Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/tPEgpLyafUsXzr2zQ1XSw1BhtY4.roa
File:                     tPEgpLyafUsXzr2zQ1XSw1BhtY4.roa (raw, json)
Hash identifier:          8Ha5hadaeP9PapIoS6yThG0t5vwCXnZAl1U0hS3tRB8=
Subject key identifier:   B4:F1:20:A4:BC:9A:7D:4B:17:CE:BD:B3:43:55:D2:C3:50:61:B5:8E
Certificate issuer:       /CN=8f368feb9e553bdd131562584a3353b1d7555c50
Certificate serial:       0184BE8A3B2014FD9D77B72629BB375518F4
Authority key identifier: 8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/tPEgpLyafUsXzr2zQ1XSw1BhtY4.roa
Signing time:             Mon 28 Nov 2022 14:00:40 +0000
ROA not before:           Mon 28 Nov 2022 14:00:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201565
IP address blocks:        185.11.232.0/22 maxlen: 22
                          185.91.150.0/23 maxlen: 23
                          185.91.148.0/23 maxlen: 23
                          94.176.185.0/24 maxlen: 24
                          94.176.184.0/24 maxlen: 24
                          185.59.96.0/22 maxlen: 22
                          89.35.206.0/24 maxlen: 24
                          89.35.207.0/24 maxlen: 24
                          2a03:7e40:5000::/36 maxlen: 36
                          2a03:7e40:4000::/36 maxlen: 36
                          2a03:7e40:2000::/36 maxlen: 36
                          2a03:7e40:3000::/36 maxlen: 36
                          2a03:7e40:1000::/36 maxlen: 36
                          2a03:7e40::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:be:8a:3b:20:14:fd:9d:77:b7:26:29:bb:37:55:18:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f368feb9e553bdd131562584a3353b1d7555c50
        Validity
            Not Before: Nov 28 14:00:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b4f120a4bc9a7d4b17cebdb34355d2c35061b58e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:75:49:09:6b:b3:26:73:7f:a5:a1:3f:cd:eb:
                    93:ef:ed:0b:6e:45:0e:e5:82:b5:0a:09:0f:6b:02:
                    77:4a:3e:de:a1:b9:43:bd:46:a7:e3:39:91:8b:21:
                    de:ea:89:c9:7c:8d:42:07:56:cc:20:85:15:8a:14:
                    17:15:16:a9:ab:98:a3:96:05:c0:d2:8d:89:b5:bd:
                    fb:ca:38:13:8f:3a:88:e8:7f:0a:11:c6:8b:d7:83:
                    8b:93:2b:83:35:9a:0e:c4:07:5f:06:78:98:d6:71:
                    df:00:d2:18:0a:0a:ef:69:1e:2d:e5:df:2a:3d:7c:
                    0a:06:1c:60:f0:bb:b8:70:23:c9:05:7f:2a:cb:9f:
                    b9:ab:ce:8a:7a:d6:27:e0:69:89:c8:8f:4f:52:15:
                    06:53:e8:df:6e:28:c8:69:a6:7e:94:b2:46:43:ba:
                    c6:18:dd:b9:35:6d:57:cb:30:5f:34:f1:38:8b:96:
                    e7:22:5a:30:3e:d7:84:93:7a:b9:f1:4d:a0:d9:c1:
                    bd:c8:e9:b4:19:12:50:53:a6:24:38:96:46:e2:33:
                    84:f2:51:5e:01:f9:ed:9e:bb:41:f3:df:85:33:75:
                    9a:b5:ab:43:a0:31:33:be:59:92:3c:52:3c:00:0e:
                    d7:57:3c:c5:62:4c:a4:25:90:f5:a7:e0:df:35:04:
