Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/F3HqdSL5YYUFk7qO5OolskQR12M.roa
File:                     F3HqdSL5YYUFk7qO5OolskQR12M.roa (raw, json)
Hash identifier:          DlFaSvlJfQ1EKo63Bd7eYHgMMDrdlW0qQhNcRD5QCJg=
Subject key identifier:   17:71:EA:75:22:F9:61:85:05:93:BA:8E:E4:EA:25:B2:44:11:D7:63
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0184C90DE6495016361FE253FB3C6B4E098D
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/F3HqdSL5YYUFk7qO5OolskQR12M.roa
Signing time:             Wed 30 Nov 2022 15:00:42 +0000
ROA not before:           Wed 30 Nov 2022 15:00:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204843
IP address blocks:        5.105.130.0/24 maxlen: 24
                          5.105.96.0/24 maxlen: 24
                          5.105.30.0/24 maxlen: 24
                          5.105.31.0/24 maxlen: 24
                          5.105.38.0/24 maxlen: 24
                          5.105.33.0/24 maxlen: 24
                          5.105.32.0/24 maxlen: 24
                          5.105.39.0/24 maxlen: 24
                          5.105.184.0/24 maxlen: 24
                          5.105.200.0/24 maxlen: 24
                          5.105.215.0/24 maxlen: 24
                          5.105.7.0/24 maxlen: 24
                          5.105.226.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c9:0d:e6:49:50:16:36:1f:e2:53:fb:3c:6b:4e:09:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Nov 30 15:00:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1771ea7522f961850593ba8ee4ea25b24411d763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:89:a9:b1:d3:5f:d4:c1:ed:05:43:7a:f1:3a:
                    d6:71:a9:d3:12:c5:46:ff:3a:36:89:b6:3b:0a:47:
                    5e:e7:67:af:77:52:11:24:a7:95:8d:0c:44:f6:42:
                    41:29:32:98:ee:a1:c3:43:8e:fb:53:04:e0:b8:62:
                    2f:fe:ff:5a:0b:fd:15:de:8c:62:a1:f8:dc:a2:c5:
                    6c:9a:37:2f:75:d0:55:12:66:06:c8:36:25:60:d7:
                    0c:74:c4:63:9a:db:7e:15:02:79:e3:85:88:04:98:
                    76:65:56:c7:8f:b7:a0:03:61:4c:1f:8b:9b:fd:fb:
                    7d:31:6c:0b:4b:52:89:4e:37:69:04:84:74:32:9f:
                    c9:e8:88:fa:10:7a:9f:a4:90:97:46:66:6f:17:96:
                    19:5f:af:a1:e3:dd:cd:96:71:96:75:08:4d:16:02:
                    04:e1:4c:f3:85:c0:9a:f9:00:5e:f0:fe:4c:1c:5d:
                    fe:b2:e6:5c:08:3d:aa:ea:61:99:ee:40:33:69:4b:
                    b7:3a:d6:df:18:37:9a:cb:2a:e7:0c:e2:8a:65:7e:
                    ce:04:23:e3:7c:91:6f:38:b5:86:dd:d9:a1:96:34:
                    e5:fe:cf:82:79:12:43:41:8f:13:6a:cc:ee:4f:d9:
                    3a:ac:41:4f:a0:1a:69:04:85:a7:8f:69:ff:87:47:
