Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/UQo9DYZZKyzy9e6x3uMpYBNUlko.roa
File:                     UQo9DYZZKyzy9e6x3uMpYBNUlko.roa (raw, json)
Hash identifier:          GBHEiPOvlq7BprttY7HnuySkmFVn7vkP7Gb9VWhuytY=
Subject key identifier:   51:0A:3D:0D:86:59:2B:2C:F2:F5:EE:B1:DE:E3:29:60:13:54:96:4A
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       0A9E74FF
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/UQo9DYZZKyzy9e6x3uMpYBNUlko.roa
Signing time:             Wed 11 May 2022 08:48:02 +0000
ROA not before:           Wed 11 May 2022 08:48:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5504
IP address blocks:        194.30.136.0/22 maxlen: 22
                          194.30.135.0/24 maxlen: 24
                          194.30.134.0/24 maxlen: 24
                          213.169.128.0/21 maxlen: 24
                          194.30.140.0/23 maxlen: 23
                          194.30.144.0/23 maxlen: 23
                          194.30.143.0/24 maxlen: 24
                          194.30.146.0/23 maxlen: 23
                          194.30.148.0/22 maxlen: 22
                          194.30.152.0/23 maxlen: 23
                          213.169.136.0/22 maxlen: 24
                          213.169.140.0/22 maxlen: 22
                          213.169.144.0/22 maxlen: 22
                          194.30.154.0/23 maxlen: 23
                          194.30.156.0/23 maxlen: 23
                          213.169.158.0/23 maxlen: 23
                          194.30.132.0/23 maxlen: 23
                          194.30.131.0/24 maxlen: 24
                          194.30.130.0/24 maxlen: 24
                          194.30.128.0/23 maxlen: 23
                          82.114.32.0/19 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 178156799 (0xa9e74ff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: May 11 08:48:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=510a3d0d86592b2cf2f5eeb1dee329601354964a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a4:fd:4b:b7:a3:f5:5c:04:ab:eb:8c:c7:35:
                    7a:a1:b5:4e:8b:90:14:76:7b:81:e4:a7:d3:82:ef:
                    88:a2:2e:3c:b6:27:f4:2e:d5:5e:f5:f3:da:54:a2:
                    91:fd:a5:e5:a5:d4:72:54:06:2e:48:1c:3e:4c:94:
                    00:49:7e:e3:47:0c:c8:64:fd:ae:1b:53:a8:87:5e:
                    bd:88:ae:dd:45:3a:fe:b8:51:e9:76:a6:04:5f:7a:
                    3c:fb:8b:ba:0a:33:73:61:3b:c2:ac:82:43:1c:2f:
                    35:1b:4d:05:37:17:a7:85:79:3a:5a:25:11:e0:12:
                    dd:ac:4a:b5:41:5e:09:68:a6:85:df:d4:cc:d7:0b:
                    6f:eb:84:89:54:48:d5:44:85:76:0f:a4:a2:a8:3e:
                    cf:96:05:d5:b5:8a:7b:a7:e8:ef:66:50:13:e6:84:
                    52:cf:46:99:c6:f9:c7:82:e5:bc:fe:d1:6a:0c:8c:
                    e4:96:68:f3:bb:1b:2f:5c:35:f3:89:30:08:61:dd:
                    c2:da:b2:66:12:fa:ee:2f:22:f3:e2:ca:33:dd:f4:
                    f2:b9:05:3b:b8:e8:05:f6:32:d2:cf:0d:0d:f7:31:
                    ee:82:94:d8:55:86:64:ea:bf:8b:f7:c2:39:ad:bc:
                    96:ef:cb:f4:1a:ca:f8:04:26:86:3c:b0:6b:2b:47:
                    1d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:0A:3D:0D:86:59:2B:2C:F2:F5:EE:B1:DE:E3:29:60:13:54:96:4A
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/UQo9DYZZKyzy9e6x3uMpYBNUlko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.114.32.0/19
                  194.30.128.0-194.30.141.255
                  194.30.143.0-194.30.157.255
                  213.169.128.0-213.169.147.255
                  213.169.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:7a:9e:95:c2:af:5f:d1:1b:54:ef:72:78:cd:bc:d0:29:1e:
         e1:22:2e:88:0d:e6:97:11:05:24:99:2b:6b:cd:a6:20:ba:d0:
         1f:c7:1c:cf:57:67:69:4e:32:b2:4c:df:b3:16:8a:c4:af:69:
         d0:53:36:45:9d:37:8d:a2:1a:67:07:39:4e:e6:59:51:7b:53:
         f1:00:53:92:dd:08:3a:d6:1f:af:2c:45:52:2d:29:57:d8:08:
         9b:e0:64:e4:e6:92:15:f6:05:75:3a:f2:f0:60:9a:6c:d4:ab:
         83:8a:b5:68:3f:7d:18:9c:00:7b:bb:82:62:41:31:58:50:b3:
         33:43:c9:3d:bf:6b:f9:b1:ce:e4:c5:21:a2:22:2f:ea:12:20:
         52:85:d6:14:c7:a3:ad:61:5f:cd:18:d7:90:59:b6:9b:b8:91:
         7d:11:3b:bf:fe:94:75:d4:d7:de:b8:22:fa:70:e3:38:15:10:
         51:4f:97:e7:c7:b4:d3:87:da:be:73:a4:1d:78:5a:23:9d:42:
         bf:20:e4:57:95:c1:86:52:46:fd:d4:f0:02:0e:32:be:73:d7:
         65:04:4a:86:33:65:65:a1:c3:3e:d0:c9:59:eb:e5:22:34:26:
         08:ea:7f:5a:5c:e8:b3:b3:05:e7:d3:9b:db:35:d4:83:9a:ae:
         af:c4:f2:c5
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIECp50/zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YzQ0Mjk3ZTkyNzFjNmVkZjA2NDkxNWY2MTgwYWUxMjY5MGRkYThiMB4XDTIyMDUx
MTA4NDgwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTEwYTNkMGQ4NjU5
MmIyY2YyZjVlZWIxZGVlMzI5NjAxMzU0OTY0YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMak/Uu3o/VcBKvrjMc1eqG1TouQFHZ7geSn04LviKIuPLYn
9C7VXvXz2lSikf2l5aXUclQGLkgcPkyUAEl+40cMyGT9rhtTqIdevYiu3UU6/rhR
6XamBF96PPuLugozc2E7wqyCQxwvNRtNBTcXp4V5OlolEeAS3axKtUFeCWimhd/U
zNcLb+uEiVRI1USFdg+koqg+z5YF1bWKe6fo72ZQE+aEUs9Gmcb5x4LlvP7RagyM
5JZo87sbL1w184kwCGHdwtqyZhL67i8i8+LKM9308rkFO7joBfYy0s8NDfcx7oKU
2FWGZOq/i/fCOa28lu/L9BrK+AQmhjywaytHHckCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBRRCj0NhlkrLPL17rHe4ylgE1SWSjAfBgNVHSMEGDAWgBT8RCl+knHG7fBk
kV9hgK4SaQ3aizAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19FUXBmcEp4eHUzd1pKRmZZWUN1RW1rTjJvcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODIvN2NiMTc5LWFkMmMtNDgyNC1hMWU1LWFlMDdmMzJlNDEwMi8x
L1VRbzlEWVpaS3l6eTllNngzdU1wWUJOVWxrby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIv
N2NiMTc5LWFkMmMtNDgyNC1hMWU1LWFlMDdmMzJlNDEwMi8xL19FUXBmcEp4eHUz
d1pKRmZZWUN1RW1rTjJvcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEBVJyIDAMAwQHwh6AAwQBwh6MMAwD
BADCHo8DBAHCHpwwDAMEB9WpgAMEAtWpkAMEAdWpnjANBgkqhkiG9w0BAQsFAAOC
AQEAInqelcKvX9EbVO9yeM280Cke4SIuiA3mlxEFJJkra82mILrQH8ccz1dnaU4y
skzfsxaKxK9p0FM2RZ03jaIaZwc5TuZZUXtT8QBTkt0IOtYfryxFUi0pV9gIm+Bk
5OaSFfYFdTry8GCabNSrg4q1aD99GJwAe7uCYkExWFCzM0PJPb9r+bHO5MUhoiIv
6hIgUoXWFMejrWFfzRjXkFm2m7iRfRE7v/6UddTX3rgi+nDjOBUQUU+X58e004fa
vnOkHXhaI51CvyDkV5XBhlJG/dTwAg4yvnPXZQRKhjNlZaHDPtDJWevlIjQmCOp/
Wlzos7MF59Ob2zXUg5qur8TyxQ==
-----END CERTIFICATE-----