Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/34x2stAPFuDjn45sGcJYixmZKgs.roa
File:                     34x2stAPFuDjn45sGcJYixmZKgs.roa (raw, json)
Hash identifier:          JSfxPoqJD4aGj0XOToEJB2rTiVAGiWsC5QMCfUTkOws=
Subject key identifier:   DF:8C:76:B2:D0:0F:16:E0:E3:9F:8E:6C:19:C2:58:8B:19:99:2A:0B
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       06CB4497
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/34x2stAPFuDjn45sGcJYixmZKgs.roa
Signing time:             Sat 05 Mar 2022 18:05:24 +0000
ROA not before:           Sat 05 Mar 2022 18:05:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35297
IP address blocks:        185.249.160.0/22 maxlen: 22
                          5.53.112.0/21 maxlen: 21
                          193.239.75.101/32 maxlen: 32
                          193.239.72.0/22 maxlen: 22
                          193.239.74.64/32 maxlen: 32
                          91.204.212.0/22 maxlen: 22
                          193.238.32.0/22 maxlen: 22
                          178.251.104.0/21 maxlen: 21
                          178.251.110.0/24 maxlen: 24
                          77.75.144.0/21 maxlen: 21
                          2a02:2000:face::/48 maxlen: 48
                          2a02:2000:4::/48 maxlen: 48
                          2a02:2000::/29 maxlen: 48
                          2a02:2000::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 113984663 (0x6cb4497)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Mar  5 18:05:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=df8c76b2d00f16e0e39f8e6c19c2588b19992a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:77:c0:fb:79:df:42:ac:9c:5a:01:4f:4e:55:
                    26:b3:26:cc:e7:e4:e4:47:38:7a:cf:89:09:8f:8d:
                    ed:e7:b6:e6:2d:16:e7:cd:6b:f1:32:15:c3:6c:4a:
                    24:d0:f1:d5:47:1b:f7:71:52:ed:e2:78:29:51:d7:
                    4b:2e:54:73:2c:91:91:75:52:fb:d3:cb:6e:df:8f:
                    5c:8e:b7:47:8c:4b:e0:6b:81:2f:1b:e2:76:a2:fb:
                    02:1d:85:2a:23:cb:cb:82:11:49:df:91:8a:5d:74:
                    b4:10:4e:ff:b0:b9:bb:df:4a:ee:8a:8b:f7:05:ab:
                    3d:f8:10:c1:6b:c9:8e:c6:b9:ce:47:06:5b:90:0a:
                    9d:bb:f5:8f:7b:c4:f9:9f:eb:7e:66:e9:31:86:16:
                    71:5c:08:b5:eb:6b:52:a9:e9:ac:9b:d8:50:8a:5d:
                    76:d3:db:0c:59:c5:53:f4:ab:07:cd:fa:4b:05:c7:
                    a3:90:ae:57:b8:f3:3c:9a:25:b8:ac:cb:b4:32:92:
                    97:35:15:bb:bc:27:e5:79:ff:65:ce:b3:3e:6e:86:
                    cd:b9:a3:90:11:a9:ca:d1:43:21:28:fa:41:b9:50:
                    42:51:ee:dc:91:02:b5:13:2e:23:11:3b:29:08:6e:
                    11:a3:70:ad:11:57:22:51:6b:1e:80:13:d7:db:f4:
                    49:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8C:76:B2:D0:0F:16:E0:E3:9F:8E:6C:19:C2:58:8B:19:99:2A:0B
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/34x2stAPFuDjn45sGcJYixmZKgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.53.112.0/21
