Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/WPxB_yNGym8RK6B6MXbQS0uDzHE.roa
File:                     WPxB_yNGym8RK6B6MXbQS0uDzHE.roa (raw, json)
Hash identifier:          d7jYuLFXTC2VazQizq9+3XbtIAEml25yL7tj1hUyj9w=
Subject key identifier:   58:FC:41:FF:23:46:CA:6F:11:2B:A0:7A:31:76:D0:4B:4B:83:CC:71
Certificate issuer:       /CN=6f5c5712fbbcd832419d4c5884ae3bc3c4a16e7b
Certificate serial:       10127510
Authority key identifier: 6F:5C:57:12:FB:BC:D8:32:41:9D:4C:58:84:AE:3B:C3:C4:A1:6E:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b1xXEvu82DJBnUxYhK47w8Shbns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/WPxB_yNGym8RK6B6MXbQS0uDzHE.roa
Signing time:             Mon 30 May 2022 06:33:13 +0000
ROA not before:           Mon 30 May 2022 06:33:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38917
IP address blocks:        185.24.112.0/22 maxlen: 24
                          109.111.64.0/19 maxlen: 24
                          87.255.224.0/20 maxlen: 24
                          87.255.224.0/19 maxlen: 24
                          87.255.240.0/20 maxlen: 24
                          87.255.252.0/24 maxlen: 24
                          87.255.248.0/22 maxlen: 24
                          217.175.32.0/20 maxlen: 24
                          176.110.208.0/21 maxlen: 24
                          185.86.112.0/20 maxlen: 24
                          194.32.156.0/22 maxlen: 22
                          2a04:2cc0::/32 maxlen: 32
                          2a04:2cc3::/32 maxlen: 32
                          2a04:2cc5::/32 maxlen: 32
                          2a04:2cc6::/32 maxlen: 32
                          2a04:2cc2::/32 maxlen: 32
                          2a04:2cc1::/32 maxlen: 32
                          2a04:2cc7::/32 maxlen: 32
                          2a04:2cc4::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 269645072 (0x10127510)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5c5712fbbcd832419d4c5884ae3bc3c4a16e7b
        Validity
            Not Before: May 30 06:33:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=58fc41ff2346ca6f112ba07a3176d04b4b83cc71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fc:d6:ce:36:fc:bb:0b:9d:97:c2:93:99:b4:
                    09:d0:79:1c:6a:1e:ce:f0:0d:1f:f5:5d:72:d1:fb:
                    5f:dd:d2:f3:9b:be:bd:59:ac:fc:7c:b1:1b:b9:b8:
                    e0:d8:ec:fd:91:1a:79:4d:69:27:06:2a:0f:2d:bc:
                    7e:85:f8:0b:a3:0e:5d:b6:da:8a:e6:a3:1d:53:44:
                    ec:58:96:7f:9e:bd:0a:ed:4d:7d:43:b6:97:2b:3a:
                    c7:60:7c:9a:bc:b3:ab:6c:4d:44:f8:31:49:9a:c7:
                    67:a5:f7:de:6a:94:14:51:86:6d:0c:2f:83:02:a9:
                    d9:27:49:e7:a2:86:1f:54:28:c5:72:a1:e2:7e:c9:
                    a8:38:d2:62:d5:28:81:48:10:f1:a1:72:97:41:bf:
                    b4:95:89:55:cf:6a:c4:22:15:4f:40:80:af:c1:1d:
                    5f:30:6c:ab:a1:69:b2:b1:a2:74:07:72:4e:a0:21:
                    61:31:9b:05:8e:50:92:9c:ad:3d:ff:13:ac:43:a9:
                    ae:e5:0d:b2:53:a2:d3:bb:b7:61:32:6f:df:2c:d9:
                    fb:3a:c3:b3:32:a2:18:51:5d:90:7f:1f:3a:b3:17:
                    e0:3f:55:41:a8:d4:78:85:8b:c9:cc:11:6b:04:6a:
                    cf:76:4f:62:c8:22:bb:6a:ab:9e:2a:80:33:eb:17:
                    77:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FC:41:FF:23:46:CA:6F:11:2B:A0:7A:31:76:D0:4B:4B:83:CC:71