                    79:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F1:20:A4:BC:9A:7D:4B:17:CE:BD:B3:43:55:D2:C3:50:61:B5:8E
            X509v3 Authority Key Identifier:
                keyid:8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/tPEgpLyafUsXzr2zQ1XSw1BhtY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.206.0/23
                  94.176.184.0/23
                  185.11.232.0/22
                  185.59.96.0/22
                  185.91.148.0/22
                IPv6:
                  2a03:7e40::-2a03:7e40:5fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2f:ee:6c:d7:d6:ef:ac:66:54:7a:37:f6:a4:18:70:f4:20:bd:
         fe:b7:73:75:f3:36:22:10:ea:be:44:37:11:c5:af:77:69:4b:
         d0:d6:e1:63:62:0b:d6:f6:59:8a:0c:5e:6d:68:47:9c:f5:f2:
         84:17:76:68:f3:85:53:30:e1:fc:b7:44:cd:f3:c8:46:31:88:
         73:cd:36:37:41:64:c3:e3:d3:c3:c3:ba:05:af:fa:fd:0c:2d:
         93:03:aa:15:a2:e5:e1:2a:6d:d4:1a:1e:1e:35:62:c0:2e:68:
         4a:8c:79:f8:9a:21:55:30:89:6b:39:ae:b2:70:71:f3:05:cc:
         88:bd:de:f4:d3:18:4d:13:7e:76:01:f5:d3:9e:07:76:03:65:
         4a:7e:0b:c9:e1:e1:bf:67:bd:2d:b6:83:4a:43:8f:e4:78:dc:
         ea:b8:32:ee:e5:64:75:53:3d:09:0d:db:c1:3c:dc:0b:f7:ef:
         b2:ac:f5:3b:d8:a1:6d:45:1e:21:3f:f6:12:8b:6d:05:78:c6:
         30:0f:dd:ef:51:00:45:d7:83:45:5d:03:df:7e:ea:19:ea:28:
         c6:24:57:3a:e6:27:e8:9e:23:0b:7f:e6:29:a6:fa:09:41:f6:
         1b:6f:22:85:6f:00:79:bb:9b:73:16:4e:96:f3:f0:4c:6b:0b:
         85:9b:38:6f
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYS+ijsgFP2dd7cmKbs3VRj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzY4ZmViOWU1NTNiZGQxMzE1NjI1ODRhMzM1M2IxZDc1
NTVjNTAwHhcNMjIxMTI4MTQwMDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGYxMjBhNGJjOWE3ZDRiMTdjZWJkYjM0MzU1ZDJjMzUwNjFiNThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnVJCWuzJnN/paE/zeuT7+0LbkUO
5YK1CgkPawJ3Sj7eoblDvUan4zmRiyHe6onJfI1CB1bMIIUVihQXFRapq5ijlgXA
0o2Jtb37yjgTjzqI6H8KEcaL14OLkyuDNZoOxAdfBniY1nHfANIYCgrvaR4t5d8q
PXwKBhxg8Lu4cCPJBX8qy5+5q86KetYn4GmJyI9PUhUGU+jfbijIaaZ+lLJGQ7rG
GN25NW1XyzBfNPE4i5bnIlowPteEk3q58U2g2cG9yOm0GRJQU6YkOJZG4jOE8lFe
AfntnrtB89+FM3WatatDoDEzvlmSPFI8AA7XVzzFYkykJZD1p+DfNQR5PQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFLTxIKS8mn1LF869s0NV0sNQYbWOMB8GA1UdIwQY
MBaAFI82j+ueVTvdExViWEozU7HXVVxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjct
M2VjYTdkZjJhZTU3LzEvdFBFZ3BMeWFmVXNYenIyelExWFN3MUJodFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjctM2VjYTdkZjJhZTU3
LzEvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAkBAIAATAeAwQBWSPOAwQB
XrC4AwQCuQvoAwQCuTtgAwQCuVuUMBcEAgACMBEwDwMFBioDfkADBgUqA35AQDAN
BgkqhkiG9w0BAQsFAAOCAQEAL+5s19bvrGZUejf2pBhw9CC9/rdzdfM2IhDqvkQ3
EcWvd2lL0NbhY2IL1vZZigxebWhHnPXyhBd2aPOFUzDh/LdEzfPIRjGIc802N0Fk
w+PTw8O6Ba/6/QwtkwOqFaLl4Spt1BoeHjViwC5oSox5+JohVTCJazmusnBx8wXM
iL3e9NMYTRN+dgH1054HdgNlSn4LyeHhv2e9LbaDSkOP5Hjc6rgy7uVkdVM9CQ3b
wTzcC/fvsqz1O9ihbUUeIT/2EottBXjGMA/d71EARdeDRV0D337qGeooxiRXOuYn
6J4jC3/mKab6CUH2G28ihW8AebubcxZOlvPwTGsLhZs4bw==
-----END CERTIFICATE-----