Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/3zQw1by9iuDNqFb754tCLC_3dGo.roa
File:                     3zQw1by9iuDNqFb754tCLC_3dGo.roa (raw, json)
Hash identifier:          BmJIXA5JzPk9UVx5z7OzS5lJtqZ/8/NzevNVIUkneg0=
Subject key identifier:   DF:34:30:D5:BC:BD:8A:E0:CD:A8:56:FB:E7:8B:42:2C:2F:F7:74:6A
Certificate issuer:       /CN=2ee56d4d7b1d1a06ce89f746f79b656c7348c525
Certificate serial:       0185707077727E26DC9682320635AC15B876
Authority key identifier: 2E:E5:6D:4D:7B:1D:1A:06:CE:89:F7:46:F7:9B:65:6C:73:48:C5:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LuVtTXsdGgbOifdG95tlbHNIxSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/3zQw1by9iuDNqFb754tCLC_3dGo.roa
Signing time:             Mon 02 Jan 2023 03:04:56 +0000
ROA not before:           Mon 02 Jan 2023 03:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203507
IP address blocks:        193.28.13.0/24 maxlen: 24
                          185.123.226.0/23 maxlen: 23
                          185.123.226.0/24 maxlen: 24
                          185.123.224.0/22 maxlen: 22
                          185.123.224.0/23 maxlen: 23
                          185.123.224.0/24 maxlen: 24
                          185.123.225.0/24 maxlen: 24
                          185.123.227.0/24 maxlen: 24
                          5.104.152.0/22 maxlen: 22
                          195.245.199.0/24 maxlen: 24
                          212.79.224.0/19 maxlen: 19
                          2a06:e380:8000::/36 maxlen: 36
                          2a06:e380::/36 maxlen: 36
                          2a06:e380:8000::/48 maxlen: 48
                          2a06:e380::/48 maxlen: 48
                          2a06:e380:8001::/48 maxlen: 48
                          2a06:e380:1::/48 maxlen: 48
                          2a06:e380::/29 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:70:77:72:7e:26:dc:96:82:32:06:35:ac:15:b8:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ee56d4d7b1d1a06ce89f746f79b656c7348c525
        Validity
            Not Before: Jan  2 03:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df3430d5bcbd8ae0cda856fbe78b422c2ff7746a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:64:e4:3d:c3:7b:b7:2d:01:b6:36:21:b3:bf:
                    16:89:d8:43:a0:b1:61:ec:2b:83:8a:be:4d:d5:33:
                    33:5f:6a:bd:33:69:c2:a4:45:dc:ac:7b:5c:e7:a4:
                    8e:1a:46:91:74:f5:ec:fb:31:20:16:3f:97:51:4d:
                    3e:3c:22:d8:52:77:e6:77:4a:c5:7a:9c:75:95:cc:
                    f4:57:d0:0f:85:75:10:89:c6:a3:6a:ab:12:4d:ed:
                    e4:0f:a9:db:68:f1:5d:bd:2a:81:74:22:f7:a5:fa:
                    c0:5e:82:58:3d:ec:35:fc:fd:a1:b7:22:a0:90:6b:
                    2e:2e:dd:87:36:94:97:68:f1:6e:fc:28:8e:c7:7c:
                    87:40:8a:f0:42:83:a1:d7:58:aa:cd:90:1c:22:70:
                    42:ee:08:ae:72:7c:6a:eb:95:2b:d4:28:d9:72:90:
                    5f:3a:87:5e:97:30:90:d2:8c:8f:bc:74:de:17:dc:
                    24:fe:4e:52:73:22:00:6b:02:51:50:80:47:cc:86:
                    a1:29:55:99:ff:d0:32:48:2a:7b:1b:dd:e1:d5:1e:
                    ed:cf:fd:ca:1b:42:f8:60:06:79:3e:3c:48:9e:92:
                    9e:26:b8:bf:de:d3:d8:22:04:c1:dd:58:e6:aa:82:
                    19:f7:0a:e8:aa:e1:77:57:a4:12:52:25:ea:d6:75:
                    77:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:34:30:D5:BC:BD:8A:E0:CD:A8:56:FB:E7:8B:42:2C:2F:F7:74:6A
