Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hI71URi1tZoa-ibBDIBMoJtosGU.roa
File:                     hI71URi1tZoa-ibBDIBMoJtosGU.roa (raw, json)
Hash identifier:          cuuhIeUBctXAIFOK/1+UVekvjYRgHB8HOZgEmTKQFZM=
Subject key identifier:   84:8E:F5:51:18:B5:B5:9A:1A:FA:26:C1:0C:80:4C:A0:9B:68:B0:65
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0184382132317B22E8F95258C2B5CD340CB1
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hI71URi1tZoa-ibBDIBMoJtosGU.roa
Signing time:             Wed 02 Nov 2022 11:36:50 +0000
ROA not before:           Wed 02 Nov 2022 11:36:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44477
IP address blocks:        185.231.205.0/24 maxlen: 24
                          185.231.207.0/24 maxlen: 24
                          193.57.138.0/24 maxlen: 24
                          93.185.166.0/24 maxlen: 24
                          45.87.154.0/24 maxlen: 24
                          45.8.145.0/24 maxlen: 24
                          45.8.144.0/24 maxlen: 24
                          45.84.0.0/24 maxlen: 24
                          194.4.51.0/24 maxlen: 24
                          194.4.49.0/24 maxlen: 24
                          45.159.250.0/24 maxlen: 24
                          45.159.248.0/24 maxlen: 24
                          45.67.35.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:38:21:32:31:7b:22:e8:f9:52:58:c2:b5:cd:34:0c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Nov  2 11:36:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=848ef55118b5b59a1afa26c10c804ca09b68b065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:9b:a4:9d:45:98:d7:e2:e9:e2:7b:bd:3e:d8:
                    e1:ae:e3:97:6a:a5:01:28:67:29:de:33:39:79:97:
                    f2:5c:d6:2d:a5:2f:50:1b:6a:13:13:b6:93:25:a4:
                    c3:8a:05:a0:b1:ed:75:0e:6b:e9:ee:76:99:c4:9e:
                    76:54:02:52:6f:b0:08:bb:b6:6a:3d:44:1b:ff:a2:
                    2e:89:c2:eb:81:3a:fd:32:29:38:ba:0d:a2:6f:a1:
                    d5:ea:17:53:dd:4a:b7:f3:a6:b4:63:e5:a8:3e:66:
                    3f:93:1b:66:91:67:be:fe:a0:0e:0d:c5:75:b9:33:
                    64:f9:94:c6:fa:50:01:9a:c8:f5:62:f2:c5:71:e1:
                    b3:d3:7a:bc:06:d2:cb:ff:a7:8b:e7:73:89:d4:d9:
                    ab:aa:d8:41:3e:45:fb:23:2c:78:d2:a3:57:27:0e:
                    a1:02:5d:77:40:60:e5:45:e3:dc:73:ab:45:4e:7f:
                    b5:a1:1f:47:99:d7:43:4d:e7:3b:5a:9c:7c:55:33:
                    20:36:ea:c1:e1:d2:8d:b2:c0:5a:15:a0:0c:16:86:
                    e3:f1:81:55:f5:bb:2f:67:0b:50:43:0f:64:f9:d8:
                    c7:18:96:e0:71:f1:2a:d5:70:15:c5:a8:bc:d0:b0:
                    be:aa:0d:26:59:ae:eb:56:73:dd:cb:e2:42:48:b3:
                    4e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8E:F5:51:18:B5:B5:9A:1A:FA:26:C1:0C:80:4C:A0:9B:68:B0:65
