Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/h2_kGLJsufn35SmRuIVNm3V3E6M.roa
File:                     h2_kGLJsufn35SmRuIVNm3V3E6M.roa (raw, json)
Hash identifier:          3E1EfZpTSpHY0fziVAY3tpggo3aXLQNfKElqQmqw07c=
Subject key identifier:   87:6F:E4:18:B2:6C:B9:F9:F7:E5:29:91:B8:85:4D:9B:75:77:13:A3
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01848B50C1D9427E2B240CFB7B2B0E072D82
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/h2_kGLJsufn35SmRuIVNm3V3E6M.roa
Signing time:             Fri 18 Nov 2022 15:17:16 +0000
ROA not before:           Fri 18 Nov 2022 15:17:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        45.13.190.0/24 maxlen: 24
                          45.151.3.0/24 maxlen: 24
                          5.181.84.0/24 maxlen: 24
                          5.181.85.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          45.88.136.0/23 maxlen: 24
                          85.209.122.0/23 maxlen: 24
                          194.242.97.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          45.81.112.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8b:50:c1:d9:42:7e:2b:24:0c:fb:7b:2b:0e:07:2d:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov 18 15:17:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=876fe418b26cb9f9f7e52991b8854d9b757713a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:44:1b:25:4f:66:97:fd:cc:03:0a:0e:bf:41:
                    d7:ad:d7:fc:ec:e4:14:ad:61:7d:f1:dc:f0:a8:50:
                    77:5e:a5:44:46:c8:dd:65:f4:0c:a4:2f:b2:24:eb:
                    47:0a:48:07:c9:cd:a6:b9:f4:b5:2e:fb:f3:19:30:
                    5b:d6:6c:ae:3b:dd:67:72:bd:b3:67:44:ca:4b:b4:
                    dc:2d:5f:2b:0c:bd:8a:e9:5f:00:93:19:05:20:3d:
                    44:6d:bd:8b:e0:e4:34:8f:f6:0d:f8:f8:a7:ee:8d:
                    b2:0c:0b:ef:46:05:9b:a2:20:2e:51:45:42:0e:06:
                    b1:7b:88:26:46:5d:9f:e6:13:9e:7b:67:4d:bd:06:
                    4f:f7:a2:de:f1:85:ef:8b:d1:73:3d:b2:90:6c:af:
                    2c:6f:83:96:08:32:a7:02:d5:e4:9b:0b:f9:9c:f5:
                    90:4d:c1:c7:9d:52:9b:28:5a:ac:e9:4c:56:09:aa:
                    7e:3c:47:0e:1e:b2:fe:43:6d:e4:b6:b0:b6:1a:4a:
                    cb:13:13:9d:5c:fe:ad:53:8c:c8:0b:71:e1:20:a4:
                    a9:f8:32:68:23:16:07:b7:99:20:6d:7c:b2:64:81:
                    e5:31:f9:74:3e:1d:5d:52:1f:70:a1:03:f6:1d:78:
                    4e:64:b8:24:60:2b:b0:b1:0d:5e:9f:46:ea:95:5f:
                    37:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:6F:E4:18:B2:6C:B9:F9:F7:E5:29:91:B8:85:4D:9B:75:77:13:A3
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/h2_kGLJsufn35SmRuIVNm3V3E6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/23
                  5.181.87.0/24
                  45.13.190.0/24
                  45.81.112.0/22
                  45.88.136.0/23
                  45.132.181.0-45.132.183.255
                  45.144.212.0/24
                  45.151.3.0/24
                  85.209.122.0/23
                  194.242.97.0/24
                  195.177.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:67:8b:aa:7d:18:a1:81:4c:14:96:fc:f6:19:b1:d4:5c:c6:
         80:f8:7d:9f:65:2d:ef:8b:66:00:5d:5a:8f:2a:23:34:70:83:
         3c:b7:cb:d6:e8:39:05:e4:43:1c:3d:e8:87:86:42:37:02:a2:
         4f:a6:58:cb:20:31:c2:f6:e0:12:4e:81:31:45:5e:30:e5:b2:
         60:42:90:24:0e:94:b2:0b:48:62:71:e0:32:de:d7:e4:60:89:
         ef:66:96:51:33:a1:ed:31:bf:fc:71:15:48:ca:3c:bf:ef:da:
         f1:b9:31:49:8b:b3:ef:24:04:34:52:ed:88:2b:28:49:94:2f:
         c1:5f:e3:7f:1b:fb:bb:63:b9:7d:af:3e:55:18:7b:74:59:04:
         9f:88:f5:2d:5f:ab:3f:bc:5a:ad:35:0c:97:e1:83:d5:5a:6a:
         dc:40:b2:12:85:89:0b:2c:fc:55:1c:52:57:e5:44:90:43:b6:
         42:3a:36:0d:dd:2c:58:30:bc:a9:5f:6c:9e:dc:d9:b6:e6:9b:
         42:74:3b:4f:1e:66:21:8a:21:f4:db:dc:c7:3d:d6:15:dc:6f:
         27:5e:87:0c:7d:e3:13:ee:40:ff:6c:ee:7b:82:7c:be:51:26:
         af:4a:fd:37:1a:4d:07:b7:ca:bf:52:c5:a5:91:c0:56:c5:93:
         ce:dd:05:2d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYSLUMHZQn4rJAz7eysOBy2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjIxMTE4MTUxNzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzZmZTQxOGIyNmNiOWY5ZjdlNTI5OTFiODg1NGQ5Yjc1NzcxM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEQbJU9ml/3MAwoOv0HXrdf87OQU
rWF98dzwqFB3XqVERsjdZfQMpC+yJOtHCkgHyc2mufS1LvvzGTBb1myuO91ncr2z
Z0TKS7TcLV8rDL2K6V8AkxkFID1Ebb2L4OQ0j/YN+Pin7o2yDAvvRgWboiAuUUVC
Dgaxe4gmRl2f5hOee2dNvQZP96Le8YXvi9FzPbKQbK8sb4OWCDKnAtXkmwv5nPWQ
TcHHnVKbKFqs6UxWCap+PEcOHrL+Q23ktrC2GkrLExOdXP6tU4zIC3HhIKSp+DJo
IxYHt5kgbXyyZIHlMfl0Ph1dUh9woQP2HXhOZLgkYCuwsQ1en0bqlV831wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFIdv5BiybLn59+UpkbiFTZt1dxOjMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvaDJfa0dMSnN1Zm4zNVNtUnVJVk5tM1YzRTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBBbVUAwQA
BbVXAwQALQ2+AwQCLVFwAwQBLViIMAwDBAAthLUDBAMthLADBAAtkNQDBAAtlwMD
BAFV0XoDBADC8mEDBADDsVwwDQYJKoZIhvcNAQELBQADggEBADtni6p9GKGBTBSW
/PYZsdRcxoD4fZ9lLe+LZgBdWo8qIzRwgzy3y9boOQXkQxw96IeGQjcCok+mWMsg
McL24BJOgTFFXjDlsmBCkCQOlLILSGJx4DLe1+Rgie9mllEzoe0xv/xxFUjKPL/v
2vG5MUmLs+8kBDRS7YgrKEmUL8Ff438b+7tjuX2vPlUYe3RZBJ+I9S1fqz+8Wq01
DJfhg9VaatxAshKFiQss/FUcUlflRJBDtkI6Ng3dLFgwvKlfbJ7c2bbmm0J0O08e
ZiGKIfTb3Mc91hXcbydehwx94xPuQP9s7nuCfL5RJq9K/TcaTQe3yr9SxaWRwFbF
k87dBS0=
-----END CERTIFICATE-----