Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/xpMd0j89zcZ-sWIda_vCJEZZtso.roa
File:                     xpMd0j89zcZ-sWIda_vCJEZZtso.roa (raw, json)
Hash identifier:          CknI1HlUSc+EKTRw3DUzhNlQ1zDJMiE80em+xUpoiIo=
Subject key identifier:   C6:93:1D:D2:3F:3D:CD:C6:7E:B1:62:1D:6B:FB:C2:24:46:59:B6:CA
Certificate issuer:       /CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
Certificate serial:       0184AA00D0C8732763BC9D7ADADA0C7EBE15
Authority key identifier: F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/xpMd0j89zcZ-sWIda_vCJEZZtso.roa
Signing time:             Thu 24 Nov 2022 14:18:10 +0000
ROA not before:           Thu 24 Nov 2022 14:18:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60486
IP address blocks:        185.29.152.0/22 maxlen: 22
                          185.29.152.0/23 maxlen: 23
                          185.29.154.0/24 maxlen: 24
                          85.184.244.0/24 maxlen: 24
                          85.184.246.0/24 maxlen: 24
                          85.184.245.0/24 maxlen: 24
                          83.143.72.0/24 maxlen: 24
                          2a00:a920:c00::/40 maxlen: 40
                          2a00:a920::/40 maxlen: 40
                          2a00:a920:100::/40 maxlen: 40
                          2a00:a920:200::/40 maxlen: 40
                          2a00:a920:300::/40 maxlen: 40
                          2a00:a920:400::/40 maxlen: 40
                          2a00:a920:800::/40 maxlen: 40
                          2a00:a920:900::/40 maxlen: 40
                          2a00:a920:700::/40 maxlen: 40
                          2a00:a920::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:aa:00:d0:c8:73:27:63:bc:9d:7a:da:da:0c:7e:be:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
        Validity
            Not Before: Nov 24 14:18:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6931dd23f3dcdc67eb1621d6bfbc2244659b6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:75:f0:e4:ca:a8:57:2e:ba:1e:60:5b:0d:69:
                    b7:92:ba:08:ef:ba:c7:d3:d5:f4:ac:b8:e2:73:5b:
                    4e:81:f6:3c:f7:d8:41:b2:d6:81:41:4e:98:d1:bd:
                    2e:86:b4:c7:e9:a0:2a:bd:30:af:28:9e:19:96:c0:
                    de:ef:49:90:f2:4f:75:54:ab:67:7d:5f:4e:06:da:
                    b9:89:19:7f:56:f4:44:02:65:49:38:17:c1:53:93:
                    02:ac:e7:b4:23:44:f1:c2:e2:17:71:c5:2b:77:61:
                    c8:5e:a9:3c:09:29:08:ea:9f:b3:35:24:a3:c4:14:
                    f3:6a:dc:8f:98:f5:da:50:f7:47:77:e5:d4:e9:37:
                    93:77:76:78:16:16:f7:32:40:95:cc:e5:35:30:e1:
                    fd:34:a6:e3:64:bc:92:b4:fa:e8:fa:41:af:7c:60:
                    2c:c5:ed:30:95:7a:6c:cf:e6:db:8d:16:d8:e5:e0:
                    67:a4:e5:21:26:55:51:25:65:60:cb:69:48:12:c0:
                    a7:35:4c:09:68:49:03:30:d7:09:0b:d9:7c:fa:5d:
                    d3:c4:e6:97:80:4f:62:00:35:4f:03:25:5e:8f:0e:
                    97:71:93:af:97:bb:f4:1f:f4:30:e8:a1:2d:57:a4:
                    81:96:5b:b3:fa:89:b1:94:cd:03:84:57:c1:4c:d4:
