Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/LZ-i_wMg1E8SXHNg0uXzMF9qHQs.roa
File:                     LZ-i_wMg1E8SXHNg0uXzMF9qHQs.roa (raw, json)
Hash identifier:          PNKrnZhsXt2nY4NSvIEgGvz6K5uDLlD8NBgVT6epohM=
Subject key identifier:   2D:9F:A2:FF:03:20:D4:4F:12:5C:73:60:D2:E5:F3:30:5F:6A:1D:0B
Certificate issuer:       /CN=425bf4375f17a0357019690301f9419324ff7d44
Certificate serial:       05BBE24F
Authority key identifier: 42:5B:F4:37:5F:17:A0:35:70:19:69:03:01:F9:41:93:24:FF:7D:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/LZ-i_wMg1E8SXHNg0uXzMF9qHQs.roa
Signing time:             Sat 01 Jan 2022 11:59:03 +0000
ROA not before:           Sat 01 Jan 2022 11:59:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35435
IP address blocks:        185.6.64.0/24 maxlen: 24
                          185.6.66.0/24 maxlen: 24
                          185.6.67.0/24 maxlen: 24
                          185.183.132.0/24 maxlen: 24
                          185.183.134.0/24 maxlen: 24
                          185.183.135.0/24 maxlen: 24
                          185.183.133.0/24 maxlen: 24
                          185.169.201.0/24 maxlen: 24
                          185.169.202.0/24 maxlen: 24
                          185.169.200.0/24 maxlen: 24
                          185.164.192.0/24 maxlen: 24
                          185.169.203.0/24 maxlen: 24
                          185.164.195.0/24 maxlen: 24
                          185.164.193.0/24 maxlen: 24
                          185.164.194.0/24 maxlen: 24
                          2a02:cf80:3::/48 maxlen: 48
                          2a02:cf80:4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96199247 (0x5bbe24f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=425bf4375f17a0357019690301f9419324ff7d44
        Validity
            Not Before: Jan  1 11:59:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2d9fa2ff0320d44f125c7360d2e5f3305f6a1d0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a5:a8:78:93:d6:5f:74:66:b3:e7:89:40:53:
                    9b:06:18:db:12:3d:77:21:d2:3a:83:00:45:57:bf:
                    8c:40:cd:b8:de:f8:87:84:4b:8d:a6:22:ed:ca:77:
                    7d:f9:1a:0b:76:d4:b0:cd:9a:95:0e:74:69:96:33:
                    39:0a:7b:43:0f:e4:04:c2:36:36:c8:55:45:0a:48:
                    fb:fc:ca:ea:4a:42:1f:91:dc:36:21:78:1f:07:3d:
                    88:13:8e:7f:20:8a:6b:8e:da:72:e4:d1:1c:15:fc:
                    28:cb:1a:17:68:53:7a:29:8b:70:32:c4:bd:5c:fb:
                    83:de:4a:13:8c:a7:d5:23:ed:7b:1f:43:bb:7d:f8:
                    d1:1c:24:7e:8e:ce:ed:ed:03:3c:3d:42:21:93:25:
                    af:05:29:7a:9f:33:f3:93:e3:45:ef:8d:4f:82:0a:
                    85:f0:91:40:98:2f:9f:c9:43:13:c7:11:5e:61:0c:
                    25:ea:94:51:9d:27:40:bd:42:ae:31:34:0e:80:db:
                    d6:67:17:db:f4:16:c4:6c:7f:5b:b7:5d:58:99:58:
                    3a:c5:34:cd:c0:39:47:bc:16:2b:15:0d:47:1e:57:
                    43:eb:93:9e:f1:d9:e4:a0:fb:48:7f:80:8d:00:6d:
                    f0:b2:d9:79:59:ff:ff:52:a1:e2:34:68:04:3c:ea:
                    db:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9F:A2:FF:03:20:D4:4F:12:5C:73:60:D2:E5:F3:30:5F:6A:1D:0B