                  77.75.144.0/21
                  91.204.212.0/22
                  178.251.104.0/21
                  185.249.160.0/22
                  193.238.32.0/22
                  193.239.72.0/22
                IPv6:
                  2a02:2000::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:34:4b:59:86:e4:fe:eb:f2:d1:94:30:20:79:c9:37:da:26:
         79:0b:4d:b1:0d:84:bf:87:67:0f:bf:40:83:c8:49:1f:db:f4:
         fc:c5:a7:28:e8:b3:54:15:10:1d:22:a8:86:5b:c2:01:f2:3e:
         c3:66:22:b2:0d:49:5b:08:64:ea:b2:d6:14:53:8a:cb:59:a3:
         5c:c7:6f:79:ac:a4:c0:85:e7:3e:b2:42:0a:35:bf:38:f3:a6:
         0b:f0:f1:54:01:91:69:34:7e:f4:7c:40:de:1c:90:8e:78:bc:
         0c:76:56:a7:1b:6c:f0:ad:2b:97:20:cc:89:0e:7c:6e:f0:36:
         3d:55:ac:4f:d5:35:c5:9d:d8:4f:2d:17:f0:33:0c:40:9b:5b:
         83:c7:bf:22:17:ea:23:6c:8a:54:ee:8b:e6:43:77:99:18:b7:
         bb:86:f2:c0:12:ff:48:c4:4b:b9:56:da:05:9b:99:a7:4f:4e:
         3f:d2:f9:32:64:ef:f0:d3:db:13:f5:00:66:d4:78:7a:7a:10:
         29:6f:f7:62:5d:b6:0a:7f:ae:ad:5a:ef:cc:67:91:30:03:05:
         c8:fa:b9:36:e8:9c:94:70:be:00:96:ad:ec:51:e1:d3:e2:fe:
         d7:18:40:0b:b1:17:18:3d:2a:ce:10:9c:c5:a8:ef:f7:a5:a6:
         42:39:ee:01
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIEBstElzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NDUyYjAzZTFiMDE3MDk2Mzg5NDBkOTU5Mjk4M2NkZTc3ZWNhYjc3MB4XDTIyMDMw
NTE4MDUyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGY4Yzc2YjJkMDBm
MTZlMGUzOWY4ZTZjMTljMjU4OGIxOTk5MmEwYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPd3wPt530KsnFoBT05VJrMmzOfk5Ec4es+JCY+N7ee25i0W
581r8TIVw2xKJNDx1Ucb93FS7eJ4KVHXSy5UcyyRkXVS+9PLbt+PXI63R4xL4GuB
LxvidqL7Ah2FKiPLy4IRSd+Ril10tBBO/7C5u99K7oqL9wWrPfgQwWvJjsa5zkcG
W5AKnbv1j3vE+Z/rfmbpMYYWcVwItetrUqnprJvYUIpddtPbDFnFU/SrB836SwXH
o5CuV7jzPJoluKzLtDKSlzUVu7wn5Xn/Zc6zPm6GzbmjkBGpytFDISj6QblQQlHu
3JECtRMuIxE7KQhuEaNwrRFXIlFrHoAT19v0SXcCAwEAAaOCAjwwggI4MB0GA1Ud
DgQWBBTfjHay0A8W4OOfjmwZwliLGZkqCzAfBgNVHSMEGDAWgBSEUrA+GwFwljiU
DZWSmDzed+yrdzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hGS3dQaHNCY0pZNGxBMlZrcGc4M25mc3EzYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTQvMDExZjZlLWU5MjgtNGYyYi1hYTI0LTIwMGZjMjc0Y2IwMS8x
LzM0eDJzdEFQRnVEam40NXNHY0pZaXhtWktncy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQv
MDExZjZlLWU5MjgtNGYyYi1hYTI0LTIwMGZjMjc0Y2IwMS8xL2hGS3dQaHNCY0pZ
NGxBMlZrcGc4M25mc3EzYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBS
BggrBgEFBQcBBwEB/wRDMEEwMAQCAAEwKgMEAwU1cAMEA01LkAMEAlvM1AMEA7L7
aAMEArn5oAMEAsHuIAMEAsHvSDANBAIAAjAHAwUDKgIgADANBgkqhkiG9w0BAQsF
AAOCAQEAZzRLWYbk/uvy0ZQwIHnJN9omeQtNsQ2Ev4dnD79Ag8hJH9v0/MWnKOiz
VBUQHSKohlvCAfI+w2Yisg1JWwhk6rLWFFOKy1mjXMdveaykwIXnPrJCCjW/OPOm
C/DxVAGRaTR+9HxA3hyQjni8DHZWpxts8K0rlyDMiQ58bvA2PVWsT9U1xZ3YTy0X
8DMMQJtbg8e/IhfqI2yKVO6L5kN3mRi3u4bywBL/SMRLuVbaBZuZp09OP9L5MmTv
8NPbE/UAZtR4enoQKW/3Yl22Cn+urVrvzGeRMAMFyPq5NuiclHC+AJat7FHh0+L+
1xhAC7EXGD0qzhCcxajv96WmQjnuAQ==
-----END CERTIFICATE-----