Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/zt_o3AF3fy7Nsnw4tHhxFsaW6jY.roa
File:                     zt_o3AF3fy7Nsnw4tHhxFsaW6jY.roa (raw, json)
Hash identifier:          ynGE0pjIEkKIXTa+YeGMjNRIuLUayY++ghcis0Nxr3U=
Subject key identifier:   CE:DF:E8:DC:01:77:7F:2E:CD:B2:7C:38:B4:78:71:16:C6:96:EA:36
Certificate issuer:       /CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Certificate serial:       018234B570D7898688DC35AC449A24C2EBCE
Authority key identifier: E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/zt_o3AF3fy7Nsnw4tHhxFsaW6jY.roa
Signing time:             Mon 25 Jul 2022 09:34:42 +0000
ROA not before:           Mon 25 Jul 2022 09:34:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39835
IP address blocks:        81.20.112.0/20 maxlen: 20
                          5.34.224.0/21 maxlen: 21
                          188.74.32.0/22 maxlen: 22
                          188.74.36.0/24 maxlen: 24
                          188.74.37.0/24 maxlen: 24
                          188.74.38.0/24 maxlen: 24
                          188.74.44.0/22 maxlen: 22
                          185.75.150.0/24 maxlen: 24
                          185.75.148.0/24 maxlen: 24
                          185.75.149.0/24 maxlen: 24
                          2a03:6880::/32 maxlen: 32
                          2a03:4b20:f000::/36 maxlen: 36
                          2a03:4b20::/32 maxlen: 32
                          2a03:4b21::/32 maxlen: 32
                          2a03:4b22::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:34:b5:70:d7:89:86:88:dc:35:ac:44:9a:24:c2:eb:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
        Validity
            Not Before: Jul 25 09:34:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cedfe8dc01777f2ecdb27c38b4787116c696ea36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e8:70:be:6c:56:05:70:a6:e9:69:73:5a:17:
                    07:a0:51:9a:5f:9e:00:ab:03:a0:06:ed:dc:43:69:
                    22:a0:c1:53:3c:06:8c:95:fc:bc:f3:ae:bc:d7:24:
                    47:b7:81:9f:ac:ed:d1:90:cc:b7:0b:10:3c:66:ed:
                    3e:62:cd:dd:8c:f1:ba:11:59:64:fb:a2:b7:82:dc:
                    e8:b6:9e:fe:8a:cc:3a:f3:5e:b9:39:74:af:ab:a9:
                    e7:8c:b0:2d:fe:23:52:b6:08:5b:14:96:71:55:9d:
                    77:89:75:fe:7c:44:47:72:2b:81:c5:12:e9:5f:ed:
                    f0:81:38:6d:4c:d9:29:a3:dc:70:02:cf:aa:11:89:
                    fe:4c:c7:9f:f6:3d:7b:6c:da:13:37:81:43:2c:ff:
                    1d:1f:ad:33:12:ee:7e:60:1e:80:8f:3c:7d:8c:c3:
                    eb:94:3d:0d:fe:77:75:ac:a2:a1:ad:d0:9d:aa:a7:
                    53:14:7a:ea:4c:8e:9c:1f:40:35:d7:b8:fe:f8:ea:
                    de:af:68:a6:69:5e:3e:8a:bd:90:e8:f8:0f:4d:34:
                    09:90:f2:d0:fa:cb:50:19:c0:8e:2c:54:d7:e1:33:
                    0f:fe:8a:66:03:cb:46:dd:14:02:53:af:49:9e:6b:
                    b0:bd:e6:7e:dd:0d:2f:9e:57:67:dc:d9:15:fd:d2:
                    8d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DF:E8:DC:01:77:7F:2E:CD:B2:7C:38:B4:78:71:16:C6:96:EA:36
