Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/d3b263-b0f1-4a6b-912e-373dda43f792/1/qk0AtFRNbNnCsA0_mSniG1mRazE.roa
File:                     qk0AtFRNbNnCsA0_mSniG1mRazE.roa (raw, json)
Hash identifier:          6htoBcEj4Q2T5bxDoN57XeF3f9Gvgv3My/ag+W0fT+Y=
Subject key identifier:   AA:4D:00:B4:54:4D:6C:D9:C2:B0:0D:3F:99:29:E2:1B:59:91:6B:31
Certificate issuer:       /CN=ce2b10d89b5537913503127eb87226afb89d1b2d
Certificate serial:       160E6747
Authority key identifier: CE:2B:10:D8:9B:55:37:91:35:03:12:7E:B8:72:26:AF:B8:9D:1B:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zisQ2JtVN5E1AxJ-uHImr7idGy0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/d3b263-b0f1-4a6b-912e-373dda43f792/1/qk0AtFRNbNnCsA0_mSniG1mRazE.roa
Signing time:             Sat 01 Jan 2022 16:06:26 +0000
ROA not before:           Sat 01 Jan 2022 16:06:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20978
IP address blocks:        176.220.0.0/16 maxlen: 24
                          151.135.0.0/16 maxlen: 24
                          95.173.0.0/19 maxlen: 24
                          185.4.68.0/22 maxlen: 24
                          5.176.0.0/15 maxlen: 24
                          94.235.0.0/16 maxlen: 24
                          217.174.32.0/20 maxlen: 24
                          37.154.0.0/15 maxlen: 24
                          46.104.0.0/16 maxlen: 24
                          213.211.0.0/19 maxlen: 24
                          5.44.80.0/20 maxlen: 24
                          176.30.0.0/16 maxlen: 24
                          5.46.0.0/15 maxlen: 24
                          188.41.0.0/16 maxlen: 24
                          2a02:2010::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 370042695 (0x160e6747)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce2b10d89b5537913503127eb87226afb89d1b2d
        Validity
            Not Before: Jan  1 16:06:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aa4d00b4544d6cd9c2b00d3f9929e21b59916b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3b:48:d9:04:61:27:60:94:c7:95:3b:20:a3:
                    ab:65:e9:6e:03:50:4a:f2:dc:42:f1:6e:40:29:a3:
                    50:49:42:41:b9:d3:77:0e:70:83:e0:68:8e:48:15:
                    6e:f6:c5:9f:a8:26:d1:db:95:e9:ea:fd:90:7f:20:
                    1c:e5:cb:57:56:d9:72:d9:d1:17:23:16:71:19:98:
                    be:4f:e4:c7:47:88:46:ef:10:de:f7:23:8b:db:0b:
                    84:93:43:58:ee:1a:00:a6:70:3f:e6:e3:f5:7a:71:
                    f0:67:0f:97:8c:a8:58:5c:23:46:41:f0:4f:d7:e3:
                    c4:5f:5c:eb:4c:70:18:34:1c:4c:d7:e9:24:54:79:
                    0c:3b:54:7f:0c:aa:e2:4d:68:97:51:01:91:9c:e2:
                    b6:81:68:77:30:d4:27:cf:6b:8a:29:54:23:2a:42:
                    90:01:e0:38:f6:8b:ab:bc:41:f6:30:b8:f9:99:ce:
                    e7:2d:9b:10:fe:b9:9c:81:9b:bf:67:ee:31:2f:c5:
                    e5:66:5a:96:32:ae:30:62:3f:47:51:95:02:4a:b5:
                    bc:ba:dd:ba:b0:d1:78:5c:9f:0f:15:21:73:42:5b:
                    ea:99:50:e6:b7:56:e4:7b:f6:09:42:65:9a:79:7e:
                    5d:11:3e:14:14:67:80:78:c7:ce:e3:c0:44:0a:7f:
                    61:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4D:00:B4:54:4D:6C:D9:C2:B0:0D:3F:99:29:E2:1B:59:91:6B:31
            X509v3 Authority Key Identifier:
