Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/D2OPWG1BUoZ0ffnJx2SUA0C-W0M.roa
File:                     D2OPWG1BUoZ0ffnJx2SUA0C-W0M.roa (raw, json)
Hash identifier:          u3bbSHwOFGSGLmea998CAgMA+nkSeJaGswfMSzc8/Dw=
Subject key identifier:   0F:63:8F:58:6D:41:52:86:74:7D:F9:C9:C7:64:94:03:40:BE:5B:43
Certificate issuer:       /CN=586936266e980dd203b2cbeb1c9c4570604b911b
Certificate serial:       01856D01C4E0121B181C4D48BF1C7EEB75D0
Authority key identifier: 58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/D2OPWG1BUoZ0ffnJx2SUA0C-W0M.roa
Signing time:             Sun 01 Jan 2023 11:05:10 +0000
ROA not before:           Sun 01 Jan 2023 11:05:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49628
IP address blocks:        185.46.176.0/22 maxlen: 22
                          193.176.215.0/24 maxlen: 24
                          78.40.106.0/24 maxlen: 24
                          78.40.107.0/24 maxlen: 24
                          193.176.214.0/24 maxlen: 24
                          5.187.9.0/24 maxlen: 24
                          5.187.10.0/24 maxlen: 24
                          5.187.8.0/21 maxlen: 21
                          193.176.212.0/24 maxlen: 24
                          78.40.104.0/24 maxlen: 24
                          193.176.212.0/22 maxlen: 22
                          78.40.104.0/22 maxlen: 22
                          193.176.213.0/24 maxlen: 24
                          78.40.105.0/24 maxlen: 24
                          185.168.224.0/24 maxlen: 24
                          185.168.224.0/22 maxlen: 22
                          185.168.225.0/24 maxlen: 24
                          185.168.226.0/24 maxlen: 24
                          185.168.227.0/24 maxlen: 24
                          37.75.128.0/21 maxlen: 21
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:01:c4:e0:12:1b:18:1c:4d:48:bf:1c:7e:eb:75:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586936266e980dd203b2cbeb1c9c4570604b911b
        Validity
            Not Before: Jan  1 11:05:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0f638f586d415286747df9c9c764940340be5b43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8c:82:89:5a:e0:4a:c7:f8:8f:cf:48:72:11:
                    58:3c:45:95:87:d3:5b:f2:16:63:38:18:33:5d:d8:
                    85:72:29:60:1a:c3:82:1a:9d:35:f5:9b:1f:ec:df:
                    50:b4:de:eb:af:10:ba:e8:86:79:34:86:0b:0f:df:
                    18:43:19:fb:5a:99:fd:79:11:0f:9e:b7:72:6e:4c:
                    13:cb:77:42:f2:06:c7:2c:07:d5:a6:58:06:b6:d1:
                    89:f1:1a:fd:4e:64:55:77:60:41:00:13:b5:fc:77:
                    5d:cf:97:e0:ac:21:44:fa:f9:89:11:b7:ef:96:04:
                    8a:d1:14:40:f5:8b:ac:b7:11:96:74:ed:59:4f:c1:
                    42:d5:b1:47:10:a7:68:38:02:70:12:ab:eb:07:73:
                    2a:f7:0c:81:49:33:fa:4e:53:cb:bc:74:d3:82:12:
                    2a:70:0e:9a:d5:a1:fa:9e:51:95:26:c6:5e:aa:d6:
                    d3:ef:37:86:f0:ed:b4:ae:d3:d2:10:4b:5c:52:0c:
                    6c:4b:df:eb:1b:35:3d:f1:44:6d:6c:6f:bb:6e:89:
                    39:ba:2a:2a:0e:d2:52:e0:f7:30:e5:fe:cb:58:7d:
