Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/yE2hV7vLHWFOc_OgE1ndTqP879E.roa
File:                     yE2hV7vLHWFOc_OgE1ndTqP879E.roa (raw, json)
Hash identifier:          3CWq+i/m6boEsUnQXZntoxqWxBOgNW+Vhdwj0cqwDQY=
Subject key identifier:   C8:4D:A1:57:BB:CB:1D:61:4E:73:F3:A0:13:59:DD:4E:A3:FC:EF:D1
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018230EC855E9783FC6329C2ADD204E8F38A
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/yE2hV7vLHWFOc_OgE1ndTqP879E.roa
Signing time:             Sun 24 Jul 2022 15:56:23 +0000
ROA not before:           Sun 24 Jul 2022 15:56:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.191.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.152.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.157.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          77.90.173.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          185.230.12.0/24 maxlen: 24
                          213.209.130.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.133.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.134.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.144.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:30:ec:85:5e:97:83:fc:63:29:c2:ad:d2:04:e8:f3:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 24 15:56:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c84da157bbcb1d614e73f3a01359dd4ea3fcefd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6a:24:32:3e:7d:46:4d:1b:3a:4e:a7:03:69:
                    0a:ce:e6:56:4c:4e:94:0b:8f:21:39:45:24:c8:76:
                    93:96:75:8e:09:2d:aa:4a:b4:c8:0f:3b:d4:d9:ae:
                    58:0f:f6:ef:55:66:01:ea:a0:51:d3:e7:a7:39:6d:
                    83:c2:3b:fb:01:c0:be:8d:b8:34:8e:4a:9a:a3:c7:
                    54:e8:72:1e:4b:8b:3a:7d:bf:45:2d:79:2f:fb:72:
                    b0:10:85:64:d2:a2:4e:10:a4:94:9b:15:f5:18:d7:
                    7e:11:09:1c:7b:3b:8c:6c:2b:46:3c:ee:34:60:78:
                    df:dc:97:24:8f:bf:5a:23:d6:e5:31:ce:c3:8f:54:
                    c0:5c:73:b1:16:a6:fa:ee:bb:a6:8a:a1:38:dd:52:
                    c5:e5:71:40:8b:26:28:4b:d6:02:86:51:48:d9:59:
                    fd:f3:5d:c9:e5:78:dd:3d:65:72:c7:bf:36:f3:af:
                    92:b1:01:92:bc:cf:fe:2b:d9:b6:b4:eb:5b:e7:dd:
                    31:06:a7:36:3d:8d:ee:4c:a8:de:a0:0e:97:3f:32:
                    dd:da:4c:ee:5e:3b:0d:16:72:27:19:b6:4f:dd:a3:
                    64:78:4d:ce:13:3d:0c:cd:04:50:d2:2d:71:3a:ba:
                    bf:db:7a:d9:a9:a8:72:2a:10:52:83:83:93:fb:83:
                    19:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:4D:A1:57:BB:CB:1D:61:4E:73:F3:A0:13:59:DD:4E:A3:FC:EF:D1
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/yE2hV7vLHWFOc_OgE1ndTqP879E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.140.255
                  77.90.142.0-77.90.149.255
                  77.90.152.0-77.90.154.255
                  77.90.157.0/24
                  77.90.173.0/24
                  77.90.179.0/24
