Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/jqkvFGne5cdMwtZbvtUx-bvIX0A.roa
File:                     jqkvFGne5cdMwtZbvtUx-bvIX0A.roa (raw, json)
Hash identifier:          JW/xlUQsIaTTdLmrA6OYzd2C5TTvOwtauHme4TJMYWQ=
Subject key identifier:   8E:A9:2F:14:69:DE:E5:C7:4C:C2:D6:5B:BE:D5:31:F9:BB:C8:5F:40
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       1FE7C553
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/jqkvFGne5cdMwtZbvtUx-bvIX0A.roa
Signing time:             Thu 03 Feb 2022 19:38:57 +0000
ROA not before:           Thu 03 Feb 2022 19:38:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41944
IP address blocks:        185.14.92.0/24 maxlen: 24
                          185.14.93.0/24 maxlen: 24
                          43.251.161.0/24 maxlen: 24
                          43.251.160.0/24 maxlen: 24
                          176.100.37.0/24 maxlen: 24
                          176.100.36.0/24 maxlen: 24
                          176.100.38.0/24 maxlen: 24
                          37.114.33.0/24 maxlen: 24
                          37.114.42.0/24 maxlen: 24
                          37.114.43.0/24 maxlen: 24
                          37.114.48.0/24 maxlen: 24
                          37.114.50.0/24 maxlen: 24
                          37.114.49.0/24 maxlen: 24
                          37.114.51.0/24 maxlen: 24
                          37.114.55.0/24 maxlen: 24
                          37.114.63.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 535283027 (0x1fe7c553)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Feb  3 19:38:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8ea92f1469dee5c74cc2d65bbed531f9bbc85f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7f:96:f1:36:0a:86:0a:e8:32:62:48:80:c6:
                    19:58:8f:ce:94:ea:75:c8:8a:d0:f9:73:3d:2d:e9:
                    56:f2:e6:ae:16:45:54:6c:84:57:0d:1f:db:9e:8b:
                    11:c3:5f:3c:a2:1e:5b:20:3b:69:ea:cf:b4:38:1a:
                    d1:23:b7:72:8d:08:cb:80:6e:ff:96:9d:f9:56:da:
                    0a:e0:1f:40:6f:70:b8:12:a1:43:8b:12:7f:75:64:
                    97:02:f5:b6:bb:19:1a:31:39:14:58:1f:ca:aa:b4:
                    46:76:c4:53:ef:b9:b1:f1:57:e6:1b:ea:77:2e:1c:
                    36:14:43:fa:31:5d:bb:e0:37:18:c0:c4:5f:da:29:
                    7c:bf:20:7b:f2:d3:18:de:4a:e2:96:a2:56:28:56:
                    82:fe:70:e3:e0:2f:7e:81:20:ad:2c:ad:01:af:ca:
                    3b:2c:e4:14:49:4d:a0:a5:b8:81:4e:ae:b2:c7:f9:
                    bd:5a:0c:6a:d1:0e:9d:56:17:84:ab:98:c6:af:50:
                    bc:15:18:55:17:27:24:68:66:70:60:24:42:bb:6d:
                    05:f5:c0:59:cc:a8:9f:48:06:74:c9:e8:70:21:62:
                    f2:15:ff:7d:55:e5:77:21:0b:9b:0f:26:5a:17:a8:
                    8f:e8:1f:97:96:3f:4d:bc:89:6a:bf:7a:2a:a3:6f:
                    ff:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A9:2F:14:69:DE:E5:C7:4C:C2:D6:5B:BE:D5:31:F9:BB:C8:5F:40
