Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/gwxQfbOKpYPF76QG8esynWrp2Hc.roa
File:                     gwxQfbOKpYPF76QG8esynWrp2Hc.roa (raw, json)
Hash identifier:          tm+3L6Q+oAuh8heP0/rpCGwwtdSHFarMIBYYPN5QdJE=
Subject key identifier:   83:0C:50:7D:B3:8A:A5:83:C5:EF:A4:06:F1:EB:32:9D:6A:E9:D8:77
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       38DC2548
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/gwxQfbOKpYPF76QG8esynWrp2Hc.roa
Signing time:             Tue 29 Mar 2022 12:23:51 +0000
ROA not before:           Tue 29 Mar 2022 12:23:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6730
IP address blocks:        195.112.64.0/19 maxlen: 19
                          62.167.0.0/17 maxlen: 17
                          62.167.0.0/16 maxlen: 16
                          84.226.0.0/15 maxlen: 16
                          195.141.0.0/16 maxlen: 16
                          193.192.224.0/19 maxlen: 19
                          194.230.0.0/16 maxlen: 16
                          178.38.0.0/15 maxlen: 16
                          212.161.128.0/17 maxlen: 17
                          194.230.144.0/20 maxlen: 20
                          31.164.0.0/15 maxlen: 16
                          188.154.0.0/15 maxlen: 16
                          212.98.32.0/19 maxlen: 19
                          194.158.224.0/19 maxlen: 19
                          89.217.0.0/16 maxlen: 16
                          212.35.32.0/19 maxlen: 19
                          2001:1700::/27 maxlen: 27

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 953951560 (0x38dc2548)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Mar 29 12:23:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=830c507db38aa583c5efa406f1eb329d6ae9d877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c9:1d:44:65:e0:b1:05:4f:de:cb:03:c5:2d:
                    98:cc:b7:39:71:97:d0:e2:2b:59:3e:23:a6:12:0e:
                    0c:40:fd:38:fa:d3:03:b9:4a:22:b9:71:10:5e:7b:
                    0e:5f:da:10:f9:5b:86:47:9f:33:02:19:d5:e7:e0:
                    5d:b5:5d:03:77:65:1b:ad:78:7f:01:fe:2c:0a:28:
                    0e:b4:fd:32:02:16:db:36:11:d9:ec:03:75:47:cd:
                    15:61:0c:99:b3:91:b6:8c:ec:2c:de:7d:39:43:23:
                    0f:10:73:7d:1a:5a:c7:e7:db:f0:60:ca:d7:31:fe:
                    7b:da:e4:db:a3:51:af:80:4e:67:58:47:1b:f5:4c:
                    45:38:38:d7:ed:87:77:56:fc:21:cb:d1:c0:a8:fe:
                    93:fd:48:56:20:59:dd:fe:9f:16:fa:7c:3b:6c:5c:
                    f8:e8:84:64:ba:55:fb:dd:7d:6f:55:ee:ef:e8:41:
                    0d:f6:81:2e:6f:4a:d6:b9:e0:89:2d:68:68:33:89:
                    84:eb:5f:94:ba:51:46:c2:56:a6:04:15:b8:73:89:
                    4e:33:a1:60:01:f1:de:a4:6e:a9:bd:b0:ac:ce:41:
                    77:16:16:0c:82:50:d2:93:0e:2a:d0:03:12:5b:05:
                    d7:ac:4d:ea:73:10:d4:27:97:75:84:53:a1:16:70:
                    89:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0C:50:7D:B3:8A:A5:83:C5:EF:A4:06:F1:EB:32:9D:6A:E9:D8:77
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/gwxQfbOKpYPF76QG8esynWrp2Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.164.0.0/15
                  62.167.0.0/16
