Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sKFjaBRIXdT4W4HrYElpqN60gTM.roa
File:                     sKFjaBRIXdT4W4HrYElpqN60gTM.roa (raw, json)
Hash identifier:          x97j/fBpHmjitM67W6dfoiSrrdbG4yiOWLQIwUtmW/k=
Subject key identifier:   B0:A1:63:68:14:48:5D:D4:F8:5B:81:EB:60:49:69:A8:DE:B4:81:33
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01826D870C12D8D3295958CBFE760B601A0E
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sKFjaBRIXdT4W4HrYElpqN60gTM.roa
Signing time:             Fri 05 Aug 2022 10:22:23 +0000
ROA not before:           Fri 05 Aug 2022 10:22:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        213.209.136.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:6d:87:0c:12:d8:d3:29:59:58:cb:fe:76:0b:60:1a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug  5 10:22:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b0a1636814485dd4f85b81eb604969a8deb48133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a6:8e:34:45:1b:7a:bb:36:3c:f3:46:48:37:
                    3a:90:d1:db:ec:4b:30:58:03:f4:f3:69:b3:4f:98:
                    26:06:e0:0c:94:f7:1c:e4:30:71:26:15:58:33:ce:
                    48:c2:c2:bb:fe:a4:99:0e:ec:d8:6d:55:f2:25:1a:
                    31:7e:5a:13:76:5b:49:fe:d3:d7:2e:41:f5:4c:18:
                    19:54:d4:56:af:4f:dd:01:0a:98:b8:16:94:82:0f:
                    8e:60:b4:b5:3d:5b:cb:c4:98:7d:3f:59:b1:0c:8e:
                    53:63:d1:01:bd:a6:69:94:d3:d2:71:b1:22:a1:0d:
                    4a:0a:67:8e:f9:80:c9:75:dc:5d:7e:0f:22:75:26:
                    ce:e8:d0:ec:85:27:5d:71:e1:e0:c7:60:ba:ed:1c:
                    d8:9c:45:b5:d4:b3:1b:10:a6:23:f0:8d:66:5f:ca:
                    bd:69:20:f1:50:c1:79:e1:32:01:73:dd:53:6b:98:
                    71:0b:bf:68:98:74:99:8e:10:6c:f7:40:2c:a9:ce:
                    87:7e:3c:62:d5:7a:ad:08:55:76:76:4b:aa:dd:bb:
                    18:ce:2f:77:95:42:36:42:35:a6:a4:de:28:34:6c:
                    b3:43:a9:01:93:4e:a0:ea:b4:9d:ba:12:6c:59:66:
                    ab:e7:8d:ee:44:c9:8a:43:a0:a2:ed:94:24:95:c4:
                    19:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A1:63:68:14:48:5D:D4:F8:5B:81:EB:60:49:69:A8:DE:B4:81:33
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sKFjaBRIXdT4W4HrYElpqN60gTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.178.0/24
                  77.90.185.0/24
                  185.230.13.0-185.230.14.255
                  213.209.136.0/24
                  213.209.143.0/24
                  213.209.146.0/24
                  213.209.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ac:e7:bc:18:b8:85:04:c5:f9:aa:54:02:b3:d2:1b:92:8f:
         e1:da:0f:f5:0f:72:61:9d:bd:5f:1a:35:77:ef:fe:55:c5:03:
         ef:a6:9b:be:73:54:27:f5:49:f3:72:8c:68:3c:6e:d7:b6:31:
         12:aa:36:ef:f9:b8:0d:86:42:71:79:a9:ed:b3:47:4d:51:00:
         27:7b:d6:94:97:06:bd:f0:8d:b7:9c:a8:54:7a:9c:88:a8:0d:
         5c:2f:8e:ae:97:cd:03:9c:b4:3a:36:4e:32:e1:18:cf:7b:8a:
         39:a6:a6:65:de:60:59:f6:14:91:a6:85:03:59:aa:cb:ed:c0:
         6a:b3:42:7d:77:72:0d:2c:e1:50:75:dc:d6:9e:dd:40:60:94:
         30:20:c6:e6:8e:03:82:ca:7c:f3:75:c4:7e:ce:3c:29:bc:b9:
         4b:8b:e1:e7:b0:ff:ef:2c:d9:c5:e4:b3:0e:50:35:29:79:4a:
         27:3c:4f:5e:49:4f:69:b0:74:31:b1:4a:7b:fc:9d:ac:be:05:
         d8:0b:78:ca:38:20:2b:05:68:ab:52:2f:af:e7:26:a8:70:cc:
         db:93:2f:cc:5c:69:13:ef:66:3f:cf:6f:42:28:87:67:49:03:
         e8:0e:19:70:fd:b2:91:67:66:72:df:bc:3d:93:f4:b3:6d:d6:
         61:93:0e:ae
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYJthwwS2NMpWVjL/nYLYBoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwODA1MTAyMjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGExNjM2ODE0NDg1ZGQ0Zjg1YjgxZWI2MDQ5NjlhOGRlYjQ4MTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6aONEUbers2PPNGSDc6kNHb7Esw
WAP082mzT5gmBuAMlPcc5DBxJhVYM85IwsK7/qSZDuzYbVXyJRoxfloTdltJ/tPX
LkH1TBgZVNRWr0/dAQqYuBaUgg+OYLS1PVvLxJh9P1mxDI5TY9EBvaZplNPScbEi
oQ1KCmeO+YDJddxdfg8idSbO6NDshSddceHgx2C67RzYnEW11LMbEKYj8I1mX8q9
aSDxUMF54TIBc91Ta5hxC79omHSZjhBs90Asqc6Hfjxi1XqtCFV2dkuq3bsYzi93
lUI2QjWmpN4oNGyzQ6kBk06g6rSduhJsWWar543uRMmKQ6Ci7ZQklcQZ8QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLChY2gUSF3U+FuB62BJaajetIEzMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvc0tGamFCUklYZFQ0VzRIcllFbHBxTjYwZ1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQATVqyAwQA
TVq5MAwDBAC55g0DBAC55g4DBADV0YgDBADV0Y8DBADV0ZIDBADV0ZwwDQYJKoZI
hvcNAQELBQADggEBAEes57wYuIUExfmqVAKz0huSj+HaD/UPcmGdvV8aNXfv/lXF
A++mm75zVCf1SfNyjGg8bte2MRKqNu/5uA2GQnF5qe2zR01RACd71pSXBr3wjbec
qFR6nIioDVwvjq6XzQOctDo2TjLhGM97ijmmpmXeYFn2FJGmhQNZqsvtwGqzQn13
cg0s4VB13Nae3UBglDAgxuaOA4LKfPN1xH7OPCm8uUuL4eew/+8s2cXksw5QNSl5
Sic8T15JT2mwdDGxSnv8nay+BdgLeMo4ICsFaKtSL6/nJqhwzNuTL8xcaRPvZj/P
b0Ioh2dJA+gOGXD9spFnZnLfvD2T9LNt1mGTDq4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:06 2024 by rpki-client on console-fra.rpki-client.org