Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/tkr-mVAy3Nb50BQ8_aId53lpLCQ.roa
File:                     tkr-mVAy3Nb50BQ8_aId53lpLCQ.roa (raw, json)
Hash identifier:          6VciYKWgqSsw2bnScq0QViJlk5zvicihtcEtsRnU7zs=
Subject key identifier:   B6:4A:FE:99:50:32:DC:D6:F9:D0:14:3C:FD:A2:1D:E7:79:69:2C:24
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0181F7ABEE65F6A3B159B6CC7DF622181AC0
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/tkr-mVAy3Nb50BQ8_aId53lpLCQ.roa
Signing time:             Wed 13 Jul 2022 13:07:28 +0000
ROA not before:           Wed 13 Jul 2022 13:07:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.134.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f7:ab:ee:65:f6:a3:b1:59:b6:cc:7d:f6:22:18:1a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 13 13:07:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b64afe995032dcd6f9d0143cfda21de779692c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7b:bb:d6:6f:04:5e:79:68:3e:76:86:23:5a:
                    ca:30:89:42:67:d6:ca:40:52:64:ba:90:c8:80:59:
                    0a:62:4c:69:1e:c1:b7:04:2d:e3:9f:48:4f:f3:8d:
                    f2:01:10:1e:8d:39:80:68:3b:fc:ed:2b:ab:cf:bd:
                    71:d5:c4:f5:e0:1b:42:b7:66:bf:e9:73:05:d0:9c:
                    16:33:de:46:ff:33:78:f5:79:25:91:54:90:eb:93:
                    dc:aa:ec:a8:38:d2:45:e3:84:88:71:f2:ad:ef:89:
                    ac:83:5f:54:3c:5f:76:ef:3d:34:35:24:d8:f7:2a:
                    30:8a:39:e3:36:94:e1:d5:31:db:39:29:0e:8b:ac:
                    f8:9a:15:00:38:79:a0:08:0a:41:3a:1f:60:d5:99:
                    40:1e:ac:62:7e:81:d4:80:c4:50:ed:54:3e:00:aa:
                    73:10:8e:42:2a:12:0b:5d:ad:5e:74:89:b4:9a:67:
                    ff:ff:ec:0f:5b:cc:25:ee:7a:df:05:f3:d0:17:ba:
                    ba:42:bd:83:66:ab:12:bb:af:1d:20:b5:62:b2:58:
                    df:67:e5:d3:43:0c:0b:19:7d:e6:88:34:e8:3f:01:
                    fe:26:dc:6d:3c:91:ec:47:c8:78:2c:71:ab:f4:b7:
                    e6:65:bc:cb:48:89:f4:73:21:4f:3b:5b:35:5f:42:
                    d3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4A:FE:99:50:32:DC:D6:F9:D0:14:3C:FD:A2:1D:E7:79:69:2C:24
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/tkr-mVAy3Nb50BQ8_aId53lpLCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.140.255
                  77.90.142.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  77.90.157.0/24
                  77.90.179.0/24
                  77.90.191.0/24
                  213.209.129.0-213.209.130.255
                  213.209.133.0-213.209.134.255
                  213.209.138.0/24
                  213.209.147.0/24
                  213.209.149.0/24
                  213.209.151.0/24
                  213.209.158.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:5a:97:6e:37:d9:f4:c7:a0:ef:98:bb:1d:a5:07:7a:48:b6:
         9a:c7:35:c4:b0:b7:16:92:51:f2:d6:bd:30:d6:f3:45:6a:67:
         8c:e6:01:cf:da:b7:1b:98:ad:bc:f3:64:3e:30:85:d1:99:70:
         74:67:30:f3:22:b0:ab:0c:3f:bf:eb:a6:92:d5:22:40:96:fa:
         ad:85:88:da:d6:7a:26:db:04:af:23:53:62:27:0b:dc:39:c0:
         99:29:2d:7a:ee:e6:6f:dd:32:e4:54:80:03:eb:de:6d:c0:fa:
         15:f9:54:1e:e3:a1:69:93:24:2b:79:0e:e7:64:02:2c:38:9e:
         54:0c:1e:16:96:5a:11:ef:a2:44:6b:b4:15:71:97:48:7d:5e:
         2a:13:7b:b6:28:c6:ef:fb:3d:97:54:f5:5b:e2:d0:a7:60:3a:
         59:00:88:f4:0c:3a:d4:e5:e0:f8:37:8a:91:15:8d:01:40:21:
         52:d3:a2:b9:62:06:fa:32:3f:1e:78:ea:d8:39:2a:61:97:34:
         aa:40:60:da:a3:37:92:12:72:ca:e7:21:9e:b2:8a:a3:c6:7a:
         da:04:3d:3b:cc:be:17:22:3b:ea:b4:31:42:d0:21:4a:bc:90:
         7b:09:a8:a2:8f:49:97:5e:71:11:b8:20:bc:79:84:ab:e5:67:
         26:b6:27:09
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAYH3q+5l9qOxWbbMffYiGBrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzEzMTMwNzI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjRhZmU5OTUwMzJkY2Q2ZjlkMDE0M2NmZGEyMWRlNzc5NjkyYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnu71m8EXnloPnaGI1rKMIlCZ9bK
QFJkupDIgFkKYkxpHsG3BC3jn0hP843yARAejTmAaDv87Surz71x1cT14BtCt2a/
6XMF0JwWM95G/zN49XklkVSQ65PcquyoONJF44SIcfKt74msg19UPF927z00NSTY
9yowijnjNpTh1THbOSkOi6z4mhUAOHmgCApBOh9g1ZlAHqxifoHUgMRQ7VQ+AKpz
EI5CKhILXa1edIm0mmf//+wPW8wl7nrfBfPQF7q6Qr2DZqsSu68dILVisljfZ+XT
QwwLGX3miDToPwH+JtxtPJHsR8h4LHGr9LfmZbzLSIn0cyFPO1s1X0LTqQIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFLZK/plQMtzW+dAUPP2iHed5aSwkMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvdGtyLW1WQXkzTmI1MEJROF9hSWQ1M2xwTENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBiwQCAAEwgYQwDAME
B01agAMEAE1agjAMAwQCTVqEAwQATVqMMAwDBAFNWo4DBABNWpQwDAMEAE1amQME
AE1amgMEAE1anQMEAE1aswMEAE1avzAMAwQA1dGBAwQA1dGCMAwDBADV0YUDBADV
0YYDBADV0YoDBADV0ZMDBADV0ZUDBADV0ZcDBADV0Z4wFAQCAAIwDgMFACoEKcID
BQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQCCWpduN9n0x6DvmLsdpQd6SLaaxzXE
sLcWklHy1r0w1vNFameM5gHP2rcbmK2882Q+MIXRmXB0ZzDzIrCrDD+/66aS1SJA
lvqthYja1nom2wSvI1NiJwvcOcCZKS167uZv3TLkVIAD695twPoV+VQe46FpkyQr
eQ7nZAIsOJ5UDB4WlloR76JEa7QVcZdIfV4qE3u2KMbv+z2XVPVb4tCnYDpZAIj0
DDrU5eD4N4qRFY0BQCFS06K5Ygb6Mj8eeOrYOSphlzSqQGDaozeSEnLK5yGesoqj
xnraBD07zL4XIjvqtDFC0CFKvJB7Caiij0mXXnERuCC8eYSr5WcmticJ
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:09 2023 by rpki-client on console-ams.rpki-client.org