Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/fdd25d-c034-49f3-890d-4b89d377808e/1/vFu0oOr_D86ihckafwK307E7ddI.roa
File:                     vFu0oOr_D86ihckafwK307E7ddI.roa (raw, json)
Hash identifier:          tUYcYTN5F9x2cctrAUsEEo/zrFiO+P7VJWEJSUEzAK8=
Subject key identifier:   BC:5B:B4:A0:EA:FF:0F:CE:A2:85:C9:1A:7F:02:B7:D3:B1:3B:75:D2
Certificate issuer:       /CN=574537d54f36f142231bc817038872cb607b21e7
Certificate serial:       09375D56
Authority key identifier: 57:45:37:D5:4F:36:F1:42:23:1B:C8:17:03:88:72:CB:60:7B:21:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V0U31U828UIjG8gXA4hyy2B7Iec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/fdd25d-c034-49f3-890d-4b89d377808e/1/vFu0oOr_D86ihckafwK307E7ddI.roa
Signing time:             Sat 01 Jan 2022 15:01:18 +0000
ROA not before:           Sat 01 Jan 2022 15:01:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15600
IP address blocks:        213.221.192.0/18 maxlen: 24
                          139.178.0.0/18 maxlen: 24
                          185.74.108.0/22 maxlen: 22
                          212.60.32.0/19 maxlen: 24
                          109.106.44.0/22 maxlen: 22
                          109.106.48.0/20 maxlen: 20
                          37.35.120.0/21 maxlen: 21
                          31.193.208.0/21 maxlen: 24
                          5.44.112.0/20 maxlen: 20
                          89.236.128.0/18 maxlen: 24
                          65.18.128.0/18 maxlen: 18
                          145.40.224.0/19 maxlen: 19
                          80.208.128.0/18 maxlen: 24
                          95.174.224.0/19 maxlen: 24
                          62.204.96.0/19 maxlen: 24
                          138.248.48.0/20 maxlen: 20
                          2001:1a88::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154623318 (0x9375d56)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=574537d54f36f142231bc817038872cb607b21e7
        Validity
            Not Before: Jan  1 15:01:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bc5bb4a0eaff0fcea285c91a7f02b7d3b13b75d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:96:45:e7:96:ff:0d:e0:c6:24:d0:5e:62:02:
                    a4:72:06:a8:c4:74:5d:6f:9f:48:35:8d:8b:94:8f:
                    ba:c1:61:87:3c:cc:8b:93:71:14:37:2f:f5:15:dc:
                    a9:2a:60:cf:38:ba:3a:45:f5:ba:9b:43:44:d6:5e:
                    30:b6:53:2b:89:90:5e:42:bc:dc:52:50:e9:b5:02:
                    c9:14:60:37:1d:4a:3f:99:49:7e:d8:6c:50:18:c4:
                    ec:ce:77:b1:c0:5d:f8:d9:84:54:b0:89:c6:d6:57:
                    3a:da:a1:c3:a4:e2:36:54:f1:67:eb:6d:1c:7b:01:
                    33:2d:21:f6:95:93:3c:b6:30:54:e4:03:86:f8:86:
                    31:7a:59:2c:53:76:61:58:ed:15:2c:fe:41:fe:88:
                    53:64:ce:d4:8e:b8:c6:81:90:b7:1d:f9:42:3a:27:
                    41:ce:af:1f:d1:db:72:ac:6e:fc:7e:bf:c2:42:a5:
                    c0:37:30:6f:c1:d7:24:5b:1a:9f:05:5e:c4:e6:d5:
                    57:cc:ff:9e:d2:dc:b3:10:31:18:39:da:5f:2b:d9:
                    91:2d:a2:90:aa:ae:6b:e2:b4:35:48:7a:a4:5d:63:
                    63:f7:a6:ef:2b:c7:4a:15:d9:69:ac:79:b5:c4:b7:
                    26:8b:74:5b:f9:0c:8f:91:96:46:a3:be:f4:04:26:
                    3e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:5B:B4:A0:EA:FF:0F:CE:A2:85:C9:1A:7F:02:B7:D3:B1:3B:75:D2
            X509v3 Authority Key Identifier:
                keyid:57:45:37:D5:4F:36:F1:42:23:1B:C8:17:03:88:72:CB:60:7B:21:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V0U31U828UIjG8gXA4hyy2B7Iec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/fdd25d-c034-49f3-890d-4b89d377808e/1/vFu0oOr_D86ihckafwK307E7ddI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/fdd25d-c034-49f3-890d-4b89d377808e/1/V0U31U828UIjG8gXA4hyy2B7Iec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.112.0/20
                  31.193.208.0/21
                  37.35.120.0/21
                  62.204.96.0/19
                  65.18.128.0/18
                  80.208.128.0/18
                  89.236.128.0/18
                  95.174.224.0/19
                  109.106.44.0-109.106.63.255
                  138.248.48.0/20
                  139.178.0.0/18
                  145.40.224.0/19
                  185.74.108.0/22
                  212.60.32.0/19
                  213.221.192.0/18
                IPv6:
                  2001:1a88::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:d9:93:a3:08:20:dc:6f:a7:80:7c:9f:6b:3a:43:f0:ae:00:
         0b:1e:45:97:82:62:d8:79:52:3c:0b:cd:34:c8:69:a6:23:10:
         b2:d8:75:82:26:cb:5f:02:17:07:6d:4a:34:64:26:68:f5:01:
         8c:10:13:56:31:99:ff:da:79:6d:57:3a:25:e9:8e:10:de:c9:
         c7:08:b6:04:c1:c5:49:14:43:c8:83:b4:ef:2b:f1:72:d8:60:
         93:b6:fd:44:85:a8:51:9a:93:74:87:ca:0b:e7:fd:28:1b:fc:
         be:ae:a3:e4:8a:56:69:d4:12:8b:bc:41:96:9a:7b:f4:81:66:
         ec:4f:f8:2c:55:c6:ce:43:07:cd:f9:d8:39:ac:05:a5:19:d6:
         bb:cb:0e:34:6b:73:9e:d9:a3:16:93:90:cb:06:4d:fd:1d:07:
         39:08:22:b7:4a:b5:cb:42:4d:ce:27:c4:11:9a:e9:7b:e8:ac:
         c6:32:63:79:94:3f:7b:18:28:da:1f:c6:af:fd:57:67:fa:a1:
         74:6e:8e:04:97:01:83:3f:89:23:90:95:8c:6a:93:c1:6b:d4:
         dd:79:8f:4d:f1:2f:ad:9c:5a:c2:62:81:3d:08:d0:13:fe:be:
         b2:b4:05:63:49:f9:ca:6e:91:e5:44:a8:af:61:13:af:10:36:
         f0:55:f9:60
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgIECTddVjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NzQ1MzdkNTRmMzZmMTQyMjMxYmM4MTcwMzg4NzJjYjYwN2IyMWU3MB4XDTIyMDEw
MTE1MDExOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmM1YmI0YTBlYWZm
MGZjZWEyODVjOTFhN2YwMmI3ZDNiMTNiNzVkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJCWReeW/w3gxiTQXmICpHIGqMR0XW+fSDWNi5SPusFhhzzM
i5NxFDcv9RXcqSpgzzi6OkX1uptDRNZeMLZTK4mQXkK83FJQ6bUCyRRgNx1KP5lJ
fthsUBjE7M53scBd+NmEVLCJxtZXOtqhw6TiNlTxZ+ttHHsBMy0h9pWTPLYwVOQD
hviGMXpZLFN2YVjtFSz+Qf6IU2TO1I64xoGQtx35QjonQc6vH9Hbcqxu/H6/wkKl
wDcwb8HXJFsanwVexObVV8z/ntLcsxAxGDnaXyvZkS2ikKqua+K0NUh6pF1jY/em
7yvHShXZaax5tcS3Jot0W/kMj5GWRqO+9AQmPrsCAwEAAaOCAnUwggJxMB0GA1Ud
DgQWBBS8W7Sg6v8PzqKFyRp/ArfTsTt10jAfBgNVHSMEGDAWgBRXRTfVTzbxQiMb
yBcDiHLLYHsh5zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1YwVTMxVTgyOFVJakc4Z1hBNGh5eTJCN0llYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDUvZmRkMjVkLWMwMzQtNDlmMy04OTBkLTRiODlkMzc3ODA4ZS8x
L3ZGdTBvT3JfRDg2aWhja2Fmd0szMDdFN2RkSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDUv
ZmRkMjVkLWMwMzQtNDlmMy04OTBkLTRiODlkMzc3ODA4ZS8xL1YwVTMxVTgyOFVJ
akc4Z1hBNGh5eTJCN0llYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
igYIKwYBBQUHAQcBAf8EezB5MGgEAgABMGIDBAQFLHADBAMfwdADBAMlI3gDBAU+
zGADBAZBEoADBAZQ0IADBAZZ7IADBAVfruAwDAMEAm1qLAMEBm1qAAMEBIr4MAME
BouyAAMEBZEo4AMEArlKbAMEBdQ8IAMEBtXdwDANBAIAAjAHAwUDIAEaiDANBgkq
hkiG9w0BAQsFAAOCAQEAsdmTowgg3G+ngHyfazpD8K4ACx5Fl4Ji2HlSPAvNNMhp
piMQsth1gibLXwIXB21KNGQmaPUBjBATVjGZ/9p5bVc6JemOEN7Jxwi2BMHFSRRD
yIO07yvxcthgk7b9RIWoUZqTdIfKC+f9KBv8vq6j5IpWadQSi7xBlpp79IFm7E/4
LFXGzkMHzfnYOawFpRnWu8sONGtzntmjFpOQywZN/R0HOQgit0q1y0JNzifEEZrp
e+isxjJjeZQ/exgo2h/Gr/1XZ/qhdG6OBJcBgz+JI5CVjGqTwWvU3XmPTfEvrZxa
wmKBPQjQE/6+srQFY0n5ym6R5USor2ETrxA28FX5YA==
-----END CERTIFICATE-----