Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/vQjkdS-Qcgg1T2E5U84fiVJNOaw.roa
File:                     vQjkdS-Qcgg1T2E5U84fiVJNOaw.roa (raw, json)
Hash identifier:          vXFHjpGzGzkOLxE30PpR1P7u/8G+aQ1x7zHo+ZUHRRk=
Subject key identifier:   BD:08:E4:75:2F:90:72:08:35:4F:61:39:53:CE:1F:89:52:4D:39:AC
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07BC3C32
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/vQjkdS-Qcgg1T2E5U84fiVJNOaw.roa
Signing time:             Mon 07 Mar 2022 11:02:29 +0000
ROA not before:           Mon 07 Mar 2022 11:02:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 129776690 (0x7bc3c32)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar  7 11:02:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bd08e4752f907208354f613953ce1f89524d39ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:bd:a2:a7:24:86:c7:44:79:2e:9f:35:a9:56:
                    14:2e:d7:98:b3:0a:72:d5:82:1c:96:8d:12:b1:3f:
                    3b:5b:ad:4d:7e:90:5d:ba:81:b5:99:32:b9:7c:8f:
                    bc:06:62:f6:bc:94:3c:2e:71:98:59:be:ee:de:b5:
                    51:80:fd:11:f9:d6:fc:98:37:bd:e4:a7:e8:a3:30:
                    1c:f1:04:eb:9f:61:3c:83:a2:b2:82:7c:75:c0:68:
                    80:54:64:85:30:8c:2c:45:b2:7e:49:7f:33:94:4d:
                    3b:5f:cd:98:6a:26:13:ec:e4:3d:c9:7e:36:bd:44:
                    8e:86:18:a0:c3:8e:dc:13:ed:a5:b3:43:6f:a3:ae:
                    85:25:91:1b:fc:86:82:eb:7c:b7:6b:d8:9f:3b:92:
                    56:8c:6a:0f:17:07:8c:9a:39:32:53:70:fa:be:50:
                    0d:e6:d4:65:c0:b3:64:d0:b8:65:66:20:df:61:0a:
                    c9:38:14:a9:b2:b5:bf:7f:32:f9:bb:5d:71:fc:b8:
                    f4:50:29:9b:b2:3b:09:74:40:65:f7:38:1a:4f:ff:
                    7e:1c:42:8d:16:cd:f9:d7:cc:83:ac:8d:e3:f9:3c:
                    d5:01:5c:20:c0:b0:16:7f:e4:e4:01:43:88:61:4f:
                    f7:bc:23:8f:83:43:40:ae:1b:f6:1e:aa:ed:b9:b4:
                    2c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:08:E4:75:2F:90:72:08:35:4F:61:39:53:CE:1F:89:52:4D:39:AC
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/vQjkdS-Qcgg1T2E5U84fiVJNOaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.185.0/24
                  213.209.129.0-213.209.130.255
                  213.209.133.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                  213.209.146.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:5a:2d:18:88:de:f2:99:33:49:e3:9b:d1:21:4b:d6:a2:36:
         1f:b2:e9:cb:1e:45:f7:9d:97:b1:c9:6c:35:d5:45:09:f7:95:
         47:a6:f2:c1:5f:82:5f:77:91:ad:01:a2:91:fd:01:5c:e3:61:
         f3:98:11:66:9d:19:32:30:b9:0d:4f:37:1d:a8:2a:11:ee:dc:
         5a:cf:fb:0f:95:92:d0:07:a5:96:b8:7a:c7:7f:ec:99:9f:a4:
         b0:50:d3:95:1b:41:f8:99:9b:05:85:26:95:65:fc:e9:ac:64:
         24:e4:22:f2:1f:ea:3f:2e:1b:0e:47:0c:46:f9:e5:9a:d2:88:
         35:d3:06:2b:11:8b:e2:37:9e:e8:c1:d9:b3:96:e2:71:f6:15:
         39:df:a9:31:2d:fb:8d:4d:17:b8:91:d1:d2:81:31:e9:a8:5a:
         c1:28:3f:66:da:29:51:f7:ad:f6:a2:99:fd:98:c2:8a:96:08:
         14:59:58:37:e1:15:fe:df:d6:bc:fb:6c:da:c7:2d:7c:74:31:
         7f:2d:03:6c:f1:96:37:87:9b:da:74:9c:99:e2:2f:10:8d:5b:
         35:46:a5:9c:a9:7b:4a:ae:0d:a6:04:cf:53:34:73:e3:ce:c8:
         49:48:5e:3b:f2:26:f9:9d:02:9c:93:31:e5:a3:ed:88:8c:29:
         10:2e:d2:38
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIEB7w8MjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMw
NzExMDIyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmQwOGU0NzUyZjkw
NzIwODM1NGY2MTM5NTNjZTFmODk1MjRkMzlhYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALe9oqckhsdEeS6fNalWFC7XmLMKctWCHJaNErE/O1utTX6Q
XbqBtZkyuXyPvAZi9ryUPC5xmFm+7t61UYD9EfnW/Jg3veSn6KMwHPEE659hPIOi
soJ8dcBogFRkhTCMLEWyfkl/M5RNO1/NmGomE+zkPcl+Nr1EjoYYoMOO3BPtpbND
b6OuhSWRG/yGgut8t2vYnzuSVoxqDxcHjJo5MlNw+r5QDebUZcCzZNC4ZWYg32EK
yTgUqbK1v38y+btdcfy49FApm7I7CXRAZfc4Gk//fhxCjRbN+dfMg6yN4/k81QFc
IMCwFn/k5AFDiGFP97wjj4NDQK4b9h6q7bm0LDECAwEAAaOCAoYwggKCMB0GA1Ud
DgQWBBS9COR1L5ByCDVPYTlTzh+JUk05rDAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L3ZRamtkUy1RY2dnMVQyRTVVODRmaVZKTk9hdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
mwYIKwYBBQUHAQcBAf8EgYswgYgwcAQCAAEwajAMAwQHTVqAAwQATVqCMAwDBAJN
WoQDBAFNWogDBABNWowwDAMEAU1ajgMEAE1akDAMAwQBTVqSAwQATVqUAwQATVq5
MAwDBADV0YEDBADV0YIDBADV0YUDBADV0YgDBADV0YoDBADV0ZIwFAQCAAIwDgMF
ACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQCFWi0YiN7ymTNJ45vRIUvW
ojYfsunLHkX3nZexyWw11UUJ95VHpvLBX4Jfd5GtAaKR/QFc42HzmBFmnRkyMLkN
TzcdqCoR7txaz/sPlZLQB6WWuHrHf+yZn6SwUNOVG0H4mZsFhSaVZfzprGQk5CLy
H+o/LhsORwxG+eWa0og10wYrEYviN57owdmzluJx9hU536kxLfuNTRe4kdHSgTHp
qFrBKD9m2ilR9632opn9mMKKlggUWVg34RX+39a8+2zaxy18dDF/LQNs8ZY3h5va
dJyZ4i8QjVs1RqWcqXtKrg2mBM9TNHPjzshJSF478ib5nQKckzHlo+2IjCkQLtI4
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:23 2023 by rpki-client on console-fra.rpki-client.org