Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/66zOdbzCnUnO64Xr3odnKaMx1Vc.roa
File:                     66zOdbzCnUnO64Xr3odnKaMx1Vc.roa (raw, json)
Hash identifier:          s4DnFDJtjN8nEf2WZDEM7jpDWAn8Ld/+IL49Tmr/z+Y=
Subject key identifier:   EB:AC:CE:75:BC:C2:9D:49:CE:EB:85:EB:DE:87:67:29:A3:31:D5:57
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       0184558D4099EF05FB87B533F79154F8AEC2
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/66zOdbzCnUnO64Xr3odnKaMx1Vc.roa
Signing time:             Tue 08 Nov 2022 04:43:51 +0000
ROA not before:           Tue 08 Nov 2022 04:43:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:55:8d:40:99:ef:05:fb:87:b5:33:f7:91:54:f8:ae:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Nov  8 04:43:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ebacce75bcc29d49ceeb85ebde876729a331d557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:42:71:08:4f:11:3a:18:a5:24:18:08:ef:7f:
                    af:f2:8b:aa:27:f5:bc:4e:ce:c1:5f:e6:61:44:3b:
                    ce:74:51:69:5c:c5:3c:7c:85:e4:a0:a2:ba:39:53:
                    49:cc:6a:c9:06:cd:ce:c1:dd:d3:e6:2c:42:7d:92:
                    b9:34:a0:ab:33:2d:e1:d5:91:52:90:cd:a0:64:81:
                    ad:21:02:a9:43:79:c4:f2:9e:39:16:e4:b7:81:0b:
                    af:20:bb:42:5b:ae:1a:c6:67:c3:68:1e:11:56:92:
                    6b:81:16:32:fd:99:2c:13:4b:a9:ef:25:8c:6c:6a:
                    75:ab:19:88:5a:67:ea:87:f3:19:cb:ad:3d:2c:cc:
                    26:1d:ad:a9:f5:d2:ef:21:bd:16:f1:d4:ea:65:c5:
                    36:61:8d:06:29:86:f1:d4:36:75:a5:5e:bb:2f:e3:
                    3c:32:6d:14:af:7a:b0:e7:0e:48:8a:38:79:27:ee:
                    82:b2:48:92:80:32:c6:cb:90:c6:a4:b3:87:6e:64:
                    a9:c8:07:c2:fc:ed:58:5b:8d:fd:77:40:16:9c:72:
                    f2:6f:21:7c:7d:84:25:19:39:69:54:57:f8:6d:cb:
                    37:b7:22:4a:d9:27:97:d1:66:fe:a4:c0:0e:2e:5c:
                    a1:af:8b:5b:b5:5f:d7:a4:af:c8:ff:93:3b:9b:0c:
                    68:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:AC:CE:75:BC:C2:9D:49:CE:EB:85:EB:DE:87:67:29:A3:31:D5:57
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/66zOdbzCnUnO64Xr3odnKaMx1Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.179.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:e7:cf:72:54:30:2a:f6:74:ce:c0:5e:7c:46:89:7d:3b:62:
         28:d5:fd:17:ae:b5:fe:43:4f:4d:42:77:e5:ea:93:65:08:73:
         1c:48:80:4c:c2:f3:d0:c6:78:d1:20:dd:63:a4:a7:71:d1:52:
         44:dd:68:1c:87:1f:94:fa:93:41:ce:78:b9:3f:bf:81:93:67:
         f8:65:55:d8:a6:65:8a:51:14:aa:cf:07:7e:8e:44:fa:33:77:
         10:2e:e1:1d:71:d5:de:80:96:ee:19:43:fa:80:c0:40:43:d2:
         b2:90:7a:8b:44:75:43:35:ba:6e:08:fb:f2:87:28:56:17:3b:
         66:52:62:ff:60:7a:5f:41:ca:bd:56:98:3a:d8:98:01:97:38:
         5a:e3:60:d9:48:82:9e:8d:9e:6b:c2:f5:ce:ea:1a:4a:cb:fd:
         b6:86:06:4a:c7:b0:60:d4:04:d6:31:84:01:e1:13:13:4f:6f:
         91:cb:57:3f:77:d1:ba:7d:f7:48:85:53:6b:32:63:2d:6f:b2:
         eb:58:b5:c6:85:02:15:5a:e4:b6:64:1f:36:23:e3:0d:a2:a5:
         e4:f2:46:95:94:6d:8d:c4:51:ec:56:92:37:d2:c2:7e:67:d7:
         89:d9:81:00:42:8b:8a:be:11:1d:fb:2a:36:80:dc:66:59:41:
         1f:d2:a8:bc
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYRVjUCZ7wX7h7Uz95FU+K7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjIxMTA4MDQ0MzUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmFjY2U3NWJjYzI5ZDQ5Y2VlYjg1ZWJkZTg3NjcyOWEzMzFkNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUJxCE8ROhilJBgI73+v8ouqJ/W8
Ts7BX+ZhRDvOdFFpXMU8fIXkoKK6OVNJzGrJBs3Owd3T5ixCfZK5NKCrMy3h1ZFS
kM2gZIGtIQKpQ3nE8p45FuS3gQuvILtCW64axmfDaB4RVpJrgRYy/ZksE0up7yWM
bGp1qxmIWmfqh/MZy609LMwmHa2p9dLvIb0W8dTqZcU2YY0GKYbx1DZ1pV67L+M8
Mm0Ur3qw5w5Iijh5J+6CskiSgDLGy5DGpLOHbmSpyAfC/O1YW439d0AWnHLybyF8
fYQlGTlpVFf4bcs3tyJK2SeX0Wb+pMAOLlyhr4tbtV/XpK/I/5M7mwxoBwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFOusznW8wp1JzuuF696HZymjMdVXMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvNjZ6T2RiekNuVW5PNjRYcjNvZG5LYU14MVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAFo96oD
BAJo97ADBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATANBgkqhkiG9w0BAQsF
AAOCAQEAA+fPclQwKvZ0zsBefEaJfTtiKNX9F661/kNPTUJ35eqTZQhzHEiATMLz
0MZ40SDdY6SncdFSRN1oHIcflPqTQc54uT+/gZNn+GVV2KZlilEUqs8Hfo5E+jN3
EC7hHXHV3oCW7hlD+oDAQEPSspB6i0R1QzW6bgj78ocoVhc7ZlJi/2B6X0HKvVaY
OtiYAZc4WuNg2UiCno2ea8L1zuoaSsv9toYGSsewYNQE1jGEAeETE09vkctXP3fR
un33SIVTazJjLW+y61i1xoUCFVrktmQfNiPjDaKl5PJGlZRtjcRR7FaSN9LCfmfX
idmBAEKLir4RHfsqNoDcZllBH9KovA==
-----END CERTIFICATE-----