            X509v3 Authority Key Identifier:
                keyid:6F:5C:57:12:FB:BC:D8:32:41:9D:4C:58:84:AE:3B:C3:C4:A1:6E:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1xXEvu82DJBnUxYhK47w8Shbns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/WPxB_yNGym8RK6B6MXbQS0uDzHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/b1xXEvu82DJBnUxYhK47w8Shbns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.255.224.0/19
                  109.111.64.0/19
                  176.110.208.0/21
                  185.24.112.0/22
                  185.86.112.0/20
                  194.32.156.0/22
                  217.175.32.0/20
                IPv6:
                  2a04:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:ce:00:33:3f:29:63:6e:b4:13:70:20:29:75:65:e0:13:c5:
         ba:25:ea:49:52:37:2c:93:d6:c6:15:bc:a8:00:61:4a:bb:e6:
         49:de:62:5f:1b:35:dd:93:1c:d1:cd:db:b1:fd:6e:22:4e:7b:
         39:9b:ab:95:21:a6:66:d1:1b:33:d6:fa:64:16:8e:1e:34:0e:
         ba:95:29:5e:8b:ec:e2:2c:96:e4:ad:ec:83:11:47:0a:e2:93:
         0d:dc:63:78:38:a1:18:77:93:62:35:0a:8a:e0:37:ab:ee:e4:
         f1:3e:f9:29:a8:a5:17:1b:a2:a6:2a:78:5a:b2:35:03:b4:86:
         61:ec:78:d4:22:e9:02:9a:72:19:bc:51:3f:62:ae:d6:19:2a:
         ed:0d:d5:b8:ea:63:93:95:22:3c:50:b6:df:36:de:25:3a:7c:
         1f:b4:67:4d:e6:30:89:7a:52:58:90:33:1d:ff:93:f8:08:00:
         4f:d1:9e:d3:06:82:5d:8b:a4:74:aa:ac:c5:a5:eb:10:6d:93:
         a4:8f:c6:71:64:f7:99:d2:fa:6f:6d:da:6b:77:2c:58:55:79:
         b7:c1:f5:b9:13:f6:02:22:21:84:78:34:17:ae:56:92:47:dd:
         2b:68:9c:88:70:9d:f5:27:67:dc:e2:dd:fb:e0:63:25:76:a5:
         a3:d5:77:b8
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIEEBJ1EDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZjVjNTcxMmZiYmNkODMyNDE5ZDRjNTg4NGFlM2JjM2M0YTE2ZTdiMB4XDTIyMDUz
MDA2MzMxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNThmYzQxZmYyMzQ2
Y2E2ZjExMmJhMDdhMzE3NmQwNGI0YjgzY2M3MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIf81s42/LsLnZfCk5m0CdB5HGoezvANH/VdctH7X93S85u+
vVms/HyxG7m44Njs/ZEaeU1pJwYqDy28foX4C6MOXbbaiuajHVNE7FiWf569Cu1N
fUO2lys6x2B8mryzq2xNRPgxSZrHZ6X33mqUFFGGbQwvgwKp2SdJ56KGH1QoxXKh
4n7JqDjSYtUogUgQ8aFyl0G/tJWJVc9qxCIVT0CAr8EdXzBsq6FpsrGidAdyTqAh
YTGbBY5QkpytPf8TrEOpruUNslOi07u3YTJv3yzZ+zrDszKiGFFdkH8fOrMX4D9V
QajUeIWLycwRawRqz3ZPYsgiu2qrniqAM+sXd1ECAwEAAaOCAjwwggI4MB0GA1Ud
DgQWBBRY/EH/I0bKbxEroHoxdtBLS4PMcTAfBgNVHSMEGDAWgBRvXFcS+7zYMkGd
TFiErjvDxKFuezAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2IxeFhFdnU4MkRKQm5VeFloSzQ3dzhTaGJucy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDkvYjQwM2NjLTRlNmMtNGZlOS04M2ExLTc1NTA1MjlkODQ3YS8x
L1dQeEJfeU5HeW04Uks2QjZNWGJRUzB1RHpIRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDkv
YjQwM2NjLTRlNmMtNGZlOS04M2ExLTc1NTA1MjlkODQ3YS8xL2IxeFhFdnU4MkRK
Qm5VeFloSzQ3dzhTaGJucy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBS
BggrBgEFBQcBBwEB/wRDMEEwMAQCAAEwKgMEBVf/4AMEBW1vQAMEA7Bu0AMEArkY
cAMEBLlWcAMEAsIgnAMEBNmvIDANBAIAAjAHAwUDKgQswDANBgkqhkiG9w0BAQsF
AAOCAQEAM84AMz8pY260E3AgKXVl4BPFuiXqSVI3LJPWxhW8qABhSrvmSd5iXxs1
3ZMc0c3bsf1uIk57OZurlSGmZtEbM9b6ZBaOHjQOupUpXovs4iyW5K3sgxFHCuKT
DdxjeDihGHeTYjUKiuA3q+7k8T75KailFxuipip4WrI1A7SGYex41CLpAppyGbxR
P2Ku1hkq7Q3VuOpjk5UiPFC23zbeJTp8H7RnTeYwiXpSWJAzHf+T+AgAT9Ge0waC
XYukdKqsxaXrEG2TpI/GcWT3mdL6b23aa3csWFV5t8H1uRP2AiIhhHg0F65Wkkfd
K2iciHCd9Sdn3OLd++BjJXalo9V3uA==
-----END CERTIFICATE-----