Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/EfIZQfSIat2xieQB1B-Ak5IUlGc.roa
File:                     EfIZQfSIat2xieQB1B-Ak5IUlGc.roa (raw, json)
Hash identifier:          sx08kb5sMWPF0aOaC8Jv3KNAyEPD7Ohy0gX5hJWYghs=
Subject key identifier:   11:F2:19:41:F4:88:6A:DD:B1:89:E4:01:D4:1F:80:93:92:14:94:67
Certificate issuer:       /CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
Certificate serial:       0185590E845E6C25C11DD94C20A0E8052896
Authority key identifier: 8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/EfIZQfSIat2xieQB1B-Ak5IUlGc.roa
Signing time:             Wed 28 Dec 2022 14:06:41 +0000
ROA not before:           Wed 28 Dec 2022 14:06:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15436
IP address blocks:        193.109.125.0/24 maxlen: 24
                          193.109.121.0/24 maxlen: 24
                          81.88.96.0/21 maxlen: 24
                          193.109.117.0/24 maxlen: 24
                          193.201.1.0/24 maxlen: 24
                          193.201.0.0/24 maxlen: 24
                          193.201.4.0/24 maxlen: 24
                          193.201.2.0/24 maxlen: 24
                          193.201.3.0/24 maxlen: 24
                          193.201.7.0/24 maxlen: 24
                          193.201.6.0/24 maxlen: 24
                          193.201.5.0/24 maxlen: 24
                          2a02:c18::/32 maxlen: 48
                          2a02:c18::/48 maxlen: 48
                          2a02:c18:2::/48 maxlen: 48
                          2a02:c18:6::/48 maxlen: 48
                          2a02:c18:1::/48 maxlen: 48
                          2a02:c18:7::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:59:0e:84:5e:6c:25:c1:1d:d9:4c:20:a0:e8:05:28:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
        Validity
            Not Before: Dec 28 14:06:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=11f21941f4886addb189e401d41f809392149467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3f:fc:b8:a3:e5:68:07:19:44:eb:8f:48:f7:
                    05:f1:eb:9a:20:7c:9b:2c:9a:50:5e:44:20:08:af:
                    4a:7b:ab:4a:7c:2b:c5:2a:fa:d5:ef:83:77:19:0b:
                    d5:57:0e:fc:59:72:3e:99:a8:a5:79:41:74:62:54:
                    09:2e:f7:86:fd:d9:48:16:81:6a:ff:da:b1:4d:2f:
                    84:dc:79:46:2b:05:e7:af:0f:f5:4a:7b:c8:34:60:
                    9a:aa:23:d1:83:8d:50:c3:4d:45:55:8d:e2:29:b0:
                    48:00:38:e1:6f:6c:23:80:a1:6c:7b:fc:88:34:5a:
                    79:08:68:f0:08:de:68:8d:dc:55:9d:99:c6:2f:fe:
                    c7:8e:14:8c:fc:67:e9:25:35:63:7a:77:31:e1:e3:
                    5a:42:fb:d5:ea:ad:b5:74:9b:15:9d:e7:67:76:5f:
                    b7:76:18:87:ae:fb:cf:26:47:dc:78:83:ae:f8:c9:
                    72:df:65:75:4b:d5:63:0e:e0:12:16:a5:a2:cc:7a:
                    4b:90:89:14:6b:7d:6a:fc:1f:ca:77:7c:5f:a9:bf:
                    e9:74:8a:cf:fe:84:a9:4d:f8:bf:e3:eb:88:17:84:
                    48:2c:30:b8:ac:3f:cd:e4:6a:ee:79:a7:0d:6f:ce:
                    4a:36:a0:90:fe:74:6c:c4:cb:26:52:89:26:97:16:
                    fa:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F2:19:41:F4:88:6A:DD:B1:89:E4:01:D4:1F:80:93:92:14:94:67
            X509v3 Authority Key Identifier:
                keyid:8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/EfIZQfSIat2xieQB1B-Ak5IUlGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.96.0/21
                  193.109.117.0/24
                  193.109.121.0/24
                  193.109.125.0/24
                  193.201.0.0/21
                IPv6:
                  2a02:c18::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:71:08:48:c3:a5:10:52:07:40:02:91:3c:fe:fe:7f:c8:85:
         39:d5:36:e6:0e:cf:e7:54:a6:9e:ad:84:7d:f5:f8:93:41:8d:
         58:fb:71:2e:01:50:f2:36:7c:8d:2a:d3:38:84:9b:4e:cd:9d:
         1c:ee:a2:4f:da:85:08:a9:45:ac:6c:38:0d:61:de:77:4e:5d:
         3d:cb:c6:46:78:6c:bf:6f:40:46:44:d9:65:89:45:de:04:c3:
         3c:2c:eb:c4:89:99:80:81:de:05:7b:8e:20:44:09:8a:d2:ca:
         fc:5a:15:70:86:ff:12:49:2e:45:d7:6b:28:ef:d0:05:ca:b9:
         81:64:d6:b2:03:7b:dd:52:0b:3a:0d:64:d2:d1:9b:c4:75:af:
         cf:8c:81:76:71:12:48:98:54:93:ee:94:37:58:af:60:e2:26:
         a2:49:e1:4d:85:1f:82:8b:fd:38:96:10:2e:19:c3:23:d6:c2:
         f2:62:23:30:78:63:23:65:65:a5:42:21:90:c6:f7:79:1a:fc:
         89:6e:02:8e:c1:a6:1b:e1:80:dd:44:49:c1:5a:23:e2:2f:56:
         0a:f9:a5:a6:f0:c7:bb:ef:d9:b4:08:a0:16:0a:1e:b1:3d:d4:
         10:39:55:a3:67:3d:cc:61:50:c0:0b:db:db:c8:a2:ce:ae:16:
         b1:ca:40:a5
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVZDoRebCXBHdlMIKDoBSiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjZmNDc2ZDYwODYyNWFkMWZlMDZlNTJiOTc0YTlmNjZm
MDE0MWEwHhcNMjIxMjI4MTQwNjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWYyMTk0MWY0ODg2YWRkYjE4OWU0MDFkNDFmODA5MzkyMTQ5NDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz/8uKPlaAcZROuPSPcF8euaIHyb
LJpQXkQgCK9Ke6tKfCvFKvrV74N3GQvVVw78WXI+maileUF0YlQJLveG/dlIFoFq
/9qxTS+E3HlGKwXnrw/1SnvINGCaqiPRg41Qw01FVY3iKbBIADjhb2wjgKFse/yI
NFp5CGjwCN5ojdxVnZnGL/7HjhSM/GfpJTVjencx4eNaQvvV6q21dJsVnedndl+3
dhiHrvvPJkfceIOu+Mly32V1S9VjDuASFqWizHpLkIkUa31q/B/Kd3xfqb/pdIrP
/oSpTfi/4+uIF4RILDC4rD/N5GrueacNb85KNqCQ/nRsxMsmUokmlxb6kwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBHyGUH0iGrdsYnkAdQfgJOSFJRnMB8GA1UdIwQY
MBaAFIom9HbWCGJa0f4G5SuXSp9m8BQaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2It
ZDg0NmQxMDZiNWY3LzEvRWZJWlFmU0lhdDJ4aWVRQjFCLUFrNUlVbEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2ItZDg0NmQxMDZiNWY3
LzEvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDUVhgAwQA
wW11AwQAwW15AwQAwW19AwQDwckAMA0EAgACMAcDBQAqAgwYMA0GCSqGSIb3DQEB
CwUAA4IBAQB1cQhIw6UQUgdAApE8/v5/yIU51TbmDs/nVKaerYR99fiTQY1Y+3Eu
AVDyNnyNKtM4hJtOzZ0c7qJP2oUIqUWsbDgNYd53Tl09y8ZGeGy/b0BGRNlliUXe
BMM8LOvEiZmAgd4Fe44gRAmK0sr8WhVwhv8SSS5F12so79AFyrmBZNayA3vdUgs6
DWTS0ZvEda/PjIF2cRJImFST7pQ3WK9g4iaiSeFNhR+Ci/04lhAuGcMj1sLyYiMw
eGMjZWWlQiGQxvd5GvyJbgKOwaYb4YDdREnBWiPiL1YK+aWm8Me779m0CKAWCh6x
PdQQOVWjZz3MYVDAC9vbyKLOrhaxykCl
-----END CERTIFICATE-----