Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/AEiXLkQonFAyyZsbJqGxjlfXKZQ.roa
File:                     AEiXLkQonFAyyZsbJqGxjlfXKZQ.roa (raw, json)
Hash identifier:          UabPZXninCR6e2IbPtC5APeByDoThN7rAzwjhvh72lY=
Subject key identifier:   00:48:97:2E:44:28:9C:50:32:C9:9B:1B:26:A1:B1:8E:57:D7:29:94
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       08D1503B
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/AEiXLkQonFAyyZsbJqGxjlfXKZQ.roa
Signing time:             Thu 07 Apr 2022 10:28:40 +0000
ROA not before:           Thu 07 Apr 2022 10:28:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        188.255.135.0/24 maxlen: 24
                          212.69.18.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.36.0/24 maxlen: 24
                          109.121.35.0/24 maxlen: 24
                          109.121.38.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          109.121.46.0/24 maxlen: 24
                          212.69.10.0/23 maxlen: 23
                          109.233.184.0/23 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          109.121.0.0/19 maxlen: 19

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147935291 (0x8d1503b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr  7 10:28:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0048972e44289c5032c99b1b26a1b18e57d72994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7c:21:bc:8c:59:d7:91:00:7b:3a:33:d6:40:
                    f5:98:e3:73:9a:a3:8b:8d:86:dd:b4:87:91:5c:7f:
                    c5:18:eb:a2:fe:ed:f2:57:de:da:f7:b4:a2:06:8d:
                    15:11:6a:d5:6a:24:82:e2:39:4b:d8:c3:7b:38:6b:
                    d1:16:c5:84:e0:49:eb:b4:55:2d:3a:3d:dd:56:6c:
                    39:78:00:9e:9d:fc:34:3d:04:75:30:1e:50:16:ae:
                    f0:0f:af:ec:5b:56:63:52:68:7f:10:91:3f:c0:e5:
                    60:d0:50:e3:4e:08:af:03:b8:61:e7:8e:07:fe:73:
                    99:c4:da:46:a2:f4:ae:58:4e:89:d6:70:ff:88:73:
                    d6:3a:b7:60:5b:9c:7d:69:ff:2a:f6:7c:5c:e1:c3:
                    c4:c3:3a:25:5a:27:53:ab:26:10:55:4c:43:7c:1f:
                    6b:f6:01:e5:14:6d:87:00:e3:fe:fc:9a:3c:93:bf:
                    27:35:a4:6e:3f:b7:3b:8f:fb:5e:f5:e7:ce:64:d0:
                    f9:50:f7:bd:bb:c0:95:46:44:c6:d9:3a:63:63:86:
                    d5:8d:60:d0:d7:7d:c0:d6:47:e9:08:d5:86:6f:86:
                    5f:37:c1:3b:56:a4:ac:ea:8c:47:27:27:f8:32:1d:
                    9f:56:64:c3:f0:c2:b6:3b:b4:42:a5:97:15:fc:1a:
                    94:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:48:97:2E:44:28:9C:50:32:C9:9B:1B:26:A1:B1:8E:57:D7:29:94
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/AEiXLkQonFAyyZsbJqGxjlfXKZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.0.0/19
                  109.121.33.0-109.121.36.255
                  109.121.38.0/24
                  109.121.40.0/22