            X509v3 Authority Key Identifier:
                keyid:E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/zt_o3AF3fy7Nsnw4tHhxFsaW6jY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.224.0/21
                  81.20.112.0/20
                  185.75.148.0-185.75.150.255
                  188.74.32.0-188.74.38.255
                  188.74.44.0/22
                IPv6:
                  2a03:4b20::-2a03:4b22:ffff:ffff:ffff:ffff:ffff:ffff
                  2a03:6880::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:11:25:74:e5:e9:be:51:b7:ce:ab:96:97:f8:1b:0b:bc:f4:
         04:66:b5:d5:50:19:e9:58:b1:47:a7:40:34:52:83:1a:70:52:
         4f:af:23:a3:a1:e4:12:36:1d:96:e7:51:9a:90:29:22:73:5e:
         35:2f:f2:4f:c8:2d:c3:fd:64:6a:7e:39:83:dd:2d:c9:ed:73:
         31:9c:c5:9b:39:b4:af:e1:9d:c3:fe:ab:94:54:06:c3:be:27:
         1b:56:d5:f2:7b:09:c2:c3:93:a9:bc:6a:da:23:c0:ff:dd:b6:
         8f:fd:d8:c4:34:e6:a1:d4:fe:be:01:b6:44:41:3c:d1:54:a4:
         95:32:35:46:7e:df:72:48:c0:7e:54:e5:07:16:86:3a:a6:7c:
         41:4c:f2:56:6d:a7:f6:9c:2a:e3:bd:23:38:70:a2:97:d5:e7:
         26:10:bb:24:ba:51:92:f4:77:b3:1e:28:4b:4b:cb:c0:43:36:
         4c:56:99:24:7a:30:a2:6b:9e:cc:d8:fc:60:57:75:a9:86:20:
         52:0d:82:ee:b2:31:67:b4:5c:20:34:34:2a:a4:96:05:df:94:
         fe:c5:39:91:5b:f2:72:1b:0a:23:e5:c3:b5:ad:d2:a1:21:24:
         5a:37:f1:11:88:0b:bc:de:99:a1:6e:4f:ba:3e:51:bf:90:d2:
         f4:3d:0d:da
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYI0tXDXiYaI3DWsRJokwuvOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWYxYTZlODRjMDI3N2VmY2I1NmQ5NDJiMGViNWU0NTY0
NzExMjkwHhcNMjIwNzI1MDkzNDQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRmZThkYzAxNzc3ZjJlY2RiMjdjMzhiNDc4NzExNmM2OTZlYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuhwvmxWBXCm6WlzWhcHoFGaX54A
qwOgBu3cQ2kioMFTPAaMlfy886681yRHt4GfrO3RkMy3CxA8Zu0+Ys3djPG6EVlk
+6K3gtzotp7+isw68165OXSvq6nnjLAt/iNStghbFJZxVZ13iXX+fERHciuBxRLp
X+3wgThtTNkpo9xwAs+qEYn+TMef9j17bNoTN4FDLP8dH60zEu5+YB6Ajzx9jMPr
lD0N/nd1rKKhrdCdqqdTFHrqTI6cH0A117j++Orer2imaV4+ir2Q6PgPTTQJkPLQ
+stQGcCOLFTX4TMP/opmA8tG3RQCU69JnmuwveZ+3Q0vnldn3NkV/dKNewIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFM7f6NwBd38uzbJ8OLR4cRbGluo2MB8GA1UdIwQY
MBaAFOOfGm6EwCd+/LVtlCsOteRWRxEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMt
MGU1MzkyNzU3ZjgyLzEvenRfbzNBRjNmeTdOc253NHRIaHhGc2FXNmpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMtMGU1MzkyNzU3Zjgy
LzEvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTA0BAIAATAuAwQDBSLgAwQE
URRwMAwDBAK5S5QDBAC5S5YwDAMEBbxKIAMEALxKJgMEArxKLDAdBAIAAjAXMA4D
BQUqA0sgAwUAKgNLIgMFACoDaIAwDQYJKoZIhvcNAQELBQADggEBAGkRJXTl6b5R
t86rlpf4Gwu89ARmtdVQGelYsUenQDRSgxpwUk+vI6Oh5BI2HZbnUZqQKSJzXjUv
8k/ILcP9ZGp+OYPdLcntczGcxZs5tK/hncP+q5RUBsO+JxtW1fJ7CcLDk6m8atoj
wP/dto/92MQ05qHU/r4BtkRBPNFUpJUyNUZ+33JIwH5U5QcWhjqmfEFM8lZtp/ac
KuO9IzhwopfV5yYQuyS6UZL0d7MeKEtLy8BDNkxWmSR6MKJrnszY/GBXdamGIFIN
gu6yMWe0XCA0NCqklgXflP7FOZFb8nIbCiPlw7Wt0qEhJFo38RGIC7zemaFuT7o+
Ub+Q0vQ9Ddo=
-----END CERTIFICATE-----