Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/rhMGhM96ZgOyoniU7g_8bYDichY.roa
File:                     rhMGhM96ZgOyoniU7g_8bYDichY.roa (raw, json)
Hash identifier:          vrYD8+yi8lZwE+p4lJJ0gZ0qYlE9euMr/ul+SvKB/Oc=
Subject key identifier:   AE:13:06:84:CF:7A:66:03:B2:A2:78:94:EE:0F:FC:6D:80:E2:72:16
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0181EDE20A6D6D0178EC2B0802BA790DF54D
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/rhMGhM96ZgOyoniU7g_8bYDichY.roa
Signing time:             Mon 11 Jul 2022 15:30:22 +0000
ROA not before:           Mon 11 Jul 2022 15:30:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.144.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.164.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:ed:e2:0a:6d:6d:01:78:ec:2b:08:02:ba:79:0d:f5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 11 15:30:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ae130684cf7a6603b2a27894ee0ffc6d80e27216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e7:c5:65:b3:54:c9:cc:96:aa:8f:40:29:bc:
                    13:27:50:b9:90:2c:90:b3:e5:ca:54:42:a6:a6:ec:
                    2d:c3:10:8b:05:ae:d1:23:fd:89:34:62:10:9c:8c:
                    f0:18:f5:c5:02:7c:e9:cc:ac:7c:a8:49:aa:37:eb:
                    05:f1:60:ae:76:e8:a3:53:ec:df:06:c0:fa:87:36:
                    f1:02:af:2b:3c:14:97:f2:3c:75:e8:4e:ab:6b:30:
                    4e:5b:77:ba:f7:0e:21:dd:65:73:30:77:68:c3:91:
                    24:06:63:7a:48:0b:1f:fa:62:e7:c6:db:97:be:c1:
                    c4:e7:de:11:85:74:cd:91:d5:5b:4e:b7:ea:13:56:
                    90:78:19:1c:63:08:d0:43:d4:0a:fa:93:f4:da:ea:
                    d1:c6:c3:09:3b:b3:67:68:62:c2:e5:ff:45:1d:a0:
                    12:30:57:3d:f5:5d:e8:b9:7f:39:e4:64:80:67:f9:
                    39:c6:97:ea:b0:27:48:f4:d6:d8:53:1d:79:9e:9a:
                    0f:8c:8e:9f:86:46:7e:79:d8:f0:37:1f:7f:05:10:
                    98:98:7b:3a:ef:cb:54:00:41:0e:50:c4:69:6d:f6:
                    72:bf:fb:ec:14:f9:00:52:84:8d:57:ab:30:3a:9c:
                    51:ea:68:5a:eb:00:ec:07:c7:e5:3c:99:6d:84:49:
                    8a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:13:06:84:CF:7A:66:03:B2:A2:78:94:EE:0F:FC:6D:80:E2:72:16
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/rhMGhM96ZgOyoniU7g_8bYDichY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.149.0/24
                  77.90.164.0/24
                  77.90.166.0/24
                  77.90.178.0/24
                  77.90.185.0/24
                  77.90.188.0/24
                  185.230.13.0-185.230.14.255
                  213.209.136.0/24
                  213.209.143.0-213.209.146.255
                  213.209.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:08:3c:af:db:de:1d:99:34:41:5e:f0:cf:f4:8f:37:5c:f4:
         d5:90:d2:14:40:5d:4e:bb:25:15:d9:4a:2f:68:d9:7e:97:e6:
         21:a2:ae:2c:3a:b9:49:2c:fc:6e:db:49:51:fc:c1:db:41:14:
         4b:ff:a4:d7:d5:d5:e7:5e:55:24:77:d4:5f:a3:8f:6f:a6:f4:
         5b:49:3a:f0:79:ca:29:11:e1:a6:d1:aa:49:3f:f7:51:72:17:
         6a:d5:8d:62:01:a1:b3:fb:00:15:a8:1d:e6:31:18:37:01:34:
         a8:c9:d8:61:53:96:c8:31:2d:33:52:18:ee:6b:65:d3:a3:c5:
         a2:32:ba:81:6b:5b:8e:57:af:cd:92:aa:d8:35:9f:9a:eb:04:
         ad:37:ba:51:38:e7:db:36:87:66:db:b2:99:59:f5:3c:16:b5:
         88:52:9a:ee:c0:1a:11:0c:1a:12:82:6a:49:4b:33:83:2b:75:
         a8:8a:75:a6:f6:61:99:ee:45:5f:b9:3f:24:11:4e:47:84:67:
         0e:cf:55:5c:1f:06:35:b7:a2:ec:b2:b9:51:ad:ca:a2:d6:1b:
         57:5e:24:13:05:27:62:05:09:6d:13:58:a3:94:c9:aa:6e:1a:
         10:ac:fc:12:8d:21:a8:af:7d:3c:0a:c0:11:7b:af:c9:66:94:
         fa:1d:a6:44
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYHt4gptbQF47CsIArp5DfVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzExMTUzMDIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTEzMDY4NGNmN2E2NjAzYjJhMjc4OTRlZTBmZmM2ZDgwZTI3MjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnufFZbNUycyWqo9AKbwTJ1C5kCyQ
s+XKVEKmpuwtwxCLBa7RI/2JNGIQnIzwGPXFAnzpzKx8qEmqN+sF8WCuduijU+zf
BsD6hzbxAq8rPBSX8jx16E6razBOW3e69w4h3WVzMHdow5EkBmN6SAsf+mLnxtuX
vsHE594RhXTNkdVbTrfqE1aQeBkcYwjQQ9QK+pP02urRxsMJO7NnaGLC5f9FHaAS
MFc99V3ouX855GSAZ/k5xpfqsCdI9NbYUx15npoPjI6fhkZ+edjwNx9/BRCYmHs6
78tUAEEOUMRpbfZyv/vsFPkAUoSNV6swOpxR6mha6wDsB8flPJlthEmKoQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFK4TBoTPemYDsqJ4lO4P/G2A4nIWMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvcmhNR2hNOTZaZ095b25pVTdnXzhiWURpY2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQATVqVAwQA
TVqkAwQATVqmAwQATVqyAwQATVq5AwQATVq8MAwDBAC55g0DBAC55g4DBADV0Ygw
DAMEANXRjwMEANXRkgMEANXRnDANBgkqhkiG9w0BAQsFAAOCAQEApAg8r9veHZk0
QV7wz/SPN1z01ZDSFEBdTrslFdlKL2jZfpfmIaKuLDq5SSz8bttJUfzB20EUS/+k
19XV515VJHfUX6OPb6b0W0k68HnKKRHhptGqST/3UXIXatWNYgGhs/sAFagd5jEY
NwE0qMnYYVOWyDEtM1IY7mtl06PFojK6gWtbjlevzZKq2DWfmusErTe6UTjn2zaH
ZtuymVn1PBa1iFKa7sAaEQwaEoJqSUszgyt1qIp1pvZhme5FX7k/JBFOR4RnDs9V
XB8GNbei7LK5Ua3KotYbV14kEwUnYgUJbRNYo5TJqm4aEKz8Eo0hqK99PArAEXuv
yWaU+h2mRA==
-----END CERTIFICATE-----