Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/31dca4-1ce8-4318-956c-d4f08be050d5/1/_SXUDmh1OIT5lLMA2GgItN9mbSE.roa
File:                     _SXUDmh1OIT5lLMA2GgItN9mbSE.roa (raw, json)
Hash identifier:          7YaN6cAI16fVIXDySO1dDTJ3ImUf/cj+z5ol/tICTaM=
Subject key identifier:   FD:25:D4:0E:68:75:38:84:F9:94:B3:00:D8:68:08:B4:DF:66:6D:21
Certificate issuer:       /CN=f1f42360a3970a808016fdf8d8dba396c5a1d034
Certificate serial:       01855B2E588C6CC84D7674F3CBC15A53BCE2
Authority key identifier: F1:F4:23:60:A3:97:0A:80:80:16:FD:F8:D8:DB:A3:96:C5:A1:D0:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8fQjYKOXCoCAFv342NujlsWh0DQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/31dca4-1ce8-4318-956c-d4f08be050d5/1/_SXUDmh1OIT5lLMA2GgItN9mbSE.roa
Signing time:             Thu 29 Dec 2022 00:00:42 +0000
ROA not before:           Thu 29 Dec 2022 00:00:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61149
IP address blocks:        185.16.90.0/23 maxlen: 23
                          185.16.91.0/24 maxlen: 24
                          185.16.90.0/24 maxlen: 24
                          185.16.89.0/24 maxlen: 24
                          185.16.88.0/23 maxlen: 23
                          185.16.88.0/22 maxlen: 22
                          185.16.88.0/24 maxlen: 24
                          45.82.107.0/24 maxlen: 24
                          45.82.106.0/24 maxlen: 24
                          86.104.226.0/24 maxlen: 24
                          91.235.107.0/24 maxlen: 24
                          2a03:cac0:2::/48 maxlen: 48
                          2a03:cac0:a::/48 maxlen: 48
                          2a03:cac0:b::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:5b:2e:58:8c:6c:c8:4d:76:74:f3:cb:c1:5a:53:bc:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1f42360a3970a808016fdf8d8dba396c5a1d034
        Validity
            Not Before: Dec 29 00:00:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fd25d40e68753884f994b300d86808b4df666d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:67:a1:a2:e2:df:31:3b:5f:10:89:9c:b3:49:
                    38:d8:0d:85:ae:97:8d:dd:c2:5d:07:e8:eb:13:cc:
                    42:1b:18:d2:88:da:4b:61:8f:45:53:80:ef:5b:ff:
                    ed:fd:7a:b0:33:c7:f1:8b:28:de:5e:12:cb:87:6a:
                    fd:38:c9:6b:40:61:05:8c:10:2f:04:86:e1:26:ae:
                    57:69:84:90:37:c3:90:84:f7:8f:d5:22:6a:67:aa:
                    99:25:47:56:59:1f:a2:b8:b8:cf:b0:82:83:ab:44:
                    5e:dc:1d:c9:8f:d0:e0:85:2b:ca:af:f6:72:8b:af:
                    0e:97:88:2e:c3:7d:07:8d:22:ee:b7:e5:c5:78:29:
                    a9:ef:80:d1:e8:6d:67:6f:d7:d4:97:16:21:4f:84:
                    4d:62:34:78:2a:bb:90:8c:94:3e:26:40:9e:2b:06:
                    59:dd:cb:47:7f:4b:a7:d4:0b:3a:c5:66:ac:59:35:
                    22:9d:ab:0f:cf:c6:c6:df:9a:a4:43:23:6c:d2:af:
                    4f:93:b2:ac:c4:4b:4e:5a:6f:47:e9:0f:c6:d5:f1:
                    e7:19:b2:81:7b:2e:cf:f7:67:69:30:ff:2b:79:1f:
                    d3:11:3d:e8:95:c4:e2:1c:ed:6b:91:53:9e:ba:c9:
                    67:87:60:75:43:21:17:10:24:dc:6d:48:a9:c5:38:
                    91:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:25:D4:0E:68:75:38:84:F9:94:B3:00:D8:68:08:B4:DF:66:6D:21
            X509v3 Authority Key Identifier:
                keyid:F1:F4:23:60:A3:97:0A:80:80:16:FD:F8:D8:DB:A3:96:C5:A1:D0:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8fQjYKOXCoCAFv342NujlsWh0DQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/31dca4-1ce8-4318-956c-d4f08be050d5/1/_SXUDmh1OIT5lLMA2GgItN9mbSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/31dca4-1ce8-4318-956c-d4f08be050d5/1/8fQjYKOXCoCAFv342NujlsWh0DQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.106.0/23
                  86.104.226.0/24
                  91.235.107.0/24
                  185.16.88.0/22
                IPv6:
                  2a03:cac0:2::/48
                  2a03:cac0:a::/47

    Signature Algorithm: sha256WithRSAEncryption
         2f:39:08:92:81:f1:83:a0:95:ad:6b:a9:11:d1:c9:66:80:93:
         dd:2c:44:00:3f:49:75:93:9d:9a:85:f8:bf:f0:18:7e:e1:aa:
         66:16:f9:35:14:ad:26:26:34:e9:2a:bd:b5:b9:4d:3b:57:a5:
         5d:19:6d:f2:2a:57:80:25:5e:6d:9f:7c:84:7c:56:c8:6d:3d:
         a3:b3:9c:85:9e:41:9f:29:19:32:b1:ba:6f:43:d7:df:7e:3f:
         b1:df:db:3e:25:5d:3d:c8:4d:e1:cc:7d:ff:45:cd:37:b5:ad:
         b7:fd:56:2d:29:ed:57:9a:e3:71:92:c4:ed:93:1a:41:62:0b:
         e5:78:1a:31:76:e9:29:9a:e3:5f:7f:b6:08:1e:f2:10:b5:8b:
         55:f8:58:0d:4f:6a:7f:5e:c2:54:47:3c:74:3e:a9:bb:87:de:
         32:70:05:fd:35:4b:a7:63:1f:7f:f1:03:0e:45:07:dd:74:30:
         33:59:2e:0a:d4:7d:ba:46:cc:a9:f5:22:36:77:3f:b7:f6:17:
         97:22:f5:aa:74:91:73:5e:1c:27:ac:11:42:a5:b7:93:f2:c5:
         61:a6:a3:77:87:be:18:3d:55:7a:80:16:e8:34:c3:8f:33:7b:
         61:08:e6:db:0d:13:8f:c4:47:26:f4:22:b2:8e:0b:6e:60:42:
         36:22:5b:92
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYVbLliMbMhNdnTzy8FaU7ziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZjQyMzYwYTM5NzBhODA4MDE2ZmRmOGQ4ZGJhMzk2YzVh
MWQwMzQwHhcNMjIxMjI5MDAwMDQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDI1ZDQwZTY4NzUzODg0Zjk5NGIzMDBkODY4MDhiNGRmNjY2ZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmehouLfMTtfEImcs0k42A2FrpeN
3cJdB+jrE8xCGxjSiNpLYY9FU4DvW//t/XqwM8fxiyjeXhLLh2r9OMlrQGEFjBAv
BIbhJq5XaYSQN8OQhPeP1SJqZ6qZJUdWWR+iuLjPsIKDq0Re3B3Jj9DghSvKr/Zy
i68Ol4guw30HjSLut+XFeCmp74DR6G1nb9fUlxYhT4RNYjR4KruQjJQ+JkCeKwZZ
3ctHf0un1As6xWasWTUinasPz8bG35qkQyNs0q9Pk7KsxEtOWm9H6Q/G1fHnGbKB
ey7P92dpMP8reR/TET3olcTiHO1rkVOeuslnh2B1QyEXECTcbUipxTiRAwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFP0l1A5odTiE+ZSzANhoCLTfZm0hMB8GA1UdIwQY
MBaAFPH0I2CjlwqAgBb9+Njbo5bFodA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGZRallLT1hDb0NBRnYzNDJOdWpsc1doMERRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zMWRjYTQtMWNlOC00MzE4LTk1NmMt
ZDRmMDhiZTA1MGQ1LzEvX1NYVURtaDFPSVQ1bExNQTJHZ0l0TjltYlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zMWRjYTQtMWNlOC00MzE4LTk1NmMtZDRmMDhiZTA1MGQ1
LzEvOGZRallLT1hDb0NBRnYzNDJOdWpsc1doMERRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAeBAIAATAYAwQBLVJqAwQA
VmjiAwQAW+trAwQCuRBYMBgEAgACMBIDBwAqA8rAAAIDBwEqA8rAAAowDQYJKoZI
hvcNAQELBQADggEBAC85CJKB8YOgla1rqRHRyWaAk90sRAA/SXWTnZqF+L/wGH7h
qmYW+TUUrSYmNOkqvbW5TTtXpV0ZbfIqV4AlXm2ffIR8VshtPaOznIWeQZ8pGTKx
um9D199+P7Hf2z4lXT3ITeHMff9FzTe1rbf9Vi0p7Vea43GSxO2TGkFiC+V4GjF2
6Sma419/tgge8hC1i1X4WA1Pan9ewlRHPHQ+qbuH3jJwBf01S6djH3/xAw5FB910
MDNZLgrUfbpGzKn1IjZ3P7f2F5ci9ap0kXNeHCesEUKlt5PyxWGmo3eHvhg9VXqA
Fug0w48ze2EI5tsNE4/ERyb0IrKOC25gQjYiW5I=
-----END CERTIFICATE-----