Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Sot8IDOeXTSNTtFibswSujMbF3M.roa
File:                     Sot8IDOeXTSNTtFibswSujMbF3M.roa (raw, json)
Hash identifier:          KW74B7thbMMe/1nCyaEfdKP/I2o6pDuAGmOZ5ClhUnw=
Subject key identifier:   4A:8B:7C:20:33:9E:5D:34:8D:4E:D1:62:6E:CC:12:BA:33:1B:17:73
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0182F949F06045D6EDED47FBDF98110B6F41
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Sot8IDOeXTSNTtFibswSujMbF3M.roa
Signing time:             Thu 01 Sep 2022 13:42:28 +0000
ROA not before:           Thu 01 Sep 2022 13:42:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        163.5.196.0/24 maxlen: 24
                          163.5.195.0/24 maxlen: 24
                          163.5.198.0/24 maxlen: 24
                          163.5.197.0/24 maxlen: 24
                          163.5.199.0/24 maxlen: 24
                          163.5.194.0/24 maxlen: 24
                          163.5.200.0/24 maxlen: 24
                          163.5.206.0/24 maxlen: 24
                          163.5.209.0/24 maxlen: 24
                          163.5.208.0/24 maxlen: 24
                          163.5.207.0/24 maxlen: 24
                          163.5.156.0/24 maxlen: 24
                          163.5.155.0/24 maxlen: 24
                          163.5.157.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f9:49:f0:60:45:d6:ed:ed:47:fb:df:98:11:0b:6f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep  1 13:42:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4a8b7c20339e5d348d4ed1626ecc12ba331b1773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b5:13:8c:b2:7a:d4:90:18:ad:47:21:53:7e:
                    57:ee:ef:f8:b4:bc:64:0e:f6:e3:d1:31:70:35:21:
                    d7:a9:dd:f0:e5:c5:4a:87:48:1d:94:d9:f0:5c:0f:
                    54:fb:43:28:ef:46:d6:c9:f4:35:84:aa:4e:a6:e9:
                    88:28:a9:b7:e2:19:b4:f4:0e:11:0f:ec:88:11:20:
                    d7:14:e1:b1:99:da:f2:6a:96:62:e0:48:b6:54:fd:
                    b1:1d:f7:fd:3f:c1:58:54:df:25:fa:22:46:16:57:
                    22:47:c5:53:b1:20:8a:5e:2c:e3:35:97:8b:4a:34:
                    92:dc:19:66:96:8a:2e:a7:a4:36:37:4e:11:20:16:
                    bd:08:af:db:00:e3:33:36:35:51:18:31:70:e6:68:
                    e2:34:62:e8:5c:57:e1:84:98:76:4d:5f:ae:de:7b:
                    a2:b6:ca:30:02:93:66:11:7c:f9:d8:40:89:8a:d2:
                    b5:60:8a:b0:23:6e:72:9c:76:ea:30:7b:95:d1:48:
                    da:ed:b9:3a:5b:6b:5c:8e:28:75:ac:72:96:b2:0e:
                    80:ad:71:91:8b:4d:cd:93:77:a9:c6:c3:9d:9d:40:
                    d6:c8:f5:4b:f2:be:d7:0c:2c:9c:b4:03:41:01:96:
                    4a:ad:29:59:ee:61:be:4a:8f:f6:99:9d:81:c0:46:
                    32:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:8B:7C:20:33:9E:5D:34:8D:4E:D1:62:6E:CC:12:BA:33:1B:17:73
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Sot8IDOeXTSNTtFibswSujMbF3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.155.0-163.5.157.255
                  163.5.194.0-163.5.200.255
                  163.5.206.0-163.5.209.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:1e:4c:e5:0f:46:1e:63:de:b6:92:0c:9e:b0:4f:e9:b9:12:
         d7:d0:89:5e:12:e0:2f:9d:d3:b6:32:22:2d:8b:96:43:ee:17:
         1d:ca:89:6d:81:0b:36:a8:f3:e6:07:ae:08:81:3d:0d:39:4d:
         e3:2b:d4:01:a3:3d:c4:ab:e4:f2:57:23:46:3c:03:57:1d:5e:
         09:b9:54:d0:31:f8:f2:37:45:46:d3:e9:94:3f:07:a4:f1:34:
         6a:52:e8:2c:9c:cd:42:35:c1:76:75:61:7a:d0:21:de:97:15:
         ab:34:90:f5:0a:25:b6:9f:d0:03:5c:c5:c3:ef:5b:dd:aa:c9:
         c8:57:39:af:1a:6d:be:cb:ee:a6:90:f9:02:43:aa:6a:47:7e:
         b4:22:6e:fe:02:25:dd:e5:16:d8:06:dc:0e:38:6d:fb:88:8c:
         43:31:ab:03:ad:41:90:5e:60:52:43:50:cf:9e:2f:50:f1:56:
         cd:cd:97:e8:ab:3d:a7:84:9c:ee:da:d0:b0:8d:e0:e6:d7:b2:
         d5:49:2d:41:0e:9f:c5:48:4f:b4:23:0e:20:09:65:31:3e:c5:
         e6:6a:01:e9:17:b5:bc:f7:61:5a:11:69:f2:e7:2b:c1:b8:3c:
         5e:1d:a1:17:72:7b:77:5f:5d:ed:c0:38:53:01:b3:2a:54:a2:
         b1:2a:d8:1a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYL5SfBgRdbt7Uf735gRC29BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIwOTAxMTM0MjI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YThiN2MyMDMzOWU1ZDM0OGQ0ZWQxNjI2ZWNjMTJiYTMzMWIxNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrUTjLJ61JAYrUchU35X7u/4tLxk
Dvbj0TFwNSHXqd3w5cVKh0gdlNnwXA9U+0Mo70bWyfQ1hKpOpumIKKm34hm09A4R
D+yIESDXFOGxmdryapZi4Ei2VP2xHff9P8FYVN8l+iJGFlciR8VTsSCKXizjNZeL
SjSS3Blmlooup6Q2N04RIBa9CK/bAOMzNjVRGDFw5mjiNGLoXFfhhJh2TV+u3nui
tsowApNmEXz52ECJitK1YIqwI25ynHbqMHuV0Uja7bk6W2tcjih1rHKWsg6ArXGR
i03Nk3epxsOdnUDWyPVL8r7XDCyctANBAZZKrSlZ7mG+So/2mZ2BwEYy+wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEqLfCAznl00jU7RYm7MErozGxdzMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvU290OElET2VYVFNOVHRGaWJzd1N1ak1iRjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqMAwDBACjBZsD
BAGjBZwwDAMEAaMFwgMEAKMFyDAMAwQBowXOAwQBowXQMA0GCSqGSIb3DQEBCwUA
A4IBAQAuHkzlD0YeY962kgyesE/puRLX0IleEuAvndO2MiIti5ZD7hcdyoltgQs2
qPPmB64IgT0NOU3jK9QBoz3Eq+TyVyNGPANXHV4JuVTQMfjyN0VG0+mUPwek8TRq
UugsnM1CNcF2dWF60CHelxWrNJD1CiW2n9ADXMXD71vdqsnIVzmvGm2+y+6mkPkC
Q6pqR360Im7+AiXd5RbYBtwOOG37iIxDMasDrUGQXmBSQ1DPni9Q8VbNzZfoqz2n
hJzu2tCwjeDm17LVSS1BDp/FSE+0Iw4gCWUxPsXmagHpF7W892FaEWny5yvBuDxe
HaEXcnt3X13twDhTAbMqVKKxKtga
-----END CERTIFICATE-----