Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/ceoIN0UCMv9WcawIyTv-j7fSjLk.roa
File:                     ceoIN0UCMv9WcawIyTv-j7fSjLk.roa (raw, json)
Hash identifier:          A3u7zJmdNKJ94h1pLzBiwkWVIEMiwSk7wfE4qG2zgWU=
Subject key identifier:   71:EA:08:37:45:02:32:FF:56:71:AC:08:C9:3B:FE:8F:B7:D2:8C:B9
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       0182DE417AE5FEB231BCF05446CD2985EF74
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/ceoIN0UCMv9WcawIyTv-j7fSjLk.roa
Signing time:             Sat 27 Aug 2022 07:43:29 +0000
ROA not before:           Sat 27 Aug 2022 07:43:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57758
IP address blocks:        185.167.204.0/24 maxlen: 24
                          185.167.207.0/24 maxlen: 24
                          2a0b:b600:3804::/48 maxlen: 48
                          2a0b:b600:3802::/48 maxlen: 48
                          2a0b:b602::/32 maxlen: 48
                          2a0b:b600:3803::/48 maxlen: 48
                          2a0b:b600:2000::/38 maxlen: 48
                          2a0b:b600:3400::/38 maxlen: 48
                          2a0b:b600:400::/38 maxlen: 48
                          2a0b:b600::/36 maxlen: 36
                          2a0b:b600:800::/38 maxlen: 38
                          2a0b:b600:1800::/38 maxlen: 38
                          2a0b:b600:1400::/38 maxlen: 38
                          2a0b:b600:3800::/38 maxlen: 38
                          2a0b:b600:2400::/38 maxlen: 38
                          2a0b:b600:3400::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:de:41:7a:e5:fe:b2:31:bc:f0:54:46:cd:29:85:ef:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Aug 27 07:43:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=71ea0837450232ff5671ac08c93bfe8fb7d28cb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:89:a2:e2:7a:ee:5a:3f:3c:d8:86:6b:d1:a9:
                    82:4a:7b:9d:da:09:45:37:3f:f3:c5:f0:ce:6f:20:
                    8f:bd:5b:61:f8:70:83:ef:97:10:b5:a1:1f:57:2b:
                    06:a3:23:da:5c:e0:20:0f:9a:e8:8a:12:7b:fb:31:
                    7d:b9:fb:32:2b:83:53:df:9f:d8:b6:34:6c:f6:2e:
                    ba:9b:d8:ff:c2:fd:13:30:5c:2f:df:e6:91:3e:90:
                    8f:75:d9:88:84:30:58:10:f2:39:74:e0:d4:c6:24:
                    da:2a:f3:6e:10:a4:4c:00:cd:c4:2b:71:3a:9b:3c:
                    d5:9b:04:af:b9:19:47:50:c8:5d:c5:fd:a8:3f:01:
                    cf:60:f6:49:37:eb:33:9e:41:5d:09:98:44:17:52:
                    76:18:43:46:05:a3:0d:49:98:e7:88:02:3f:51:7d:
                    a6:61:6f:4e:07:0d:26:10:80:10:29:1e:89:bf:a7:
                    73:73:5f:e2:64:ce:f1:05:60:5d:34:5c:e0:da:e0:
                    67:56:43:c2:82:0d:9d:33:2a:0b:db:06:34:1f:de:
                    43:c5:3a:de:6b:53:80:bb:89:45:00:00:f6:8c:7f:
                    c0:ea:c1:37:33:74:43:72:73:3a:d8:0f:59:6b:6f:
                    f4:be:3b:42:7e:ca:08:6c:18:06:e2:b0:14:a7:6a:
