Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/MY--oKH1XXJ5McEAo41a7mAxBGI.roa
File:                     MY--oKH1XXJ5McEAo41a7mAxBGI.roa (raw, json)
Hash identifier:          bOj7KZ1nh5a0vX4ODz1DR0xXj4mO8+GdnfoNd6GaZlw=
Subject key identifier:   31:8F:BE:A0:A1:F5:5D:72:79:31:C1:00:A3:8D:5A:EE:60:31:04:62
Certificate issuer:       /CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Certificate serial:       09C6BCED
Authority key identifier: A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/MY--oKH1XXJ5McEAo41a7mAxBGI.roa
Signing time:             Thu 24 Mar 2022 10:16:46 +0000
ROA not before:           Thu 24 Mar 2022 10:16:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34659
IP address blocks:        83.136.160.0/21 maxlen: 25
                          5.104.192.0/21 maxlen: 24
                          193.36.52.0/22 maxlen: 24
                          185.153.96.0/22 maxlen: 24
                          178.21.176.0/21 maxlen: 24
                          77.247.104.0/22 maxlen: 24
                          213.41.240.0/21 maxlen: 21
                          185.45.228.0/22 maxlen: 24
                          194.169.176.0/22 maxlen: 24
                          194.104.16.0/22 maxlen: 24
                          85.31.168.0/22 maxlen: 24
                          185.83.236.0/22 maxlen: 24
                          185.185.4.0/22 maxlen: 24
                          185.185.8.0/22 maxlen: 24
                          185.96.156.0/22 maxlen: 24
                          2a07:8580::/29 maxlen: 48
                          2a00:1db8::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 164019437 (0x9c6bced)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
        Validity
            Not Before: Mar 24 10:16:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=318fbea0a1f55d727931c100a38d5aee60310462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0a:19:81:2a:21:23:13:b7:56:ea:2b:68:04:
                    5e:e4:1a:d0:a0:03:55:b3:89:cd:9c:5c:79:3c:40:
                    74:bd:9f:7c:a2:4e:27:34:ad:12:36:57:e9:c5:1e:
                    d0:c4:f1:b9:8b:98:e7:81:f5:ad:94:6e:a3:c9:09:
                    92:42:b1:7b:51:bc:7a:db:f5:99:e3:f2:c9:2c:9c:
                    e7:6d:0d:2c:14:c9:f1:81:2e:22:11:79:1e:19:08:
                    ef:0f:87:45:57:84:d8:7e:9e:14:21:49:fc:93:31:
                    c1:53:65:14:b2:6e:c2:84:63:05:a8:14:59:0d:f6:
                    34:dc:e2:6b:1a:85:e5:6c:9a:62:21:92:5c:b8:6f:
                    37:f4:17:19:1a:e2:85:6b:2e:29:29:2d:ad:69:1b:
                    c4:f8:3a:f9:92:7e:ec:e8:23:25:92:df:4b:41:55:
                    ac:eb:5f:a1:95:6b:1e:ef:31:f6:81:ed:2f:de:a4:
                    ad:5b:15:cc:04:2a:d3:1d:92:55:c7:7b:e7:71:9b:
                    02:50:b2:09:f2:fc:0a:f1:c8:cd:44:dc:00:74:6c:
                    06:71:d8:2f:ef:1a:fb:36:2f:29:34:9a:92:b9:23:
                    1e:b1:f1:ea:c3:57:1c:28:46:26:76:21:83:77:72:
                    5b:db:9a:ed:13:e4:51:33:30:11:e9:b5:a6:a8:08:
                    84:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:8F:BE:A0:A1:F5:5D:72:79:31:C1:00:A3:8D:5A:EE:60:31:04:62
            X509v3 Authority Key Identifier:
                keyid:A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/MY--oKH1XXJ5McEAo41a7mAxBGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.192.0/21