                  77.90.188.0/24
                  77.90.191.0/24
                  185.230.12.0/24
                  213.209.129.0-213.209.130.255
                  213.209.133.0-213.209.134.255
                  213.209.138.0/24
                  213.209.144.0/23
                  213.209.147.0/24
                  213.209.149.0/24
                  213.209.151.0/24
                  213.209.157.0-213.209.158.255
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:68:3f:b7:ee:d4:51:7c:ee:e3:8a:41:5d:de:e3:a1:42:c4:
         c7:a8:32:33:dc:c0:a9:10:e7:16:b3:63:6a:43:eb:e9:cc:41:
         16:b1:13:9a:bb:e2:17:b9:1e:f6:2c:3a:28:5b:bc:41:60:99:
         43:b1:17:47:4b:7c:81:a5:07:7b:2a:58:c5:da:61:ac:5e:1b:
         7f:eb:81:99:a4:3b:21:3c:e8:b8:53:85:41:57:8b:2b:65:ad:
         28:1c:c8:0d:d6:70:d3:d9:6d:c0:dd:b4:2e:70:57:0c:b4:f5:
         8b:f4:ac:79:f6:50:92:0c:c5:30:10:1e:d9:80:b1:a9:19:ed:
         17:da:88:7c:ad:28:8a:b9:27:e8:2c:f5:b6:b1:3a:b2:34:50:
         bb:73:a3:79:cf:94:e7:c0:4d:8c:27:33:d9:40:b3:21:34:22:
         1b:ba:ef:28:72:50:3b:bb:d3:67:91:b6:bd:52:9f:c3:2e:f5:
         53:19:0a:71:17:79:f2:d5:2d:69:6c:80:9f:40:e3:98:58:38:
         05:04:eb:0f:88:c2:8b:b3:a0:40:d9:6a:6a:15:92:35:e8:64:
         8d:41:7b:13:39:8d:f7:7e:64:80:d2:6a:e4:5f:cc:64:66:05:
         76:12:6b:1a:44:9d:a0:3a:55:5a:7a:87:64:d0:ca:a0:81:4b:
         8a:31:90:9a
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgISAYIw7IVel4P8YynCrdIE6POKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzI0MTU1NjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODRkYTE1N2JiY2IxZDYxNGU3M2YzYTAxMzU5ZGQ0ZWEzZmNlZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWokMj59Rk0bOk6nA2kKzuZWTE6U
C48hOUUkyHaTlnWOCS2qSrTIDzvU2a5YD/bvVWYB6qBR0+enOW2Dwjv7AcC+jbg0
jkqao8dU6HIeS4s6fb9FLXkv+3KwEIVk0qJOEKSUmxX1GNd+EQkcezuMbCtGPO40
YHjf3Jckj79aI9blMc7Dj1TAXHOxFqb67rumiqE43VLF5XFAiyYoS9YChlFI2Vn9
813J5XjdPWVyx78286+SsQGSvM/+K9m2tOtb590xBqc2PY3uTKjeoA6XPzLd2kzu
XjsNFnInGbZP3aNkeE3OEz0MzQRQ0i1xOrq/23rZqahyKhBSg4OT+4MZWwIDAQAB
o4ICwjCCAr4wHQYDVR0OBBYEFMhNoVe7yx1hTnPzoBNZ3U6j/O/RMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEveUUyaFY3dkxIV0ZPY19PZ0UxbmRUcVA4NzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHXBggrBgEFBQcBBwEB/wSBxzCBxDCBqwQCAAEwgaQwDAME
B01agAMEAE1agjAMAwQCTVqEAwQATVqMMAwDBAFNWo4DBAFNWpQwDAMEA01amAME
AE1amgMEAE1anQMEAE1arQMEAE1aswMEAE1avAMEAE1avwMEALnmDDAMAwQA1dGB
AwQA1dGCMAwDBADV0YUDBADV0YYDBADV0YoDBAHV0ZADBADV0ZMDBADV0ZUDBADV
0ZcwDAMEANXRnQMEANXRnjAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcN
AQELBQADggEBACJoP7fu1FF87uOKQV3e46FCxMeoMjPcwKkQ5xazY2pD6+nMQRax
E5q74he5HvYsOihbvEFgmUOxF0dLfIGlB3sqWMXaYaxeG3/rgZmkOyE86LhThUFX
iytlrSgcyA3WcNPZbcDdtC5wVwy09Yv0rHn2UJIMxTAQHtmAsakZ7RfaiHytKIq5
J+gs9baxOrI0ULtzo3nPlOfATYwnM9lAsyE0Ihu67yhyUDu702eRtr1Sn8Mu9VMZ
CnEXefLVLWlsgJ9A45hYOAUE6w+IwouzoEDZamoVkjXoZI1BexM5jfd+ZIDSauRf
zGRmBXYSaxpEnaA6VVp6h2TQyqCBS4oxkJo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:26 2024 by rpki-client on console-ams.rpki-client.org