:77:
                    94:ab:34:04:1d:7c:13:0c:3e:59:0b:3e:08:55:96:
                    0c:61:15:c3:df:ff:9f:bb:79:95:72:09:0f:dd:f9:
                    47:6e:23:26:24:3f:7e:c2:0d:f0:42:f9:39:5f:78:
                    28:9f:e4:48:c0:88:c1:69:bb:af:bc:25:bd:07:c9:
                    12:14:77:56:f1:4d:8f:09:5f:84:1a:45:c4:bf:9b:
                    82:87:da:fc:f0:d1:63:d1:6c:54:0e:4c:0c:d8:6b:
                    a3:1c:d1:ba:37:4d:85:53:1e:85:bd:aa:46:e9:d9:
                    e9:27:52:81:d7:ff:31:40:28:47:61:01:79:1b:a3:
                    18:eb:dc:42:1b:bd:24:cc:83:19:b4:0d:c3:b6:3a:
                    ce:89:3b:d8:32:22:20:ce:d8:2e:3f:a2:5d:8b:1c:
                    1f:d5:89:0e:32:13:a5:e1:6d:15:11:02:46:52:c8:
                    20:dd:94:03:42:de:54:ed:97:40:4c:31:e4:20:57:
                    4a:9e:7d:64:ec:2e:11:cc:6a:cb:93:5a:87:97:49:
                    9c:ed:0d:6a:94:63:40:ba:4a:70:7f:0b:45:ae:b2:
                    ac:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:50:5C:AC:18:27:0B:F9:9A:64:C4:A8:85:22:C6:69:50:EA:5C:C5
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nlBcrBgnC_maZMSohSLGaVDqXMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.179.0/24
                  77.90.185.0/24
                  213.209.129.0-213.209.130.255
                  213.209.133.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:64:26:28:6a:a7:12:c9:a1:43:a1:90:ce:5f:11:1c:57:bd:
         bc:f4:00:24:0e:12:f1:80:6c:83:c4:9b:d6:a1:53:15:d3:89:
         a7:88:45:1b:df:38:c7:15:dc:45:2b:c4:2d:69:8d:13:72:9d:
         79:92:13:b9:9d:54:fa:49:7e:7d:e3:a0:06:7c:12:71:9b:fb:
         84:ab:00:7b:02:c7:b4:d0:77:b5:bb:5d:76:3d:45:2a:a2:8f:
         c8:eb:a1:87:a9:ed:25:83:60:b9:b0:87:aa:70:bb:98:58:35:
         44:05:75:20:7c:dd:ce:b0:66:e9:2b:b9:ca:0a:13:1f:60:ad:
         45:ac:d9:a0:2a:4d:0e:cc:88:36:9a:5f:39:28:31:d3:ed:09:
         66:33:9b:72:4d:01:6b:13:8b:16:06:ef:6c:8e:fa:a0:41:2c:
         74:0e:67:fe:48:46:ef:6e:2a:a3:bf:85:63:d5:9f:63:6a:3f:
         10:09:ba:63:c0:57:67:e4:49:1b:4c:fa:1e:24:70:15:65:d3:
         18:df:1e:f9:69:96:ac:3d:6b:6b:8c:bf:a4:a8:f4:77:ae:dd:
         a1:ad:93:c5:2d:5f:4b:ce:40:dc:5b:ce:ae:20:63:65:13:f7:
         b3:98:d6:53:25:2b:df:9c:53:6b:c7:75:d0:92:5f:74:9c:46:
         94:5d:f6:1d
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIEB8Ke6jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMw
NzIwMzA0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWU1MDVjYWMxODI3
MGJmOTlhNjRjNGE4ODUyMmM2Njk1MGVhNWNjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMAhRtr03OCartUBofBrGJN91BpGHH6Fhr05OOfIRwoW1rIM
TTQF9sZMyRJ3lKs0BB18Eww+WQs+CFWWDGEVw9//n7t5lXIJD935R24jJiQ/fsIN
8EL5OV94KJ/kSMCIwWm7r7wlvQfJEhR3VvFNjwlfhBpFxL+bgofa/PDRY9FsVA5M
DNhroxzRujdNhVMehb2qRunZ6SdSgdf/MUAoR2EBeRujGOvcQhu9JMyDGbQNw7Y6
zok72DIiIM7YLj+iXYscH9WJDjITpeFtFRECRlLIIN2UA0LeVO2XQEwx5CBXSp59
ZOwuEcxqy5Nah5dJnO0NapRjQLpKcH8LRa6yrM8CAwEAAaOCAoYwggKCMB0GA1Ud
DgQWBBSeUFysGCcL+ZpkxKiFIsZpUOpcxTAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L25sQmNyQmduQ19tYVpNU29oU0xHYVZEcVhNVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
mwYIKwYBBQUHAQcBAf8EgYswgYgwcAQCAAEwajAMAwQHTVqAAwQATVqCMAwDBAJN
WoQDBAFNWogDBABNWowwDAMEAU1ajgMEAE1akDAMAwQBTVqSAwQATVqUAwQATVqz
AwQATVq5MAwDBADV0YEDBADV0YIDBADV0YUDBADV0YgDBADV0YowFAQCAAIwDgMF
ACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQAHZCYoaqcSyaFDoZDOXxEc
V7289AAkDhLxgGyDxJvWoVMV04mniEUb3zjHFdxFK8QtaY0Tcp15khO5nVT6SX59
46AGfBJxm/uEqwB7Ase00He1u112PUUqoo/I66GHqe0lg2C5sIeqcLuYWDVEBXUg
fN3OsGbpK7nKChMfYK1FrNmgKk0OzIg2ml85KDHT7QlmM5tyTQFrE4sWBu9sjvqg
QSx0Dmf+SEbvbiqjv4Vj1Z9jaj8QCbpjwFdn5EkbTPoeJHAVZdMY3x75aZasPWtr
jL+kqPR3rt2hrZPFLV9LzkDcW86uIGNlE/ezmNZTJSvfnFNrx3XQkl90nEaUXfYd
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:09 2023 by rpki-client on console-ams.rpki-client.org