                  77.247.104.0/22
                  83.136.160.0/21
                  85.31.168.0/22
                  178.21.176.0/21
                  185.45.228.0/22
                  185.83.236.0/22
                  185.96.156.0/22
                  185.153.96.0/22
                  185.185.4.0-185.185.11.255
                  193.36.52.0/22
                  194.104.16.0/22
                  194.169.176.0/22
                  213.41.240.0/21
                IPv6:
                  2a00:1db8::/29
                  2a07:8580::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:e7:53:53:4d:6f:14:98:01:16:9c:c4:5c:b7:80:8e:51:f0:
         23:6c:cc:d9:96:2e:a7:27:2a:34:fe:27:0c:d8:56:bf:40:40:
         f3:1e:da:f6:05:1c:0e:8c:82:2d:88:4d:fb:79:23:36:72:6d:
         3b:de:38:74:c4:5e:f2:75:fa:57:ff:45:64:ae:4a:ea:3f:50:
         df:f4:ee:1a:61:82:3f:35:37:0d:0d:97:d9:94:a0:7c:65:64:
         d0:00:8c:c3:ed:0b:a1:d9:6a:a8:a0:21:e3:29:5a:f1:87:10:
         22:55:ff:ab:4b:1e:22:7d:a8:f0:ed:f2:66:42:29:34:6a:a4:
         f4:07:ad:76:cd:5a:05:94:6e:f9:9f:62:6b:90:03:d6:bf:9a:
         08:1e:b4:1b:e3:56:bd:94:2b:ff:55:db:9d:ba:b2:6b:6e:cb:
         12:b4:5d:56:10:41:ff:f6:f7:c8:09:5f:54:0f:ed:6c:b6:bb:
         fd:c6:40:42:e0:ff:10:fc:cd:7d:46:c2:5f:41:12:82:f8:31:
         bc:25:7e:d6:d4:53:5c:9a:3d:fa:c4:4e:5b:32:9d:5c:5b:a7:
         d3:9d:f6:f1:7e:ed:0c:d2:a0:ff:46:55:66:6c:8b:4a:6a:8c:
         a9:c8:53:92:a6:d6:3e:e8:ce:59:74:fb:18:4f:1f:7c:0d:19:
         02:c5:a0:0e
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgIECca87TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
N2UyY2UzMTA5NDgwYWVlN2IzZmQyODQ2ZWM4Zjg2NDY4ODVjZGJhMB4XDTIyMDMy
NDEwMTY0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzE4ZmJlYTBhMWY1
NWQ3Mjc5MzFjMTAwYTM4ZDVhZWU2MDMxMDQ2MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKwKGYEqISMTt1bqK2gEXuQa0KADVbOJzZxceTxAdL2ffKJO
JzStEjZX6cUe0MTxuYuY54H1rZRuo8kJkkKxe1G8etv1mePyySyc520NLBTJ8YEu
IhF5HhkI7w+HRVeE2H6eFCFJ/JMxwVNlFLJuwoRjBagUWQ32NNziaxqF5WyaYiGS
XLhvN/QXGRrihWsuKSktrWkbxPg6+ZJ+7OgjJZLfS0FVrOtfoZVrHu8x9oHtL96k
rVsVzAQq0x2SVcd753GbAlCyCfL8CvHIzUTcAHRsBnHYL+8a+zYvKTSakrkjHrHx
6sNXHChGJnYhg3dyW9ua7RPkUTMwEem1pqgIhK8CAwEAAaOCAnYwggJyMB0GA1Ud
DgQWBBQxj76gofVdcnkxwQCjjVruYDEEYjAfBgNVHSMEGDAWgBSn4s4xCUgK7ns/
0oRuyPhkaIXNujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3AtTE9NUWxJQ3U1N1A5S0Vic2o0WkdpRnpiby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjIvYjYxYWRkLTMyZjAtNDJmNC1hMzAxLTc4MThhODk0NTZjYi8x
L01ZLS1vS0gxWFhKNU1jRUFvNDFhN21BeEJHSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIv
YjYxYWRkLTMyZjAtNDJmNC1hMzAxLTc4MThhODk0NTZjYi8xL3AtTE9NUWxJQ3U1
N1A5S0Vic2o0WkdpRnpiby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
iwYIKwYBBQUHAQcBAf8EfDB6MGIEAgABMFwDBAMFaMADBAJN92gDBANTiKADBAJV
H6gDBAOyFbADBAK5LeQDBAK5U+wDBAK5YJwDBAK5mWAwDAMEArm5BAMEArm5CAME
AsEkNAMEAsJoEAMEAsKpsAMEA9Up8DAUBAIAAjAOAwUDKgAduAMFAyoHhYAwDQYJ
KoZIhvcNAQELBQADggEBAFLnU1NNbxSYARacxFy3gI5R8CNszNmWLqcnKjT+JwzY
Vr9AQPMe2vYFHA6Mgi2ITft5IzZybTveOHTEXvJ1+lf/RWSuSuo/UN/07hphgj81
Nw0Nl9mUoHxlZNAAjMPtC6HZaqigIeMpWvGHECJV/6tLHiJ9qPDt8mZCKTRqpPQH
rXbNWgWUbvmfYmuQA9a/mggetBvjVr2UK/9V2526smtuyxK0XVYQQf/298gJX1QP
7Wy2u/3GQELg/xD8zX1Gwl9BEoL4MbwlftbUU1yaPfrETlsynVxbp9Od9vF+7QzS
oP9GVWZsi0pqjKnIU5Km1j7ozll0+xhPH3wNGQLFoA4=
-----END CERTIFICATE-----