Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/A3kU1JZgswxInVTquh5MPEtNqMU.roa
File:                     A3kU1JZgswxInVTquh5MPEtNqMU.roa (raw, json)
Hash identifier:          RPiAum2DepFIjwJxH7e/3bLczMD1Bt+8JrQOG6D5BP4=
Subject key identifier:   03:79:14:D4:96:60:B3:0C:48:9D:54:EA:BA:1E:4C:3C:4B:4D:A8:C5
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       03135747
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/A3kU1JZgswxInVTquh5MPEtNqMU.roa
Signing time:             Sat 01 Jan 2022 13:59:16 +0000
ROA not before:           Sat 01 Jan 2022 13:59:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6134
IP address blocks:        45.131.179.0/24 maxlen: 24
                          91.217.160.0/24 maxlen: 24
                          193.227.103.0/24 maxlen: 24
                          193.227.109.0/24 maxlen: 24
                          193.227.114.0/24 maxlen: 24
                          193.200.149.0/24 maxlen: 24
                          193.200.152.0/24 maxlen: 24
                          45.132.238.0/24 maxlen: 24
                          45.132.239.0/24 maxlen: 24
                          91.238.207.0/24 maxlen: 24
                          45.128.146.0/24 maxlen: 24
                          45.128.147.0/24 maxlen: 24
                          45.137.11.0/24 maxlen: 24
                          45.137.10.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 51599175 (0x3135747)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 13:59:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=037914d49660b30c489d54eaba1e4c3c4b4da8c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7b:c7:9c:f4:53:06:88:cf:f1:05:d4:c8:cc:
                    b0:7b:39:bf:7e:01:4c:96:41:19:5e:ff:8c:4b:c7:
                    34:52:f6:d7:e3:bc:93:b3:d1:af:49:fc:5d:4a:fd:
                    c5:c5:cd:47:0c:1c:2d:66:82:0f:0d:81:64:ee:aa:
                    fc:5e:c4:36:b8:00:cf:af:77:14:c7:e2:18:c1:26:
                    19:6b:fb:f4:fb:03:42:7c:ee:60:1a:17:e9:c2:c4:
                    35:b8:55:7d:a9:ba:d3:b5:b7:31:ec:6d:be:04:ad:
                    fe:98:da:60:a3:89:e8:32:74:6b:fe:3e:1c:49:6f:
                    bc:a8:41:70:2d:d4:73:fd:7e:fa:32:7d:68:9b:5e:
                    d0:9e:de:c8:60:30:70:62:b3:8b:f1:15:35:bd:50:
                    31:97:37:0b:ff:75:86:d7:3e:1e:28:40:cc:60:dd:
                    07:99:80:cd:99:99:f9:b9:14:1c:72:35:7b:ac:32:
                    3b:30:6d:f6:b3:43:f6:77:40:57:12:15:cd:4e:43:
                    cf:c6:e7:00:72:c0:30:5d:5c:6a:62:b5:7a:69:64:
                    41:5d:0c:98:f3:be:61:45:d1:e8:9d:47:7f:f7:f7:
                    4b:47:a0:c0:5c:e5:84:b3:a1:a5:6b:02:86:0d:cc:
                    c4:81:8c:b6:d5:0c:90:1a:28:05:f4:a7:56:06:09:
                    5f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:79:14:D4:96:60:B3:0C:48:9D:54:EA:BA:1E:4C:3C:4B:4D:A8:C5
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/A3kU1JZgswxInVTquh5MPEtNqMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.146.0/23
