Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa
File:                     qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa (raw, json)
Hash identifier:          AqT/wvty5WAJI78IzKytPz+TifYV7jDs2VTlr34s108=
Subject key identifier:   AA:1D:41:B9:98:93:7C:AF:6B:2E:F0:7E:50:60:06:54:43:1F:80:5F
Certificate issuer:       /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial:       018418E7614F5D4C75A64C8703A7B1F026DA
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa
Signing time:             Thu 27 Oct 2022 10:05:27 +0000
ROA not before:           Thu 27 Oct 2022 10:05:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35332
IP address blocks:        185.151.96.0/22 maxlen: 24
                          87.236.0.0/21 maxlen: 24
                          194.5.181.0/24 maxlen: 24
                          77.242.112.0/20 maxlen: 24
                          188.92.56.0/21 maxlen: 24
                          37.235.112.0/21 maxlen: 24
                          45.116.184.0/22 maxlen: 24
                          208.88.128.0/22 maxlen: 24
                          185.113.212.0/22 maxlen: 24
                          139.28.200.0/22 maxlen: 24
                          2a00:a000::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:18:e7:61:4f:5d:4c:75:a6:4c:87:03:a7:b1:f0:26:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
        Validity
            Not Before: Oct 27 10:05:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aa1d41b998937caf6b2ef07e50600654431f805f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f7:84:23:aa:9e:79:ca:ae:6d:9c:d5:5b:98:
                    a4:27:30:3f:5d:b4:98:2a:b4:51:ad:67:2b:ae:be:
                    f2:ee:b7:52:17:10:91:61:f8:2c:66:47:78:90:6f:
                    97:d3:bd:4a:c5:b3:0c:01:6f:8f:ee:0a:98:67:fa:
                    b4:ce:d0:7d:43:f0:fd:b1:5f:79:10:2b:2a:98:a6:
                    79:bd:2a:8c:54:2c:c6:8c:cc:90:64:dd:57:b8:e4:
                    f7:34:24:b1:b2:4d:6c:e0:6c:ea:9d:e2:71:1d:37:
                    18:57:96:e4:a7:c1:bd:13:4b:b0:82:51:bb:32:0f:
                    29:13:fa:37:a5:09:51:d4:81:48:b8:ed:35:cf:fe:
                    df:d3:9f:69:64:e9:da:19:38:9a:9e:6e:29:5b:cd:
                    51:a8:af:0f:2c:3b:00:51:62:3a:88:25:c6:9c:77:
                    8a:e7:55:d9:09:e0:01:f5:1c:2a:40:1a:74:09:42:
                    62:45:8f:d0:0b:23:d1:51:50:82:b3:95:0c:e0:ca:
                    bb:6d:5f:fc:ab:de:cc:1b:e8:fa:91:a6:e2:8f:4c:
                    11:27:21:f7:62:73:a8:ea:08:c9:f0:59:49:09:97:
                    8f:14:ad:d7:bc:cc:bb:73:2e:31:39:fc:a0:d4:9a:
                    04:86:36:d8:b7:46:30:c6:f9:58:16:ca:08:60:7b:
                    b6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:1D:41:B9:98:93:7C:AF:6B:2E:F0:7E:50:60:06:54:43:1F:80:5F
            X509v3 Authority Key Identifier:
                keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/qh1BuZiTfK9rLvB-UGAGVEMfgF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.112.0/21
                  45.116.184.0/22
                  77.242.112.0/20
                  87.236.0.0/21
                  139.28.200.0/22
                  185.113.212.0/22
                  185.151.96.0/22
                  188.92.56.0/21
                  194.5.181.0/24
                  208.88.128.0/22
                IPv6:
                  2a00:a000::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:33:da:fa:b9:ac:f4:d1:af:63:38:bb:b0:ff:9a:3f:08:15:
         33:c3:d9:4f:65:cc:db:d8:99:d4:1d:95:d9:12:af:fa:c3:1f:
         ca:9f:37:1e:93:11:be:84:d0:f2:17:ab:98:e8:92:8f:9b:90:
         39:92:0f:49:2e:a1:a8:d0:bd:48:c4:6f:b5:de:b4:44:d3:2b:
         26:7a:c8:30:db:70:ea:05:4d:be:3b:50:12:c4:20:d6:4f:d4:
         67:7d:b7:ac:a7:84:76:fe:57:f0:c2:d8:58:be:eb:cd:43:da:
         19:7a:de:f7:9e:08:9a:86:86:83:ed:39:80:48:29:43:8d:ac:
         03:99:1a:7d:c8:35:00:ba:6a:ec:2c:73:69:37:0a:b3:13:83:
         6b:be:4d:a5:4f:85:ac:b6:8a:96:6f:8c:bb:a0:73:d5:00:72:
         37:cf:61:d1:2e:64:e6:c9:90:2a:c1:a6:4e:8d:ab:41:c5:03:
         96:9e:f1:23:3e:97:3b:fa:c7:ec:6f:a3:bc:fe:02:ef:91:69:
         8d:cd:d1:53:5a:10:1d:2d:b6:f5:1b:d9:d8:4f:e9:2a:37:b6:
         f0:d3:fb:10:bb:ca:e7:f0:4f:8d:42:1f:46:31:4d:7a:ef:6e:
         88:07:ac:5a:b8:43:34:dd:a3:a0:b6:c6:54:03:4a:94:91:69:
         cb:fc:35:f4
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYQY52FPXUx1pkyHA6ex8CbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjIxMDI3MTAwNTI3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFkNDFiOTk4OTM3Y2FmNmIyZWYwN2U1MDYwMDY1NDQzMWY4MDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhveEI6qeecqubZzVW5ikJzA/XbSY
KrRRrWcrrr7y7rdSFxCRYfgsZkd4kG+X071KxbMMAW+P7gqYZ/q0ztB9Q/D9sV95
ECsqmKZ5vSqMVCzGjMyQZN1XuOT3NCSxsk1s4GzqneJxHTcYV5bkp8G9E0uwglG7
Mg8pE/o3pQlR1IFIuO01z/7f059pZOnaGTianm4pW81RqK8PLDsAUWI6iCXGnHeK
51XZCeAB9RwqQBp0CUJiRY/QCyPRUVCCs5UM4Mq7bV/8q97MG+j6kabij0wRJyH3
YnOo6gjJ8FlJCZePFK3XvMy7cy4xOfyg1JoEhjbYt0YwxvlYFsoIYHu2awIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFKodQbmYk3yvay7wflBgBlRDH4BfMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvcWgxQnVaaVRmSzlyTHZCLVVHQUdWRU1mZ0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJetwAwQC
LXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQAwgW1AwQC
0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IBAQA0M9r6uaz00a9j
OLuw/5o/CBUzw9lPZczb2JnUHZXZEq/6wx/KnzcekxG+hNDyF6uY6JKPm5A5kg9J
LqGo0L1IxG+13rRE0ysmesgw23DqBU2+O1ASxCDWT9Rnfbesp4R2/lfwwthYvuvN
Q9oZet73ngiahoaD7TmASClDjawDmRp9yDUAumrsLHNpNwqzE4Nrvk2lT4WstoqW
b4y7oHPVAHI3z2HRLmTmyZAqwaZOjatBxQOWnvEjPpc7+sfsb6O8/gLvkWmNzdFT
WhAdLbb1G9nYT+kqN7bw0/sQu8rn8E+NQh9GMU16726IB6xauEM03aOgtsZUA0qU
kWnL/DX0
-----END CERTIFICATE-----