Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/y6pYupQ3PsHpKbUCS_gUXO85G9c.roa
File:                     y6pYupQ3PsHpKbUCS_gUXO85G9c.roa (raw, json)
Hash identifier:          5sUfgXbYUeCDPADtTxl87H0lF9Zdzw5PFEiyuPE/sig=
Subject key identifier:   CB:AA:58:BA:94:37:3E:C1:E9:29:B5:02:4B:F8:14:5C:EF:39:1B:D7
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01829BA50F209CEC27A1D97F570FEC760AA3
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/y6pYupQ3PsHpKbUCS_gUXO85G9c.roa
Signing time:             Sun 14 Aug 2022 09:17:41 +0000
ROA not before:           Sun 14 Aug 2022 09:17:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.12.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.190.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.150.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.152.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.173.0/24 maxlen: 24
                          77.90.181.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.144.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:9b:a5:0f:20:9c:ec:27:a1:d9:7f:57:0f:ec:76:0a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug 14 09:17:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cbaa58ba94373ec1e929b5024bf8145cef391bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2c:38:54:6c:9c:21:13:1f:a1:dc:07:1f:9d:
                    20:52:6b:49:36:9b:a7:7e:c2:4c:15:36:e0:53:d5:
                    32:d9:14:11:4b:df:4e:31:73:17:a7:38:75:77:8d:
                    6c:47:60:c4:9a:75:28:c5:4d:30:e5:a9:3a:6d:14:
                    87:84:e7:79:73:9f:df:6f:d4:cb:7a:b8:dc:37:35:
                    4c:92:27:60:ff:3b:fd:c4:b9:ca:d3:ba:d2:0b:8d:
                    48:1c:92:71:b8:96:7c:25:00:0c:2a:27:af:1a:b2:
                    bf:64:e6:8c:a2:ec:69:0b:3e:81:25:17:d7:1e:a7:
                    26:c3:ad:eb:31:92:9e:c7:0b:2f:17:57:4d:4a:2b:
                    2d:f4:0a:bd:ac:bb:eb:e7:86:a2:a7:6f:50:5c:e7:
                    f2:be:45:37:f1:a1:0a:e9:0f:97:af:f3:00:8f:e9:
                    ef:db:a5:c5:dd:2c:39:ba:c5:f8:f5:06:d1:f8:5d:
                    29:71:eb:cf:93:8f:f7:ae:20:e5:43:75:8b:3d:19:
                    c1:0f:56:a1:eb:83:f1:6f:bd:9e:da:61:5f:49:68:
                    4d:bd:03:d9:b9:eb:2d:e9:53:da:d3:fc:6e:b5:ee:
                    bf:0f:02:23:7e:57:76:fd:6d:23:bd:c0:c2:72:14:
                    25:50:b1:16:56:7a:f9:46:73:79:06:0b:b7:1d:cb:
                    3f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:AA:58:BA:94:37:3E:C1:E9:29:B5:02:4B:F8:14:5C:EF:39:1B:D7
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/y6pYupQ3PsHpKbUCS_gUXO85G9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.150.255
                  77.90.152.0/24
                  77.90.154.0/24
                  77.90.157.0/24
                  77.90.166.0/24
                  77.90.173.0/24
                  77.90.181.0/24
