Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/X70m3RJkcUOHIcgTS-Oc_M_WDkE.roa
File:                     X70m3RJkcUOHIcgTS-Oc_M_WDkE.roa (raw, json)
Hash identifier:          UytiY8jXIEra9WSzaBe09VwqSj/YAc4teMwlOOMMw2M=
Subject key identifier:   5F:BD:26:DD:12:64:71:43:87:21:C8:13:4B:E3:9C:FC:CF:D6:0E:41
Certificate issuer:       /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial:       33FC3DDF
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/X70m3RJkcUOHIcgTS-Oc_M_WDkE.roa
Signing time:             Fri 17 Jun 2022 15:46:44 +0000
ROA not before:           Fri 17 Jun 2022 15:46:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29075
IP address blocks:        91.109.176.0/20 maxlen: 20
                          128.204.224.0/20 maxlen: 20
                          85.118.32.0/19 maxlen: 19
                          141.255.144.0/20 maxlen: 20
                          185.118.0.0/22 maxlen: 22
                          185.123.24.0/22 maxlen: 22
                          45.94.124.0/22 maxlen: 22
                          45.10.224.0/22 maxlen: 22
                          178.20.48.0/21 maxlen: 21
                          212.85.144.0/20 maxlen: 20
                          188.121.224.0/19 maxlen: 19
                          2a02:2178::/29 maxlen: 29
                          2a00:1b88::/32 maxlen: 32
                          2a02:2178::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 872168927 (0x33fc3ddf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
        Validity
            Not Before: Jun 17 15:46:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5fbd26dd126471438721c8134be39cfccfd60e41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:42:8b:d2:70:3e:e6:c5:d9:b3:32:80:02:f0:
                    18:d4:25:07:6a:b0:1a:63:60:f4:64:e2:bd:36:97:
                    3f:0e:8f:80:af:fa:64:6d:19:9b:dd:63:87:13:c4:
                    5e:e7:bd:7c:e1:1d:93:83:17:f2:a9:43:81:56:63:
                    fb:fa:10:c8:89:3d:61:f6:62:8d:46:28:df:64:f3:
                    6f:60:ac:52:e6:b4:2e:7b:eb:f1:ec:cc:da:0d:9d:
                    d1:5c:81:40:2b:a5:af:9e:fa:7e:64:cb:ff:c1:fe:
                    d2:96:37:fc:15:45:eb:95:fd:a3:0a:99:ab:6e:64:
                    19:fb:92:91:1b:8b:1a:e7:2e:c2:d5:10:06:41:82:
                    55:55:b5:05:a7:91:ba:24:7c:09:9d:02:8c:0a:7e:
                    ce:fa:84:21:a0:2a:20:0c:93:c2:ea:37:2c:90:76:
                    e8:14:5e:49:10:88:c0:27:40:98:5b:1b:87:e0:d7:
                    30:7e:80:69:1e:f9:17:8d:43:a2:a5:f8:63:62:cf:
                    49:93:de:9d:93:e5:4b:d8:6e:80:d1:d5:4c:68:cc:
                    d4:ee:61:e9:c0:ce:d7:71:cf:99:0c:ac:8a:e6:63:
                    a3:95:a2:2f:66:26:3a:05:38:24:e1:a9:36:cf:ba:
                    28:2d:a7:41:3f:96:01:ba:7f:e8:de:98:01:ce:6a:
                    45:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:BD:26:DD:12:64:71:43:87:21:C8:13:4B:E3:9C:FC:CF:D6:0E:41
            X509v3 Authority Key Identifier:
                keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/X70m3RJkcUOHIcgTS-Oc_M_WDkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.224.0/22
