Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/S2jxBO2W4IeX5mdrr8MGRp_BDn0.roa
File:                     S2jxBO2W4IeX5mdrr8MGRp_BDn0.roa (raw, json)
Hash identifier:          DlCedzIM8UYXGTXT5c8PQs3B1t6iFN1cHniisBoFGmk=
Subject key identifier:   4B:68:F1:04:ED:96:E0:87:97:E6:67:6B:AF:C3:06:46:9F:C1:0E:7D
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       018366C8F09209B984FD3AC0D236D2564E11
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/S2jxBO2W4IeX5mdrr8MGRp_BDn0.roa
Signing time:             Thu 22 Sep 2022 19:59:48 +0000
ROA not before:           Thu 22 Sep 2022 19:59:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35600
IP address blocks:        45.84.112.0/22 maxlen: 24
                          185.56.176.0/22 maxlen: 22
                          31.193.240.0/21 maxlen: 24
                          91.221.92.0/23 maxlen: 24
                          91.221.106.0/23 maxlen: 24
                          194.117.246.0/23 maxlen: 23
                          185.48.132.0/22 maxlen: 24
                          2001:67c:184c::/48 maxlen: 48
                          2a02:5520::/32 maxlen: 32
                          2a00:4780::/32 maxlen: 32
                          2a0e:ac80::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:66:c8:f0:92:09:b9:84:fd:3a:c0:d2:36:d2:56:4e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Sep 22 19:59:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4b68f104ed96e08797e6676bafc306469fc10e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:69:4a:9f:9b:d9:b2:00:3c:2f:ec:94:ed:42:
                    a6:6d:a1:45:6f:28:36:56:66:22:89:f6:db:b1:0b:
                    19:45:36:9f:1e:74:d7:80:36:48:f3:cf:d8:e0:29:
                    d9:6a:96:91:41:2b:58:b3:92:8b:e6:7a:a8:55:c0:
                    40:ac:cd:ec:db:74:56:65:0c:7f:47:a2:c0:b6:e1:
                    47:a8:c2:8f:47:91:be:b2:87:ba:29:95:10:85:a8:
                    de:21:7c:0b:2a:c0:0f:57:a3:28:3e:30:d2:b5:b7:
                    62:e1:24:46:3e:28:f6:fe:57:ce:cb:b3:8b:ee:ae:
                    8d:f6:e0:ad:bc:58:83:f6:35:50:0c:aa:31:cf:58:
                    67:e6:a8:a9:83:b3:ee:49:5d:5a:98:7b:38:ef:08:
                    4e:6b:95:e5:c5:83:54:eb:88:d4:63:31:1f:ea:9f:
                    9d:ef:c3:bd:e1:4d:45:ba:2a:a3:b5:9b:44:c8:00:
                    9f:00:0e:d1:be:e7:3b:a0:63:ab:aa:89:8e:54:dd:
                    5b:66:0c:c9:1e:c7:5f:ed:c9:dd:35:c9:95:3a:74:
                    40:97:c8:cb:b8:cb:02:2d:44:f3:d6:fe:ad:cb:97:
                    bc:b3:d8:f3:fd:97:2c:89:12:42:73:de:9e:68:e4:
                    63:1c:72:eb:c3:57:8b:86:83:33:3e:66:12:92:e6:
                    ed:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:68:F1:04:ED:96:E0:87:97:E6:67:6B:AF:C3:06:46:9F:C1:0E:7D
