Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/y-0_WSqXTt947S77mM10vkZaWEs.roa
File:                     y-0_WSqXTt947S77mM10vkZaWEs.roa (raw, json)
Hash identifier:          FNXU7THSiEgeeBhLSk6nCcvmGi2FQZ5LMpPQ1fTkIHQ=
Subject key identifier:   CB:ED:3F:59:2A:97:4E:DF:78:ED:2E:FB:98:CD:74:BE:46:5A:58:4B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018533F3FE96A0D02A989EF02026CA8D1515
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/y-0_WSqXTt947S77mM10vkZaWEs.roa
Signing time:             Wed 21 Dec 2022 09:11:46 +0000
ROA not before:           Wed 21 Dec 2022 09:11:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        163.5.173.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.196.0/24 maxlen: 24
                          163.5.197.0/24 maxlen: 24
                          163.5.195.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.135.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:33:f3:fe:96:a0:d0:2a:98:9e:f0:20:26:ca:8d:15:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Dec 21 09:11:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cbed3f592a974edf78ed2efb98cd74be465a584b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fa:d7:cb:55:a2:cf:b8:48:6f:22:8f:67:a1:
                    56:44:54:11:82:c9:d8:28:f2:dc:56:73:d0:72:f2:
                    01:93:d5:62:d8:a3:79:c5:f5:24:42:34:37:aa:5f:
                    9c:5f:96:85:c6:40:7d:0e:de:b3:02:ce:53:0d:8c:
                    39:c4:e3:ae:32:16:a4:49:ce:38:88:48:45:2d:76:
                    79:a6:df:a3:dd:96:a8:f3:4c:3d:1f:3e:6f:f5:1b:
                    bd:6b:15:85:35:0f:dc:b6:43:ca:9c:64:e2:4b:13:
                    68:be:38:be:79:6e:d5:d4:22:4c:e2:74:b3:eb:4f:
                    22:51:db:46:f4:24:66:4b:c2:1d:2f:e4:33:18:df:
                    b3:c8:4f:db:ab:42:f1:3d:df:42:45:5a:05:53:9b:
                    f5:a2:2e:f7:26:6d:f8:8d:55:26:7b:23:2d:85:1c:
                    51:c2:5a:e0:aa:46:eb:d1:5e:51:c1:1a:98:09:e2:
                    8e:63:b7:17:37:ce:28:c6:71:64:34:02:6b:bf:10:
                    b7:19:22:35:11:35:49:6d:57:4b:c2:4c:8c:d2:95:
                    bf:83:1b:b4:8e:60:db:d8:6c:e9:c3:8e:05:6e:c0:
                    a1:70:25:da:09:da:78:0a:dc:a8:4b:22:c0:ba:66:
                    04:99:79:67:55:cc:8c:a2:ad:8f:e7:60:16:d3:b1:
                    00:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:ED:3F:59:2A:97:4E:DF:78:ED:2E:FB:98:CD:74:BE:46:5A:58:4B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/y-0_WSqXTt947S77mM10vkZaWEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.94.0/23
                  163.5.113.0/24
                  163.5.116.0/24
                  163.5.135.0/24
                  163.5.142.0/24
                  163.5.173.0/24
                  163.5.186.0/24
                  163.5.195.0-163.5.197.255

    Signature Algorithm: sha256WithRSAEncryption
         b0:51:0b:9e:2b:5f:25:04:b0:ef:9b:71:e0:0f:94:77:56:8d:
         ca:56:ae:7e:77:db:35:20:ac:8e:ef:03:81:e5:83:7b:79:3f:
         13:03:70:92:9c:fc:32:98:c6:49:fc:1f:40:1c:b9:d2:dc:a8:
         24:03:49:08:5d:91:83:42:63:ce:83:42:cf:be:d9:9c:76:91:
         27:e7:51:97:6a:8f:55:65:65:22:21:40:5b:fa:f2:55:d1:9a:
         9f:10:bd:04:e6:0c:78:99:ca:fe:51:50:9a:ff:17:6c:a7:43:
         ff:a1:4e:56:93:4b:34:fd:cf:c6:f7:32:b0:c0:a0:56:ca:54:
         e6:63:89:b3:7e:71:59:f1:a1:76:6d:82:9e:5f:9c:04:aa:7d:
         38:03:45:3f:a1:be:bc:87:20:13:80:97:9a:ef:ae:0a:9f:83:
         48:55:86:55:5a:27:0d:3a:28:d5:19:5c:51:39:56:99:8a:95:
         66:59:0c:04:ac:6b:ee:a7:80:9e:c9:25:16:32:7f:d4:d0:2b:
         06:9d:91:9e:50:41:b7:b1:e3:4e:5d:ce:aa:25:1a:8a:56:ec:
         73:99:10:c2:e2:ed:a9:56:7d:21:51:ec:6e:e0:c1:0b:af:d0:
         0e:87:6c:a3:7b:fd:7c:29:7e:1b:73:95:4b:d8:de:f4:a7:55:
         9f:51:18:9e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYUz8/6WoNAqmJ7wICbKjRUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMjIxMDkxMTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmVkM2Y1OTJhOTc0ZWRmNzhlZDJlZmI5OGNkNzRiZTQ2NWE1ODRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1frXy1Wiz7hIbyKPZ6FWRFQRgsnY
KPLcVnPQcvIBk9Vi2KN5xfUkQjQ3ql+cX5aFxkB9Dt6zAs5TDYw5xOOuMhakSc44
iEhFLXZ5pt+j3Zao80w9Hz5v9Ru9axWFNQ/ctkPKnGTiSxNovji+eW7V1CJM4nSz
608iUdtG9CRmS8IdL+QzGN+zyE/bq0LxPd9CRVoFU5v1oi73Jm34jVUmeyMthRxR
wlrgqkbr0V5RwRqYCeKOY7cXN84oxnFkNAJrvxC3GSI1ETVJbVdLwkyM0pW/gxu0
jmDb2Gzpw44FbsChcCXaCdp4CtyoSyLAumYEmXlnVcyMoq2P52AW07EAWwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFMvtP1kql07feO0u+5jNdL5GWlhLMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEveS0wX1dTcVhUdDk0N1M3N21NMTB2a1phV0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAowUgAwQB
owVeAwQAowVxAwQAowV0AwQAowWHAwQAowWOAwQAowWtAwQAowW6MAwDBACjBcMD
BAGjBcQwDQYJKoZIhvcNAQELBQADggEBALBRC54rXyUEsO+bceAPlHdWjcpWrn53
2zUgrI7vA4Hlg3t5PxMDcJKc/DKYxkn8H0AcudLcqCQDSQhdkYNCY86DQs++2Zx2
kSfnUZdqj1VlZSIhQFv68lXRmp8QvQTmDHiZyv5RUJr/F2ynQ/+hTlaTSzT9z8b3
MrDAoFbKVOZjibN+cVnxoXZtgp5fnASqfTgDRT+hvryHIBOAl5rvrgqfg0hVhlVa
Jw06KNUZXFE5VpmKlWZZDASsa+6ngJ7JJRYyf9TQKwadkZ5QQbex405dzqolGopW
7HOZEMLi7alWfSFR7G7gwQuv0A6HbKN7/XwpfhtzlUvY3vSnVZ9RGJ4=
-----END CERTIFICATE-----