Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/BU5wLyTrMIaOe__ZnI7rq_81BeM.roa
File:                     BU5wLyTrMIaOe__ZnI7rq_81BeM.roa (raw, json)
Hash identifier:          19V3Li6fNazdRK/gfEXMzAx/AQrTOunuTnhvMtElX54=
Subject key identifier:   05:4E:70:2F:24:EB:30:86:8E:7B:FF:D9:9C:8E:EB:AB:FF:35:05:E3
Certificate issuer:       /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial:       0187C792862ED6D3BFD94FB02AB4A5BF8F5F
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/BU5wLyTrMIaOe__ZnI7rq_81BeM.roa
Signing time:             Fri 28 Apr 2023 11:14:41 +0000
ROA not before:           Fri 28 Apr 2023 11:14:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34700
IP address blocks:        31.202.192.0/18 maxlen: 19
                          31.202.0.0/17 maxlen: 17
                          46.160.88.0/21 maxlen: 21
                          85.90.222.0/24 maxlen: 24
                          178.165.0.0/17 maxlen: 18
                          31.202.128.0/18 maxlen: 18
                          185.147.96.0/22 maxlen: 22
                          5.255.160.0/20 maxlen: 20
                          82.117.247.0/24 maxlen: 24
                          82.117.248.0/22 maxlen: 23
                          79.171.120.0/21 maxlen: 21
                          2a00:1210::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c7:92:86:2e:d6:d3:bf:d9:4f:b0:2a:b4:a5:bf:8f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
        Validity
            Not Before: Apr 28 11:14:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=054e702f24eb30868e7bffd99c8eebabff3505e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9c:88:21:09:dc:50:6f:6d:e8:f0:c4:52:b9:
                    ca:9d:c6:20:37:6f:34:fe:95:43:5e:2a:2d:40:6e:
                    34:50:4c:be:97:76:5f:a4:cb:8b:9f:19:4c:c5:19:
                    a4:16:02:d3:8f:10:82:86:7a:57:f2:16:01:d0:fc:
                    81:2f:8a:a1:0e:61:dc:78:9f:c5:9c:c9:fc:0c:a8:
                    aa:b7:70:75:52:39:ec:f7:95:52:3d:78:e3:c3:8a:
                    50:d3:de:cb:8f:34:b6:cf:71:2c:bd:b8:47:c1:ef:
                    86:87:c9:07:ca:ef:7d:a4:0c:2e:b3:47:27:4d:4e:
                    4f:3f:96:1a:a3:48:3f:49:7a:d5:cd:bd:ea:23:f4:
                    bc:b1:46:b1:b2:b4:b9:9b:a0:04:f4:0d:db:69:14:
                    dc:aa:9b:0a:3c:d7:8e:a2:13:a3:a3:fc:27:5f:01:
                    b3:79:20:09:04:dc:c6:06:80:fb:75:f9:cc:e4:b7:
                    f3:d1:1d:29:9f:8f:1d:f9:3f:6c:95:82:61:56:c9:
                    6d:7c:bb:58:93:94:d1:f8:bb:16:b8:82:28:72:9e:
                    13:ea:bc:c8:a6:dc:10:8d:ed:bd:67:5f:1c:b2:54:
                    f8:f2:15:a6:7f:a2:aa:e9:dc:c9:55:31:f2:97:51:
                    6b:84:fa:55:a1:17:14:dd:b4:ee:5b:bd:87:e8:2c:
                    de:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:4E:70:2F:24:EB:30:86:8E:7B:FF:D9:9C:8E:EB:AB:FF:35:05:E3
