Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cHIjPdMNkVYBMMN55wCYVivDGtc.roa
File:                     cHIjPdMNkVYBMMN55wCYVivDGtc.roa (raw, json)
Hash identifier:          t8zNlKmepgD5McXdXCfmts0qeiTLzLhWrXr/++hJ18Y=
Subject key identifier:   70:72:23:3D:D3:0D:91:56:01:30:C3:79:E7:00:98:56:2B:C3:1A:D7
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0183A2C8B49A38C1648880EBD84460C0EECC
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cHIjPdMNkVYBMMN55wCYVivDGtc.roa
Signing time:             Tue 04 Oct 2022 11:36:45 +0000
ROA not before:           Tue 04 Oct 2022 11:36:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213250
IP address blocks:        45.89.124.0/23 maxlen: 23
                          45.89.126.0/23 maxlen: 23
                          212.87.212.0/23 maxlen: 23
                          45.133.74.0/24 maxlen: 24
                          45.13.224.0/23 maxlen: 23
                          5.182.206.0/23 maxlen: 23
                          5.182.204.0/23 maxlen: 23
                          45.11.229.0/24 maxlen: 24
                          45.131.66.0/23 maxlen: 23
                          194.15.36.0/24 maxlen: 24
                          2.56.245.0/24 maxlen: 24
                          5.252.103.0/24 maxlen: 24
                          5.252.100.0/22 maxlen: 22
                          5.252.100.0/24 maxlen: 24
                          5.252.101.0/24 maxlen: 24
                          5.252.102.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a2:c8:b4:9a:38:c1:64:88:80:eb:d8:44:60:c0:ee:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Oct  4 11:36:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7072233dd30d91560130c379e70098562bc31ad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f9:8d:d4:ad:68:8a:80:8a:dc:6e:ee:a8:6c:
                    a7:11:5e:c1:d1:3d:29:e5:a3:6a:20:65:c9:0c:ea:
                    38:9d:9a:f4:c1:63:8a:21:47:b3:ee:5c:fa:4a:04:
                    76:3e:24:67:95:da:14:6f:c4:1a:08:af:83:8c:2f:
                    b5:b8:8c:c7:25:d0:16:c9:82:53:54:66:9a:91:75:
                    e4:a9:70:06:c3:51:e2:78:a5:df:19:3a:c2:a0:94:
                    96:be:8f:49:0f:32:5f:ce:0e:9d:a9:79:79:e9:f5:
                    f5:ac:4f:66:78:ca:e1:7a:5f:8e:17:77:e5:ea:36:
                    e7:16:b2:5a:6b:46:b8:46:fd:65:ac:96:b7:78:98:
                    5d:4d:7f:3e:32:dc:ab:a0:29:5a:28:66:9a:36:9a:
                    3e:a0:fa:be:07:fc:21:70:3b:a9:a6:49:ff:17:c7:
                    ca:52:8c:30:4d:67:a2:e6:9e:5c:d6:b1:4d:62:c1:
                    90:19:72:ce:4b:33:7a:4f:e1:5f:7b:21:be:29:33:
                    ed:a3:7c:fe:eb:dd:d7:96:51:41:e4:9d:fd:1b:27:
                    0c:75:be:66:b4:f9:0f:0d:76:f0:87:27:fc:f0:d2:
                    1c:80:76:9b:b3:cf:d5:2c:14:b7:8b:c3:24:7a:f6:
                    1d:ff:a2:d7:dd:a1:ad:2e:8c:31:8b:fd:47:be:d3:
