Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/g0Ij5-XPxZUBppK7_mCB1O5Hw1o.roa
File:                     g0Ij5-XPxZUBppK7_mCB1O5Hw1o.roa (raw, json)
Hash identifier:          erp7kz/7orwaOAvf5/VWJ0OjstKp/Cq+Ig64foHY0lE=
Subject key identifier:   83:42:23:E7:E5:CF:C5:95:01:A6:92:BB:FE:60:81:D4:EE:47:C3:5A
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01825879572C9F4C54407E9B2876ABB53126
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/g0Ij5-XPxZUBppK7_mCB1O5Hw1o.roa
Signing time:             Mon 01 Aug 2022 08:15:23 +0000
ROA not before:           Mon 01 Aug 2022 08:15:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        109.121.38.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.35.0/24 maxlen: 24
                          109.121.32.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.44.0/24 maxlen: 24
                          109.121.46.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24
                          77.105.4.0/24 maxlen: 24
                          93.186.68.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:58:79:57:2c:9f:4c:54:40:7e:9b:28:76:ab:b5:31:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug  1 08:15:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=834223e7e5cfc59501a692bbfe6081d4ee47c35a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e4:92:24:52:28:0b:b0:72:8b:7d:f0:2a:e9:
                    4c:3c:7c:77:12:17:70:29:70:c8:37:df:e7:47:52:
                    33:25:d4:ca:c0:13:98:eb:42:04:6a:b7:dc:af:19:
                    c7:69:39:fc:1a:42:09:ed:f6:f7:94:b1:74:bd:4e:
                    bd:ee:64:35:58:ad:4e:93:86:89:22:d2:8d:a7:8c:
                    fa:35:a2:1f:40:85:a3:7a:f9:a6:bd:14:5c:47:b5:
                    6d:2f:86:e9:ae:8f:f5:c6:85:5a:5c:09:a3:cd:2b:
                    c0:cf:8f:91:d9:8a:9d:ef:38:e6:7c:af:42:42:34:
                    1c:55:5a:f1:e7:e1:c8:8b:14:78:f1:8f:01:85:63:
                    d2:1e:b5:ed:40:99:90:5d:81:2d:75:06:0f:8e:dc:
                    a9:82:c1:6a:19:d9:23:d0:af:d7:9d:a2:de:ce:fc:
                    ec:0f:ef:21:11:96:d0:ea:c7:73:c4:6d:17:b5:16:
                    d2:5e:75:d1:7f:10:ed:d3:6c:32:d1:9d:4f:9b:86:
                    ce:7e:f5:41:a7:c3:4b:3e:80:f8:3e:8e:0c:55:62:
                    aa:c3:ea:25:18:d1:b5:a9:33:d3:6e:db:60:a9:4c:
                    1e:e6:4c:58:86:8a:58:7f:55:f5:f2:a1:70:ba:31:
                    a4:88:c2:a1:4e:8d:e3:71:f1:12:d4:8d:71:49:66:
                    8e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:42:23:E7:E5:CF:C5:95:01:A6:92:BB:FE:60:81:D4:EE:47:C3:5A
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/g0Ij5-XPxZUBppK7_mCB1O5Hw1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.4.0/24
                  93.186.68.0/24
                  109.121.32.0/24
                  109.121.34.0/23
                  109.121.38.0/24
                  109.121.40.0/23
                  109.121.43.0-109.121.44.255
                  109.121.46.0/24
                  109.233.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:fe:39:2c:47:48:33:dc:1c:e3:e0:62:88:31:42:82:b6:62:
         c6:7b:25:c6:6d:21:56:e1:26:65:7d:48:94:6a:b6:b1:d1:f7:
         27:60:56:89:36:8f:71:e1:5c:b4:fd:b6:0b:f2:55:86:17:25:
         33:e6:46:9b:bc:67:38:eb:54:e1:d1:c0:1a:30:2b:7e:f4:ff:
         ab:14:b4:bd:de:e1:68:28:f2:9a:d6:33:00:34:84:7f:11:bd:
         e5:63:69:e9:cf:57:81:c3:f0:54:a9:df:b4:c6:44:13:c9:ad:
         65:3c:e3:cf:38:c2:b3:0d:94:c7:ed:83:e4:12:fc:94:66:96:
         11:b8:12:0c:d1:b6:c1:66:4f:36:09:18:2d:bd:89:4a:a0:0e:
         22:12:4a:d3:30:5a:f5:e5:e6:f2:6f:06:79:3e:b1:23:1d:7e:
         00:00:ee:c9:53:3a:c3:12:59:69:a5:65:f5:63:c7:79:67:87:
         7d:cd:1a:c2:1f:19:2c:7d:44:36:f1:8a:7d:f5:8d:5c:72:05:
         2d:bb:ad:14:f7:41:dd:cd:ba:22:a2:f6:4c:93:b1:30:38:d0:
         09:46:6b:4d:02:b6:f1:07:21:36:85:ac:b4:7e:7b:47:48:44:
         64:bd:f6:d3:11:54:04:8a:cd:d9:d9:c1:82:ac:2c:a5:3e:83:
         98:50:f6:62
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYJYeVcsn0xUQH6bKHartTEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIwODAxMDgxNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQyMjNlN2U1Y2ZjNTk1MDFhNjkyYmJmZTYwODFkNGVlNDdjMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluSSJFIoC7Byi33wKulMPHx3Ehdw
KXDIN9/nR1IzJdTKwBOY60IEarfcrxnHaTn8GkIJ7fb3lLF0vU697mQ1WK1Ok4aJ
ItKNp4z6NaIfQIWjevmmvRRcR7VtL4bpro/1xoVaXAmjzSvAz4+R2Yqd7zjmfK9C
QjQcVVrx5+HIixR48Y8BhWPSHrXtQJmQXYEtdQYPjtypgsFqGdkj0K/XnaLezvzs
D+8hEZbQ6sdzxG0XtRbSXnXRfxDt02wy0Z1Pm4bOfvVBp8NLPoD4Po4MVWKqw+ol
GNG1qTPTbttgqUwe5kxYhopYf1X18qFwujGkiMKhTo3jcfES1I1xSWaOMQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFINCI+flz8WVAaaSu/5ggdTuR8NaMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvZzBJajUtWFB4WlVCcHBLN19tQ0IxTzVIdzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQATWkEAwQA
XbpEAwQAbXkgAwQBbXkiAwQAbXkmAwQBbXkoMAwDBABteSsDBABteSwDBABteS4D
BABt6bgwDQYJKoZIhvcNAQELBQADggEBAIj+OSxHSDPcHOPgYogxQoK2YsZ7JcZt
IVbhJmV9SJRqtrHR9ydgVok2j3HhXLT9tgvyVYYXJTPmRpu8ZzjrVOHRwBowK370
/6sUtL3e4Wgo8prWMwA0hH8RveVjaenPV4HD8FSp37TGRBPJrWU84884wrMNlMft
g+QS/JRmlhG4EgzRtsFmTzYJGC29iUqgDiISStMwWvXl5vJvBnk+sSMdfgAA7slT
OsMSWWmlZfVjx3lnh33NGsIfGSx9RDbxin31jVxyBS27rRT3Qd3NuiKi9kyTsTA4
0AlGa00CtvEHITaFrLR+e0dIRGS99tMRVASKzdnZwYKsLKU+g5hQ9mI=
-----END CERTIFICATE-----