Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/iBL2W8K44k_to5liyJ-kZ9zWW6k.roa
File:                     iBL2W8K44k_to5liyJ-kZ9zWW6k.roa (raw, json)
Hash identifier:          PasQzreFGQPutLDAk8g9cl44j3ywpYcoyi0TN4pKzeU=
Subject key identifier:   88:12:F6:5B:C2:B8:E2:4F:ED:A3:99:62:C8:9F:A4:67:DC:D6:5B:A9
Certificate issuer:       /CN=db239685409f64ba1c3a54a8ef141c924e71d892
Certificate serial:       38076ABC
Authority key identifier: DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/iBL2W8K44k_to5liyJ-kZ9zWW6k.roa
Signing time:             Sat 01 Jan 2022 05:53:23 +0000
ROA not before:           Sat 01 Jan 2022 05:53:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8426
IP address blocks:        185.7.36.0/22 maxlen: 22
                          62.240.224.0/19 maxlen: 19
                          194.146.172.0/22 maxlen: 22
                          31.3.136.0/21 maxlen: 21
                          94.198.144.0/21 maxlen: 21
                          89.185.32.0/19 maxlen: 19
                          212.43.192.0/18 maxlen: 18
                          46.18.128.0/21 maxlen: 21
                          185.88.104.0/22 maxlen: 22
                          185.93.36.0/22 maxlen: 22
                          185.29.40.0/22 maxlen: 22
                          79.99.32.0/21 maxlen: 21
                          2a02:2328::/32 maxlen: 32
                          2a03:7300::/32 maxlen: 32
                          2a01:4580::/29 maxlen: 29
                          2001:a70::/32 maxlen: 32
                          2a02:1f8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 940010172 (0x38076abc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db239685409f64ba1c3a54a8ef141c924e71d892
        Validity
            Not Before: Jan  1 05:53:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8812f65bc2b8e24feda39962c89fa467dcd65ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b2:5b:3e:52:0a:9f:7f:e7:3d:2b:36:92:d9:
                    f1:bf:36:d0:aa:60:37:19:00:ec:ac:e1:8b:5d:01:
                    33:c4:e7:f3:50:45:e4:26:db:ee:e8:8a:39:55:30:
                    71:55:45:fb:86:8b:3c:52:3a:a4:9a:3b:74:1d:62:
                    db:a3:e2:55:55:d1:3f:59:30:fe:0a:9b:f8:c8:71:
                    8f:57:6b:d1:56:b1:3b:ac:4f:9c:c4:52:d6:63:60:
                    b0:db:89:64:c1:21:8b:27:5d:4c:04:bc:4a:f7:1f:
                    c5:93:69:89:a8:77:d7:7e:90:0f:f4:dd:bb:4e:c8:
                    1d:71:64:ec:cb:55:75:b5:34:41:f7:8b:8c:4c:47:
                    30:e2:96:43:0b:bf:65:59:26:f9:63:60:4e:8b:53:
                    8f:c2:ce:84:f9:0f:12:24:98:2c:81:27:e3:13:38:
                    49:c8:f7:12:73:90:d3:9d:b4:eb:9b:71:b6:bc:62:
                    bb:e0:a4:e5:57:29:94:00:09:40:c3:5a:48:96:5b:
                    c8:25:78:94:92:d3:c5:67:df:b6:33:95:64:c5:8f:
                    b3:c9:5e:b9:4d:65:4d:03:4b:fa:a3:2f:05:1b:f8:
                    c3:dc:7b:68:c5:b1:17:f5:80:0a:ee:a3:da:49:bc:
                    05:20:5c:b7:88:95:eb:54:8a:9e:29:65:ba:a1:c4:
                    6f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:12:F6:5B:C2:B8:E2:4F:ED:A3:99:62:C8:9F:A4:67:DC:D6:5B:A9
            X509v3 Authority Key Identifier:
                keyid:DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/iBL2W8K44k_to5liyJ-kZ9zWW6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.136.0/21