                    f9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:EA:08:37:45:02:32:FF:56:71:AC:08:C9:3B:FE:8F:B7:D2:8C:B9
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/ceoIN0UCMv9WcawIyTv-j7fSjLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.204.0/24
                  185.167.207.0/24
                IPv6:
                  2a0b:b600::/36
                  2a0b:b600:1400::-2a0b:b600:1bff:ffff:ffff:ffff:ffff:ffff
                  2a0b:b600:2000::/37
                  2a0b:b600:3400::-2a0b:b600:3bff:ffff:ffff:ffff:ffff:ffff
                  2a0b:b602::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:10:5a:a3:69:a1:75:83:05:f5:b5:9f:fd:af:e0:a1:be:6a:
         0b:a9:f4:67:a0:4c:d5:cc:c7:c0:7b:79:dc:2d:b9:34:94:0b:
         ee:23:89:9d:8b:eb:dd:55:90:13:17:ea:45:ab:9a:ff:f1:9a:
         60:bf:39:b4:8f:17:35:10:3c:17:5f:fa:b3:3a:63:b9:3e:33:
         d7:7e:d9:f1:a4:03:e0:da:e8:17:bb:bc:b9:93:c5:ae:33:65:
         60:be:d5:4f:5f:73:62:76:bf:1f:e7:5e:f5:b7:24:57:42:87:
         0b:ab:68:1f:fb:a3:e9:c7:53:1d:52:ad:f9:c2:ab:f8:b8:b8:
         95:1c:cc:a7:54:b9:8f:95:02:db:d5:8d:29:f2:7f:67:54:25:
         91:5a:89:13:76:16:fd:61:23:09:0e:56:51:f0:47:6e:b7:76:
         71:c8:75:50:f9:d6:05:d8:17:6e:33:31:b8:ee:d4:e6:ed:79:
         b2:37:85:86:85:ac:31:54:36:f3:59:cb:ec:03:95:c0:e8:95:
         a5:ee:ea:d2:23:97:f1:94:f5:43:fc:0c:a3:4b:37:4a:4b:25:
         02:e3:99:9d:7e:43:4e:07:e4:5e:d1:a2:69:3f:47:10:95:6d:
         37:09:ba:00:25:b2:eb:56:39:55:6d:24:73:2f:38:7b:40:11:
         b1:7d:b2:b7
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYLeQXrl/rIxvPBURs0phe90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjIwODI3MDc0MzI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWVhMDgzNzQ1MDIzMmZmNTY3MWFjMDhjOTNiZmU4ZmI3ZDI4Y2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqImi4nruWj882IZr0amCSnud2glF
Nz/zxfDObyCPvVth+HCD75cQtaEfVysGoyPaXOAgD5roihJ7+zF9ufsyK4NT35/Y
tjRs9i66m9j/wv0TMFwv3+aRPpCPddmIhDBYEPI5dODUxiTaKvNuEKRMAM3EK3E6
mzzVmwSvuRlHUMhdxf2oPwHPYPZJN+sznkFdCZhEF1J2GENGBaMNSZjniAI/UX2m
YW9OBw0mEIAQKR6Jv6dzc1/iZM7xBWBdNFzg2uBnVkPCgg2dMyoL2wY0H95DxTre
a1OAu4lFAAD2jH/A6sE3M3RDcnM62A9Za2/0vjtCfsoIbBgG4rAUp2r5+wIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFHHqCDdFAjL/VnGsCMk7/o+30oy5MB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvY2VvSU4wVUNNdjlXY2F3SXlUdi1qN2ZTakxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzASBAIAATAMAwQAuafMAwQA
uafPMEEEAgACMDsDBgQqC7YAADAQAwYCKgu2ABQDBgIqC7YAGAMGAyoLtgAgMBAD
BgIqC7YANAMGAioLtgA4AwUAKgu2AjANBgkqhkiG9w0BAQsFAAOCAQEAJBBao2mh
dYMF9bWf/a/gob5qC6n0Z6BM1czHwHt53C25NJQL7iOJnYvr3VWQExfqRaua//Ga
YL85tI8XNRA8F1/6szpjuT4z137Z8aQD4NroF7u8uZPFrjNlYL7VT19zYna/H+de
9bckV0KHC6toH/uj6cdTHVKt+cKr+Li4lRzMp1S5j5UC29WNKfJ/Z1QlkVqJE3YW
/WEjCQ5WUfBHbrd2cch1UPnWBdgXbjMxuO7U5u15sjeFhoWsMVQ281nL7AOVwOiV
pe7q0iOX8ZT1Q/wMo0s3SkslAuOZnX5DTgfkXtGiaT9HEJVtNwm6ACWy61Y5VW0k
cy84e0ARsX2ytw==
-----END CERTIFICATE-----