Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xsp0326NqTJ_CcmF2_ftxw5RRDk.roa
File:                     xsp0326NqTJ_CcmF2_ftxw5RRDk.roa (raw, json)
Hash identifier:          CRM4N86yJR7mYY2bYHH8U1kpenY7dzqoEAObt/aO4j4=
Subject key identifier:   C6:CA:74:DF:6E:8D:A9:32:7F:09:C9:85:DB:F7:ED:C7:0E:51:44:39
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       08200510
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xsp0326NqTJ_CcmF2_ftxw5RRDk.roa
Signing time:             Mon 14 Mar 2022 07:39:47 +0000
ROA not before:           Mon 14 Mar 2022 07:39:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 136316176 (0x8200510)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 14 07:39:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6ca74df6e8da9327f09c985dbf7edc70e514439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e1:7f:40:f1:5c:2a:1f:ed:c1:a4:4a:25:9e:
                    01:64:a2:13:64:03:8c:bb:ec:74:b0:65:74:dd:1a:
                    20:c1:1e:43:f3:cc:6a:27:5c:22:71:75:44:37:2c:
                    f9:90:7a:fe:f0:af:59:b0:bb:2a:51:49:42:f9:e3:
                    16:71:99:cb:55:3c:ae:6e:1f:45:5d:2b:a5:07:3e:
                    ed:da:7c:b9:49:79:55:bf:e0:c3:f0:f3:6d:d0:89:
                    3f:97:28:f5:46:92:36:e1:97:fe:b9:41:0e:e4:fe:
                    32:03:dc:e1:a7:ff:52:f0:cc:75:d2:9b:57:57:a6:
                    3e:42:9b:d2:0e:f3:f9:01:2b:15:57:dd:a3:c1:17:
                    df:44:0a:54:27:25:9a:29:bb:0c:06:12:9a:e3:f2:
                    bd:0c:97:41:c4:88:d3:76:a4:2d:84:7b:ec:03:ee:
                    68:0f:84:8d:e2:77:c8:be:5f:2f:b7:aa:62:fa:0e:
                    5e:4c:1c:ef:8e:9d:d8:f3:0a:ad:e0:77:67:f9:0d:
                    68:fe:93:81:2c:0f:3d:e8:b6:3c:9b:b8:5b:f8:88:
                    78:6c:e2:91:5a:b7:b0:bf:eb:01:85:33:03:b4:fb:
                    37:8f:04:0a:5d:4e:74:80:cc:dd:f1:55:6b:30:f7:
                    83:33:93:f2:88:e9:54:9f:fb:56:1a:06:e1:3c:77:
                    8c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:CA:74:DF:6E:8D:A9:32:7F:09:C9:85:DB:F7:ED:C7:0E:51:44:39
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xsp0326NqTJ_CcmF2_ftxw5RRDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.188.0/24
                  213.209.130.0/24
                  213.209.133.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                  213.209.145.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:70:11:3a:14:f1:eb:13:c5:fd:6a:74:5e:1d:6f:02:c9:92:
         62:3d:dc:33:2c:3b:96:ec:9a:6b:81:23:18:87:e6:b4:98:da:
         81:cc:a3:53:ef:8a:1e:18:9b:f9:aa:76:0e:e9:5b:2c:3a:ec:
         d0:46:e6:eb:8b:19:8a:82:cd:5c:c7:28:bc:5e:3f:c5:30:f3:
         32:09:3c:1e:6a:d9:e2:d4:b9:a0:a8:b0:46:b9:61:77:a3:79:
         7b:34:a6:ba:fb:fa:2d:a6:1b:d4:15:2d:34:a9:bb:5b:d9:c9:
         25:fe:dd:7e:d8:79:9a:4e:e4:1d:ba:62:b8:fe:60:8a:aa:0a:
         ed:2b:45:52:99:39:4c:f0:28:c8:a4:d0:c1:31:e7:72:f5:78:
         84:05:47:b9:5a:c0:96:39:eb:a8:08:e1:88:ed:6e:80:1a:43:
         a4:ba:79:70:2d:07:81:82:ba:96:d7:46:cf:c5:94:a9:e8:fb:
         11:de:f5:53:43:82:a9:c7:79:22:f1:51:4d:e0:ec:f8:8e:9b:
         f6:21:d2:e9:42:a6:c7:af:9c:8a:8d:c9:fa:fb:17:e2:c8:1e:
         0c:1a:4d:38:fb:90:57:5e:5e:2e:2a:af:cb:72:c2:b9:8f:91:
         c3:20:3c:bf:44:1c:ad:c0:b1:85:2d:b2:17:11:71:3e:38:a4:
         d8:c4:7c:74
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgIECCAFEDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMx
NDA3Mzk0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzZjYTc0ZGY2ZThk
YTkzMjdmMDljOTg1ZGJmN2VkYzcwZTUxNDQzOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN3hf0DxXCof7cGkSiWeAWSiE2QDjLvsdLBldN0aIMEeQ/PM
aidcInF1RDcs+ZB6/vCvWbC7KlFJQvnjFnGZy1U8rm4fRV0rpQc+7dp8uUl5Vb/g
w/DzbdCJP5co9UaSNuGX/rlBDuT+MgPc4af/UvDMddKbV1emPkKb0g7z+QErFVfd
o8EX30QKVCclmim7DAYSmuPyvQyXQcSI03akLYR77APuaA+EjeJ3yL5fL7eqYvoO
Xkwc746d2PMKreB3Z/kNaP6TgSwPPei2PJu4W/iIeGzikVq3sL/rAYUzA7T7N48E
Cl1OdIDM3fFVazD3gzOT8ojpVJ/7VhoG4Tx3jIMCAwEAAaOCAn4wggJ6MB0GA1Ud
DgQWBBTGynTfbo2pMn8JyYXb9+3HDlFEOTAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L3hzcDAzMjZOcVRKX0NjbUYyX2Z0eHc1UlJEay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
kwYIKwYBBQUHAQcBAf8EgYMwgYAwaAQCAAEwYjAMAwQHTVqAAwQATVqCMAwDBAJN
WoQDBAFNWogDBABNWowwDAMEAU1ajgMEAE1akDAMAwQBTVqSAwQATVqUAwQATVq8
AwQA1dGCAwQA1dGFAwQA1dGIAwQA1dGKAwQA1dGRMBQEAgACMA4DBQAqBCnCAwUA
KgQpxzANBgkqhkiG9w0BAQsFAAOCAQEANnAROhTx6xPF/Wp0Xh1vAsmSYj3cMyw7
luyaa4EjGIfmtJjagcyjU++KHhib+ap2DulbLDrs0Ebm64sZioLNXMcovF4/xTDz
Mgk8HmrZ4tS5oKiwRrlhd6N5ezSmuvv6LaYb1BUtNKm7W9nJJf7dfth5mk7kHbpi
uP5giqoK7StFUpk5TPAoyKTQwTHncvV4hAVHuVrAljnrqAjhiO1ugBpDpLp5cC0H
gYK6ltdGz8WUqej7Ed71U0OCqcd5IvFRTeDs+I6b9iHS6UKmx6+cio3J+vsX4sge
DBpNOPuQV15eLiqvy3LCuY+RwyA8v0QcrcCxhS2yFxFxPjik2MR8dA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:09 2023 by rpki-client on console-ams.rpki-client.org