                  45.94.124.0/22
                  85.118.32.0/19
                  91.109.176.0/20
                  128.204.224.0/20
                  141.255.144.0/20
                  178.20.48.0/21
                  185.118.0.0/22
                  185.123.24.0/22
                  188.121.224.0/19
                  212.85.144.0/20
                IPv6:
                  2a00:1b88::/32
                  2a02:2178::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:29:d0:4a:ee:03:5b:f3:38:45:aa:dd:6e:c5:8a:1f:bb:75:
         fa:ff:83:da:a8:86:85:1b:e4:c7:ac:78:66:f8:8b:0f:68:6f:
         74:85:a6:92:5f:91:3c:d5:48:aa:e7:42:e3:29:b5:9d:23:0e:
         71:c4:53:e4:25:e8:9f:5e:02:48:23:3f:0b:1d:f0:20:09:ab:
         c3:07:e3:8a:20:19:5c:fa:aa:92:1a:fc:28:ad:c2:df:65:5c:
         c9:9c:6b:85:66:91:73:aa:75:85:92:ab:c5:66:bc:21:43:ff:
         58:f4:d5:56:bc:83:c5:3e:24:90:2e:aa:2f:b5:62:c1:03:0b:
         3a:26:ca:9f:21:09:77:50:25:40:bf:d3:ef:d4:70:0a:ba:54:
         87:05:c4:0a:50:30:8f:5b:f6:93:a8:ff:0c:4c:23:e5:34:8c:
         06:d1:b7:2a:76:b6:ea:e4:f2:02:0e:f4:b9:a7:80:6a:0b:a4:
         e8:d2:4a:45:7e:bf:fc:8a:9b:79:fe:58:d5:f1:e5:60:25:24:
         87:40:fe:22:f0:92:cf:35:87:af:e8:60:f9:e2:f0:e0:7b:ef:
         0f:06:8c:54:60:12:fd:86:8f:e7:85:62:e9:98:49:10:f8:6e:
         b8:4e:c0:88:35:61:9b:5b:34:36:86:dc:03:d2:9e:cd:05:33:
         59:7b:d1:07
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIEM/w93zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NmRlMWQ5ZGNkYjI1YzFlNTMyYzVjOWI2OWRmYTc1N2UzMDYyMTBlMB4XDTIyMDYx
NzE1NDY0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWZiZDI2ZGQxMjY0
NzE0Mzg3MjFjODEzNGJlMzljZmNjZmQ2MGU0MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL5Ci9JwPubF2bMygALwGNQlB2qwGmNg9GTivTaXPw6PgK/6
ZG0Zm91jhxPEXue9fOEdk4MX8qlDgVZj+/oQyIk9YfZijUYo32Tzb2CsUua0Lnvr
8ezM2g2d0VyBQCulr576fmTL/8H+0pY3/BVF65X9owqZq25kGfuSkRuLGucuwtUQ
BkGCVVW1BaeRuiR8CZ0CjAp+zvqEIaAqIAyTwuo3LJB26BReSRCIwCdAmFsbh+DX
MH6AaR75F41DoqX4Y2LPSZPenZPlS9hugNHVTGjM1O5h6cDO13HPmQysiuZjo5Wi
L2YmOgU4JOGpNs+6KC2nQT+WAbp/6N6YAc5qRQECAwEAAaOCAlswggJXMB0GA1Ud
DgQWBBRfvSbdEmRxQ4chyBNL45z8z9YOQTAfBgNVHSMEGDAWgBRm3h2dzbJcHlMs
XJtp36dX4wYhDjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1p0NGRuYzJ5WEI1VExGeWJhZC1uVi1NR0lRNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjQvNjBmY2ZlLTdiMmMtNDY3Mi1iYzJmLTQwNDc5ODcwOTc2ZS8x
L1g3MG0zUkprY1VPSEljZ1RTLU9jX01fV0RrRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjQv
NjBmY2ZlLTdiMmMtNDY3Mi1iYzJmLTQwNDc5ODcwOTc2ZS8xL1p0NGRuYzJ5WEI1
VExGeWJhZC1uVi1NR0lRNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBx
BggrBgEFBQcBBwEB/wRiMGAwSAQCAAEwQgMEAi0K4AMEAi1efAMEBVV2IAMEBFtt
sAMEBIDM4AMEBI3/kAMEA7IUMAMEArl2AAMEArl7GAMEBbx54AMEBNRVkDAUBAIA
AjAOAwUAKgAbiAMFAyoCIXgwDQYJKoZIhvcNAQELBQADggEBABQp0EruA1vzOEWq
3W7Fih+7dfr/g9qohoUb5MeseGb4iw9ob3SFppJfkTzVSKrnQuMptZ0jDnHEU+Ql
6J9eAkgjPwsd8CAJq8MH44ogGVz6qpIa/Citwt9lXMmca4VmkXOqdYWSq8VmvCFD
/1j01Va8g8U+JJAuqi+1YsEDCzomyp8hCXdQJUC/0+/UcAq6VIcFxApQMI9b9pOo
/wxMI+U0jAbRtyp2turk8gIO9LmngGoLpOjSSkV+v/yKm3n+WNXx5WAlJIdA/iLw
ks81h6/oYPni8OB77w8GjFRgEv2Gj+eFYumYSRD4brhOwIg1YZtbNDaG3APSns0F
M1l70Qc=
-----END CERTIFICATE-----