Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/xK5KQOrjUri_JCUdPBUrQMEj3Pw.roa
File:                     xK5KQOrjUri_JCUdPBUrQMEj3Pw.roa (raw, json)
Hash identifier:          BKJSm6/23MWMvlRFjSIPDG0osPUi4xnVb7N7RQvoLJY=
Subject key identifier:   C4:AE:4A:40:EA:E3:52:B8:BF:24:25:1D:3C:15:2B:40:C1:23:DC:FC
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       0184EB7EBA07710CEBD091F96471A0725864
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/xK5KQOrjUri_JCUdPBUrQMEj3Pw.roa
Signing time:             Wed 07 Dec 2022 07:31:01 +0000
ROA not before:           Wed 07 Dec 2022 07:31:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     328126
IP address blocks:        90.84.148.0/24 maxlen: 24
                          90.84.153.0/24 maxlen: 32
                          80.15.255.0/24 maxlen: 24
                          80.15.254.0/24 maxlen: 24
                          80.15.251.0/24 maxlen: 32
                          80.15.252.0/24 maxlen: 32
                          80.15.253.0/24 maxlen: 24
                          80.15.250.0/24 maxlen: 32
                          2a01:c9c0:c008::/48 maxlen: 64
                          2a01:c9c0:c00c::/48 maxlen: 64
                          2a01:c9c0:c002::/48 maxlen: 64
                          2a01:c9c0:c000::/48 maxlen: 64
                          2a01:c9c0:c006::/48 maxlen: 64
                          2a01:c9c0:c004::/48 maxlen: 64
                          2a01:c9c0:c00a::/48 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:eb:7e:ba:07:71:0c:eb:d0:91:f9:64:71:a0:72:58:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Dec  7 07:31:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c4ae4a40eae352b8bf24251d3c152b40c123dcfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3f:b7:37:4e:63:fd:dd:62:db:02:a5:58:6b:
                    00:02:9d:84:d6:32:88:7f:48:4b:88:66:d4:25:f5:
                    33:2d:e8:9d:d6:f2:21:73:fe:60:ad:68:a7:ad:3b:
                    c3:3a:a4:aa:74:cd:b4:6c:eb:a9:92:f1:2a:9e:1f:
                    55:c4:00:9c:91:b0:3b:1f:52:6f:ef:2e:b7:48:6a:
                    9f:b6:ac:db:ad:46:d3:21:05:ce:14:b1:93:0f:0d:
                    1d:b5:d3:11:8f:c9:0d:8a:74:5e:eb:2e:e3:eb:a4:
                    cb:d2:1e:a8:89:ff:2b:ff:13:97:7c:1f:6f:29:42:
                    3f:2f:7f:88:7f:23:61:00:52:4b:d7:39:1e:83:34:
                    cb:9f:31:69:86:9b:f1:50:fb:aa:b0:a9:12:9b:c5:
                    2c:d4:3d:65:23:ac:e7:e4:a2:8d:95:38:8f:24:5e:
                    73:30:8a:c3:9f:a9:15:1a:15:62:31:ca:39:70:54:
                    8a:1a:ff:4a:16:17:7b:47:83:a6:d1:c1:39:ee:d9:
                    a0:29:38:e3:dd:20:69:20:24:ba:b9:09:fe:d7:31:
                    9e:fe:73:c9:de:f6:6d:97:f7:95:c2:41:95:97:e6:
                    ff:ff:5b:3d:8f:09:f6:b8:79:21:33:9f:9f:ec:89:
                    7b:83:51:ae:75:bf:5f:d1:78:2c:c4:60:75:e3:56:
