Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/c_HFhEHdLcdFu3sN9-hZmhuYfIs.roa
File:                     c_HFhEHdLcdFu3sN9-hZmhuYfIs.roa (raw, json)
Hash identifier:          O4N4XZ+QBym3x0tEa3cHpn+YKFvsWvGQhbzT+hm9nDA=
Subject key identifier:   73:F1:C5:84:41:DD:2D:C7:45:BB:7B:0D:F7:E8:59:9A:1B:98:7C:8B
Certificate issuer:       /CN=b986028c9feb6f142b3fecb64667f48874ba9c37
Certificate serial:       12AA098B
Authority key identifier: B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/c_HFhEHdLcdFu3sN9-hZmhuYfIs.roa
Signing time:             Sat 01 Jan 2022 08:54:28 +0000
ROA not before:           Sat 01 Jan 2022 08:54:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34362
IP address blocks:        85.94.84.0/22 maxlen: 22
                          85.94.80.0/22 maxlen: 22
                          85.94.88.0/22 maxlen: 22
                          85.94.92.0/22 maxlen: 22
                          176.62.30.0/24 maxlen: 24
                          176.62.28.0/24 maxlen: 24
                          176.62.29.0/24 maxlen: 24
                          176.62.32.0/22 maxlen: 22
                          176.62.36.0/22 maxlen: 22
                          176.62.40.0/22 maxlen: 22
                          176.62.44.0/22 maxlen: 22
                          85.94.64.0/22 maxlen: 22
                          85.94.68.0/22 maxlen: 22
                          85.94.76.0/22 maxlen: 22
                          85.94.72.0/22 maxlen: 22
                          176.62.4.0/22 maxlen: 22
                          176.62.0.0/22 maxlen: 22
                          176.62.8.0/22 maxlen: 22
                          176.62.12.0/22 maxlen: 22
                          176.62.16.0/22 maxlen: 22
                          176.62.20.0/22 maxlen: 22
                          176.62.24.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 313133451 (0x12aa098b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b986028c9feb6f142b3fecb64667f48874ba9c37
        Validity
            Not Before: Jan  1 08:54:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=73f1c58441dd2dc745bb7b0df7e8599a1b987c8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:08:a6:76:2e:fb:26:15:40:cd:c0:6f:0d:de:
                    a2:29:f5:63:d1:0d:da:5c:2f:23:fc:fc:d3:6b:2b:
                    d7:20:03:1d:55:fa:cb:6a:d5:4e:5a:02:d7:ff:f8:
                    90:34:cd:77:e2:32:f1:77:a1:c0:56:d1:bc:cf:5c:
                    b7:6b:06:a6:ae:0e:bc:84:c1:cf:14:ff:89:b2:4c:
                    36:10:1c:be:44:e7:18:aa:21:75:b2:bc:a7:5e:24:
                    64:05:3b:98:9b:07:cb:68:4b:46:7f:fc:4e:6a:11:
                    35:6d:6d:d0:60:df:be:a0:81:40:d3:eb:74:6d:c2:
                    9f:cb:f6:9d:04:fd:eb:e7:96:76:ca:eb:1b:a5:59:
                    80:bc:1e:8e:83:f6:43:a2:2c:cb:9d:f6:0a:ca:c5:
                    5c:cc:ea:43:0b:21:c7:6f:83:5a:76:62:10:e6:3f:
                    8f:89:71:47:81:94:91:3d:03:65:62:6d:8c:be:a2:
                    53:18:40:f6:73:e5:49:d8:bd:66:24:12:21:66:d1:
                    ef:f9:ce:15:97:8a:0c:8f:48:f1:e9:53:f2:35:30:
                    54:e5:58:5f:24:c2:2f:95:d7:b1:43:a1:af:70:2a:
                    a1:b5:57:1b:da:e5:b6:a6:a6:e1:cf:94:d5:05:f0:
                    33:2c:70:e7:10:ac:28:f4:80:96:a9:b2:3e:b3:16:
                    d6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:F1:C5:84:41:DD:2D:C7:45:BB:7B:0D:F7:E8:59:9A:1B:98:7C:8B
            X509v3 Authority Key Identifier:
                keyid:B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/c_HFhEHdLcdFu3sN9-hZmhuYfIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.94.64.0/19
                  176.62.0.0-176.62.30.255
                  176.62.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         95:98:05:5d:77:45:94:29:8f:21:8c:72:37:11:60:03:d0:dc:
         6c:4f:1b:eb:5b:9a:ab:ef:5a:75:f5:fa:5b:01:a0:75:36:86:
         97:13:2e:12:12:75:c1:f1:66:d1:9b:9a:d3:c0:f9:54:c4:5b:
         25:29:0a:6e:15:2e:da:d5:82:3c:73:3d:7d:37:db:89:b6:93:
         74:bb:45:9c:7c:df:22:01:62:cb:48:c4:27:02:51:d7:0a:b5:
         80:96:17:db:4e:4b:63:43:fa:6b:03:5f:41:c0:b3:9d:1d:47:
         22:0b:b8:6e:4c:dd:e7:c8:c3:4f:fd:95:20:05:1f:1a:25:46:
         25:52:97:26:01:8d:3b:c6:9b:be:ca:ff:78:e1:b7:e9:0a:60:
         69:b9:c7:c5:3f:b0:db:0e:ca:d1:f8:4b:01:b8:c3:51:b4:79:
         41:22:7e:cb:49:bc:13:3b:c5:fa:69:bc:a9:67:4c:43:7d:e9:
         6f:3f:bb:d4:b8:90:f8:58:a9:a7:bb:59:32:ee:dc:02:2c:71:
         0e:f2:96:38:77:e5:8f:8c:3f:52:df:f1:a2:f4:e6:8c:95:b2:
         ae:c5:b0:71:f4:30:bb:62:9c:dc:92:52:90:93:b2:67:3c:3f:
         25:f5:b3:f1:12:e5:a6:35:8b:ad:fa:d7:32:00:51:4b:a5:52:
         14:d8:ad:c3
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIEEqoJizANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
OTg2MDI4YzlmZWI2ZjE0MmIzZmVjYjY0NjY3ZjQ4ODc0YmE5YzM3MB4XDTIyMDEw
MTA4NTQyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzNmMWM1ODQ0MWRk
MmRjNzQ1YmI3YjBkZjdlODU5OWExYjk4N2M4YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALoIpnYu+yYVQM3Abw3eoin1Y9EN2lwvI/z802sr1yADHVX6
y2rVTloC1//4kDTNd+Iy8XehwFbRvM9ct2sGpq4OvITBzxT/ibJMNhAcvkTnGKoh
dbK8p14kZAU7mJsHy2hLRn/8TmoRNW1t0GDfvqCBQNPrdG3Cn8v2nQT96+eWdsrr
G6VZgLwejoP2Q6Isy532CsrFXMzqQwshx2+DWnZiEOY/j4lxR4GUkT0DZWJtjL6i
UxhA9nPlSdi9ZiQSIWbR7/nOFZeKDI9I8elT8jUwVOVYXyTCL5XXsUOhr3AqobVX
G9rltqam4c+U1QXwMyxw5xCsKPSAlqmyPrMW1kkCAwEAAaOCAhwwggIYMB0GA1Ud
DgQWBBRz8cWEQd0tx0W7ew336FmaG5h8izAfBgNVHSMEGDAWgBS5hgKMn+tvFCs/
7LZGZ/SIdLqcNzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VZWUNqSl9yYnhRclAteTJSbWYwaUhTNm5EYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGEvMjg1ODUwLTc1NTEtNDIyOS04N2I2LTNhNDQ2OGM0ZGZkZi8x
L2NfSEZoRUhkTGNkRnUzc045LWhabWh1WWZJcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEv
Mjg1ODUwLTc1NTEtNDIyOS04N2I2LTNhNDQ2OGM0ZGZkZi8xL3VZWUNqSl9yYnhR
clAteTJSbWYwaUhTNm5EYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAy
BggrBgEFBQcBBwEB/wQjMCEwHwQCAAEwGQMEBVVeQDALAwMBsD4DBACwPh4DBASw
PiAwDQYJKoZIhvcNAQELBQADggEBAJWYBV13RZQpjyGMcjcRYAPQ3GxPG+tbmqvv
WnX1+lsBoHU2hpcTLhISdcHxZtGbmtPA+VTEWyUpCm4VLtrVgjxzPX0324m2k3S7
RZx83yIBYstIxCcCUdcKtYCWF9tOS2ND+msDX0HAs50dRyILuG5M3efIw0/9lSAF
HxolRiVSlyYBjTvGm77K/3jht+kKYGm5x8U/sNsOytH4SwG4w1G0eUEifstJvBM7
xfppvKlnTEN96W8/u9S4kPhYqae7WTLu3AIscQ7yljh35Y+MP1Lf8aL05oyVsq7F
sHH0MLtinNySUpCTsmc8PyX1s/ES5aY1i6361zIAUUulUhTYrcM=
-----END CERTIFICATE-----