                  45.131.179.0/24
                  45.132.238.0/23
                  45.137.10.0/23
                  91.217.160.0/24
                  91.238.207.0/24
                  193.200.149.0/24
                  193.200.152.0/24
                  193.227.103.0/24
                  193.227.109.0/24
                  193.227.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:2f:4b:5b:b9:00:2f:35:9e:96:f6:1e:36:32:fd:7b:9c:9b:
         d9:97:a3:28:db:8e:19:9c:fe:da:96:a7:e4:1c:8f:82:6e:0c:
         07:d5:16:b8:ed:19:5f:18:ab:77:b6:9f:6a:4a:c9:60:e4:06:
         b5:45:bc:2d:d5:36:3a:a9:26:7c:4d:ee:9b:8d:e8:79:be:6a:
         20:07:5f:79:cf:28:97:6a:33:20:b3:76:45:5c:8c:12:38:c9:
         66:a6:c4:1d:b1:e3:51:e1:75:45:68:59:6a:19:50:56:fe:45:
         55:24:28:06:ca:46:4e:1d:88:01:e4:03:6c:91:7e:1e:22:cf:
         3d:dd:61:00:31:c0:1e:53:20:9c:91:57:76:be:ed:83:bd:36:
         a1:30:50:4c:66:d5:8b:5d:67:be:d4:79:7a:2d:f8:ec:8f:cc:
         21:0a:db:d7:bc:32:40:80:5a:74:aa:76:79:69:e4:9f:4c:1b:
         74:f6:58:3c:a8:42:5d:57:84:b8:6b:6e:b3:93:22:da:ed:51:
         f9:a2:4b:bd:4d:2f:86:7a:e0:6c:8b:7d:74:76:61:c8:58:ed:
         a3:68:cc:d9:e2:aa:52:a7:f9:73:35:17:bc:0f:88:df:4d:2f:
         69:67:78:1b:11:da:6e:a0:10:d3:15:ba:f2:9c:11:93:ca:de:
         f9:3d:cc:71
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIEAxNXRzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NDdiNDg3ODQ4ZmZmNjM1MzNkODdjMzI0ZWNjNTFjMmMzZWEyYWRiMB4XDTIyMDEw
MTEzNTkxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDM3OTE0ZDQ5NjYw
YjMwYzQ4OWQ1NGVhYmExZTRjM2M0YjRkYThjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANd7x5z0UwaIz/EF1MjMsHs5v34BTJZBGV7/jEvHNFL21+O8
k7PRr0n8XUr9xcXNRwwcLWaCDw2BZO6q/F7ENrgAz693FMfiGMEmGWv79PsDQnzu
YBoX6cLENbhVfam607W3MextvgSt/pjaYKOJ6DJ0a/4+HElvvKhBcC3Uc/1++jJ9
aJte0J7eyGAwcGKzi/EVNb1QMZc3C/91htc+HihAzGDdB5mAzZmZ+bkUHHI1e6wy
OzBt9rND9ndAVxIVzU5Dz8bnAHLAMF1camK1emlkQV0MmPO+YUXR6J1Hf/f3S0eg
wFzlhLOhpWsChg3MxIGMttUMkBooBfSnVgYJXwMCAwEAAaOCAkUwggJBMB0GA1Ud
DgQWBBQDeRTUlmCzDEidVOq6Hkw8S02oxTAfBgNVHSMEGDAWgBQ0e0h4SP/2NTPY
fDJOzFHCw+oq2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05IdEllRWpfOWpVejJId3lUc3hSd3NQcUt0cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjcvYmM3MTIyLTRkMWItNDZhNy1hZWNiLTIzMGIzYjcyYTE3NS8x
L0Eza1UxSlpnc3d4SW5WVHF1aDVNUEV0TnFNVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcv
YmM3MTIyLTRkMWItNDZhNy1hZWNiLTIzMGIzYjcyYTE3NS8xL05IdEllRWpfOWpV
ejJId3lUc3hSd3NQcUt0cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBb
BggrBgEFBQcBBwEB/wRMMEowSAQCAAEwQgMEAS2AkgMEAC2DswMEAS2E7gMEAS2J
CgMEAFvZoAMEAFvuzwMEAMHIlQMEAMHImAMEAMHjZwMEAMHjbQMEAMHjcjANBgkq
hkiG9w0BAQsFAAOCAQEAhS9LW7kALzWelvYeNjL9e5yb2ZejKNuOGZz+2pan5ByP
gm4MB9UWuO0ZXxird7afakrJYOQGtUW8LdU2OqkmfE3um43oeb5qIAdfec8ol2oz
ILN2RVyMEjjJZqbEHbHjUeF1RWhZahlQVv5FVSQoBspGTh2IAeQDbJF+HiLPPd1h
ADHAHlMgnJFXdr7tg702oTBQTGbVi11nvtR5ei347I/MIQrb17wyQIBadKp2eWnk
n0wbdPZYPKhCXVeEuGtus5Mi2u1R+aJLvU0vhnrgbIt9dHZhyFjto2jM2eKqUqf5
czUXvA+I300vaWd4GxHabqAQ0xW68pwRk8re+T3McQ==
-----END CERTIFICATE-----