Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/97942tXXb0KD0_hHgIgYKxCvxgc.roa
File:                     97942tXXb0KD0_hHgIgYKxCvxgc.roa (raw, json)
Hash identifier:          SX/cxyG3GYH9xghLSai/9+FwxG8oatzOuwO0JXpiAow=
Subject key identifier:   F7:BF:78:DA:D5:D7:6F:42:83:D3:F8:47:80:88:18:2B:10:AF:C6:07
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018408AD16B43594298A69A4EB6083AC7172
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/97942tXXb0KD0_hHgIgYKxCvxgc.roa
Signing time:             Mon 24 Oct 2022 06:27:52 +0000
ROA not before:           Mon 24 Oct 2022 06:27:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        195.180.128.0/22 maxlen: 24
                          194.64.89.0/24 maxlen: 24
                          194.163.192.0/20 maxlen: 22
                          194.163.96.0/20 maxlen: 24
                          62.138.64.0/22 maxlen: 22
                          62.138.72.0/22 maxlen: 22
                          195.180.224.0/22 maxlen: 22
                          195.180.232.0/22 maxlen: 22
                          195.180.228.0/22 maxlen: 22
                          194.163.220.0/22 maxlen: 22
                          195.180.196.0/22 maxlen: 22
                          195.180.204.0/22 maxlen: 22
                          195.180.200.0/22 maxlen: 22
                          194.64.152.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:08:ad:16:b4:35:94:29:8a:69:a4:eb:60:83:ac:71:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Oct 24 06:27:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f7bf78dad5d76f4283d3f8478088182b10afc607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c4:ec:d3:b5:f6:2b:8d:04:b8:e7:2e:6f:c0:
                    82:62:4e:13:8a:37:aa:3b:9f:6d:bd:9d:08:c4:02:
                    f2:80:be:40:90:a4:55:5f:d7:63:0f:77:58:ac:ef:
                    fe:c9:04:b6:f8:f4:6a:14:2e:34:8c:8e:53:b2:0e:
                    f0:09:b0:4a:2b:79:a3:00:58:8d:8f:09:1b:a8:c4:
                    d2:4f:b7:e7:8d:57:25:1e:12:ad:88:fa:2c:4a:f6:
                    6c:9e:3d:a1:b1:0d:e5:59:08:f1:b8:d1:0b:2e:d4:
                    00:99:a2:d6:20:b2:95:08:63:e0:24:d2:02:94:ba:
                    b0:39:22:0e:03:a4:45:cd:8b:13:42:cf:dc:9c:20:
                    0a:11:c9:74:ae:33:f8:db:75:d4:79:28:c0:eb:4a:
                    c0:a1:c2:7d:71:33:a5:09:c3:c3:90:10:02:44:4d:
                    f7:a9:cd:ec:6d:36:67:2a:05:07:f7:bb:b0:98:94:
                    bf:7d:66:40:2a:7d:d4:c6:37:cc:71:5f:ae:bb:59:
                    a6:c8:f1:44:f1:ba:ac:f7:00:01:3f:11:df:52:d6:
                    2e:82:76:2e:55:5c:63:5b:70:bd:32:91:a9:8c:16:
                    fd:7f:8a:4c:1e:3e:8c:9c:50:9e:bd:e5:5e:cd:da:
                    fc:4d:91:b8:9f:f4:d5:26:3f:0d:20:f9:d0:cf:08:
                    a6:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BF:78:DA:D5:D7:6F:42:83:D3:F8:47:80:88:18:2B:10:AF:C6:07
