Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pyHhmUCBUUO9SaKzCc6z3Dlt-ME.roa
File:                     pyHhmUCBUUO9SaKzCc6z3Dlt-ME.roa (raw, json)
Hash identifier:          xBvRk4oF3f3DCguiu/CygcpTabwKTQdz5f2t+7DT784=
Subject key identifier:   A7:21:E1:99:40:81:51:43:BD:49:A2:B3:09:CE:B3:DC:39:6D:F8:C1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184321E31AE934A6A420EF5104EB28E67A5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pyHhmUCBUUO9SaKzCc6z3Dlt-ME.roa
Signing time:             Tue 01 Nov 2022 07:35:50 +0000
ROA not before:           Tue 01 Nov 2022 07:35:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15731
IP address blocks:        195.133.86.0/24 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          194.87.130.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          195.133.0.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          212.192.31.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          212.193.1.0/24 maxlen: 24
                          212.193.3.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:32:1e:31:ae:93:4a:6a:42:0e:f5:10:4e:b2:8e:67:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov  1 07:35:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a721e19940815143bd49a2b309ceb3dc396df8c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5d:45:6a:36:ce:a0:6c:5a:6b:f5:83:a7:56:
                    a2:ff:b3:3a:b5:6b:fb:62:27:95:18:82:2a:93:2c:
                    2d:2d:ef:71:1b:f7:dc:97:8a:1e:ff:15:4d:ad:a2:
                    e5:7e:e5:e9:e0:60:33:ee:30:4d:2c:24:a0:e7:d8:
                    e6:5c:27:cc:e4:c4:07:7a:03:d6:b5:19:f5:09:e5:
                    9f:e9:eb:28:2f:47:43:ac:87:1c:4c:03:f4:a7:66:
                    0f:2d:53:e6:b5:70:fc:6a:04:45:72:95:a1:de:d6:
                    96:fe:79:9f:e2:48:44:1f:81:23:57:f1:86:af:61:
                    20:af:93:b8:6f:11:39:a2:a5:83:ee:c1:8f:2e:14:
                    4f:4a:a5:b8:88:76:8f:89:d5:46:37:77:78:51:d3:
                    2c:db:cf:73:1f:ee:27:c8:5a:a2:6e:d0:a7:cd:d5:
                    5c:09:40:80:f7:3c:ce:8e:02:a7:dd:65:49:9d:4c:
                    7f:d2:cd:0e:1a:4d:20:ef:e8:75:ad:51:7b:85:9b:
                    98:2b:6c:01:1e:5b:a7:43:ea:ef:18:28:9a:f7:bb:
                    62:01:28:8b:ea:14:d3:0b:6c:8b:ce:dd:84:63:19:
                    b5:18:7b:b3:94:aa:7b:8d:23:b4:59:e3:2f:e0:e8:
                    4d:13:64:70:ee:86:6e:b4:5f:93:a2:8f:70:f2:9c:
                    f1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:21:E1:99:40:81:51:43:BD:49:A2:B3:09:CE:B3:DC:39:6D:F8:C1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pyHhmUCBUUO9SaKzCc6z3Dlt-ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.73.0/24
                  194.87.130.0/23
                  194.87.168.0/24
                  194.87.178.0/24
                  194.135.23.0/24
                  195.58.35.0/24
                  195.133.0.0/24
                  195.133.86.0/24
                  212.192.31.0/24
                  212.193.1.0/24
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:8a:c7:2a:64:83:28:e3:a6:ed:c1:13:23:d7:1f:60:43:49:
         f8:ef:e2:39:d9:4b:da:ab:be:11:a6:c4:25:fd:c9:b2:81:a5:
         4f:fa:b8:35:6a:34:0a:5c:6e:58:72:55:77:4e:ab:de:35:3e:
         0a:10:0d:22:47:bc:80:97:22:55:6b:a0:2e:92:77:ba:15:dd:
         7a:a0:29:6c:fe:7e:88:cc:16:53:6c:ea:d8:76:d0:b0:81:92:
         07:58:f6:38:2a:a4:d8:7a:ae:30:ec:cb:42:f6:94:cc:1f:be:
         21:6a:48:f6:56:6f:11:fd:57:9f:d1:da:32:64:84:0e:84:af:
         a8:00:c4:5a:e7:e7:6b:07:42:f2:7d:ee:4d:61:c5:db:fb:7c:
         ae:fe:73:38:3d:c3:14:ef:82:c9:d1:58:32:06:49:81:43:a4:
         f8:1e:eb:a7:84:6f:26:39:34:0c:9f:36:e2:5d:bb:0f:35:4a:
         75:76:bb:ab:ed:40:79:a9:76:ec:49:24:8a:26:77:a4:18:25:
         b8:40:5c:6f:65:c4:85:92:9a:2c:02:d1:74:75:32:d8:90:b7:
         c9:96:ab:38:c2:ee:90:82:89:95:8a:91:15:e3:e8:4e:dd:82:
         56:ae:10:ff:22:8e:0e:95:7b:55:5f:e7:3f:a3:0d:76:1c:5a:
         dd:05:9a:05
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYQyHjGuk0pqQg71EE6yjmelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTAxMDczNTUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzIxZTE5OTQwODE1MTQzYmQ0OWEyYjMwOWNlYjNkYzM5NmRmOGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3F1FajbOoGxaa/WDp1ai/7M6tWv7
YieVGIIqkywtLe9xG/fcl4oe/xVNraLlfuXp4GAz7jBNLCSg59jmXCfM5MQHegPW
tRn1CeWf6esoL0dDrIccTAP0p2YPLVPmtXD8agRFcpWh3taW/nmf4khEH4EjV/GG
r2Egr5O4bxE5oqWD7sGPLhRPSqW4iHaPidVGN3d4UdMs289zH+4nyFqibtCnzdVc
CUCA9zzOjgKn3WVJnUx/0s0OGk0g7+h1rVF7hZuYK2wBHlunQ+rvGCia97tiASiL
6hTTC2yLzt2EYxm1GHuzlKp7jSO0WeMv4OhNE2Rw7oZutF+Too9w8pzxRwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFKch4ZlAgVFDvUmiswnOs9w5bfjBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcHlIaG1VQ0JVVU85U2FLekNjNnozRGx0LU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAwldJAwQB
wleCAwQAwleoAwQAwleyAwQAwocXAwQAwzojAwQAw4UAAwQAw4VWAwQA1MAfAwQA
1MEBAwQA1MEDMA0GCSqGSIb3DQEBCwUAA4IBAQAuiscqZIMo46btwRMj1x9gQ0n4
7+I52Uvaq74RpsQl/cmygaVP+rg1ajQKXG5YclV3TqveNT4KEA0iR7yAlyJVa6Au
kne6Fd16oCls/n6IzBZTbOrYdtCwgZIHWPY4KqTYeq4w7MtC9pTMH74hakj2Vm8R
/Vef0doyZIQOhK+oAMRa5+drB0Lyfe5NYcXb+3yu/nM4PcMU74LJ0VgyBkmBQ6T4
HuunhG8mOTQMnzbiXbsPNUp1drur7UB5qXbsSSSKJnekGCW4QFxvZcSFkposAtF0
dTLYkLfJlqs4wu6QgomVipEV4+hO3YJWrhD/Io4OlXtVX+c/ow12HFrdBZoF
-----END CERTIFICATE-----