                    6b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:AE:4A:40:EA:E3:52:B8:BF:24:25:1D:3C:15:2B:40:C1:23:DC:FC
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/xK5KQOrjUri_JCUdPBUrQMEj3Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.15.250.0-80.15.255.255
                  90.84.148.0/24
                  90.84.153.0/24
                IPv6:
                  2a01:c9c0:c000::/48
                  2a01:c9c0:c002::/48
                  2a01:c9c0:c004::/48
                  2a01:c9c0:c006::/48
                  2a01:c9c0:c008::/48
                  2a01:c9c0:c00a::/48
                  2a01:c9c0:c00c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:8f:4a:cc:02:14:c6:d9:94:74:06:c3:97:47:9f:85:99:d2:
         0e:c8:3e:c6:65:e3:d4:28:26:81:1d:ff:ae:ee:2c:c1:47:d7:
         c3:1f:90:83:0c:53:78:0a:23:5c:88:47:58:57:a8:f5:51:db:
         43:5a:c0:a3:ad:03:4e:03:b1:6b:9e:19:c5:09:d2:5b:d0:aa:
         7a:99:8a:fa:22:f3:56:f6:cb:98:03:53:a4:2c:4b:9d:df:0c:
         4c:64:16:9e:67:56:f2:41:c2:6d:6a:ed:16:ae:ba:43:36:4b:
         8b:be:66:d2:4b:78:6b:22:e7:1d:99:01:01:ca:7f:8f:05:be:
         b8:58:75:75:1d:b0:30:7c:64:d7:2e:e6:c7:61:0e:ae:d6:2e:
         f7:92:f8:7f:2f:0d:ad:f2:35:05:cc:14:f4:be:23:b7:6d:e8:
         95:98:20:a1:93:6c:8a:fd:e0:90:b8:5a:58:73:d4:ce:18:b7:
         90:b0:93:fa:23:3c:07:ca:53:ff:32:78:23:c6:f0:df:52:87:
         30:40:c4:5c:ed:ec:e5:a3:aa:9a:62:b8:44:65:62:b7:86:51:
         86:67:78:cb:b6:34:40:b6:1e:e6:d7:7b:22:cb:08:1b:c3:22:
         c9:78:e8:be:a4:3e:c1:62:81:d9:94:51:12:07:9a:77:a7:9c:
         1d:16:8c:ce
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYTrfroHcQzr0JH5ZHGgclhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjIxMjA3MDczMTAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGFlNGE0MGVhZTM1MmI4YmYyNDI1MWQzYzE1MmI0MGMxMjNkY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD+3N05j/d1i2wKlWGsAAp2E1jKI
f0hLiGbUJfUzLeid1vIhc/5grWinrTvDOqSqdM20bOupkvEqnh9VxACckbA7H1Jv
7y63SGqftqzbrUbTIQXOFLGTDw0dtdMRj8kNinRe6y7j66TL0h6oif8r/xOXfB9v
KUI/L3+IfyNhAFJL1zkegzTLnzFphpvxUPuqsKkSm8Us1D1lI6zn5KKNlTiPJF5z
MIrDn6kVGhViMco5cFSKGv9KFhd7R4Om0cE57tmgKTjj3SBpICS6uQn+1zGe/nPJ
3vZtl/eVwkGVl+b//1s9jwn2uHkhM5+f7Il7g1Gudb9f0XgsxGB141ZrYwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFMSuSkDq41K4vyQlHTwVK0DBI9z8MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEveEs1S1FPcmpVcmlfSkNVZFBCVXJRTUVqM1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDAfBAIAATAZMAsDBAFQD/oD
AwRQAAMEAFpUlAMEAFpUmTBFBAIAAjA/AwcAKgHJwMAAAwcAKgHJwMACAwcAKgHJ
wMAEAwcAKgHJwMAGAwcAKgHJwMAIAwcAKgHJwMAKAwcAKgHJwMAMMA0GCSqGSIb3
DQEBCwUAA4IBAQB/j0rMAhTG2ZR0BsOXR5+FmdIOyD7GZePUKCaBHf+u7izBR9fD
H5CDDFN4CiNciEdYV6j1UdtDWsCjrQNOA7FrnhnFCdJb0Kp6mYr6IvNW9suYA1Ok
LEud3wxMZBaeZ1byQcJtau0WrrpDNkuLvmbSS3hrIucdmQEByn+PBb64WHV1HbAw
fGTXLubHYQ6u1i73kvh/Lw2t8jUFzBT0viO3beiVmCChk2yK/eCQuFpYc9TOGLeQ
sJP6IzwHylP/MngjxvDfUocwQMRc7ezlo6qaYrhEZWK3hlGGZ3jLtjRAth7m13si
ywgbwyLJeOi+pD7BYoHZlFESB5p3p5wdFozO
-----END CERTIFICATE-----