Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/sWkbtiWvqlf8n6wr-TTHs4iklms.roa
File:                     sWkbtiWvqlf8n6wr-TTHs4iklms.roa (raw, json)
Hash identifier:          UrQoylFjCtYAu4J8jaUoQGoL35auOSryd3sSaCmVwFU=
Subject key identifier:   B1:69:1B:B6:25:AF:AA:57:FC:9F:AC:2B:F9:34:C7:B3:88:A4:96:6B
Certificate issuer:       /CN=0c202663de852c7060fdea0298b490d5edcc0f24
Certificate serial:       072A1FAF
Authority key identifier: 0C:20:26:63:DE:85:2C:70:60:FD:EA:02:98:B4:90:D5:ED:CC:0F:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/sWkbtiWvqlf8n6wr-TTHs4iklms.roa
Signing time:             Sat 01 Jan 2022 07:59:38 +0000
ROA not before:           Sat 01 Jan 2022 07:59:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197036
IP address blocks:        195.28.218.0/24 maxlen: 24
                          176.125.224.0/22 maxlen: 22
                          178.23.152.0/21 maxlen: 21
                          195.28.192.0/19 maxlen: 19
                          185.228.20.0/22 maxlen: 22
                          213.173.51.0/24 maxlen: 24
                          185.19.240.0/22 maxlen: 22
                          213.173.48.0/22 maxlen: 22
                          2a02:21e8:71::/48 maxlen: 48
                          2a09:2600::/29 maxlen: 29
                          2a0c:e600::/29 maxlen: 29
                          2a0c:e9c0::/29 maxlen: 29
                          2a0d:d040::/29 maxlen: 29
                          2a02:21e8::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 120201135 (0x72a1faf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c202663de852c7060fdea0298b490d5edcc0f24
        Validity
            Not Before: Jan  1 07:59:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1691bb625afaa57fc9fac2bf934c7b388a4966b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d4:55:8d:94:87:d1:46:e9:f3:52:cb:33:85:
                    3a:40:4d:d9:82:f7:ea:65:5b:92:59:f5:6f:17:73:
                    c3:ea:75:e2:ba:23:7b:8a:b0:58:8b:3d:fc:ae:6e:
                    aa:04:7a:82:20:f4:1b:6f:13:de:87:92:81:31:34:
                    e1:73:b5:51:65:98:22:09:3c:46:44:6b:3c:7f:c2:
                    07:82:48:49:02:fb:bb:70:d8:fe:25:f8:b8:2f:d7:
                    9e:33:66:97:b4:c7:36:10:db:f3:f3:3c:5f:f7:a9:
                    8f:95:39:d6:ff:73:84:b0:3f:40:86:74:9d:81:a0:
                    bd:fe:ce:0a:5a:8e:ff:6e:27:8b:c8:e3:4c:a6:56:
                    4a:91:f1:c7:f7:4e:0a:ef:bb:77:b8:91:42:79:0b:
                    bf:ff:4b:5e:50:2b:17:f5:52:c8:80:98:db:cd:45:
                    b2:5b:7a:5b:6f:e8:d8:d9:27:b8:8a:fa:2f:4e:fe:
                    dd:ef:b3:4f:ac:a2:02:ec:2a:ae:a5:80:f6:a5:c0:
                    d8:f1:66:5a:1c:d1:cc:e1:10:26:46:47:46:1a:e1:
                    bf:a4:fa:05:bb:8f:37:00:76:de:0e:ff:c1:26:61:
                    48:9c:dd:c4:d3:f2:7a:d1:b9:df:8d:1c:76:85:74:
                    74:a1:f5:19:07:c2:32:dd:a4:ad:5d:0a:89:94:ad:
                    3d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:69:1B:B6:25:AF:AA:57:FC:9F:AC:2B:F9:34:C7:B3:88:A4:96:6B
            X509v3 Authority Key Identifier:
                keyid:0C:20:26:63:DE:85:2C:70:60:FD:EA:02:98:B4:90:D5:ED:CC:0F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/sWkbtiWvqlf8n6wr-TTHs4iklms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0910e6-c074-40d0-b789-a17804439895/1/DCAmY96FLHBg_eoCmLSQ1e3MDyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.125.224.0/22
                  178.23.152.0/21
                  185.19.240.0/22
                  185.228.20.0/22
                  195.28.192.0/19
                  213.173.48.0/22
                IPv6:
                  2a02:21e8::/32
                  2a09:2600::/29
                  2a0c:e600::/29
                  2a0c:e9c0::/29
                  2a0d:d040::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:e0:1b:e3:85:37:dc:c5:20:1f:e3:da:d5:55:5a:53:5a:f2:
         3a:18:c2:c8:01:48:c5:44:a6:06:9a:93:c7:37:8f:c8:39:3e:
         15:77:0b:2b:55:46:01:0d:e6:8c:8b:01:0b:59:de:7e:f1:84:
         0f:18:23:8e:06:b7:ab:6f:63:2a:2a:1a:da:72:c6:33:b2:b5:
         45:d7:c6:2c:56:6e:16:b7:0b:09:e6:fa:f7:42:65:e3:57:7d:
         54:d6:88:08:96:97:ef:b1:1b:6c:2a:0b:9f:11:06:db:65:8a:
         a0:87:02:19:da:55:14:d5:33:b6:73:81:e9:13:79:68:80:f3:
         19:ed:61:70:c8:f6:2e:e6:22:8d:01:01:ca:3a:45:1e:47:95:
         c7:c4:c6:9b:a7:e8:c4:a1:fa:1c:99:72:48:00:8e:4b:27:97:
         92:8a:72:a9:73:a5:ae:6a:31:86:0d:7e:40:b5:49:51:e8:9d:
         6b:e5:e1:a2:d5:cf:92:13:90:db:0b:51:c0:af:69:f6:5d:34:
         3e:24:df:b9:0c:16:78:ab:fa:45:fe:90:e0:d1:a5:47:8f:28:
         17:ab:9e:e1:85:48:c2:aa:68:bc:68:16:48:66:d2:33:c6:88:
         d5:0e:97:2f:8f:8d:63:72:f9:45:6a:06:48:9a:2f:1b:ae:cd:
         4b:7a:88:6c
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIEByofrzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YzIwMjY2M2RlODUyYzcwNjBmZGVhMDI5OGI0OTBkNWVkY2MwZjI0MB4XDTIyMDEw
MTA3NTkzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjE2OTFiYjYyNWFm
YWE1N2ZjOWZhYzJiZjkzNGM3YjM4OGE0OTY2YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAObUVY2Uh9FG6fNSyzOFOkBN2YL36mVbkln1bxdzw+p14roj
e4qwWIs9/K5uqgR6giD0G28T3oeSgTE04XO1UWWYIgk8RkRrPH/CB4JISQL7u3DY
/iX4uC/XnjNml7THNhDb8/M8X/epj5U51v9zhLA/QIZ0nYGgvf7OClqO/24ni8jj
TKZWSpHxx/dOCu+7d7iRQnkLv/9LXlArF/VSyICY281Fslt6W2/o2NknuIr6L07+
3e+zT6yiAuwqrqWA9qXA2PFmWhzRzOEQJkZHRhrhv6T6BbuPNwB23g7/wSZhSJzd
xNPyetG5340cdoV0dKH1GQfCMt2krV0KiZStPQkCAwEAAaOCAlIwggJOMB0GA1Ud
DgQWBBSxaRu2Ja+qV/yfrCv5NMeziKSWazAfBgNVHSMEGDAWgBQMICZj3oUscGD9
6gKYtJDV7cwPJDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RDQW1ZOTZGTEhCZ19lb0NtTFNRMWUzTUR5US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvMDkxMGU2LWMwNzQtNDBkMC1iNzg5LWExNzgwNDQzOTg5NS8x
L3NXa2J0aVd2cWxmOG42d3ItVFRIczRpa2xtcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
MDkxMGU2LWMwNzQtNDBkMC1iNzg5LWExNzgwNDQzOTg5NS8xL0RDQW1ZOTZGTEhC
Z19lb0NtTFNRMWUzTUR5US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBo
BggrBgEFBQcBBwEB/wRZMFcwKgQCAAEwJAMEArB94AMEA7IXmAMEArkT8AMEArnk
FAMEBcMcwAMEAtWtMDApBAIAAjAjAwUAKgIh6AMFAyoJJgADBQMqDOYAAwUDKgzp
wAMFAyoN0EAwDQYJKoZIhvcNAQELBQADggEBALrgG+OFN9zFIB/j2tVVWlNa8joY
wsgBSMVEpgaak8c3j8g5PhV3CytVRgEN5oyLAQtZ3n7xhA8YI44Gt6tvYyoqGtpy
xjOytUXXxixWbha3Cwnm+vdCZeNXfVTWiAiWl++xG2wqC58RBttliqCHAhnaVRTV
M7ZzgekTeWiA8xntYXDI9i7mIo0BAco6RR5HlcfExpun6MSh+hyZckgAjksnl5KK
cqlzpa5qMYYNfkC1SVHonWvl4aLVz5ITkNsLUcCvafZdND4k37kMFnir+kX+kODR
pUePKBernuGFSMKqaLxoFkhm0jPGiNUOly+PjWNy+UVqBkiaLxuuzUt6iGw=
-----END CERTIFICATE-----