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/S2jxBO2W4IeX5mdrr8MGRp_BDn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.240.0/21
                  45.84.112.0/22
                  91.221.92.0/23
                  91.221.106.0/23
                  185.48.132.0/22
                  185.56.176.0/22
                  194.117.246.0/23
                IPv6:
                  2001:67c:184c::/48
                  2a00:4780::/32
                  2a02:5520::/32
                  2a0e:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:53:51:15:55:93:75:8c:b1:db:a2:a3:aa:46:70:b4:f3:75:
         13:79:7e:c3:78:36:1e:ed:f6:1d:3a:e8:22:0e:9d:a1:1f:5e:
         0b:5e:b9:23:d4:9b:09:03:f4:12:5c:91:f8:06:62:c8:c2:35:
         9c:7f:ed:69:99:e1:fc:a7:23:bd:1c:59:ff:e3:85:76:69:5a:
         6a:1e:67:80:33:44:53:c1:5b:d4:33:e0:e0:81:cc:3a:9a:a3:
         b1:4a:ef:05:01:ff:2b:69:af:8c:3c:a4:2c:69:9d:6f:72:0d:
         b1:d5:af:83:fc:72:2c:01:12:5a:ca:e1:31:30:c9:47:3b:88:
         28:af:c3:87:7c:79:74:25:1d:a7:66:ff:5d:c4:64:66:71:2a:
         1a:6a:b3:4b:82:da:63:d2:7d:cf:8f:d8:a1:2a:d2:ed:11:a1:
         ab:2a:81:52:1a:6e:7f:25:c2:6d:c9:26:46:b9:3f:aa:bc:1b:
         43:f9:63:c5:01:d7:ae:cf:f1:13:a1:e5:68:95:4d:cb:4c:87:
         fa:1a:f1:ae:94:5f:e8:8c:f5:6f:82:54:bc:04:22:f8:e0:db:
         d1:0c:fc:bf:f6:e6:bb:04:ec:ff:27:e5:36:bd:67:2c:f4:3e:
         f9:93:b4:64:6b:a9:77:ce:d5:02:c6:ce:6c:22:fb:b3:43:23:
         c8:27:2b:d9
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYNmyPCSCbmE/TrA0jbSVk4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjIwOTIyMTk1OTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY4ZjEwNGVkOTZlMDg3OTdlNjY3NmJhZmMzMDY0NjlmYzEwZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGlKn5vZsgA8L+yU7UKmbaFFbyg2
VmYiifbbsQsZRTafHnTXgDZI88/Y4CnZapaRQStYs5KL5nqoVcBArM3s23RWZQx/
R6LAtuFHqMKPR5G+soe6KZUQhajeIXwLKsAPV6MoPjDStbdi4SRGPij2/lfOy7OL
7q6N9uCtvFiD9jVQDKoxz1hn5qipg7PuSV1amHs47whOa5XlxYNU64jUYzEf6p+d
78O94U1FuiqjtZtEyACfAA7Rvuc7oGOrqomOVN1bZgzJHsdf7cndNcmVOnRAl8jL
uMsCLUTz1v6ty5e8s9jz/ZcsiRJCc96eaORjHHLrw1eLhoMzPmYSkubt5wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFEto8QTtluCHl+Zna6/DBkafwQ59MB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvUzJqeEJPMlc0SWVYNW1kcnI4TUdScF9CRG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDAwBAIAATAqAwQDH8HwAwQC
LVRwAwQBW91cAwQBW91qAwQCuTCEAwQCuTiwAwQBwnX2MCQEAgACMB4DBwAgAQZ8
GEwDBQAqAEeAAwUAKgJVIAMFAyoOrIAwDQYJKoZIhvcNAQELBQADggEBAChTURVV
k3WMsduio6pGcLTzdRN5fsN4Nh7t9h066CIOnaEfXgteuSPUmwkD9BJckfgGYsjC
NZx/7WmZ4fynI70cWf/jhXZpWmoeZ4AzRFPBW9Qz4OCBzDqao7FK7wUB/ytpr4w8
pCxpnW9yDbHVr4P8ciwBElrK4TEwyUc7iCivw4d8eXQlHadm/13EZGZxKhpqs0uC
2mPSfc+P2KEq0u0RoasqgVIabn8lwm3JJka5P6q8G0P5Y8UB167P8ROh5WiVTctM
h/oa8a6UX+iM9W+CVLwEIvjg29EM/L/25rsE7P8n5Ta9Zyz0PvmTtGRrqXfO1QLG
zmwi+7NDI8gnK9k=
-----END CERTIFICATE-----