                  109.121.45.0-109.121.46.255
                  109.233.184.0/23
                  178.253.237.0/24
                  188.255.135.0/24
                  212.69.10.0/23
                  212.69.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c4:9d:90:92:ea:0b:20:9d:06:c8:a5:1e:e4:2d:47:54:42:
         cf:d3:17:58:9b:ea:37:ec:66:95:88:98:13:ca:1c:ca:b4:a9:
         56:95:de:52:22:2e:5b:fa:f5:e0:d6:c6:03:0f:95:ba:2d:8a:
         d9:80:3e:08:7f:ff:65:1b:f2:6a:e4:61:f7:c0:d0:91:c4:25:
         e3:9a:10:b1:c0:1f:a8:45:16:df:09:23:f5:bb:ad:03:e4:38:
         8b:c3:b7:b0:86:22:6e:b7:c5:27:f0:59:b6:d4:a6:ee:a2:97:
         c1:5a:79:b1:ad:77:49:5c:74:b9:24:84:4b:68:7b:46:9d:99:
         f1:4e:10:cc:45:ab:50:9e:f9:23:0c:bd:24:b7:0d:0d:d7:cc:
         bc:0c:2b:da:f7:2c:56:27:31:6c:d2:c7:f6:e2:03:c2:c2:38:
         64:3b:19:d2:ff:a6:30:18:e8:b6:0f:95:73:55:0d:2e:6e:51:
         38:47:0e:a6:71:a3:23:7b:3f:54:5c:a6:14:29:8c:6a:f7:3e:
         08:bc:8f:50:1e:88:65:20:86:26:d5:e2:0c:cf:83:76:4f:44:
         3d:aa:53:1b:57:44:a5:b0:be:a4:16:ca:99:53:f1:33:00:47:
         b5:ab:8d:a4:e2:ce:84:17:c9:e2:00:e1:f1:b9:bd:32:6f:07:
         2b:e9:fc:2b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIECNFQOzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Zjg0ZTQ3MzhhNzBlYTM5YzA4Y2VmMjEwNDMyYWUzOTllYzdlOTE1MB4XDTIyMDQw
NzEwMjg0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDA0ODk3MmU0NDI4
OWM1MDMyYzk5YjFiMjZhMWIxOGU1N2Q3Mjk5NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALd8IbyMWdeRAHs6M9ZA9Zjjc5qji42G3bSHkVx/xRjrov7t
8lfe2ve0ogaNFRFq1WokguI5S9jDezhr0RbFhOBJ67RVLTo93VZsOXgAnp38ND0E
dTAeUBau8A+v7FtWY1JofxCRP8DlYNBQ404IrwO4YeeOB/5zmcTaRqL0rlhOidZw
/4hz1jq3YFucfWn/KvZ8XOHDxMM6JVonU6smEFVMQ3wfa/YB5RRthwDj/vyaPJO/
JzWkbj+3O4/7XvXnzmTQ+VD3vbvAlUZExtk6Y2OG1Y1g0Nd9wNZH6QjVhm+GXzfB
O1akrOqMRycn+DIdn1Zkw/DCtju0QqWXFfwalOkCAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBQASJcuRCicUDLJmxsmobGOV9cplDAfBgNVHSMEGDAWgBRvhORzinDqOcCM
7yEEMq45nsfpFTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2I0VGtjNHB3NmpuQWpPOGhCREt1T1o3SDZSVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZGRmOGIzLTFjMDgtNDk1Yy04ZGRmLWZhZTVkYmVkM2IxYi8x
L0FFaVhMa1FvbkZBeXlac2JKcUd4amxmWEtaUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZGRmOGIzLTFjMDgtNDk1Yy04ZGRmLWZhZTVkYmVkM2IxYi8xL2I0VGtjNHB3Nmpu
QWpPOGhCREt1T1o3SDZSVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwUgQCAAEwTAMEBW15ADAMAwQAbXkhAwQAbXkkAwQA
bXkmAwQCbXkoMAwDBABteS0DBABteS4DBAFt6bgDBACy/e0DBAC8/4cDBAHURQoD
BADURRIwDQYJKoZIhvcNAQELBQADggEBAB/EnZCS6gsgnQbIpR7kLUdUQs/TF1ib
6jfsZpWImBPKHMq0qVaV3lIiLlv69eDWxgMPlbotitmAPgh//2Ub8mrkYffA0JHE
JeOaELHAH6hFFt8JI/W7rQPkOIvDt7CGIm63xSfwWbbUpu6il8FaebGtd0lcdLkk
hEtoe0admfFOEMxFq1Ce+SMMvSS3DQ3XzLwMK9r3LFYnMWzSx/biA8LCOGQ7GdL/
pjAY6LYPlXNVDS5uUThHDqZxoyN7P1RcphQpjGr3Pgi8j1AeiGUghibV4gzPg3ZP
RD2qUxtXRKWwvqQWyplT8TMAR7WrjaTizoQXyeIA4fG5vTJvByvp/Cs=
-----END CERTIFICATE-----