                keyid:CE:2B:10:D8:9B:55:37:91:35:03:12:7E:B8:72:26:AF:B8:9D:1B:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zisQ2JtVN5E1AxJ-uHImr7idGy0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/d3b263-b0f1-4a6b-912e-373dda43f792/1/qk0AtFRNbNnCsA0_mSniG1mRazE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/d3b263-b0f1-4a6b-912e-373dda43f792/1/zisQ2JtVN5E1AxJ-uHImr7idGy0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.80.0/20
                  5.46.0.0/15
                  5.176.0.0/15
                  37.154.0.0/15
                  46.104.0.0/16
                  94.235.0.0/16
                  95.173.0.0/19
                  151.135.0.0/16
                  176.30.0.0/16
                  176.220.0.0/16
                  185.4.68.0/22
                  188.41.0.0/16
                  213.211.0.0/19
                  217.174.32.0/20
                IPv6:
                  2a02:2010::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:54:17:5c:ac:eb:b7:b3:29:af:64:0a:f5:63:c5:41:8e:11:
         58:85:08:ec:26:7a:0b:6e:63:ab:da:b8:e9:8d:10:f0:ea:a9:
         8d:f0:92:64:b1:15:91:01:ae:92:3b:4e:ed:60:c7:dc:52:90:
         f1:0f:98:34:ea:2c:11:ef:d5:77:bc:c6:d8:68:da:4e:3b:64:
         34:ad:ac:5f:fa:2f:d7:a1:20:93:b0:79:bb:02:fb:7d:d4:a8:
         cf:15:72:a3:66:7b:11:48:58:74:38:78:29:8c:cb:93:b0:69:
         a5:b0:59:91:22:81:d0:94:30:04:f6:2b:70:f2:24:f6:f0:42:
         24:bc:97:56:52:6a:fc:36:87:f2:c4:b1:01:a0:39:b2:ef:73:
         a8:d6:2f:87:33:ae:0d:ce:0e:bd:e2:e6:2c:ff:71:a8:d4:f4:
         fb:fe:fc:cc:f3:d1:c7:9f:d7:ae:48:8f:f2:53:bf:08:12:9c:
         a1:fa:4a:c2:4d:0b:1b:db:8e:9b:8e:7d:7c:c3:14:08:26:69:
         12:c0:20:90:da:0a:54:bd:37:81:10:e6:bb:91:8d:80:f6:c3:
         51:0f:c4:f9:e4:1b:c2:41:4c:b8:b6:08:73:e6:0e:a0:71:66:
         53:99:45:f3:2d:6a:a1:d8:db:51:71:ee:93:30:3c:2a:32:af:
         e4:c5:6b:19
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgIEFg5nRzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZTJiMTBkODliNTUzNzkxMzUwMzEyN2ViODcyMjZhZmI4OWQxYjJkMB4XDTIyMDEw
MTE2MDYyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWE0ZDAwYjQ1NDRk
NmNkOWMyYjAwZDNmOTkyOWUyMWI1OTkxNmIzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMg7SNkEYSdglMeVOyCjq2XpbgNQSvLcQvFuQCmjUElCQbnT
dw5wg+BojkgVbvbFn6gm0duV6er9kH8gHOXLV1bZctnRFyMWcRmYvk/kx0eIRu8Q
3vcji9sLhJNDWO4aAKZwP+bj9Xpx8GcPl4yoWFwjRkHwT9fjxF9c60xwGDQcTNfp
JFR5DDtUfwyq4k1ol1EBkZzitoFodzDUJ89riilUIypCkAHgOPaLq7xB9jC4+ZnO
5y2bEP65nIGbv2fuMS/F5WZaljKuMGI/R1GVAkq1vLrdurDReFyfDxUhc0Jb6plQ
5rdW5Hv2CUJlmnl+XRE+FBRngHjHzuPARAp/YXsCAwEAAaOCAl0wggJZMB0GA1Ud
DgQWBBSqTQC0VE1s2cKwDT+ZKeIbWZFrMTAfBgNVHSMEGDAWgBTOKxDYm1U3kTUD
En64ciavuJ0bLTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3ppc1EySnRWTjVFMUF4Si11SEltcjdpZEd5MC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWQvZDNiMjYzLWIwZjEtNGE2Yi05MTJlLTM3M2RkYTQzZjc5Mi8x
L3FrMEF0RlJOYk5uQ3NBMF9tU25pRzFtUmF6RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQv
ZDNiMjYzLWIwZjEtNGE2Yi05MTJlLTM3M2RkYTQzZjc5Mi8xL3ppc1EySnRWTjVF
MUF4Si11SEltcjdpZEd5MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBz
BggrBgEFBQcBBwEB/wRkMGIwUQQCAAEwSwMEBAUsUAMDAQUuAwMBBbADAwElmgMD
AC5oAwMAXusDBAVfrQADAwCXhwMDALAeAwMAsNwDBAK5BEQDAwC8KQMEBdXTAAME
BNmuIDANBAIAAjAHAwUDKgIgEDANBgkqhkiG9w0BAQsFAAOCAQEAElQXXKzrt7Mp
r2QK9WPFQY4RWIUI7CZ6C25jq9q46Y0Q8OqpjfCSZLEVkQGukjtO7WDH3FKQ8Q+Y
NOosEe/Vd7zG2GjaTjtkNK2sX/ov16Egk7B5uwL7fdSozxVyo2Z7EUhYdDh4KYzL
k7BppbBZkSKB0JQwBPYrcPIk9vBCJLyXVlJq/DaH8sSxAaA5su9zqNYvhzOuDc4O
veLmLP9xqNT0+/78zPPRx5/XrkiP8lO/CBKcofpKwk0LG9uOm459fMMUCCZpEsAg
kNoKVL03gRDmu5GNgPbDUQ/E+eQbwkFMuLYIc+YOoHFmU5lF8y1qodjbUXHukzA8
KjKv5MVrGQ==
-----END CERTIFICATE-----