Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Cu0gw86ifw8DT_3juSTH_eZkAWg.roa
File:                     Cu0gw86ifw8DT_3juSTH_eZkAWg.roa (raw, json)
Hash identifier:          Cw8SJKCoZAvPwfPA4rtdOTq63li35BumsCIkJ0htryM=
Subject key identifier:   0A:ED:20:C3:CE:A2:7F:0F:03:4F:FD:E3:B9:24:C7:FD:E6:64:01:68
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0184D812EC5FB7309350EF2391C73FD91527
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Cu0gw86ifw8DT_3juSTH_eZkAWg.roa
Signing time:             Sat 03 Dec 2022 13:00:29 +0000
ROA not before:           Sat 03 Dec 2022 13:00:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        163.5.95.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.235.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.173.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.196.0/24 maxlen: 24
                          163.5.197.0/24 maxlen: 24
                          163.5.195.0/24 maxlen: 24
                          163.5.132.0/24 maxlen: 24
                          163.5.135.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d8:12:ec:5f:b7:30:93:50:ef:23:91:c7:3f:d9:15:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Dec  3 13:00:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0aed20c3cea27f0f034ffde3b924c7fde6640168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3a:70:62:12:89:2a:9a:54:1d:c8:47:1f:4b:
                    aa:11:68:d9:a2:00:af:6a:9e:6c:dd:4c:14:b7:d0:
                    b6:47:1a:11:3b:45:35:af:7b:b2:bf:80:23:2c:23:
                    88:fb:7a:a2:0e:24:06:ce:28:8a:11:c0:34:ee:45:
                    c5:3d:e5:d3:4f:e2:99:d0:86:62:a6:34:b3:09:a8:
                    36:fc:3a:dd:e6:ac:19:02:a8:fa:fd:0f:08:bc:e4:
                    34:9f:81:c4:88:3a:05:f3:8e:25:74:61:dd:57:aa:
                    d2:79:03:20:a3:db:f5:2a:f3:d0:df:01:53:fb:ab:
                    0a:56:6e:7f:28:14:df:95:db:71:3b:92:d3:5a:1a:
                    79:74:0f:79:80:8c:61:b3:a0:9f:49:41:86:97:81:
                    3f:f2:0c:a2:54:0b:f3:22:ee:8b:dd:d9:ff:6b:bc:
                    9e:9b:74:09:36:4a:9d:ae:0c:32:78:af:ca:24:e1:
                    cd:5a:54:bd:b4:54:00:e6:15:2c:ef:53:4f:68:50:
                    48:e9:20:10:3d:78:14:81:f7:15:14:94:e3:df:4f:
                    03:5f:4d:d2:95:15:50:b7:e3:2f:3a:c3:0e:6e:25:
                    05:71:c0:c9:86:f5:0e:5a:d2:fb:6a:83:1f:bb:2a:
                    59:5b:eb:77:d3:b0:7d:f7:cf:1f:4a:cd:47:d3:e0:
                    93:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:ED:20:C3:CE:A2:7F:0F:03:4F:FD:E3:B9:24:C7:FD:E6:64:01:68
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Cu0gw86ifw8DT_3juSTH_eZkAWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.94.0/23
                  163.5.113.0/24
                  163.5.116.0/24
                  163.5.132.0/23
                  163.5.135.0-163.5.136.255
                  163.5.142.0/24
                  163.5.173.0/24
                  163.5.186.0/24
                  163.5.195.0-163.5.197.255
                  163.5.235.0/24
                  163.5.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:7e:c2:71:f3:a3:0c:cb:a7:08:8f:6f:ac:7c:6f:e2:97:59:
         40:98:03:9e:12:06:ab:9a:f2:fc:89:96:3b:69:ae:64:66:09:
         6a:fe:fa:29:b1:61:5e:dd:52:9a:96:28:3f:f5:99:5b:84:fd:
         23:ac:a9:ab:c2:a6:5f:bd:88:1a:78:2e:f8:5a:d0:a3:f9:d0:
         a4:17:ee:8e:eb:9f:29:60:75:af:cf:f6:3a:a5:08:3b:ee:07:
         7d:9c:25:10:89:dd:00:f4:90:fa:33:77:a6:ca:ef:32:7a:60:
         73:1b:b1:27:20:24:c1:b8:c0:5b:07:2f:cf:36:d0:fb:4f:39:
         b2:80:21:87:88:bb:78:f5:f2:9a:2d:8a:d3:db:f4:92:d2:7b:
         43:8e:45:bd:d4:c1:88:2c:b1:9c:45:e8:ce:31:15:d9:8e:95:
         8e:6a:be:7d:42:e6:51:db:ee:a8:85:76:e1:00:57:28:52:1e:
         66:3c:c3:eb:c0:7b:c6:f6:14:8e:40:a1:aa:94:81:81:e5:e2:
         c8:98:37:54:a9:0b:5a:ef:9a:07:ea:a7:d2:0c:95:db:fe:62:
         ed:b7:cf:a5:52:a4:61:09:0f:0e:9f:2a:95:f7:4b:b4:c1:5f:
         3f:51:c3:9e:3a:90:92:8f:bb:4c:56:2c:b0:36:3c:31:2e:0b:
         55:d2:c3:39
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYTYEuxftzCTUO8jkcc/2RUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMjAzMTMwMDI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWVkMjBjM2NlYTI3ZjBmMDM0ZmZkZTNiOTI0YzdmZGU2NjQwMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDpwYhKJKppUHchHH0uqEWjZogCv
ap5s3UwUt9C2RxoRO0U1r3uyv4AjLCOI+3qiDiQGziiKEcA07kXFPeXTT+KZ0IZi
pjSzCag2/Drd5qwZAqj6/Q8IvOQ0n4HEiDoF844ldGHdV6rSeQMgo9v1KvPQ3wFT
+6sKVm5/KBTfldtxO5LTWhp5dA95gIxhs6CfSUGGl4E/8gyiVAvzIu6L3dn/a7ye
m3QJNkqdrgwyeK/KJOHNWlS9tFQA5hUs71NPaFBI6SAQPXgUgfcVFJTj308DX03S
lRVQt+MvOsMObiUFccDJhvUOWtL7aoMfuypZW+t307B9988fSs1H0+CTBwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFArtIMPOon8PA0/947kkx/3mZAFoMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQ3UwZ3c4NmlmdzhEVF8zanVTVEhfZVprQVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAowUgAwQB
owVeAwQAowVxAwQAowV0AwQBowWEMAwDBACjBYcDBACjBYgDBACjBY4DBACjBa0D
BACjBbowDAMEAKMFwwMEAaMFxAMEAKMF6wMEAKMF8TANBgkqhkiG9w0BAQsFAAOC
AQEAcX7CcfOjDMunCI9vrHxv4pdZQJgDnhIGq5ry/ImWO2muZGYJav76KbFhXt1S
mpYoP/WZW4T9I6ypq8KmX72IGngu+FrQo/nQpBfujuufKWB1r8/2OqUIO+4HfZwl
EIndAPSQ+jN3psrvMnpgcxuxJyAkwbjAWwcvzzbQ+085soAhh4i7ePXymi2K09v0
ktJ7Q45FvdTBiCyxnEXozjEV2Y6Vjmq+fULmUdvuqIV24QBXKFIeZjzD68B7xvYU
jkChqpSBgeXiyJg3VKkLWu+aB+qn0gyV2/5i7bfPpVKkYQkPDp8qlfdLtMFfP1HD
njqQko+7TFYssDY8MS4LVdLDOQ==
-----END CERTIFICATE-----