                    3c:39:d2:6c:6a:44:c1:49:35:6c:2d:ab:b5:b8:b7:
                    6a:f8:89:1d:68:b3:0a:60:20:ae:15:4c:97:21:a7:
                    d2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:63:8F:58:6D:41:52:86:74:7D:F9:C9:C7:64:94:03:40:BE:5B:43
            X509v3 Authority Key Identifier:
                keyid:58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/D2OPWG1BUoZ0ffnJx2SUA0C-W0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.187.8.0/21
                  37.75.128.0/21
                  78.40.104.0/22
                  185.46.176.0/22
                  185.168.224.0/22
                  193.176.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:59:d2:4a:18:46:5b:ed:9a:91:8a:5b:bd:28:12:48:3d:28:
         43:34:86:07:81:48:6a:47:8b:2f:4f:cd:a7:8f:d9:5c:56:e3:
         6e:f5:c1:e6:ed:6d:d8:1d:14:ff:32:ab:e6:83:42:2d:a6:6b:
         ce:09:75:61:ee:8b:d4:bc:d9:b6:1b:40:2a:c4:5a:8e:7a:e9:
         52:00:ec:55:af:93:eb:dd:30:92:8a:ad:6c:8c:d3:e2:c1:5c:
         76:f3:39:6f:8b:21:01:5f:12:75:14:e8:d9:00:6b:7f:e5:10:
         98:d4:20:9b:78:0c:af:64:55:34:7c:44:c3:15:11:cf:59:27:
         26:49:ae:e4:79:80:0e:53:2b:fe:b8:4c:61:11:d1:f4:f3:94:
         9d:b7:54:59:70:23:dc:8a:ec:0f:37:66:3b:fd:3a:e7:7e:69:
         29:7c:0c:b7:3d:e8:a3:39:66:6f:10:a0:d7:a5:74:99:3d:7c:
         c8:d8:c6:b3:2b:c3:06:fd:bf:90:cc:59:96:b0:8e:79:12:5e:
         11:e2:c3:e4:61:6c:c3:1f:e6:c7:62:a3:6e:7b:ad:a2:4b:66:
         a2:04:0c:1e:a6:1f:88:7f:4b:89:45:32:11:94:75:5c:ab:db:
         38:89:27:23:27:39:12:c9:23:3f:c2:2d:6c:c8:23:f0:5e:74:
         12:aa:8d:aa
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYVtAcTgEhsYHE1Ivxx+63XQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjkzNjI2NmU5ODBkZDIwM2IyY2JlYjFjOWM0NTcwNjA0
YjkxMWIwHhcNMjMwMTAxMTEwNTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjYzOGY1ODZkNDE1Mjg2NzQ3ZGY5YzljNzY0OTQwMzQwYmU1YjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYyCiVrgSsf4j89IchFYPEWVh9Nb
8hZjOBgzXdiFcilgGsOCGp019Zsf7N9QtN7rrxC66IZ5NIYLD98YQxn7Wpn9eREP
nrdybkwTy3dC8gbHLAfVplgGttGJ8Rr9TmRVd2BBABO1/Hddz5fgrCFE+vmJEbfv
lgSK0RRA9YustxGWdO1ZT8FC1bFHEKdoOAJwEqvrB3Mq9wyBSTP6TlPLvHTTghIq
cA6a1aH6nlGVJsZeqtbT7zeG8O20rtPSEEtcUgxsS9/rGzU98URtbG+7bok5uioq
DtJS4Pcw5f7LWH08OdJsakTBSTVsLau1uLdq+IkdaLMKYCCuFUyXIafSoQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFA9jj1htQVKGdH35ycdklANAvltDMB8GA1UdIwQY
MBaAFFhpNiZumA3SA7LL6xycRXBgS5EbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEt
N2RhMTgzZWZmMTE1LzEvRDJPUFdHMUJVb1owZmZuSngyU1VBMEMtVzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEtN2RhMTgzZWZmMTE1
LzEvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDBbsIAwQD
JUuAAwQCTihoAwQCuS6wAwQCuajgAwQCwbDUMA0GCSqGSIb3DQEBCwUAA4IBAQCW
WdJKGEZb7ZqRilu9KBJIPShDNIYHgUhqR4svT82nj9lcVuNu9cHm7W3YHRT/Mqvm
g0ItpmvOCXVh7ovUvNm2G0AqxFqOeulSAOxVr5Pr3TCSiq1sjNPiwVx28zlviyEB
XxJ1FOjZAGt/5RCY1CCbeAyvZFU0fETDFRHPWScmSa7keYAOUyv+uExhEdH085Sd
t1RZcCPciuwPN2Y7/TrnfmkpfAy3PeijOWZvEKDXpXSZPXzI2MazK8MG/b+QzFmW
sI55El4R4sPkYWzDH+bHYqNue62iS2aiBAweph+If0uJRTIRlHVcq9s4iScjJzkS
ySM/wi1syCPwXnQSqo2q
-----END CERTIFICATE-----