                  77.90.188.0/24
                  77.90.190.0/23
                  185.230.12.0/24
                  213.209.130.0/24
                  213.209.133.0/24
                  213.209.138.0/24
                  213.209.144.0/23
                  213.209.157.0-213.209.159.255
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:c1:0f:3e:5a:5c:90:ab:fe:2b:29:b0:d4:55:63:ba:72:bc:
         23:fe:21:11:b8:98:d3:6e:d4:2c:db:5e:16:fe:7b:5c:07:f3:
         20:88:8e:27:4b:67:96:23:c1:b7:cd:88:34:e1:ed:f4:af:79:
         d3:7e:61:b0:67:69:63:a5:3a:8d:e9:57:e8:ff:1d:e7:30:6d:
         d7:a4:e4:2d:f2:1c:54:58:08:7a:47:97:22:b8:17:3b:6c:b4:
         84:68:4c:b4:6a:52:86:64:4c:9b:74:ce:bd:99:06:a7:bc:47:
         f2:dc:22:60:71:e9:8f:e4:da:97:d9:df:33:96:43:ab:02:54:
         c4:ff:f0:2c:58:d9:be:d8:8d:14:af:8a:32:4d:b6:b8:9c:4c:
         a7:a8:b5:a6:a7:5c:4f:36:35:84:3b:04:3e:f3:89:3a:b6:11:
         ad:69:ec:6e:04:70:3f:35:09:85:78:85:bf:7c:31:9d:05:26:
         5d:32:b6:c7:9b:66:15:5b:4e:cc:14:7f:93:cc:7d:49:ec:62:
         9e:31:ab:f0:e5:85:d9:c2:b7:96:65:34:ad:0c:bd:8c:7b:66:
         de:78:f3:7c:79:0a:17:e3:90:f4:71:67:f3:ed:9d:52:5e:34:
         3f:03:60:fe:eb:16:34:e5:39:71:e3:1a:0b:58:ed:34:96:04:
         1e:9e:df:a4
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYKbpQ8gnOwnodl/Vw/sdgqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwODE0MDkxNzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmFhNThiYTk0MzczZWMxZTkyOWI1MDI0YmY4MTQ1Y2VmMzkxYmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCw4VGycIRMfodwHH50gUmtJNpun
fsJMFTbgU9Uy2RQRS99OMXMXpzh1d41sR2DEmnUoxU0w5ak6bRSHhOd5c5/fb9TL
erjcNzVMkidg/zv9xLnK07rSC41IHJJxuJZ8JQAMKievGrK/ZOaMouxpCz6BJRfX
Hqcmw63rMZKexwsvF1dNSist9Aq9rLvr54aip29QXOfyvkU38aEK6Q+Xr/MAj+nv
26XF3Sw5usX49QbR+F0pcevPk4/3riDlQ3WLPRnBD1ah64Pxb72e2mFfSWhNvQPZ
uest6VPa0/xute6/DwIjfld2/W0jvcDCchQlULEWVnr5RnN5Bgu3Hcs/5QIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFMuqWLqUNz7B6Sm1Akv4FFzvORvXMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEveTZwWXVwUTNQc0hwS2JVQ1NfZ1VYTzg1RzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBoQQCAAEwgZowDAME
B01agAMEAE1agjAMAwQCTVqEAwQBTVqIAwQATVqMMAwDBAFNWo4DBABNWpAwDAME
AU1akgMEAE1algMEAE1amAMEAE1amgMEAE1anQMEAE1apgMEAE1arQMEAE1atQME
AE1avAMEAU1avgMEALnmDAMEANXRggMEANXRhQMEANXRigMEAdXRkDAMAwQA1dGd
AwQF1dGAMBQEAgACMA4DBQAqBCnCAwUAKgQpxzANBgkqhkiG9w0BAQsFAAOCAQEA
bMEPPlpckKv+Kymw1FVjunK8I/4hEbiY027ULNteFv57XAfzIIiOJ0tnliPBt82I
NOHt9K95035hsGdpY6U6jelX6P8d5zBt16TkLfIcVFgIekeXIrgXO2y0hGhMtGpS
hmRMm3TOvZkGp7xH8twiYHHpj+Tal9nfM5ZDqwJUxP/wLFjZvtiNFK+KMk22uJxM
p6i1pqdcTzY1hDsEPvOJOrYRrWnsbgRwPzUJhXiFv3wxnQUmXTK2x5tmFVtOzBR/
k8x9SexinjGr8OWF2cK3lmU0rQy9jHtm3njzfHkKF+OQ9HFn8+2dUl40PwNg/usW
NOU5ceMaC1jtNJYEHp7fpA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:06 2024 by rpki-client on console-fra.rpki-client.org