                  46.18.128.0/21
                  62.240.224.0/19
                  79.99.32.0/21
                  89.185.32.0/19
                  94.198.144.0/21
                  185.7.36.0/22
                  185.29.40.0/22
                  185.88.104.0/22
                  185.93.36.0/22
                  194.146.172.0/22
                  212.43.192.0/18
                IPv6:
                  2001:a70::/32
                  2a01:4580::/29
                  2a02:1f8::/32
                  2a02:2328::/32
                  2a03:7300::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:12:cb:14:5a:a8:b2:59:6f:a3:2a:60:d7:bc:8b:00:37:1f:
         f1:74:41:d4:a2:3e:10:66:26:31:85:bf:8a:9b:bc:95:d0:12:
         8f:01:9b:88:69:fa:20:66:d3:84:07:5c:96:bd:08:3d:a8:46:
         64:c0:38:ec:cb:bd:18:dc:75:6e:59:ae:d5:65:f2:3c:91:cb:
         12:5a:c4:02:96:2d:76:e5:cb:bc:73:0e:e6:df:7c:db:1b:e3:
         51:e2:23:01:9d:29:a6:b1:01:dd:de:09:37:bd:48:da:76:9f:
         86:0c:9b:7a:b2:20:f6:a0:80:a3:37:d2:cd:cd:54:57:3b:38:
         67:d4:29:1d:f3:fe:f4:02:8f:99:e0:51:e4:7b:70:8c:7f:14:
         90:09:05:41:4a:06:dc:a2:37:7b:15:a0:cc:4c:7a:7c:ca:b5:
         2a:68:9a:0f:8e:d4:3d:a8:8f:f7:6b:14:6b:41:31:cd:fd:9a:
         4c:13:7d:f5:d4:44:ff:7c:7c:8e:dd:6b:a8:47:db:4d:64:b6:
         91:84:0c:73:01:35:1c:56:a1:9d:48:5b:7e:2b:73:0f:ae:11:
         cb:66:02:82:fa:ce:46:d8:24:31:0a:9c:3e:68:1b:57:c9:ae:
         4f:4b:9c:18:23:93:63:44:d1:93:79:a1:89:ba:99:2f:98:f1:
         1a:eb:d0:4b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIEOAdqvDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YjIzOTY4NTQwOWY2NGJhMWMzYTU0YThlZjE0MWM5MjRlNzFkODkyMB4XDTIyMDEw
MTA1NTMyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODgxMmY2NWJjMmI4
ZTI0ZmVkYTM5OTYyYzg5ZmE0NjdkY2Q2NWJhOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIKyWz5SCp9/5z0rNpLZ8b820KpgNxkA7Kzhi10BM8Tn81BF
5Cbb7uiKOVUwcVVF+4aLPFI6pJo7dB1i26PiVVXRP1kw/gqb+Mhxj1dr0VaxO6xP
nMRS1mNgsNuJZMEhiyddTAS8SvcfxZNpiah3136QD/Tdu07IHXFk7MtVdbU0QfeL
jExHMOKWQwu/ZVkm+WNgTotTj8LOhPkPEiSYLIEn4xM4Scj3EnOQ052065txtrxi
u+Ck5VcplAAJQMNaSJZbyCV4lJLTxWfftjOVZMWPs8leuU1lTQNL+qMvBRv4w9x7
aMWxF/WACu6j2km8BSBct4iV61SKnilluqHEb60CAwEAAaOCAncwggJzMB0GA1Ud
DgQWBBSIEvZbwrjiT+2jmWLIn6Rn3NZbqTAfBgNVHSMEGDAWgBTbI5aFQJ9kuhw6
VKjvFBySTnHYkjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJ5T1doVUNmWkxvY09sU283eFFja2s1eDJKSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTAvOGQ2ZmQ3LTFjYjMtNDEzYy1hMzJiLTJlZjQ0N2UxYjA4Yy8x
L2lCTDJXOEs0NGtfdG81bGl5Si1rWjl6V1c2ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTAv
OGQ2ZmQ3LTFjYjMtNDEzYy1hMzJiLTJlZjQ0N2UxYjA4Yy8xLzJ5T1doVUNmWkxv
Y09sU283eFFja2s1eDJKSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
jAYIKwYBBQUHAQcBAf8EfTB7ME4EAgABMEgDBAMfA4gDBAMuEoADBAU+8OADBANP
YyADBAVZuSADBANexpADBAK5ByQDBAK5HSgDBAK5WGgDBAK5XSQDBALCkqwDBAbU
K8AwKQQCAAIwIwMFACABCnADBQMqAUWAAwUAKgIB+AMFACoCIygDBQAqA3MAMA0G
CSqGSIb3DQEBCwUAA4IBAQAwEssUWqiyWW+jKmDXvIsANx/xdEHUoj4QZiYxhb+K
m7yV0BKPAZuIafogZtOEB1yWvQg9qEZkwDjsy70Y3HVuWa7VZfI8kcsSWsQCli12
5cu8cw7m33zbG+NR4iMBnSmmsQHd3gk3vUjadp+GDJt6siD2oICjN9LNzVRXOzhn
1Ckd8/70Ao+Z4FHke3CMfxSQCQVBSgbcojd7FaDMTHp8yrUqaJoPjtQ9qI/3axRr
QTHN/ZpME3311ET/fHyO3WuoR9tNZLaRhAxzATUcVqGdSFt+K3MPrhHLZgKC+s5G
2CQxCpw+aBtXya5PS5wYI5NjRNGTeaGJupkvmPEa69BL
-----END CERTIFICATE-----