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/jqkvFGne5cdMwtZbvtUx-bvIX0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.33.0/24
                  37.114.42.0/23
                  37.114.48.0/22
                  37.114.55.0/24
                  37.114.63.0/24
                  43.251.160.0/23
                  176.100.36.0-176.100.38.255
                  185.14.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:3d:56:b7:37:ce:0b:b7:54:9e:97:47:9f:cd:12:09:28:aa:
         aa:be:23:b8:89:35:04:98:f6:9a:e0:cb:e3:f9:70:08:f6:f6:
         82:58:94:26:ce:59:96:1a:fe:0c:b6:63:4c:ab:50:a4:51:11:
         a5:15:b2:f4:14:2e:bc:2f:d8:0b:05:40:a6:91:4b:69:db:b5:
         0a:cf:54:43:ac:f3:a1:61:df:c1:b1:fe:4b:68:da:d1:4c:02:
         6f:f5:90:ba:e9:da:09:b3:94:42:55:c3:fd:20:cc:f8:3e:d8:
         6b:b5:13:08:51:00:b3:a9:3b:87:19:75:e7:6e:1d:58:f7:db:
         5e:a1:3f:21:31:14:2e:cc:b8:dc:b8:d9:e5:a4:1d:4d:4d:76:
         2d:93:f7:cf:aa:cf:89:99:1f:07:ed:93:bb:06:68:78:93:a3:
         40:10:47:51:65:66:38:4d:f8:bb:31:d6:cb:dc:ca:a5:4d:22:
         32:07:be:63:cb:9b:05:e2:9d:46:84:d8:97:5e:f6:d1:37:b6:
         46:dd:3a:f8:58:a3:a8:49:86:09:c8:5c:43:37:60:52:30:47:
         db:90:50:10:db:08:63:06:f7:5a:c0:d3:7b:cf:2d:61:0b:4e:
         cb:3b:59:ea:70:19:71:1c:bc:30:11:19:36:59:cf:3c:08:c6:
         d1:39:c3:bc
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEH+fFUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
OTY1OTNiNzQ3ZTc2YTU2NDkyNTExYmIzNjEyZTRkNWU0Y2JlN2VjMB4XDTIyMDIw
MzE5Mzg1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGVhOTJmMTQ2OWRl
ZTVjNzRjYzJkNjViYmVkNTMxZjliYmM4NWY0MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMp/lvE2CoYK6DJiSIDGGViPzpTqdciK0PlzPS3pVvLmrhZF
VGyEVw0f256LEcNfPKIeWyA7aerPtDga0SO3co0Iy4Bu/5ad+VbaCuAfQG9wuBKh
Q4sSf3VklwL1trsZGjE5FFgfyqq0RnbEU++5sfFX5hvqdy4cNhRD+jFdu+A3GMDE
X9opfL8ge/LTGN5K4paiVihWgv5w4+AvfoEgrSytAa/KOyzkFElNoKW4gU6ussf5
vVoMatEOnVYXhKuYxq9QvBUYVRcnJGhmcGAkQrttBfXAWcyon0gGdMnocCFi8hX/
fVXldyELmw8mWheoj+gfl5Y/TbyJar96KqNv/0cCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBSOqS8Uad7lx0zC1lu+1TH5u8hfQDAfBgNVHSMEGDAWgBQpZZO3R+dqVkkl
Ebs2EuTV5Mvn7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tXV1R0MGZuYWxaSkpSRzdOaExrMWVUTDUtdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGUvYzU4YmRjLTE0ZTctNDk5Yy05ZDljLTFiN2NiYjA4ZDczZi8x
L2pxa3ZGR25lNWNkTXd0WmJ2dFV4LWJ2SVgwQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUv
YzU4YmRjLTE0ZTctNDk5Yy05ZDljLTFiN2NiYjA4ZDczZi8xL0tXV1R0MGZuYWxa
SkpSRzdOaExrMWVUTDUtdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEACVyIQMEASVyKgMEAiVyMAMEACVy
NwMEACVyPwMEASv7oDAMAwQCsGQkAwQAsGQmAwQBuQ5cMA0GCSqGSIb3DQEBCwUA
A4IBAQCCPVa3N84Lt1Sel0efzRIJKKqqviO4iTUEmPaa4Mvj+XAI9vaCWJQmzlmW
Gv4MtmNMq1CkURGlFbL0FC68L9gLBUCmkUtp27UKz1RDrPOhYd/Bsf5LaNrRTAJv
9ZC66doJs5RCVcP9IMz4PthrtRMIUQCzqTuHGXXnbh1Y99teoT8hMRQuzLjcuNnl
pB1NTXYtk/fPqs+JmR8H7ZO7Bmh4k6NAEEdRZWY4Tfi7MdbL3MqlTSIyB75jy5sF
4p1GhNiXXvbRN7ZG3Tr4WKOoSYYJyFxDN2BSMEfbkFAQ2whjBvdawNN7zy1hC07L
O1nqcBlxHLwwERk2Wc88CMbROcO8
-----END CERTIFICATE-----