Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/e4_ex4hKD9t_xeLlNxKiy-8RjTQ.roa
File:                     e4_ex4hKD9t_xeLlNxKiy-8RjTQ.roa (raw, json)
Hash identifier:          OUB6s3nTrHouGmbAh6foO/KtaV/f7jIsYoMA5Hu86L8=
Subject key identifier:   7B:8F:DE:C7:88:4A:0F:DB:7F:C5:E2:E5:37:12:A2:CB:EF:11:8D:34
Certificate issuer:       /CN=a79bba2805a988954e4fec42570530f16f9e7093
Certificate serial:       06A33F38
Authority key identifier: A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/e4_ex4hKD9t_xeLlNxKiy-8RjTQ.roa
Signing time:             Sat 01 Jan 2022 13:59:33 +0000
ROA not before:           Sat 01 Jan 2022 13:59:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34343
IP address blocks:        81.171.64.0/23 maxlen: 24
                          81.171.64.0/20 maxlen: 20
                          193.108.27.0/24 maxlen: 24
                          81.171.67.0/24 maxlen: 24
                          81.171.73.0/24 maxlen: 24
                          81.171.83.0/24 maxlen: 24
                          81.171.88.0/21 maxlen: 24
                          81.171.88.0/22 maxlen: 24
                          81.171.32.0/20 maxlen: 24
                          185.90.196.0/22 maxlen: 22
                          81.171.96.0/24 maxlen: 24
                          81.171.92.0/23 maxlen: 24
                          81.171.100.0/22 maxlen: 24
                          2001:4de0:1005::/48 maxlen: 48
                          2001:4de0::/32 maxlen: 48
                          2001:4de0:3::/48 maxlen: 48
                          2001:4de0:1004::/48 maxlen: 48
                          2001:4de0:2::/48 maxlen: 48
                          2001:4de0:aaad::/48 maxlen: 48
                          2001:4de0:aaa0::/44 maxlen: 48
                          2001:4de0::/46 maxlen: 48
                          2001:4de0:1::/48 maxlen: 48
                          2001:4de0:101::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 111361848 (0x6a33f38)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79bba2805a988954e4fec42570530f16f9e7093
        Validity
            Not Before: Jan  1 13:59:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7b8fdec7884a0fdb7fc5e2e53712a2cbef118d34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d1:91:16:4d:d8:a2:a5:1f:7a:39:1f:5d:52:
                    c8:2e:96:1e:1d:86:bb:c7:29:3e:b9:e3:ac:48:fd:
                    fc:11:a0:1e:05:cb:67:94:04:67:f9:51:32:07:3f:
                    24:42:85:d5:f5:33:94:a1:7e:d2:18:86:fd:f6:9f:
                    1a:3f:01:5d:32:58:77:83:5f:63:78:8a:d3:a6:79:
                    25:7c:1a:7e:f2:e8:11:ac:08:2d:10:84:3f:c7:db:
                    c9:00:75:ea:4e:60:38:93:04:2c:e3:36:a5:08:42:
                    69:48:04:b6:b1:bf:15:17:3d:d1:1c:e7:86:e9:32:
                    75:1b:09:a7:30:17:44:27:2e:5f:b7:31:bc:bf:f6:
                    38:c3:4c:b0:a5:77:c0:92:89:7c:3a:dd:d1:f0:72:
                    e8:33:e3:bd:c3:4e:07:81:db:08:62:79:ad:19:7d:
                    0a:5f:dd:2f:67:94:f6:ce:c1:b0:59:67:0e:ba:41:
                    06:ad:34:4a:fd:13:d1:d6:02:f1:77:1a:f7:3f:bb:
                    b8:a1:3c:6b:e4:aa:b3:bf:40:0f:0f:2c:4d:9b:1d:
                    f1:7e:cb:2d:09:af:eb:9e:6d:4e:e1:c1:cb:24:5c:
                    74:c1:53:58:13:0d:18:44:7e:31:a0:50:26:38:af:
                    ca:6e:45:55:ab:72:8a:c9:fa:d5:5f:ff:56:cb:05:
                    4a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:8F:DE:C7:88:4A:0F:DB:7F:C5:E2:E5:37:12:A2:CB:EF:11:8D:34
            X509v3 Authority Key Identifier:
                keyid:A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/e4_ex4hKD9t_xeLlNxKiy-8RjTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.171.32.0/20
                  81.171.64.0/20
                  81.171.83.0/24
                  81.171.88.0-81.171.96.255
                  81.171.100.0/22
                  185.90.196.0/22
                  193.108.27.0/24
                IPv6:
                  2001:4de0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:f1:36:29:fd:e4:e9:41:9d:04:96:15:05:2a:fd:f9:8b:a9:
         8e:cf:8f:6a:d6:1e:01:ca:78:21:8e:67:b9:9f:f5:cd:90:6f:
         35:2a:f3:a4:66:7a:7d:ac:95:d4:02:c0:e8:78:ed:21:bb:29:
         3f:e2:c0:1a:3c:9e:d5:71:8c:91:16:c9:89:07:1a:19:5a:1d:
         82:83:ff:25:41:98:73:6e:e4:49:d6:b3:0a:ea:c7:8e:46:8b:
         2e:97:0b:0c:05:4a:41:e3:f5:fa:fe:64:42:cf:16:03:b2:19:
         f5:bc:08:87:c7:44:8b:dc:90:d9:ff:b0:db:ab:6d:23:71:bf:
         db:0f:19:36:e1:e4:96:09:2d:b0:af:51:7b:dc:fb:a1:c9:f3:
         b0:33:a3:6f:4b:99:a7:eb:cd:ec:f4:2e:fb:0f:1b:51:a7:00:
         84:70:72:33:3b:29:0e:2c:37:ad:aa:86:6f:8c:80:21:a9:a1:
         37:1f:e3:fc:40:32:6e:ce:36:19:fb:88:b1:c2:16:5d:ef:cd:
         f9:5d:54:16:e6:27:0d:86:d8:7b:03:d6:7d:7e:90:33:c0:7d:
         ab:ed:81:d1:ae:b4:5f:87:dd:8e:de:f7:48:fd:e5:c9:7c:ab:
         ee:76:59:df:da:4f:35:32:70:b2:64:e7:8f:4a:21:f2:bf:23:
         ad:23:6a:8e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIEBqM/ODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NzliYmEyODA1YTk4ODk1NGU0ZmVjNDI1NzA1MzBmMTZmOWU3MDkzMB4XDTIyMDEw
MTEzNTkzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2I4ZmRlYzc4ODRh
MGZkYjdmYzVlMmU1MzcxMmEyY2JlZjExOGQzNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM7RkRZN2KKlH3o5H11SyC6WHh2Gu8cpPrnjrEj9/BGgHgXL
Z5QEZ/lRMgc/JEKF1fUzlKF+0hiG/fafGj8BXTJYd4NfY3iK06Z5JXwafvLoEawI
LRCEP8fbyQB16k5gOJMELOM2pQhCaUgEtrG/FRc90RznhukydRsJpzAXRCcuX7cx
vL/2OMNMsKV3wJKJfDrd0fBy6DPjvcNOB4HbCGJ5rRl9Cl/dL2eU9s7BsFlnDrpB
Bq00Sv0T0dYC8Xca9z+7uKE8a+Sqs79ADw8sTZsd8X7LLQmv655tTuHByyRcdMFT
WBMNGER+MaBQJjivym5FVatyisn61V//VssFSpkCAwEAAaOCAkQwggJAMB0GA1Ud
DgQWBBR7j97HiEoP23/F4uU3EqLL7xGNNDAfBgNVHSMEGDAWgBSnm7ooBamIlU5P
7EJXBTDxb55wkzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3A1dTZLQVdwaUpWT1QteENWd1V3OFctZWNKTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvZDE0MGZiLTAzYWUtNDVkOS04ZGRjLWUxZWQ5ZGQyYTAyYS8x
L2U0X2V4NGhLRDl0X3hlTGxOeEtpeS04UmpUUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
ZDE0MGZiLTAzYWUtNDVkOS04ZGRjLWUxZWQ5ZGQyYTAyYS8xL3A1dTZLQVdwaUpW
T1QteENWd1V3OFctZWNKTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBa
BggrBgEFBQcBBwEB/wRLMEkwOAQCAAEwMgMEBFGrIAMEBFGrQAMEAFGrUzAMAwQD
UatYAwQAUatgAwQCUatkAwQCuVrEAwQAwWwbMA0EAgACMAcDBQAgAU3gMA0GCSqG
SIb3DQEBCwUAA4IBAQBP8TYp/eTpQZ0ElhUFKv35i6mOz49q1h4Bynghjme5n/XN
kG81KvOkZnp9rJXUAsDoeO0huyk/4sAaPJ7VcYyRFsmJBxoZWh2Cg/8lQZhzbuRJ
1rMK6seORosulwsMBUpB4/X6/mRCzxYDshn1vAiHx0SL3JDZ/7Dbq20jcb/bDxk2
4eSWCS2wr1F73PuhyfOwM6NvS5mn683s9C77DxtRpwCEcHIzOykOLDetqoZvjIAh
qaE3H+P8QDJuzjYZ+4ixwhZd7835XVQW5icNhth7A9Z9fpAzwH2r7YHRrrRfh92O
3vdI/eXJfKvudlnf2k81MnCyZOePSiHyvyOtI2qO
-----END CERTIFICATE-----