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hI71URi1tZoa-ibBDIBMoJtosGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.144.0/23
                  45.67.35.0/24
                  45.84.0.0/24
                  45.87.154.0/24
                  45.159.248.0/24
                  45.159.250.0/24
                  93.185.166.0/24
                  185.231.205.0/24
                  185.231.207.0/24
                  193.57.138.0/24
                  194.4.49.0/24
                  194.4.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:0f:a8:1d:de:48:79:fa:3d:23:04:b6:58:ad:08:76:b4:f2:
         4b:0a:da:b7:91:f0:81:4a:35:a9:ab:aa:b3:7f:1b:be:a2:e1:
         93:b1:96:49:e8:96:70:bf:d9:2d:53:a9:17:71:d0:0c:55:e0:
         a3:8d:6a:2f:65:87:aa:e7:da:50:a1:72:74:50:4e:80:d9:f2:
         e5:8e:60:8c:49:be:ff:24:90:db:3d:72:65:d1:4b:84:81:a3:
         f3:b2:2c:07:fd:ec:7a:8c:49:87:0a:7c:78:49:6d:a7:82:40:
         a5:17:4a:e4:5a:4d:99:39:cb:75:68:4d:32:06:e0:60:c9:35:
         a0:dd:6d:6b:71:68:23:b1:d9:f7:2e:87:84:ec:b1:f4:35:15:
         c1:6d:94:5f:d8:1a:08:20:ff:52:39:5b:4d:08:fc:fa:9d:29:
         5c:e0:83:ce:18:a3:73:8c:4c:79:9d:8a:67:5b:25:fe:18:86:
         02:8d:d2:44:87:01:35:5c:d7:84:74:1b:4f:29:3c:20:4c:dd:
         b1:50:83:d0:36:60:02:ec:3c:be:c6:01:6e:0e:15:09:ae:06:
         34:44:5e:30:dd:39:65:1d:73:2b:9b:86:95:19:81:92:bf:7c:
         63:07:5f:8e:de:6c:fd:07:02:89:6a:b4:29:c6:d5:a2:e6:86:
         71:12:d8:18
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYQ4ITIxeyLo+VJYwrXNNAyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjIxMTAyMTEzNjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhlZjU1MTE4YjViNTlhMWFmYTI2YzEwYzgwNGNhMDliNjhiMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9puknUWY1+Lp4nu9PtjhruOXaqUB
KGcp3jM5eZfyXNYtpS9QG2oTE7aTJaTDigWgse11Dmvp7naZxJ52VAJSb7AIu7Zq
PUQb/6IuicLrgTr9Mik4ug2ib6HV6hdT3Uq386a0Y+WoPmY/kxtmkWe+/qAODcV1
uTNk+ZTG+lABmsj1YvLFceGz03q8BtLL/6eL53OJ1NmrqthBPkX7Iyx40qNXJw6h
Al13QGDlRePcc6tFTn+1oR9HmddDTec7Wpx8VTMgNurB4dKNssBaFaAMFobj8YFV
9bsvZwtQQw9k+djHGJbgcfEq1XAVxai80LC+qg0mWa7rVnPdy+JCSLNOHQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFISO9VEYtbWaGvomwQyATKCbaLBlMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvaEk3MVVSaTF0Wm9hLWliQkRJQk1vSnRvc0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBLQiQAwQA
LUMjAwQALVQAAwQALVeaAwQALZ/4AwQALZ/6AwQAXbmmAwQAuefNAwQAuefPAwQA
wTmKAwQAwgQxAwQAwgQzMA0GCSqGSIb3DQEBCwUAA4IBAQCuD6gd3kh5+j0jBLZY
rQh2tPJLCtq3kfCBSjWpq6qzfxu+ouGTsZZJ6JZwv9ktU6kXcdAMVeCjjWovZYeq
59pQoXJ0UE6A2fLljmCMSb7/JJDbPXJl0UuEgaPzsiwH/ex6jEmHCnx4SW2ngkCl
F0rkWk2ZOct1aE0yBuBgyTWg3W1rcWgjsdn3LoeE7LH0NRXBbZRf2BoIIP9SOVtN
CPz6nSlc4IPOGKNzjEx5nYpnWyX+GIYCjdJEhwE1XNeEdBtPKTwgTN2xUIPQNmAC
7Dy+xgFuDhUJrgY0RF4w3TllHXMrm4aVGYGSv3xjB1+O3mz9BwKJarQpxtWi5oZx
EtgY
-----END CERTIFICATE-----