Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xP0jdFHyhHdPL-UEYvlKCHY5FQs.roa
File:                     xP0jdFHyhHdPL-UEYvlKCHY5FQs.roa (raw, json)
Hash identifier:          IJgAM3cJNKdo60vnyGCt2+AgG1V1FPispWHe4UEXqco=
Subject key identifier:   C4:FD:23:74:51:F2:84:77:4F:2F:E5:04:62:F9:4A:08:76:39:15:0B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07C33A1B
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xP0jdFHyhHdPL-UEYvlKCHY5FQs.roa
Signing time:             Mon 07 Mar 2022 20:31:21 +0000
ROA not before:           Mon 07 Mar 2022 20:31:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        213.209.146.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.164.0/24 maxlen: 24
                          77.90.173.0/24 maxlen: 24
                          185.230.15.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 130234907 (0x7c33a1b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar  7 20:31:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c4fd237451f284774f2fe50462f94a087639150b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f5:3f:df:74:39:b3:4c:a8:fe:c6:d7:60:22:
                    6d:e4:ed:8e:95:07:bb:4b:34:b4:62:07:e0:37:b3:
                    d1:a6:9f:c7:33:04:c2:63:6b:cc:e1:16:c4:64:35:
                    ca:d1:72:06:b3:9b:7a:c3:a3:ce:bc:85:11:f3:2d:
                    ff:aa:92:9d:a7:ff:1f:8e:30:9e:28:ae:af:54:6a:
                    98:a5:7f:9d:72:f6:72:4a:72:6d:a3:f0:32:ce:8f:
                    35:f9:28:4b:ff:7a:bb:2a:57:99:35:74:7d:2b:8c:
                    9a:31:5e:93:3a:fe:50:a2:44:cb:29:92:62:9c:fe:
                    6a:49:35:e4:8b:fc:25:33:1d:1a:13:7f:07:bb:93:
                    c3:81:d9:e3:67:10:73:68:04:62:b5:3f:9f:6d:bf:
                    63:25:f8:53:13:f5:89:45:a3:9b:70:35:86:bd:4a:
                    b1:2e:16:9f:d4:5c:f8:33:b8:08:52:b7:2c:cb:43:
                    c6:43:32:e7:22:6d:58:96:95:de:76:62:e2:0a:18:
                    7c:93:52:f0:25:74:ae:0a:b8:38:12:ed:8a:8b:22:
                    56:57:d5:19:9d:ec:22:bb:f2:aa:65:83:3e:e8:a9:
                    dc:a9:28:05:ab:7c:9b:11:32:8c:13:b6:64:30:bf:
                    56:53:4f:81:0d:da:d7:e1:83:c5:1a:06:03:7d:83:
                    99:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:FD:23:74:51:F2:84:77:4F:2F:E5:04:62:F9:4A:08:76:39:15:0B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xP0jdFHyhHdPL-UEYvlKCHY5FQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.153.0/24
                  77.90.164.0/24
                  77.90.173.0/24
                  77.90.184.0/24
                  185.230.15.0/24
                  213.209.146.0/23
                  213.209.151.0/24
                  213.209.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b0:d2:46:ed:d4:cc:56:bd:e1:ec:9c:74:ff:d0:6e:b5:20:
         3e:c2:2c:e1:a5:18:2d:5f:86:3e:4f:82:c9:1c:b1:d0:69:f8:
         fe:ef:fb:0e:77:87:c3:96:0b:2a:d7:91:76:ef:2b:74:cc:9c:
         a3:d1:41:76:7b:66:83:6d:46:b7:d8:21:6f:4e:b0:a0:c7:fd:
         c9:4c:9a:ab:b3:ea:1e:19:c4:38:64:2c:32:7e:78:db:8d:d3:
         9b:75:53:9c:0a:0c:d6:7a:d8:3b:f6:a2:1e:91:99:42:8e:31:
         e9:03:59:e6:b6:24:0f:d7:98:76:fe:75:17:d7:3f:35:aa:54:
         28:44:d0:83:7e:c6:4a:4a:2f:5a:a0:f9:8d:78:a3:e8:d3:97:
         04:dc:35:04:34:14:b9:b5:03:88:b7:33:a8:26:52:2f:58:cd:
         43:d5:c1:57:53:9f:23:4e:ad:9e:1d:75:ec:6a:83:ef:7f:6d:
         7c:40:7b:4a:98:e5:80:e2:53:89:76:49:9e:26:ec:4b:07:17:
         1f:f9:50:0d:89:e3:76:60:2e:15:7e:31:9f:a8:95:72:5a:ce:
         44:2f:47:e7:26:5a:9e:4c:45:c7:ff:68:ec:22:44:b1:b6:09:
         eb:db:ac:59:fc:ec:ce:53:4d:e7:ce:a6:03:4d:99:8a:b9:fb:
         58:7d:bf:be
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEB8M6GzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMw
NzIwMzEyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzRmZDIzNzQ1MWYy
ODQ3NzRmMmZlNTA0NjJmOTRhMDg3NjM5MTUwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALb1P990ObNMqP7G12AibeTtjpUHu0s0tGIH4Dez0aafxzME
wmNrzOEWxGQ1ytFyBrObesOjzryFEfMt/6qSnaf/H44wniiur1RqmKV/nXL2ckpy
baPwMs6PNfkoS/96uypXmTV0fSuMmjFekzr+UKJEyymSYpz+akk15Iv8JTMdGhN/
B7uTw4HZ42cQc2gEYrU/n22/YyX4UxP1iUWjm3A1hr1KsS4Wn9Rc+DO4CFK3LMtD
xkMy5yJtWJaV3nZi4goYfJNS8CV0rgq4OBLtiosiVlfVGZ3sIrvyqmWDPuip3Kko
Bat8mxEyjBO2ZDC/VlNPgQ3a1+GDxRoGA32DmeECAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBTE/SN0UfKEd08v5QRi+UoIdjkVCzAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L3hQMGpkRkh5aEhkUEwtVUVZdmxLQ0hZNUZRcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAE1amQMEAE1apAMEAE1arQMEAE1a
uAMEALnmDwMEAdXRkgMEANXRlwMEANXRnjANBgkqhkiG9w0BAQsFAAOCAQEAFbDS
Ru3UzFa94eycdP/QbrUgPsIs4aUYLV+GPk+CyRyx0Gn4/u/7DneHw5YLKteRdu8r
dMyco9FBdntmg21Gt9ghb06woMf9yUyaq7PqHhnEOGQsMn54243Tm3VTnAoM1nrY
O/aiHpGZQo4x6QNZ5rYkD9eYdv51F9c/NapUKETQg37GSkovWqD5jXij6NOXBNw1
BDQUubUDiLczqCZSL1jNQ9XBV1OfI06tnh117GqD739tfEB7SpjlgOJTiXZJnibs
SwcXH/lQDYnjdmAuFX4xn6iVclrORC9H5yZankxFx/9o7CJEsbYJ69usWfzszlNN
586mA02Zirn7WH2/vg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:06 2024 by rpki-client on console-fra.rpki-client.org