Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/flTOQKpFYfQy8h9hxOGxDT_id2g.roa
File:                     flTOQKpFYfQy8h9hxOGxDT_id2g.roa (raw, json)
Hash identifier:          NZpxGycHzGiY01ZnACzQGJ77fuWJRLp/dPBRdQQQRXE=
Subject key identifier:   7E:54:CE:40:AA:45:61:F4:32:F2:1F:61:C4:E1:B1:0D:3F:E2:77:68
Certificate issuer:       /CN=dc377b5d022bf0be4a6224b47eea6ca0b81bf037
Certificate serial:       0759C7F4
Authority key identifier: DC:37:7B:5D:02:2B:F0:BE:4A:62:24:B4:7E:EA:6C:A0:B8:1B:F0:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/flTOQKpFYfQy8h9hxOGxDT_id2g.roa
Signing time:             Sat 01 Jan 2022 10:02:02 +0000
ROA not before:           Sat 01 Jan 2022 10:02:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28756
IP address blocks:        145.64.248.0/21 maxlen: 21
                          145.64.248.0/22 maxlen: 22
                          145.64.250.0/24 maxlen: 24
                          145.64.252.0/22 maxlen: 22
                          145.64.160.0/20 maxlen: 20
                          145.64.160.0/24 maxlen: 24
                          145.64.161.0/24 maxlen: 24
                          145.64.162.0/24 maxlen: 24
                          145.64.170.0/24 maxlen: 24
                          145.64.130.0/24 maxlen: 24
                          145.64.132.0/22 maxlen: 22
                          145.64.128.0/21 maxlen: 21
                          145.64.128.0/22 maxlen: 22
                          145.64.134.0/24 maxlen: 24
                          145.64.144.0/23 maxlen: 23
                          145.64.144.0/20 maxlen: 20
                          145.64.146.0/24 maxlen: 24
                          145.64.148.0/24 maxlen: 24
                          145.64.149.0/24 maxlen: 24
                          145.64.157.0/24 maxlen: 24
                          145.64.158.0/24 maxlen: 24
                          145.64.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 123324404 (0x759c7f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc377b5d022bf0be4a6224b47eea6ca0b81bf037
        Validity
            Not Before: Jan  1 10:02:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7e54ce40aa4561f432f21f61c4e1b10d3fe27768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c7:b5:95:39:b9:6f:8e:61:2d:64:f6:75:b9:
                    13:ee:d2:a9:17:6b:c9:41:5b:25:94:8a:e1:96:ba:
                    c0:fd:9a:c5:cb:8a:3f:82:09:09:11:f4:00:73:ca:
                    5f:c1:2e:ed:15:de:5f:d6:52:24:56:c9:3d:fe:cf:
                    61:76:de:36:d3:e3:11:ab:ba:af:47:43:74:81:f0:
                    a8:80:18:0b:7c:b0:2a:4e:0b:b8:a2:75:33:24:01:
                    01:23:8d:81:76:b3:95:a7:a4:3d:de:81:ef:48:4e:
                    44:fd:67:cd:41:51:0f:92:0c:ef:05:1c:bb:a0:36:
                    4f:6c:ce:86:54:98:3c:9a:c4:9e:69:a5:57:5e:ba:
                    c4:57:ca:e8:5c:8a:3c:17:76:b9:64:69:e2:25:c2:
                    e5:38:f7:91:55:ea:86:2b:51:79:97:ab:80:db:e0:
                    06:7e:4a:0d:79:27:7f:88:66:b6:ab:28:a7:47:27:
                    44:25:d3:22:4c:66:53:38:84:e7:1d:c7:4b:9c:f8:
                    b6:44:07:3f:8c:c7:22:6b:35:6d:92:b3:50:95:7d:
                    b1:7d:92:20:af:1d:65:7d:2e:a4:e1:10:23:44:ae:
                    16:5e:a6:b9:be:d3:f9:2b:e1:22:4f:c8:9b:47:ef:
                    5d:de:73:ae:1b:5f:92:a8:a3:c3:57:79:66:01:72:
                    18:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:54:CE:40:AA:45:61:F4:32:F2:1F:61:C4:E1:B1:0D:3F:E2:77:68
            X509v3 Authority Key Identifier:
                keyid:DC:37:7B:5D:02:2B:F0:BE:4A:62:24:B4:7E:EA:6C:A0:B8:1B:F0:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/flTOQKpFYfQy8h9hxOGxDT_id2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/cc558c-35e5-4dd6-867b-8b05b778e0d5/1/3Dd7XQIr8L5KYiS0fupsoLgb8Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.64.128.0/21
                  145.64.144.0-145.64.175.255
                  145.64.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:6d:33:de:1b:4e:92:63:37:ce:fa:34:ac:8c:35:38:47:84:
         99:0c:b7:0e:9f:21:29:d4:ed:8b:3a:99:5d:70:6a:32:88:cc:
         87:52:85:bf:12:65:8c:6b:12:3f:b2:91:a5:25:57:99:73:73:
         0a:e7:d8:33:5b:49:6c:e3:8c:db:0a:14:f1:15:09:3c:66:b2:
         d5:d8:85:1e:f2:52:ba:db:ed:71:1b:05:f3:9e:1b:13:7e:07:
         83:7b:fb:6a:ae:fa:77:48:ce:c9:b8:20:54:08:f9:8e:95:29:
         4a:3a:08:a2:f0:1f:8b:fb:f7:c8:a1:71:ab:41:f2:ae:52:72:
         ec:51:ae:7d:10:2e:ab:26:de:90:49:9a:9a:ae:db:b0:7a:ca:
         06:e6:53:9e:2c:69:81:d7:73:95:b9:6c:18:e1:a4:c6:58:c8:
         a3:a5:53:e0:28:ad:bd:90:b7:3a:76:df:45:54:83:81:00:46:
         d9:a7:d1:03:e4:bb:94:d0:98:fd:13:8d:0a:50:41:f2:c0:4a:
         b5:b3:b0:56:3e:3c:f1:d2:d6:a7:a9:eb:af:dc:98:77:00:67:
         96:4c:6b:c2:a3:00:31:01:bf:e2:13:b1:c5:8c:6d:83:c3:6b:
         5b:34:60:c4:87:fe:bf:f9:69:77:59:29:ac:4f:4c:30:06:64:
         60:d8:9d:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIEB1nH9DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YzM3N2I1ZDAyMmJmMGJlNGE2MjI0YjQ3ZWVhNmNhMGI4MWJmMDM3MB4XDTIyMDEw
MTEwMDIwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2U1NGNlNDBhYTQ1
NjFmNDMyZjIxZjYxYzRlMWIxMGQzZmUyNzc2ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJbHtZU5uW+OYS1k9nW5E+7SqRdryUFbJZSK4Za6wP2axcuK
P4IJCRH0AHPKX8Eu7RXeX9ZSJFbJPf7PYXbeNtPjEau6r0dDdIHwqIAYC3ywKk4L
uKJ1MyQBASONgXazlaekPd6B70hORP1nzUFRD5IM7wUcu6A2T2zOhlSYPJrEnmml
V166xFfK6FyKPBd2uWRp4iXC5Tj3kVXqhitReZergNvgBn5KDXknf4hmtqsop0cn
RCXTIkxmUziE5x3HS5z4tkQHP4zHIms1bZKzUJV9sX2SIK8dZX0upOEQI0SuFl6m
ub7T+SvhIk/Im0fvXd5zrhtfkqijw1d5ZgFyGI0CAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBR+VM5AqkVh9DLyH2HE4bENP+J3aDAfBgNVHSMEGDAWgBTcN3tdAivwvkpi
JLR+6myguBvwNzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNEZDdYUUlyOEw1S1lpUzBmdXBzb0xnYjhEYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODQvY2M1NThjLTM1ZTUtNGRkNi04NjdiLThiMDViNzc4ZTBkNS8x
L2ZsVE9RS3BGWWZReThoOWh4T0d4RFRfaWQyZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODQv
Y2M1NThjLTM1ZTUtNGRkNi04NjdiLThiMDViNzc4ZTBkNS8xLzNEZDdYUUlyOEw1
S1lpUzBmdXBzb0xnYjhEYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMEA5FAgDAMAwQEkUCQAwQEkUCgAwQD
kUD4MA0GCSqGSIb3DQEBCwUAA4IBAQAQbTPeG06SYzfO+jSsjDU4R4SZDLcOnyEp
1O2LOpldcGoyiMyHUoW/EmWMaxI/spGlJVeZc3MK59gzW0ls44zbChTxFQk8ZrLV
2IUe8lK62+1xGwXznhsTfgeDe/tqrvp3SM7JuCBUCPmOlSlKOgii8B+L+/fIoXGr
QfKuUnLsUa59EC6rJt6QSZqartuwesoG5lOeLGmB13OVuWwY4aTGWMijpVPgKK29
kLc6dt9FVIOBAEbZp9ED5LuU0Jj9E40KUEHywEq1s7BWPjzx0tanqeuv3Jh3AGeW
TGvCowAxAb/iE7HFjG2Dw2tbNGDEh/6/+Wl3WSmsT0wwBmRg2J2p
-----END CERTIFICATE-----