                    b1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:93:1D:D2:3F:3D:CD:C6:7E:B1:62:1D:6B:FB:C2:24:46:59:B6:CA
            X509v3 Authority Key Identifier:
                keyid:F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/xpMd0j89zcZ-sWIda_vCJEZZtso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/8dpnE1tzfKnS39e5f-WXi48wDWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.143.72.0/24
                  85.184.244.0-85.184.246.255
                  185.29.152.0/22
                IPv6:
                  2a00:a920::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:76:c6:e9:fb:04:6e:82:f8:2b:0c:1c:9d:5e:e0:bf:ec:14:
         99:11:5a:14:32:b3:45:c4:a2:6b:50:e2:f4:12:85:14:3d:3c:
         dd:8c:ba:f3:a8:48:bd:46:d3:2c:65:dc:3a:d8:e0:02:66:f1:
         df:d5:83:6b:01:e6:7c:20:fc:5e:ee:5e:ad:29:47:2d:2b:ea:
         94:39:8d:38:93:ce:aa:33:8f:83:86:49:29:e3:c7:ec:52:bb:
         3e:34:d6:17:c6:86:96:41:ec:d7:6d:35:7a:17:15:83:cb:1d:
         46:d6:b3:d2:f1:68:c7:1e:28:ad:12:b3:f2:03:10:90:a6:f8:
         c0:be:6b:70:03:39:d2:f8:bf:18:6e:1e:32:c7:c7:6b:e7:4b:
         a7:39:ea:51:f7:28:c0:1c:db:2e:e4:7b:0f:f5:0e:03:be:90:
         e6:02:33:f5:cd:2d:0e:f8:62:f2:23:00:55:e4:20:fb:b1:57:
         da:df:57:0a:86:3f:94:23:dd:96:46:d5:90:1d:14:d7:c8:18:
         1e:62:20:2b:a9:dd:03:25:9b:bc:55:27:3a:b0:d1:8c:c7:12:
         8e:4f:8c:6c:e5:80:61:0f:c7:b9:35:50:f4:ef:6a:1f:4b:3d:
         8a:bf:f5:a0:d2:b3:64:73:c5:ae:22:45:4e:d3:d5:1a:42:d7:
         ee:e1:65:c6
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYSqANDIcydjvJ162toMfr4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZGE2NzEzNWI3MzdjYTlkMmRmZDdiOTdmZTU5NzhiOGYz
MDBkNmIwHhcNMjIxMTI0MTQxODEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjkzMWRkMjNmM2RjZGM2N2ViMTYyMWQ2YmZiYzIyNDQ2NTliNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3Xw5MqoVy66HmBbDWm3kroI77rH
09X0rLjic1tOgfY899hBstaBQU6Y0b0uhrTH6aAqvTCvKJ4ZlsDe70mQ8k91VKtn
fV9OBtq5iRl/VvREAmVJOBfBU5MCrOe0I0TxwuIXccUrd2HIXqk8CSkI6p+zNSSj
xBTzatyPmPXaUPdHd+XU6TeTd3Z4Fhb3MkCVzOU1MOH9NKbjZLyStPro+kGvfGAs
xe0wlXpsz+bbjRbY5eBnpOUhJlVRJWVgy2lIEsCnNUwJaEkDMNcJC9l8+l3TxOaX
gE9iADVPAyVejw6XcZOvl7v0H/Qw6KEtV6SBlluz+omxlM0DhFfBTNSxRwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMaTHdI/Pc3GfrFiHWv7wiRGWbbKMB8GA1UdIwQY
MBaAFPHaZxNbc3yp0t/XuX/ll4uPMA1rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEt
ZmMxMTJhZTYzZWE0LzEveHBNZDBqODl6Y1otc1dJZGFfdkNKRVpadHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEtZmMxMTJhZTYzZWE0
LzEvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQAU49IMAwD
BAJVuPQDBABVuPYDBAK5HZgwDQQCAAIwBwMFACoAqSAwDQYJKoZIhvcNAQELBQAD
ggEBAAt2xun7BG6C+CsMHJ1e4L/sFJkRWhQys0XEomtQ4vQShRQ9PN2MuvOoSL1G
0yxl3DrY4AJm8d/Vg2sB5nwg/F7uXq0pRy0r6pQ5jTiTzqozj4OGSSnjx+xSuz40
1hfGhpZB7NdtNXoXFYPLHUbWs9LxaMceKK0Ss/IDEJCm+MC+a3ADOdL4vxhuHjLH
x2vnS6c56lH3KMAc2y7kew/1DgO+kOYCM/XNLQ74YvIjAFXkIPuxV9rfVwqGP5Qj
3ZZG1ZAdFNfIGB5iICup3QMlm7xVJzqw0YzHEo5PjGzlgGEPx7k1UPTvah9LPYq/
9aDSs2Rzxa4iRU7T1RpC1+7hZcY=
-----END CERTIFICATE-----