                    7c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:71:EA:75:22:F9:61:85:05:93:BA:8E:E4:EA:25:B2:44:11:D7:63
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/F3HqdSL5YYUFk7qO5OolskQR12M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.7.0/24
                  5.105.30.0-5.105.33.255
                  5.105.38.0/23
                  5.105.96.0/24
                  5.105.130.0/24
                  5.105.184.0/24
                  5.105.200.0/24
                  5.105.215.0/24
                  5.105.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:37:0f:36:97:67:3b:e3:b9:a9:af:2a:d7:ae:68:f4:e2:b9:
         c7:7f:5c:dc:7f:59:1a:d0:8f:4f:42:e5:59:da:b2:b5:24:55:
         68:aa:5b:48:2d:23:62:03:ea:69:2c:03:4b:45:a7:c1:7b:9a:
         10:32:ef:ee:d5:ff:09:4d:1c:99:39:24:6b:72:5f:07:5d:ac:
         34:b7:1d:c1:91:3a:b4:03:f5:97:37:f9:73:22:c9:07:c2:50:
         9e:d5:90:06:56:59:77:61:c6:18:19:14:1d:ee:27:6d:c1:b2:
         0f:02:13:1e:ea:de:ad:31:26:9f:5d:1c:c6:d8:75:32:5a:11:
         0d:5f:9c:56:ce:d8:6c:19:31:28:a0:7c:e4:d0:4d:48:23:71:
         3d:05:6a:73:42:bf:90:d6:0e:d0:e8:d9:8a:6b:4a:67:3d:8a:
         2c:6f:39:d0:d1:30:6b:b7:d1:55:f1:55:80:e7:8e:1f:30:51:
         42:6c:9d:b0:ce:ae:99:90:59:b0:4a:ee:f7:07:ed:50:36:36:
         ee:f4:8f:b5:c8:4c:0f:79:1a:f0:32:bd:15:8c:4b:73:0c:a6:
         16:98:94:a0:30:78:d5:ea:58:12:26:d6:a5:e7:59:cb:4d:85:
         37:5f:08:b4:ae:99:f4:e2:de:e5:01:24:e8:1e:25:09:6a:27:
         17:7f:48:f8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYTJDeZJUBY2H+JT+zxrTgmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjIxMTMwMTUwMDQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzcxZWE3NTIyZjk2MTg1MDU5M2JhOGVlNGVhMjViMjQ0MTFkNzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjompsdNf1MHtBUN68TrWcanTEsVG
/zo2ibY7Ckde52evd1IRJKeVjQxE9kJBKTKY7qHDQ477UwTguGIv/v9aC/0V3oxi
ofjcosVsmjcvddBVEmYGyDYlYNcMdMRjmtt+FQJ544WIBJh2ZVbHj7egA2FMH4ub
/ft9MWwLS1KJTjdpBIR0Mp/J6Ij6EHqfpJCXRmZvF5YZX6+h493NlnGWdQhNFgIE
4UzzhcCa+QBe8P5MHF3+suZcCD2q6mGZ7kAzaUu3OtbfGDeayyrnDOKKZX7OBCPj
fJFvOLWG3dmhljTl/s+CeRJDQY8TaszuT9k6rEFPoBppBIWnj2n/h0d8zQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFBdx6nUi+WGFBZO6juTqJbJEEddjMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvRjNIcWRTTDVZWVVGazdxTzVPb2xza1FSMTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABWkHMAwD
BAEFaR4DBAEFaSADBAEFaSYDBAAFaWADBAAFaYIDBAAFabgDBAAFacgDBAAFadcD
BAAFaeIwDQYJKoZIhvcNAQELBQADggEBAB03DzaXZzvjuamvKteuaPTiucd/XNx/
WRrQj09C5VnasrUkVWiqW0gtI2ID6mksA0tFp8F7mhAy7+7V/wlNHJk5JGtyXwdd
rDS3HcGROrQD9Zc3+XMiyQfCUJ7VkAZWWXdhxhgZFB3uJ23Bsg8CEx7q3q0xJp9d
HMbYdTJaEQ1fnFbO2GwZMSigfOTQTUgjcT0FanNCv5DWDtDo2YprSmc9iixvOdDR
MGu30VXxVYDnjh8wUUJsnbDOrpmQWbBK7vcH7VA2Nu70j7XITA95GvAyvRWMS3MM
phaYlKAweNXqWBIm1qXnWctNhTdfCLSumfTi3uUBJOgeJQlqJxd/SPg=
-----END CERTIFICATE-----