                  84.226.0.0/15
                  89.217.0.0/16
                  178.38.0.0/15
                  188.154.0.0/15
                  193.192.224.0/19
                  194.158.224.0/19
                  194.230.0.0/16
                  195.112.64.0/19
                  195.141.0.0/16
                  212.35.32.0/19
                  212.98.32.0/19
                  212.161.128.0/17
                IPv6:
                  2001:1700::/27

    Signature Algorithm: sha256WithRSAEncryption
         bd:ec:a4:7a:5b:66:a9:29:08:8e:4f:15:24:b7:bf:a7:12:99:
         76:b6:41:8b:f0:2f:88:e7:a2:a5:9c:cd:fe:66:91:e2:64:46:
         da:56:5e:6d:a4:10:49:7f:c9:a8:a3:bc:31:75:9c:1e:b8:29:
         3a:9d:b3:dc:3d:75:75:1b:0b:f3:cf:1c:cd:51:ab:11:f8:d2:
         bf:c7:6a:df:34:ce:4e:c0:3d:25:82:ee:f9:5a:51:15:87:00:
         a7:3d:6f:be:dd:19:4f:05:3b:be:cb:30:35:93:25:95:d7:3a:
         2c:08:33:af:ce:44:67:c6:d9:30:79:c7:b4:b6:16:b7:18:be:
         ff:7e:57:d8:ce:95:a2:c7:cf:36:d5:77:66:5a:07:0f:85:0b:
         a7:9e:a5:f6:76:68:29:e8:c9:9d:39:6a:22:d1:75:93:19:b9:
         90:81:f8:f7:72:9a:27:ab:d0:43:22:61:60:45:2b:e8:98:da:
         0e:19:00:41:d5:9b:fe:05:17:20:35:6c:41:df:e5:bd:7a:9c:
         d5:32:86:b7:21:c3:b4:fa:de:65:c6:1a:e6:ff:cb:16:a9:36:
         9b:0f:b5:9d:63:84:d4:8d:13:96:3c:a7:ca:0a:fd:e4:ee:9c:
         79:8e:41:2a:17:ea:53:9d:e7:25:ed:ff:51:6b:5d:49:52:a3:
         e4:35:03:5c
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgIEONwlSDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MTVkYmMwMDQzM2UyOWYyYWRlYjAzOGZlYTJmYmQ3MDQ4ZmI2MzJmMB4XDTIyMDMy
OTEyMjM1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODMwYzUwN2RiMzhh
YTU4M2M1ZWZhNDA2ZjFlYjMyOWQ2YWU5ZDg3NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIzJHURl4LEFT97LA8UtmMy3OXGX0OIrWT4jphIODED9OPrT
A7lKIrlxEF57Dl/aEPlbhkefMwIZ1efgXbVdA3dlG614fwH+LAooDrT9MgIW2zYR
2ewDdUfNFWEMmbORtozsLN59OUMjDxBzfRpax+fb8GDK1zH+e9rk26NRr4BOZ1hH
G/VMRTg41+2Hd1b8IcvRwKj+k/1IViBZ3f6fFvp8O2xc+OiEZLpV+919b1Xu7+hB
DfaBLm9K1rngiS1oaDOJhOtflLpRRsJWpgQVuHOJTjOhYAHx3qRuqb2wrM5BdxYW
DIJQ0pMOKtADElsF16xN6nMQ1CeXdYRToRZwiccCAwEAAaOCAl4wggJaMB0GA1Ud
DgQWBBSDDFB9s4qlg8XvpAbx6zKdaunYdzAfBgNVHSMEGDAWgBQRXbwAQz4p8q3r
A4/qL71wSPtjLzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VWMjhBRU0tS2ZLdDZ3T1A2aS05Y0VqN1l5OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvNjVhNzFkLTAyMzYtNDRkNS04Y2U5LTIyOWI0YWU3NDJkZS8x
L2d3eFFmYk9LcFlQRjc2UUc4ZXN5bldycDJIYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
NjVhNzFkLTAyMzYtNDRkNS04Y2U5LTIyOWI0YWU3NDJkZS8xL0VWMjhBRU0tS2ZL
dDZ3T1A2aS05Y0VqN1l5OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB0
BggrBgEFBQcBBwEB/wRlMGMwUgQCAAEwTAMDAR+kAwMAPqcDAwFU4gMDAFnZAwMB
siYDAwG8mgMEBcHA4AMEBcKe4AMDAMLmAwQFw3BAAwMAw40DBAXUIyADBAXUYiAD
BAfUoYAwDQQCAAIwBwMFBSABFwAwDQYJKoZIhvcNAQELBQADggEBAL3spHpbZqkp
CI5PFSS3v6cSmXa2QYvwL4jnoqWczf5mkeJkRtpWXm2kEEl/yaijvDF1nB64KTqd
s9w9dXUbC/PPHM1RqxH40r/Hat80zk7APSWC7vlaURWHAKc9b77dGU8FO77LMDWT
JZXXOiwIM6/ORGfG2TB5x7S2FrcYvv9+V9jOlaLHzzbVd2ZaBw+FC6eepfZ2aCno
yZ05aiLRdZMZuZCB+Pdymier0EMiYWBFK+iY2g4ZAEHVm/4FFyA1bEHf5b16nNUy
hrchw7T63mXGGub/yxapNpsPtZ1jhNSNE5Y8p8oK/eTunHmOQSoX6lOd5yXt/1Fr
XUlSo+Q1A1w=
-----END CERTIFICATE-----