            X509v3 Authority Key Identifier:
                keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/BU5wLyTrMIaOe__ZnI7rq_81BeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.255.160.0/20
                  31.202.0.0/16
                  46.160.88.0/21
                  79.171.120.0/21
                  82.117.247.0-82.117.251.255
                  85.90.222.0/24
                  178.165.0.0/17
                  185.147.96.0/22
                IPv6:
                  2a00:1210::/32

    Signature Algorithm: sha256WithRSAEncryption
         d2:37:ba:c0:66:62:65:a5:51:a8:7a:20:76:7f:78:21:4a:3f:
         b1:7d:6d:f9:fe:78:65:7a:c5:04:28:a4:80:ec:45:8f:40:e1:
         c8:f8:75:9e:eb:a2:7d:96:e0:09:d9:2c:b8:a6:f1:ad:1c:4d:
         6c:8f:da:2a:31:42:d5:e0:ca:65:6c:a5:bf:ef:35:49:9d:56:
         2c:44:01:7d:ca:d9:42:18:ee:8c:45:a6:85:11:84:45:09:ff:
         ae:28:3f:5a:f5:87:b9:17:cd:4d:59:03:e8:e4:c7:a4:5b:b5:
         f5:9a:a5:88:f8:16:40:28:7d:5a:c3:1d:29:a1:0c:20:a4:5a:
         95:d2:cd:44:25:c1:2a:25:45:65:6c:b8:d4:55:25:74:10:25:
         b2:3f:37:89:d1:ab:32:bd:69:0f:30:7e:d3:d4:1d:62:f5:1c:
         0b:0e:d6:75:03:fb:77:3f:80:a2:88:ab:51:5b:9a:59:bb:1d:
         2a:b9:81:9c:e3:b1:08:06:79:db:fa:ec:67:2d:a4:c5:e2:a1:
         c5:5f:5d:24:a5:fc:16:66:ed:21:56:9e:ee:d0:05:e5:d6:04:
         a4:e2:49:77:6c:f4:32:a0:dc:18:79:42:4f:01:e6:4e:9e:19:
         ff:8f:03:8f:5f:15:4f:ff:dc:be:f5:98:ee:89:58:3b:5c:4b:
         25:f8:f0:9b
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYfHkoYu1tO/2U+wKrSlv49fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjMwNDI4MTExNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTRlNzAyZjI0ZWIzMDg2OGU3YmZmZDk5YzhlZWJhYmZmMzUwNWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspyIIQncUG9t6PDEUrnKncYgN280
/pVDXiotQG40UEy+l3ZfpMuLnxlMxRmkFgLTjxCChnpX8hYB0PyBL4qhDmHceJ/F
nMn8DKiqt3B1Ujns95VSPXjjw4pQ097LjzS2z3EsvbhHwe+Gh8kHyu99pAwus0cn
TU5PP5Yao0g/SXrVzb3qI/S8sUaxsrS5m6AE9A3baRTcqpsKPNeOohOjo/wnXwGz
eSAJBNzGBoD7dfnM5Lfz0R0pn48d+T9slYJhVsltfLtYk5TR+LsWuIIocp4T6rzI
ptwQje29Z18cslT48hWmf6Kq6dzJVTHyl1FrhPpVoRcU3bTuW72H6CzerwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAVOcC8k6zCGjnv/2ZyO66v/NQXjMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvQlU1d0x5VHJNSWFPZV9fWm5JN3JxXzgxQmVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMtY2M5YTc1OGM5OTE2
LzEvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3AwQEBf+gAwMA
H8oDBAMuoFgDBANPq3gwDAMEAFJ19wMEAlJ1+AMEAFVa3gMEB7KlAAMEArmTYDAN
BAIAAjAHAwUAKgASEDANBgkqhkiG9w0BAQsFAAOCAQEA0je6wGZiZaVRqHogdn94
IUo/sX1t+f54ZXrFBCikgOxFj0DhyPh1nuuifZbgCdksuKbxrRxNbI/aKjFC1eDK
ZWylv+81SZ1WLEQBfcrZQhjujEWmhRGERQn/rig/WvWHuRfNTVkD6OTHpFu19Zql
iPgWQCh9WsMdKaEMIKRaldLNRCXBKiVFZWy41FUldBAlsj83idGrMr1pDzB+09Qd
YvUcCw7WdQP7dz+AooirUVuaWbsdKrmBnOOxCAZ52/rsZy2kxeKhxV9dJKX8Fmbt
IVae7tAF5dYEpOJJd2z0MqDcGHlCTwHmTp4Z/48Dj18VT//cvvWY7olYO1xLJfjw
mw==
-----END CERTIFICATE-----