Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/jQHBU7ZJd_BDmoMlp27gG3nVHI8.roa
File:                     jQHBU7ZJd_BDmoMlp27gG3nVHI8.roa (raw, json)
Hash identifier:          BWNgOarHz9fTjaibA9UYiMpwIiGY598K05TH1N92SW0=
Subject key identifier:   8D:01:C1:53:B6:49:77:F0:43:9A:83:25:A7:6E:E0:1B:79:D5:1C:8F
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0183B3CF2A05E372D9190755B0BC3FBCE2E8
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/jQHBU7ZJd_BDmoMlp27gG3nVHI8.roa
Signing time:             Fri 07 Oct 2022 18:57:21 +0000
ROA not before:           Fri 07 Oct 2022 18:57:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51659
IP address blocks:        193.233.16.0/24 maxlen: 24
                          193.233.22.0/24 maxlen: 24
                          193.233.23.0/24 maxlen: 24
                          193.233.21.0/24 maxlen: 24
                          193.233.19.0/24 maxlen: 24
                          193.233.20.0/24 maxlen: 24
                          193.233.18.0/24 maxlen: 24
                          193.233.252.0/22 maxlen: 22
                          193.233.192.0/22 maxlen: 22
                          193.233.84.0/22 maxlen: 22
                          193.233.94.0/23 maxlen: 24
                          193.233.93.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b3:cf:2a:05:e3:72:d9:19:07:55:b0:bc:3f:bc:e2:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Oct  7 18:57:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8d01c153b64977f0439a8325a76ee01b79d51c8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:01:41:f5:71:82:70:86:e0:ed:b5:05:92:68:
                    de:f9:22:69:57:be:a8:09:06:bd:80:65:d0:24:5f:
                    0e:e7:30:39:d1:16:14:a0:c0:e6:ed:e1:7d:5f:29:
                    54:e2:66:5b:40:fb:e9:d0:a3:4e:33:c5:b2:bf:eb:
                    9d:dd:e2:db:24:c3:52:31:6e:7e:33:5b:4a:f9:b5:
                    10:99:c6:39:9c:0f:b6:55:28:91:a7:57:c1:f6:af:
                    fe:5c:1b:57:0b:51:bc:2b:4d:bd:ec:e8:e7:83:99:
                    fc:09:fc:e1:be:b7:a3:d6:5b:06:b5:1f:3b:bb:c7:
                    0a:dc:12:ab:47:e6:03:f9:93:1b:a9:9f:05:a0:5b:
                    a2:7c:f4:8f:3b:a8:e6:9a:e9:e6:f9:eb:9d:f0:58:
                    19:16:93:12:a6:e1:8c:78:6a:05:3f:db:27:37:f5:
                    96:bb:7c:a7:02:f2:18:71:58:f2:e5:a6:84:d3:84:
                    ef:40:e0:d5:73:28:68:28:07:73:8b:0e:3a:0b:c9:
                    5b:3b:fb:8f:56:1b:16:5e:68:95:be:dd:58:00:42:
                    a8:08:05:00:a6:d3:cc:73:d0:2c:55:dc:e2:21:0b:
                    b5:c6:af:4d:58:24:10:3b:ef:b7:6f:fe:df:02:ba:
                    ab:bc:ba:65:36:c6:96:07:37:2f:9a:94:67:17:2b:
