Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/sVKiEIujLDPt4NkwUfx7OEhaURw.roa
File:                     sVKiEIujLDPt4NkwUfx7OEhaURw.roa (raw, json)
Hash identifier:          wact6tkzP0Bns+jGk76++vF+jPk3qoq2rTFzuswYW4w=
Subject key identifier:   B1:52:A2:10:8B:A3:2C:33:ED:E0:D9:30:51:FC:7B:38:48:5A:51:1C
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018318691719336851540F2E3F30409E8AFA
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/sVKiEIujLDPt4NkwUfx7OEhaURw.roa
Signing time:             Wed 07 Sep 2022 14:44:43 +0000
ROA not before:           Wed 07 Sep 2022 14:44:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205132
IP address blocks:        84.238.167.0/24 maxlen: 24
                          212.72.199.0/24 maxlen: 24
                          94.236.169.0/24 maxlen: 24
                          83.228.89.0/24 maxlen: 24
                          83.228.87.0/24 maxlen: 24
                          83.228.86.0/24 maxlen: 24
                          213.91.157.0/24 maxlen: 24
                          213.91.173.0/24 maxlen: 24
                          213.91.191.0/24 maxlen: 24
                          84.238.192.0/24 maxlen: 24
                          212.72.221.0/24 maxlen: 24
                          84.238.194.0/24 maxlen: 24
                          84.238.193.0/24 maxlen: 24
                          46.10.156.0/24 maxlen: 24
                          46.10.179.0/24 maxlen: 24
                          77.85.170.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:18:69:17:19:33:68:51:54:0f:2e:3f:30:40:9e:8a:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Sep  7 14:44:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b152a2108ba32c33ede0d93051fc7b38485a511c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6d:9c:ab:73:79:81:44:f9:cb:2e:9d:ec:f1:
                    2d:d9:8f:05:99:da:df:89:07:00:bd:7d:62:7d:19:
                    f6:48:4b:4b:7c:cf:15:72:0b:5e:cc:59:eb:f9:d6:
                    fa:f3:5e:36:2c:bf:27:e1:0d:72:ae:91:ce:7d:63:
                    27:f5:96:0e:ce:ad:c9:2c:8e:35:56:66:a5:61:8d:
                    81:de:1c:39:41:fe:97:8a:dd:cf:11:05:7a:70:0a:
                    5a:6d:76:66:c9:9c:0c:56:3c:37:26:dc:c4:a0:44:
                    31:fa:e7:d9:b8:f2:3b:cc:49:4a:20:3a:42:ea:5c:
                    28:b3:e2:de:a5:1f:8e:f1:90:02:d5:e8:32:12:6c:
                    f0:2c:00:76:08:17:68:db:bd:4a:29:3d:80:ad:ef:
                    49:73:fc:bc:07:23:a6:2a:39:33:4f:8e:05:ef:01:
                    fb:90:0d:f8:09:ec:c3:5b:e0:2b:d3:b3:57:15:e3:
                    ff:e3:a1:1e:8b:a5:92:5c:02:00:4a:a0:da:0e:ec:
                    a2:91:04:24:d5:31:34:27:db:65:b0:36:8f:4f:2e:
                    f4:1b:06:03:61:d7:ef:63:77:8e:70:ab:16:5b:84:
                    41:21:19:ab:9a:37:35:b5:c5:68:f7:5a:1f:fe:25:
                    e8:4e:16:1c:fc:5a:4a:09:05:9e:56:6f:ee:22:c7:
                    bd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:52:A2:10:8B:A3:2C:33:ED:E0:D9:30:51:FC:7B:38:48:5A:51:1C