            X509v3 Authority Key Identifier:
                keyid:42:5B:F4:37:5F:17:A0:35:70:19:69:03:01:F9:41:93:24:FF:7D:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/LZ-i_wMg1E8SXHNg0uXzMF9qHQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/Qlv0N18XoDVwGWkDAflBkyT_fUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.64.0/24
                  185.6.66.0/23
                  185.164.192.0/22
                  185.169.200.0/22
                  185.183.132.0/22
                IPv6:
                  2a02:cf80:3::-2a02:cf80:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5d:d9:4b:19:b1:a9:01:c1:bc:34:10:98:28:5a:b6:ff:0f:26:
         71:85:6f:73:dd:2d:ff:77:37:34:d9:61:08:3d:f5:06:61:36:
         31:38:21:0b:06:bb:cb:d8:6f:65:dd:bf:f1:70:92:6d:90:5c:
         2b:43:71:23:b7:75:cb:10:d4:49:2b:4c:5a:ef:01:56:6a:76:
         73:f5:18:f6:b8:be:0c:6b:e4:37:af:9c:23:a4:c1:97:a4:eb:
         91:0c:ee:c7:93:c6:2e:4a:2f:a7:fd:13:16:38:85:4d:f3:77:
         1d:b0:5e:72:03:70:66:c4:f9:2b:6a:8d:9e:f8:ea:71:b6:ab:
         fd:02:2e:06:f6:65:bd:51:f5:20:17:e9:3e:36:87:af:77:35:
         76:90:7e:a4:87:92:f2:f6:2d:ad:47:96:15:a0:0c:eb:d0:8d:
         4c:82:9e:49:52:f1:a4:8d:83:00:e8:e2:fe:38:7f:30:f3:d4:
         37:e2:6a:6d:45:ba:36:14:d1:ee:6c:45:ef:45:55:00:e3:07:
         bf:57:58:0d:b5:7e:27:ef:6e:e7:2c:ca:25:83:af:cf:d5:94:
         0a:d9:6f:3c:b9:fe:fb:06:2d:e1:55:fd:fa:98:f9:f0:b9:35:
         57:e8:63:56:95:b5:0c:27:78:c8:dc:03:3c:05:1d:21:6a:09:
         83:41:5e:9f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIEBbviTzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MjViZjQzNzVmMTdhMDM1NzAxOTY5MDMwMWY5NDE5MzI0ZmY3ZDQ0MB4XDTIyMDEw
MTExNTkwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmQ5ZmEyZmYwMzIw
ZDQ0ZjEyNWM3MzYwZDJlNWYzMzA1ZjZhMWQwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKKlqHiT1l90ZrPniUBTmwYY2xI9dyHSOoMARVe/jEDNuN74
h4RLjaYi7cp3ffkaC3bUsM2alQ50aZYzOQp7Qw/kBMI2NshVRQpI+/zK6kpCH5Hc
NiF4Hwc9iBOOfyCKa47acuTRHBX8KMsaF2hTeimLcDLEvVz7g95KE4yn1SPtex9D
u3340Rwkfo7O7e0DPD1CIZMlrwUpep8z85PjRe+NT4IKhfCRQJgvn8lDE8cRXmEM
JeqUUZ0nQL1CrjE0DoDb1mcX2/QWxGx/W7ddWJlYOsU0zcA5R7wWKxUNRx5XQ+uT
nvHZ5KD7SH+AjQBt8LLZeVn//1Kh4jRoBDzq2/kCAwEAAaOCAj0wggI5MB0GA1Ud
DgQWBBQtn6L/AyDUTxJcc2DS5fMwX2odCzAfBgNVHSMEGDAWgBRCW/Q3XxegNXAZ
aQMB+UGTJP99RDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FsdjBOMThYb0RWd0dXa0RBZmxCa3lUX2ZVUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTUvZjI4YTc1LWQ1M2YtNGU5Zi04MmRkLWYwZWQ4ZmU4MmI5Ny8x
L0xaLWlfd01nMUU4U1hITmcwdVh6TUY5cUhRcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUv
ZjI4YTc1LWQ1M2YtNGU5Zi04MmRkLWYwZWQ4ZmU4MmI5Ny8xL1FsdjBOMThYb0RW
d0dXa0RBZmxCa3lUX2ZVUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBT
BggrBgEFBQcBBwEB/wREMEIwJAQCAAEwHgMEALkGQAMEAbkGQgMEArmkwAMEArmp
yAMEArm3hDAaBAIAAjAUMBIDBwAqAs+AAAMDBwAqAs+AAAQwDQYJKoZIhvcNAQEL
BQADggEBAF3ZSxmxqQHBvDQQmChatv8PJnGFb3PdLf93NzTZYQg99QZhNjE4IQsG
u8vYb2Xdv/Fwkm2QXCtDcSO3dcsQ1EkrTFrvAVZqdnP1GPa4vgxr5DevnCOkwZek
65EM7seTxi5KL6f9ExY4hU3zdx2wXnIDcGbE+StqjZ746nG2q/0CLgb2Zb1R9SAX
6T42h693NXaQfqSHkvL2La1HlhWgDOvQjUyCnklS8aSNgwDo4v44fzDz1Dfiam1F
ujYU0e5sRe9FVQDjB79XWA21fifvbucsyiWDr8/VlArZbzy5/vsGLeFV/fqY+fC5
NVfoY1aVtQwneMjcAzwFHSFqCYNBXp8=
-----END CERTIFICATE-----