                    f6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:01:C1:53:B6:49:77:F0:43:9A:83:25:A7:6E:E0:1B:79:D5:1C:8F
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/jQHBU7ZJd_BDmoMlp27gG3nVHI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.16.0/24
                  193.233.18.0-193.233.23.255
                  193.233.84.0/22
                  193.233.93.0-193.233.95.255
                  193.233.192.0/22
                  193.233.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:5e:2b:ba:82:c2:28:46:33:e5:30:56:2e:7b:85:fa:84:cb:
         4c:f7:d0:7a:c4:32:04:a4:fa:7c:8d:8e:cc:c6:3a:94:63:ad:
         d3:a1:c8:de:69:06:db:e1:14:7e:c3:aa:c4:53:e9:32:c6:c1:
         aa:6b:c2:e8:47:5e:3b:53:12:bf:c0:98:28:cb:bf:85:95:66:
         0d:d7:bc:c3:b2:20:51:d7:aa:60:7e:7f:47:56:e6:4a:8c:8a:
         e4:22:88:40:40:96:26:aa:9c:04:c5:22:f5:7f:a0:c0:84:9d:
         03:eb:f2:09:11:4e:28:f0:20:02:e2:cb:50:f2:cc:59:f4:33:
         d6:17:b5:3a:79:77:a3:87:6c:95:0b:22:51:ed:b7:cb:ae:ed:
         50:e0:31:54:b5:40:eb:13:0b:44:4f:da:b5:96:f9:d0:db:1c:
         fe:78:a9:cf:e5:c6:82:ec:db:78:77:89:e6:08:8a:8f:f7:fe:
         86:76:5c:4e:4a:57:73:36:a9:9e:16:3c:1a:e4:1f:57:be:5c:
         08:c3:a3:1e:b5:9d:d1:37:d4:9c:a5:cf:88:a4:a4:5c:56:ab:
         6a:d8:ba:2b:5d:d1:cd:81:72:1a:5f:f0:6d:69:81:f4:90:1a:
         fd:77:3c:af:e4:1e:0b:be:dd:94:02:ea:e7:5d:36:53:ab:61:
         47:9d:67:59
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYOzzyoF43LZGQdVsLw/vOLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjIxMDA3MTg1NzIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDAxYzE1M2I2NDk3N2YwNDM5YTgzMjVhNzZlZTAxYjc5ZDUxYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAFB9XGCcIbg7bUFkmje+SJpV76o
CQa9gGXQJF8O5zA50RYUoMDm7eF9XylU4mZbQPvp0KNOM8Wyv+ud3eLbJMNSMW5+
M1tK+bUQmcY5nA+2VSiRp1fB9q/+XBtXC1G8K0297Ojng5n8Cfzhvrej1lsGtR87
u8cK3BKrR+YD+ZMbqZ8FoFuifPSPO6jmmunm+eud8FgZFpMSpuGMeGoFP9snN/WW
u3ynAvIYcVjy5aaE04TvQODVcyhoKAdziw46C8lbO/uPVhsWXmiVvt1YAEKoCAUA
ptPMc9AsVdziIQu1xq9NWCQQO++3b/7fArqrvLplNsaWBzcvmpRnFyv2TQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFI0BwVO2SXfwQ5qDJadu4Bt51RyPMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvalFIQlU3WkpkX0JEbW9NbHAyN2dHM25WSEk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQAwekQMAwD
BAHB6RIDBAPB6RADBALB6VQwDAMEAMHpXQMEBcHpQAMEAsHpwAMEAsHp/DANBgkq
hkiG9w0BAQsFAAOCAQEAlV4ruoLCKEYz5TBWLnuF+oTLTPfQesQyBKT6fI2OzMY6
lGOt06HI3mkG2+EUfsOqxFPpMsbBqmvC6EdeO1MSv8CYKMu/hZVmDde8w7IgUdeq
YH5/R1bmSoyK5CKIQECWJqqcBMUi9X+gwISdA+vyCRFOKPAgAuLLUPLMWfQz1he1
Onl3o4dslQsiUe23y67tUOAxVLVA6xMLRE/atZb50Nsc/nipz+XGguzbeHeJ5giK
j/f+hnZcTkpXczapnhY8GuQfV75cCMOjHrWd0TfUnKXPiKSkXFarati6K13RzYFy
Gl/wbWmB9JAa/Xc8r+QeC77dlALq5102U6thR51nWQ==
-----END CERTIFICATE-----