Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/kONoNOW65KEV4MXEDfenR2Yv7x8.roa
File:                     kONoNOW65KEV4MXEDfenR2Yv7x8.roa (raw, json)
Hash identifier:          FYyetu01vZyZcdfRjRq9b9WP2rWC5zJU0SDwFYtuHdM=
Subject key identifier:   90:E3:68:34:E5:BA:E4:A1:15:E0:C5:C4:0D:F7:A7:47:66:2F:EF:1F
Certificate issuer:       /CN=65816774b7c5665d67a86c20ceb6487b5b78b38d
Certificate serial:       0AE8CDA4
Authority key identifier: 65:81:67:74:B7:C5:66:5D:67:A8:6C:20:CE:B6:48:7B:5B:78:B3:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/kONoNOW65KEV4MXEDfenR2Yv7x8.roa
Signing time:             Sat 01 Jan 2022 15:55:04 +0000
ROA not before:           Sat 01 Jan 2022 15:55:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42248
IP address blocks:        89.106.96.0/24 maxlen: 24
                          89.106.98.0/24 maxlen: 24
                          89.106.97.0/24 maxlen: 24
                          89.106.100.0/24 maxlen: 24
                          89.106.99.0/24 maxlen: 24
                          89.106.106.0/24 maxlen: 24
                          89.106.110.0/23 maxlen: 23
                          89.106.112.0/23 maxlen: 23
                          89.106.116.0/23 maxlen: 23
                          89.106.118.0/23 maxlen: 23
                          89.106.114.0/23 maxlen: 23
                          89.106.124.0/23 maxlen: 23
                          89.106.120.0/23 maxlen: 23
                          89.106.122.0/23 maxlen: 23
                          89.106.126.0/24 maxlen: 24
                          94.139.216.0/21 maxlen: 21
                          178.75.224.0/21 maxlen: 21
                          178.75.232.0/21 maxlen: 21
                          185.44.124.0/22 maxlen: 22
                          178.239.224.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 183029156 (0xae8cda4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65816774b7c5665d67a86c20ceb6487b5b78b38d
        Validity
            Not Before: Jan  1 15:55:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90e36834e5bae4a115e0c5c40df7a747662fef1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:53:d1:bf:c4:00:e7:73:bd:d7:ed:1a:de:e5:
                    9d:6e:23:bd:a5:67:56:0b:d2:30:83:23:e6:b6:d3:
                    6a:e1:6f:45:83:19:45:33:fe:4b:4d:41:f4:84:72:
                    a2:f2:3e:56:af:51:d0:34:74:24:75:87:6a:23:04:
                    ba:5a:48:42:a4:d1:01:b7:8d:d7:df:9f:d0:a1:65:
                    f6:1b:3e:ac:5e:8d:bc:b3:cb:0f:86:d6:4b:8e:68:
                    51:dc:5f:fa:74:12:a3:85:ca:a6:11:59:6a:ca:83:
                    c6:fc:90:3f:65:b7:67:88:84:b5:dc:59:1a:dd:45:
                    6f:19:38:b6:23:23:13:a9:54:58:7d:d1:65:18:5b:
                    d6:a1:5b:e4:f8:78:45:b8:8b:7d:1b:70:81:90:92:
                    25:86:ee:fc:45:00:2e:dd:59:d1:e8:0e:93:75:14:
                    0c:e7:ad:36:35:db:72:07:c1:d7:d3:43:cd:32:43:
                    11:4b:e6:8f:d9:6d:a6:d6:df:fc:c1:a0:17:77:71:
                    09:28:a3:27:61:16:b9:f3:dd:11:77:71:09:ec:f6:
                    27:58:6a:9a:90:e4:d7:68:c4:07:5d:ab:ac:04:3e:
                    83:bb:9c:9f:72:0f:b3:46:23:62:ce:9c:82:eb:c0:
                    fd:7b:79:f1:c2:44:d1:a1:c7:5e:9c:56:7b:d1:c2:
                    27:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E3:68:34:E5:BA:E4:A1:15:E0:C5:C4:0D:F7:A7:47:66:2F:EF:1F
