Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/5ufJ1EebB15279qKo2aFxVFLop8.roa
File:                     5ufJ1EebB15279qKo2aFxVFLop8.roa (raw, json)
Hash identifier:          XpnNYvfArEsdLgKIoBPIPAP8AFn1FOQMqRuquFoR0Y0=
Subject key identifier:   E6:E7:C9:D4:47:9B:07:5E:76:EF:DA:8A:A3:66:85:C5:51:4B:A2:9F
Certificate issuer:       /CN=63d9d1d95c1eb716ee8195045a77cba2181d79ec
Certificate serial:       0184AE31D061973B775153B374C8D076A93E
Authority key identifier: 63:D9:D1:D9:5C:1E:B7:16:EE:81:95:04:5A:77:CB:A2:18:1D:79:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y9nR2VwetxbugZUEWnfLohgdeew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/5ufJ1EebB15279qKo2aFxVFLop8.roa
Signing time:             Fri 25 Nov 2022 09:50:10 +0000
ROA not before:           Fri 25 Nov 2022 09:50:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29405
IP address blocks:        185.176.72.0/22 maxlen: 22
                          46.229.230.0/24 maxlen: 24
                          217.73.16.0/20 maxlen: 20
                          93.184.64.0/20 maxlen: 20
                          81.89.48.0/20 maxlen: 20
                          46.229.224.0/20 maxlen: 20
                          109.74.144.0/20 maxlen: 20
                          86.110.224.0/19 maxlen: 19
                          176.109.56.0/21 maxlen: 21
                          86.110.229.0/24 maxlen: 24
                          2a01:390::/32 maxlen: 32
                          2a00:10d8::/32 maxlen: 32
                          2a00:10d8:10::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ae:31:d0:61:97:3b:77:51:53:b3:74:c8:d0:76:a9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63d9d1d95c1eb716ee8195045a77cba2181d79ec
        Validity
            Not Before: Nov 25 09:50:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e6e7c9d4479b075e76efda8aa36685c5514ba29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:36:f2:00:29:57:da:2d:e0:be:f9:5b:03:d4:
                    24:21:13:d1:98:a1:cf:fc:14:80:06:6c:3a:df:40:
                    90:f4:c4:0d:b6:34:4c:29:12:df:a3:93:f8:d2:28:
                    23:b3:67:fb:0c:58:a8:04:ed:9c:0d:47:73:5c:05:
                    38:3f:cc:bb:2f:f2:53:e2:fc:6a:13:ec:a2:30:59:
                    b5:d8:3a:72:f1:1f:03:37:ef:66:21:bb:cf:75:8c:
                    0c:24:6b:42:e9:18:09:26:2c:b5:34:57:5b:74:a6:
                    3f:c9:3b:ec:6e:ab:a4:2c:96:01:d2:fa:5f:56:b1:
                    22:6f:f0:fe:d7:47:5b:f4:c5:c8:5e:a8:76:d6:d0:
                    df:20:c7:bf:c6:31:78:7d:1c:49:cf:63:8d:98:8e:
                    80:83:c6:14:e6:81:f5:c4:4b:8a:8b:47:36:b6:44:
                    6c:8a:c9:03:c2:0d:5d:fb:3d:58:32:8d:88:ac:a0:
                    18:be:e4:90:1d:fd:b1:d6:17:fa:b6:60:ec:a0:2b:
                    0e:7a:43:36:43:fc:55:7c:6a:a0:bb:35:40:f4:5e:
                    4f:24:13:55:81:56:81:a3:eb:f1:24:51:9c:b3:81:
                    1a:83:1a:6d:bf:73:cf:8c:bd:3c:83:cb:06:c0:4f:
                    be:2e:32:fc:93:f9:e4:c5:e0:68:13:5f:da:6b:2c:
                    06:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:E7:C9:D4:47:9B:07:5E:76:EF:DA:8A:A3:66:85:C5:51:4B:A2:9F
            X509v3 Authority Key Identifier:
                keyid:63:D9:D1:D9:5C:1E:B7:16:EE:81:95:04:5A:77:CB:A2:18:1D:79:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y9nR2VwetxbugZUEWnfLohgdeew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/5ufJ1EebB15279qKo2aFxVFLop8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/Y9nR2VwetxbugZUEWnfLohgdeew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.224.0/20
                  81.89.48.0/20
                  86.110.224.0/19
                  93.184.64.0/20
                  109.74.144.0/20
                  176.109.56.0/21
                  185.176.72.0/22
                  217.73.16.0/20
                IPv6:
                  2a00:10d8::/32
                  2a01:390::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:da:a4:5a:fc:07:98:2c:09:42:29:07:96:7c:91:22:49:f5:
         c7:61:bb:d2:0b:6c:23:31:85:78:2d:a7:55:7e:e9:b4:00:d0:
         b6:8b:cc:bb:b9:40:86:80:af:2f:88:d7:8f:4f:c2:bc:18:d8:
         db:d6:52:a8:82:fd:cb:2d:44:2d:6a:c5:6d:45:80:32:7a:05:
         21:30:ec:5a:0e:da:3b:63:d5:4d:52:45:96:34:17:47:51:4c:
         d5:ac:5a:9a:07:12:1e:26:65:d2:88:3d:14:35:52:62:52:dc:
         e1:cc:2e:13:5f:b1:8b:fe:13:da:5e:c9:f1:f8:e2:40:53:51:
         48:ec:a3:75:fc:76:a5:07:b1:88:f0:5b:1f:24:a8:45:09:db:
         48:de:9c:25:d3:1b:88:52:e3:c0:be:01:7b:e3:50:9f:19:82:
         04:01:40:20:34:3e:86:6b:0d:05:6c:01:66:1d:93:cf:3b:f8:
         8a:ea:19:7d:a9:d3:7b:ce:6f:23:94:9e:23:fe:08:fb:de:0f:
         9a:f6:20:9a:4a:ed:24:53:9b:5c:01:88:af:e3:73:c9:c5:df:
         fa:01:28:c2:59:c3:35:d3:59:d1:0b:c5:cc:67:1d:f5:c0:39:
         58:aa:28:1a:62:9c:e8:17:c2:b7:1d:00:58:82:8a:5c:b4:ae:
         c3:3c:b7:87
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYSuMdBhlzt3UVOzdMjQdqk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZDlkMWQ5NWMxZWI3MTZlZTgxOTUwNDVhNzdjYmEyMTgx
ZDc5ZWMwHhcNMjIxMTI1MDk1MDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmU3YzlkNDQ3OWIwNzVlNzZlZmRhOGFhMzY2ODVjNTUxNGJhMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTbyAClX2i3gvvlbA9QkIRPRmKHP
/BSABmw630CQ9MQNtjRMKRLfo5P40igjs2f7DFioBO2cDUdzXAU4P8y7L/JT4vxq
E+yiMFm12Dpy8R8DN+9mIbvPdYwMJGtC6RgJJiy1NFdbdKY/yTvsbqukLJYB0vpf
VrEib/D+10db9MXIXqh21tDfIMe/xjF4fRxJz2ONmI6Ag8YU5oH1xEuKi0c2tkRs
iskDwg1d+z1YMo2IrKAYvuSQHf2x1hf6tmDsoCsOekM2Q/xVfGqguzVA9F5PJBNV
gVaBo+vxJFGcs4Eagxptv3PPjL08g8sGwE++LjL8k/nkxeBoE1/aaywGyQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFObnydRHmwdedu/aiqNmhcVRS6KfMB8GA1UdIwQY
MBaAFGPZ0dlcHrcW7oGVBFp3y6IYHXnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTluUjJWd2V0eGJ1Z1pVRVduZkxvaGdkZWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZWQ4ZGQtZDM2ZS00NDBjLTgxNDIt
ZDgwYzZiODVjZGE0LzEvNXVmSjFFZWJCMTUyNzlxS28yYUZ4VkZMb3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZWQ4ZGQtZDM2ZS00NDBjLTgxNDItZDgwYzZiODVjZGE0
LzEvWTluUjJWd2V0eGJ1Z1pVRVduZkxvaGdkZWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQELuXgAwQE
UVkwAwQFVm7gAwQEXbhAAwQEbUqQAwQDsG04AwQCubBIAwQE2UkQMBQEAgACMA4D
BQAqABDYAwUAKgEDkDANBgkqhkiG9w0BAQsFAAOCAQEAtdqkWvwHmCwJQikHlnyR
Ikn1x2G70gtsIzGFeC2nVX7ptADQtovMu7lAhoCvL4jXj0/CvBjY29ZSqIL9yy1E
LWrFbUWAMnoFITDsWg7aO2PVTVJFljQXR1FM1axamgcSHiZl0og9FDVSYlLc4cwu
E1+xi/4T2l7J8fjiQFNRSOyjdfx2pQexiPBbHySoRQnbSN6cJdMbiFLjwL4Be+NQ
nxmCBAFAIDQ+hmsNBWwBZh2Tzzv4iuoZfanTe85vI5SeI/4I+94PmvYgmkrtJFOb
XAGIr+NzycXf+gEowlnDNdNZ0QvFzGcd9cA5WKooGmKc6BfCtx0AWIKKXLSuwzy3
hw==
-----END CERTIFICATE-----