Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/JTMhGKWtMqV8gs07ZsEa2fRwVWk.roa
File:                     JTMhGKWtMqV8gs07ZsEa2fRwVWk.roa (raw, json)
Hash identifier:          CYC9ppts+i+2INx/IqlHPHLLjDqZKgpjzoglEtF+2zA=
Subject key identifier:   25:33:21:18:A5:AD:32:A5:7C:82:CD:3B:66:C1:1A:D9:F4:70:55:69
Certificate issuer:       /CN=708612e8703a660889ca0f457cf1b4d8a0d53b4d
Certificate serial:       523CBA
Authority key identifier: 70:86:12:E8:70:3A:66:08:89:CA:0F:45:7C:F1:B4:D8:A0:D5:3B:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIYS6HA6ZgiJyg9FfPG02KDVO00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/JTMhGKWtMqV8gs07ZsEa2fRwVWk.roa
Signing time:             Wed 22 Jun 2022 19:10:32 +0000
ROA not before:           Wed 22 Jun 2022 19:10:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8211
IP address blocks:        145.72.108.0/23 maxlen: 23
                          145.72.108.0/22 maxlen: 22
                          145.72.110.0/23 maxlen: 23
                          145.72.120.0/21 maxlen: 21
                          145.72.124.0/22 maxlen: 22
                          145.72.120.0/22 maxlen: 22
                          145.72.94.0/23 maxlen: 23
                          145.72.94.0/24 maxlen: 24
                          145.72.95.0/24 maxlen: 24
                          145.72.96.0/23 maxlen: 23
                          145.72.96.0/22 maxlen: 22
                          145.72.98.0/23 maxlen: 23
                          145.72.100.0/22 maxlen: 22
                          2a02:cc4:2100::/41 maxlen: 41
                          2a02:cc4:2100::/42 maxlen: 42
                          2a02:cc4:2140::/42 maxlen: 42
                          2a02:cc4:2f00::/41 maxlen: 42
                          2a02:cc4:2f0::/45 maxlen: 45
                          2a02:cc4:2f0::/44 maxlen: 44
                          2a02:cc4:2f8::/45 maxlen: 45

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5389498 (0x523cba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=708612e8703a660889ca0f457cf1b4d8a0d53b4d
        Validity
            Not Before: Jun 22 19:10:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=25332118a5ad32a57c82cd3b66c11ad9f4705569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:8b:4c:7d:80:6e:5d:30:e2:f8:b3:8f:c5:c3:
                    8e:f8:a4:42:28:a3:4f:18:1f:1d:1c:66:4f:7c:2c:
                    43:4a:1a:9b:b1:3a:3b:97:75:1d:e9:73:37:1b:6f:
                    3a:7f:48:6f:b2:02:62:45:c0:03:4d:fc:33:f7:aa:
                    cc:5d:38:36:d5:bd:7f:6d:a0:9e:c0:39:6a:f2:84:
                    95:5a:55:fa:67:9a:7b:e7:67:e7:86:7f:b5:e7:80:
                    87:a8:58:5a:a3:35:5a:50:97:49:aa:a9:21:2f:31:
                    6b:a9:46:3e:a2:db:c2:75:4d:cc:99:13:2e:d7:46:
                    f9:ec:9a:f4:d7:50:c4:5a:65:2a:a8:c0:b5:4b:50:
                    46:e4:31:5f:08:93:79:24:cf:a9:c3:38:4d:15:65:
                    d4:71:64:99:b1:69:11:ba:f4:ca:cb:e2:f7:99:56:
                    24:16:16:ca:8e:83:6b:0c:33:d4:70:14:aa:f9:27:
                    5d:98:aa:42:de:80:67:15:04:b3:12:8f:f0:c8:ce:
                    5c:a7:9a:d5:74:54:13:43:a9:8b:48:29:12:46:b4:
                    2d:7f:f5:53:37:75:d9:f0:06:5f:d5:16:51:2a:92:
                    f3:fa:ea:0b:e2:b7:a9:61:64:49:d5:56:87:0d:64:
                    6f:08:77:66:3a:3b:84:7c:ee:e6:4f:c6:57:fd:ef:
                    de:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:33:21:18:A5:AD:32:A5:7C:82:CD:3B:66:C1:1A:D9:F4:70:55:69
            X509v3 Authority Key Identifier:
                keyid:70:86:12:E8:70:3A:66:08:89:CA:0F:45:7C:F1:B4:D8:A0:D5:3B:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIYS6HA6ZgiJyg9FfPG02KDVO00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/JTMhGKWtMqV8gs07ZsEa2fRwVWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/cIYS6HA6ZgiJyg9FfPG02KDVO00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.72.94.0-145.72.103.255
                  145.72.108.0/22
                  145.72.120.0/21
                IPv6:
                  2a02:cc4:2f0::/44
                  2a02:cc4:2100::/41
                  2a02:cc4:2f00::/41

    Signature Algorithm: sha256WithRSAEncryption
         75:c1:0c:5b:02:ec:e3:df:5e:36:06:51:1f:e9:69:bc:2d:61:
         aa:5e:88:6f:be:75:d5:0c:ec:04:33:98:91:f4:25:9b:c8:47:
         17:9a:51:ca:75:46:2a:81:ad:79:d8:8c:64:69:44:be:ed:5a:
         54:e0:2f:67:d3:8d:bf:a4:72:51:81:d6:84:fe:b6:d0:0e:7c:
         a5:4c:8b:ca:69:63:33:57:07:be:d0:fa:a7:4e:3e:e6:0d:7e:
         94:37:9f:f9:83:dd:ad:b5:ee:d8:54:31:ca:79:42:d6:a7:79:
         77:ed:7b:7b:02:d8:7f:8d:49:50:38:a3:1d:43:37:36:be:2a:
         30:0e:b2:c9:80:b7:61:81:9f:86:ad:b2:c5:8d:fe:a1:36:55:
         f2:71:fd:1f:0b:5b:f1:d6:bc:da:fe:e1:5a:b0:29:19:ba:73:
         ef:6d:b7:2c:0b:44:2d:49:e8:6b:3a:cd:4d:1b:d2:a8:bf:ee:
         64:0e:89:ad:74:05:db:dd:26:4c:70:b0:78:e7:8b:38:5c:5d:
         84:ce:d8:55:b1:8f:57:cd:a8:48:78:d5:a0:ee:0b:06:a9:ac:
         f7:72:16:45:05:fc:88:26:00:11:f2:cb:02:ce:3f:a1:61:28:
         ab:16:7f:24:d0:f3:5e:94:c0:8d:d2:5a:51:90:77:5b:76:06:
         b1:66:8b:e8
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIDUjy6MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDcw
ODYxMmU4NzAzYTY2MDg4OWNhMGY0NTdjZjFiNGQ4YTBkNTNiNGQwHhcNMjIwNjIy
MTkxMDMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyNTMzMjExOGE1YWQz
MmE1N2M4MmNkM2I2NmMxMWFkOWY0NzA1NTY5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyYtMfYBuXTDi+LOPxcOO+KRCKKNPGB8dHGZPfCxDShqbsTo7
l3Ud6XM3G286f0hvsgJiRcADTfwz96rMXTg21b1/baCewDlq8oSVWlX6Z5p752fn
hn+154CHqFhaozVaUJdJqqkhLzFrqUY+otvCdU3MmRMu10b57Jr011DEWmUqqMC1
S1BG5DFfCJN5JM+pwzhNFWXUcWSZsWkRuvTKy+L3mVYkFhbKjoNrDDPUcBSq+Sdd
mKpC3oBnFQSzEo/wyM5cp5rVdFQTQ6mLSCkSRrQtf/VTN3XZ8AZf1RZRKpLz+uoL
4repYWRJ1VaHDWRvCHdmOjuEfO7mT8ZX/e/elwIDAQABo4ICQDCCAjwwHQYDVR0O
BBYEFCUzIRilrTKlfILNO2bBGtn0cFVpMB8GA1UdIwQYMBaAFHCGEuhwOmYIicoP
RXzxtNig1TtNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
Y0lZUzZIQTZaZ2lKeWc5RmZQRzAyS0RWTzAwLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8xMC8yMmIwZmUtOWRjOC00YmVmLWEyOTktMzAwOTdhMjQ2YTljLzEv
SlRNaEdLV3RNcVY4Z3MwN1pzRWEyZlJ3VldrLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8y
MmIwZmUtOWRjOC00YmVmLWEyOTktMzAwOTdhMjQ2YTljLzEvY0lZUzZIQTZaZ2lK
eWc5RmZQRzAyS0RWTzAwLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFYG
CCsGAQUFBwEHAQH/BEcwRTAgBAIAATAaMAwDBAGRSF4DBAORSGADBAKRSGwDBAOR
SHgwIQQCAAIwGwMHBCoCDMQC8AMHByoCDMQhAAMHByoCDMQvADANBgkqhkiG9w0B
AQsFAAOCAQEAdcEMWwLs499eNgZRH+lpvC1hql6Ib7511QzsBDOYkfQlm8hHF5pR
ynVGKoGtediMZGlEvu1aVOAvZ9ONv6RyUYHWhP620A58pUyLymljM1cHvtD6p04+
5g1+lDef+YPdrbXu2FQxynlC1qd5d+17ewLYf41JUDijHUM3Nr4qMA6yyYC3YYGf
hq2yxY3+oTZV8nH9Hwtb8da82v7hWrApGbpz7223LAtELUnoazrNTRvSqL/uZA6J
rXQF290mTHCweOeLOFxdhM7YVbGPV82oSHjVoO4LBqms93IWRQX8iCYAEfLLAs4/
oWEoqxZ/JNDzXpTAjdJaUZB3W3YGsWaL6A==
-----END CERTIFICATE-----