            X509v3 Authority Key Identifier:
                keyid:65:81:67:74:B7:C5:66:5D:67:A8:6C:20:CE:B6:48:7B:5B:78:B3:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/kONoNOW65KEV4MXEDfenR2Yv7x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/ZYFndLfFZl1nqGwgzrZIe1t4s40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.96.0-89.106.100.255
                  89.106.106.0/24
                  89.106.110.0-89.106.126.255
                  94.139.216.0/21
                  178.75.224.0/20
                  178.239.224.0/20
                  185.44.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:31:a3:85:68:c3:a4:10:bf:9a:4b:73:30:e6:5c:37:ab:cd:
         13:e6:b2:17:3b:83:0e:62:12:2b:e7:f5:1f:29:fd:18:67:d0:
         64:14:95:57:be:db:b8:26:4d:df:7c:ea:c7:b2:7a:bd:55:62:
         56:d0:74:40:8b:f6:12:f6:ea:f1:c7:d9:7e:42:22:5b:65:c2:
         5b:7b:a6:c2:f5:6f:b3:07:01:91:23:d3:a9:20:09:ca:96:81:
         c7:96:06:25:b7:ce:9b:65:53:63:1d:95:f9:37:72:fc:00:be:
         7a:3d:3c:43:d0:38:60:f5:6a:d6:b5:ce:4c:86:ec:63:4f:1a:
         aa:7a:fd:b6:10:28:c0:d9:0a:0b:d3:40:c2:08:21:33:8d:27:
         92:6b:b4:91:14:ba:fc:8f:16:a5:13:cc:36:25:db:ce:d0:43:
         32:a2:bd:21:4a:c5:c1:d7:bf:59:a4:f0:4f:e0:bc:1f:1a:bd:
         a0:73:62:77:74:2b:60:85:b7:70:e3:85:90:01:62:a1:9f:08:
         4a:4b:ee:c3:94:92:a8:5b:6e:65:d5:94:86:ec:68:9a:2e:1d:
         fa:2d:97:b6:58:1b:ac:a3:3e:5e:28:9e:a7:df:c3:7a:d5:fa:
         80:c3:ff:4f:1c:de:13:fa:b7:43:bc:63:03:2f:80:b0:82:80:
         bb:a6:fd:f5
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIECujNpDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NTgxNjc3NGI3YzU2NjVkNjdhODZjMjBjZWI2NDg3YjViNzhiMzhkMB4XDTIyMDEw
MTE1NTUwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTBlMzY4MzRlNWJh
ZTRhMTE1ZTBjNWM0MGRmN2E3NDc2NjJmZWYxZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALBT0b/EAOdzvdftGt7lnW4jvaVnVgvSMIMj5rbTauFvRYMZ
RTP+S01B9IRyovI+Vq9R0DR0JHWHaiMEulpIQqTRAbeN19+f0KFl9hs+rF6NvLPL
D4bWS45oUdxf+nQSo4XKphFZasqDxvyQP2W3Z4iEtdxZGt1Fbxk4tiMjE6lUWH3R
ZRhb1qFb5Ph4RbiLfRtwgZCSJYbu/EUALt1Z0egOk3UUDOetNjXbcgfB19NDzTJD
EUvmj9ltptbf/MGgF3dxCSijJ2EWufPdEXdxCez2J1hqmpDk12jEB12rrAQ+g7uc
n3IPs0YjYs6cguvA/Xt58cJE0aHHXpxWe9HCJ28CAwEAAaOCAj0wggI5MB0GA1Ud
DgQWBBSQ42g05brkoRXgxcQN96dHZi/vHzAfBgNVHSMEGDAWgBRlgWd0t8VmXWeo
bCDOtkh7W3izjTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1pZRm5kTGZGWmwxbnFHd2d6clpJZTF0NHM0MC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvZjNiODI1LWNiYzAtNDlkMi04Yjc2LTZiMTQ2OWMzYjk1YS8x
L2tPTm9OT1c2NUtFVjRNWEVEZmVuUjJZdjd4OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
ZjNiODI1LWNiYzAtNDlkMi04Yjc2LTZiMTQ2OWMzYjk1YS8xL1pZRm5kTGZGWmwx
bnFHd2d6clpJZTF0NHM0MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBT
BggrBgEFBQcBBwEB/wREMEIwQAQCAAEwOjAMAwQFWWpgAwQAWWpkAwQAWWpqMAwD
BAFZam4DBABZan4DBANei9gDBASyS+ADBASy7+ADBAK5LHwwDQYJKoZIhvcNAQEL
BQADggEBAIoxo4Vow6QQv5pLczDmXDerzRPmshc7gw5iEivn9R8p/Rhn0GQUlVe+
27gmTd986seyer1VYlbQdECL9hL26vHH2X5CIltlwlt7psL1b7MHAZEj06kgCcqW
gceWBiW3zptlU2Mdlfk3cvwAvno9PEPQOGD1ata1zkyG7GNPGqp6/bYQKMDZCgvT
QMIIITONJ5JrtJEUuvyPFqUTzDYl287QQzKivSFKxcHXv1mk8E/gvB8avaBzYnd0
K2CFt3DjhZABYqGfCEpL7sOUkqhbbmXVlIbsaJouHfotl7ZYG6yjPl4onqffw3rV
+oDD/08c3hP6t0O8YwMvgLCCgLum/fU=
-----END CERTIFICATE-----