            X509v3 Authority Key Identifier:
                keyid:2E:E5:6D:4D:7B:1D:1A:06:CE:89:F7:46:F7:9B:65:6C:73:48:C5:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LuVtTXsdGgbOifdG95tlbHNIxSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/3zQw1by9iuDNqFb754tCLC_3dGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/e0b67e-2690-4a88-9d16-22e98de26106/1/LuVtTXsdGgbOifdG95tlbHNIxSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.152.0/22
                  185.123.224.0/22
                  193.28.13.0/24
                  195.245.199.0/24
                  212.79.224.0/19
                IPv6:
                  2a06:e380::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:a7:64:5c:50:f7:de:83:44:3d:0f:ad:90:dd:f8:7c:41:aa:
         6d:a5:4c:6a:89:b4:16:ba:26:da:06:0a:03:b4:5d:05:41:30:
         c4:cd:53:e8:89:c0:b4:9d:d6:7b:04:78:ce:e3:bf:6a:d4:d5:
         b8:17:57:d1:ac:ff:c0:d2:af:e4:fe:af:6d:44:31:a7:4b:f5:
         e1:78:e3:d1:cd:85:85:e0:67:c8:ba:11:bf:0f:c7:c3:f7:eb:
         eb:31:7a:3e:17:3e:1d:77:e2:3f:6f:73:92:58:31:9a:07:06:
         40:60:73:8e:b7:9e:21:1e:42:41:d1:d4:28:9d:d5:32:aa:9f:
         e9:52:3e:da:23:f7:68:5a:8f:94:63:8c:1e:60:62:31:92:6d:
         d0:45:dd:6e:cc:7f:4e:34:c9:c3:8f:19:78:5b:ed:a4:60:98:
         0d:f8:e6:bf:78:17:3d:b8:73:eb:1e:4e:e5:fa:53:6e:75:6f:
         91:e2:34:4f:21:4f:eb:18:09:1c:97:04:de:22:10:11:85:18:
         98:c5:ed:0b:e6:10:c1:9f:e4:f0:9b:85:c0:24:70:2d:2a:3d:
         c0:06:9a:1f:fc:b3:68:9a:e5:9c:a2:8b:25:25:ee:2f:12:24:
         2e:c1:ff:bd:e8:f8:80:c3:91:88:76:11:dd:e9:99:bb:e3:4a:
         4b:a9:c9:b0
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVwcHdyfibcloIyBjWsFbh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZTU2ZDRkN2IxZDFhMDZjZTg5Zjc0NmY3OWI2NTZjNzM0
OGM1MjUwHhcNMjMwMTAyMDMwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjM0MzBkNWJjYmQ4YWUwY2RhODU2ZmJlNzhiNDIyYzJmZjc3NDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WTkPcN7ty0BtjYhs78WidhDoLFh
7CuDir5N1TMzX2q9M2nCpEXcrHtc56SOGkaRdPXs+zEgFj+XUU0+PCLYUnfmd0rF
epx1lcz0V9APhXUQicajaqsSTe3kD6nbaPFdvSqBdCL3pfrAXoJYPew1/P2htyKg
kGsuLt2HNpSXaPFu/CiOx3yHQIrwQoOh11iqzZAcInBC7giucnxq65Ur1CjZcpBf
OodelzCQ0oyPvHTeF9wk/k5ScyIAawJRUIBHzIahKVWZ/9AySCp7G93h1R7tz/3K
G0L4YAZ5PjxInpKeJri/3tPYIgTB3VjmqoIZ9wroquF3V6QSUiXq1nV3+wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFN80MNW8vYrgzahW++eLQiwv93RqMB8GA1UdIwQY
MBaAFC7lbU17HRoGzon3RvebZWxzSMUlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHVWdFRYc2RHZ2JPaWZkRzk1dGxiSE5JeFNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9lMGI2N2UtMjY5MC00YTg4LTlkMTYt
MjJlOThkZTI2MTA2LzEvM3pRdzFieTlpdUROcUZiNzU0dENMQ18zZEdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9lMGI2N2UtMjY5MC00YTg4LTlkMTYtMjJlOThkZTI2MTA2
LzEvTHVWdFRYc2RHZ2JPaWZkRzk1dGxiSE5JeFNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCBWiYAwQC
uXvgAwQAwRwNAwQAw/XHAwQF1E/gMA0EAgACMAcDBQMqBuOAMA0GCSqGSIb3DQEB
CwUAA4IBAQB8p2RcUPfeg0Q9D62Q3fh8QaptpUxqibQWuibaBgoDtF0FQTDEzVPo
icC0ndZ7BHjO479q1NW4F1fRrP/A0q/k/q9tRDGnS/XheOPRzYWF4GfIuhG/D8fD
9+vrMXo+Fz4dd+I/b3OSWDGaBwZAYHOOt54hHkJB0dQondUyqp/pUj7aI/doWo+U
Y4weYGIxkm3QRd1uzH9ONMnDjxl4W+2kYJgN+Oa/eBc9uHPrHk7l+lNudW+R4jRP
IU/rGAkclwTeIhARhRiYxe0L5hDBn+Twm4XAJHAtKj3ABpof/LNomuWcooslJe4v
EiQuwf+96PiAw5GIdhHd6Zm740pLqcmw
-----END CERTIFICATE-----