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/97942tXXb0KD0_hHgIgYKxCvxgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.138.64.0/22
                  62.138.72.0/22
                  194.64.89.0/24
                  194.64.152.0/22
                  194.163.96.0/20
                  194.163.192.0/20
                  194.163.220.0/22
                  195.180.128.0/22
                  195.180.196.0-195.180.207.255
                  195.180.224.0-195.180.235.255

    Signature Algorithm: sha256WithRSAEncryption
         3e:05:93:7d:91:e6:f4:e1:d3:fc:dd:ab:87:53:95:f4:54:f0:
         48:f4:2b:f8:59:3d:87:41:7c:9b:6b:20:19:70:59:ba:35:92:
         6c:fb:f2:b2:3f:72:ab:d4:a7:3c:03:bd:16:14:ec:14:b0:2e:
         d6:f8:c3:d1:1d:47:80:f3:a6:ee:d9:33:e4:3f:04:38:90:7f:
         2d:84:2b:d1:c8:da:0e:48:67:6c:65:09:53:ea:86:95:f3:5d:
         c7:f8:86:62:a4:5d:b9:c6:ea:f7:25:73:e6:94:d7:0a:9c:5e:
         ff:12:6d:4e:8b:59:8d:e1:f7:3a:80:11:40:1d:9e:ba:7e:04:
         08:71:ca:70:ea:32:bf:d0:6b:8f:cc:2e:0a:17:78:06:56:ca:
         2e:fc:da:25:44:bb:af:f3:02:bf:8e:db:72:98:0d:6b:ed:6d:
         5b:78:3e:05:eb:c5:3a:86:0f:df:d1:63:5b:ea:95:25:e0:82:
         1a:dc:12:3a:ce:c7:21:21:d2:f1:67:ec:44:27:3c:f4:b1:a5:
         50:54:55:e5:dc:41:5e:c7:64:58:34:82:ed:0a:a4:76:bf:73:
         24:67:3d:32:d0:f7:82:5c:27:e5:85:72:8a:83:5c:55:db:db:
         65:9f:e9:07:a2:25:ed:8f:ed:40:77:3f:e6:61:16:08:57:3a:
         99:70:ed:f9
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYQIrRa0NZQpimmk62CDrHFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjIxMDI0MDYyNzUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2JmNzhkYWQ1ZDc2ZjQyODNkM2Y4NDc4MDg4MTgyYjEwYWZjNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMTs07X2K40EuOcub8CCYk4Tijeq
O59tvZ0IxALygL5AkKRVX9djD3dYrO/+yQS2+PRqFC40jI5Tsg7wCbBKK3mjAFiN
jwkbqMTST7fnjVclHhKtiPosSvZsnj2hsQ3lWQjxuNELLtQAmaLWILKVCGPgJNIC
lLqwOSIOA6RFzYsTQs/cnCAKEcl0rjP423XUeSjA60rAocJ9cTOlCcPDkBACRE33
qc3sbTZnKgUH97uwmJS/fWZAKn3UxjfMcV+uu1mmyPFE8bqs9wABPxHfUtYugnYu
VVxjW3C9MpGpjBb9f4pMHj6MnFCeveVezdr8TZG4n/TVJj8NIPnQzwimpQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPe/eNrV129Cg9P4R4CIGCsQr8YHMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvOTc5NDJ0WFhiMEtEMF9oSGdJZ1lLeEN2eGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCPopAAwQC
PopIAwQAwkBZAwQCwkCYAwQEwqNgAwQEwqPAAwQCwqPcAwQCw7SAMAwDBALDtMQD
BATDtMAwDAMEBcO04AMEAsO06DANBgkqhkiG9w0BAQsFAAOCAQEAPgWTfZHm9OHT
/N2rh1OV9FTwSPQr+Fk9h0F8m2sgGXBZujWSbPvysj9yq9SnPAO9FhTsFLAu1vjD
0R1HgPOm7tkz5D8EOJB/LYQr0cjaDkhnbGUJU+qGlfNdx/iGYqRducbq9yVz5pTX
Cpxe/xJtTotZjeH3OoARQB2eun4ECHHKcOoyv9Brj8wuChd4BlbKLvzaJUS7r/MC
v47bcpgNa+1tW3g+BevFOoYP39FjW+qVJeCCGtwSOs7HISHS8WfsRCc89LGlUFRV
5dxBXsdkWDSC7Qqkdr9zJGc9MtD3glwn5YVyioNcVdvbZZ/pB6Il7Y/tQHc/5mEW
CFc6mXDt+Q==
-----END CERTIFICATE-----