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/sVKiEIujLDPt4NkwUfx7OEhaURw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.10.156.0/24
                  46.10.179.0/24
                  77.85.170.0/24
                  83.228.86.0/23
                  83.228.89.0/24
                  84.238.167.0/24
                  84.238.192.0-84.238.194.255
                  94.236.169.0/24
                  212.72.199.0/24
                  212.72.221.0/24
                  213.91.157.0/24
                  213.91.173.0/24
                  213.91.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:d6:82:fa:3b:6e:f5:19:c9:6f:4d:d7:16:dc:3c:29:f6:4a:
         b0:6a:51:11:d6:3f:c1:ad:93:59:9d:3f:1b:f7:5e:22:d8:56:
         c4:fe:f0:8d:3c:a7:64:6b:06:af:df:9a:12:5f:ed:04:b8:48:
         18:e9:ea:2d:45:36:df:5e:37:ba:a5:c4:63:ab:de:3c:5e:cb:
         77:a0:ff:09:9c:bf:88:4d:68:97:9f:e0:b2:90:9a:e9:ff:2f:
         ae:08:c6:06:f3:9d:ec:2e:7a:8b:7f:b0:41:81:2c:e2:5e:a6:
         9a:7f:13:3d:46:e7:61:65:65:57:30:05:7e:97:72:e8:bd:2a:
         b9:a3:db:f4:26:be:e8:b8:b2:ea:f0:cd:ea:b0:6c:75:15:b5:
         77:c3:ca:2b:ba:c3:6a:c1:e1:8e:6c:aa:69:a1:71:52:b4:72:
         f9:ba:19:a7:d4:84:2f:d0:d3:12:2c:e7:94:da:d4:eb:cf:90:
         5d:3c:23:3e:07:ef:2d:ff:b4:57:98:c3:33:42:83:19:01:a6:
         f2:a5:3a:26:a1:0c:f6:16:94:65:4c:09:0b:5c:b4:9d:08:04:
         f8:c1:d1:dc:4b:25:a4:95:7c:2e:2f:f2:fe:97:d8:e0:9e:4e:
         43:18:1d:28:91:ab:e8:e7:2b:0c:b6:de:66:fc:7f:e4:ef:c8:
         f9:71:0a:4c
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYMYaRcZM2hRVA8uPzBAnor6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjIwOTA3MTQ0NDQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTUyYTIxMDhiYTMyYzMzZWRlMGQ5MzA1MWZjN2IzODQ4NWE1MTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG2cq3N5gUT5yy6d7PEt2Y8Fmdrf
iQcAvX1ifRn2SEtLfM8VcgtezFnr+db68142LL8n4Q1yrpHOfWMn9ZYOzq3JLI41
VmalYY2B3hw5Qf6Xit3PEQV6cApabXZmyZwMVjw3JtzEoEQx+ufZuPI7zElKIDpC
6lwos+LepR+O8ZAC1egyEmzwLAB2CBdo271KKT2Are9Jc/y8ByOmKjkzT44F7wH7
kA34CezDW+Ar07NXFeP/46Eei6WSXAIASqDaDuyikQQk1TE0J9tlsDaPTy70GwYD
YdfvY3eOcKsWW4RBIRmrmjc1tcVo91of/iXoThYc/FpKCQWeVm/uIse9gwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFLFSohCLoywz7eDZMFH8ezhIWlEcMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvc1ZLaUVJdWpMRFB0NE5rd1VmeDdPRWhhVVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALgqcAwQA
LgqzAwQATVWqAwQBU+RWAwQAU+RZAwQAVO6nMAwDBAZU7sADBABU7sIDBABe7KkD
BADUSMcDBADUSN0DBADVW50DBADVW60DBADVW78wDQYJKoZIhvcNAQELBQADggEB
AKrWgvo7bvUZyW9N1xbcPCn2SrBqURHWP8Gtk1mdPxv3XiLYVsT+8I08p2RrBq/f
mhJf7QS4SBjp6i1FNt9eN7qlxGOr3jxey3eg/wmcv4hNaJef4LKQmun/L64Ixgbz
newueot/sEGBLOJeppp/Ez1G52FlZVcwBX6Xcui9Krmj2/Qmvui4surwzeqwbHUV
tXfDyiu6w2rB4Y5sqmmhcVK0cvm6GafUhC/Q0xIs55Ta1OvPkF08Iz4H7y3/tFeY
wzNCgxkBpvKlOiahDPYWlGVMCQtctJ0IBPjB0dxLJaSVfC4v8v6X2OCeTkMYHSiR
q+jnKwy23mb8f+TvyPlxCkw=
-----END CERTIFICATE-----