                    14:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:72:23:3D:D3:0D:91:56:01:30:C3:79:E7:00:98:56:2B:C3:1A:D7
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cHIjPdMNkVYBMMN55wCYVivDGtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.245.0/24
                  5.182.204.0/22
                  5.252.100.0/22
                  45.11.229.0/24
                  45.13.224.0/23
                  45.89.124.0/22
                  45.131.66.0/23
                  45.133.74.0/24
                  194.15.36.0/24
                  212.87.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:7f:6e:17:31:c5:f2:56:8a:16:5b:e0:88:25:d5:68:ae:56:
         86:b0:0a:58:48:c7:ab:58:28:77:99:23:c6:b9:54:bf:56:b9:
         88:b1:6b:6c:f0:56:47:d3:74:78:72:a8:86:4f:00:a0:aa:e9:
         80:df:0b:e6:23:f1:fe:27:79:9f:e0:9b:a7:92:39:db:49:85:
         2d:f4:d2:1d:01:db:86:fb:15:ad:53:66:a1:6a:ce:c1:22:46:
         3a:c1:05:07:96:0c:32:30:06:d9:19:0e:88:ec:20:1b:84:c2:
         c5:3c:d5:eb:a9:86:c6:bd:a9:fb:1a:4e:51:3d:5d:1a:06:f6:
         58:c6:91:6a:7a:d2:d6:cd:d0:2d:3b:52:61:db:7f:a8:83:af:
         06:24:dd:c6:ca:de:8d:94:e8:32:3e:75:75:4a:2c:1a:7e:9d:
         cf:4a:7f:ca:c3:98:88:94:b3:1f:a2:08:05:b6:2c:3f:ef:97:
         cc:c5:da:80:84:ed:3c:c7:51:3b:b2:a3:5b:72:5c:e4:c3:e3:
         bd:0d:81:b2:bd:a8:e4:3a:16:3e:fb:fa:25:15:0b:2c:c3:85:
         df:05:59:d7:2f:40:9d:d2:2c:ee:3a:8d:47:33:4e:d0:3c:8f:
         6b:20:61:f9:36:26:3b:ad:62:c3:3f:3b:30:e6:f0:6c:c7:00:
         2c:7a:14:09
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYOiyLSaOMFkiIDr2ERgwO7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjIxMDA0MTEzNjQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDcyMjMzZGQzMGQ5MTU2MDEzMGMzNzllNzAwOTg1NjJiYzMxYWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/mN1K1oioCK3G7uqGynEV7B0T0p
5aNqIGXJDOo4nZr0wWOKIUez7lz6SgR2PiRnldoUb8QaCK+DjC+1uIzHJdAWyYJT
VGaakXXkqXAGw1HieKXfGTrCoJSWvo9JDzJfzg6dqXl56fX1rE9meMrhel+OF3fl
6jbnFrJaa0a4Rv1lrJa3eJhdTX8+MtyroClaKGaaNpo+oPq+B/whcDuppkn/F8fK
UowwTWei5p5c1rFNYsGQGXLOSzN6T+FfeyG+KTPto3z+693XllFB5J39GycMdb5m
tPkPDXbwhyf88NIcgHabs8/VLBS3i8MkevYd/6LX3aGtLowxi/1HvtMUEQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFHByIz3TDZFWATDDeecAmFYrwxrXMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvY0hJalBkTU5rVllCTU1ONTV3Q1lWaXZER3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAAjj1AwQC
BbbMAwQCBfxkAwQALQvlAwQBLQ3gAwQCLVl8AwQBLYNCAwQALYVKAwQAwg8kAwQB
1FfUMA0GCSqGSIb3DQEBCwUAA4IBAQCjf24XMcXyVooWW+CIJdVorlaGsApYSMer
WCh3mSPGuVS/VrmIsWts8FZH03R4cqiGTwCgqumA3wvmI/H+J3mf4JunkjnbSYUt
9NIdAduG+xWtU2ahas7BIkY6wQUHlgwyMAbZGQ6I7CAbhMLFPNXrqYbGvan7Gk5R
PV0aBvZYxpFqetLWzdAtO1Jh23+og68GJN3Gyt6NlOgyPnV1Siwafp3PSn/Kw5iI
lLMfoggFtiw/75fMxdqAhO08x1E7sqNbclzkw+O9DYGyvajkOhY++/olFQssw4Xf
BVnXL0Cd0izuOo1HM07QPI9rIGH5NiY7rWLDPzsw5vBsxwAsehQJ
-----END CERTIFICATE-----