Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/O7zrrqgk4d-7rBxBCzY-4sH-S6s.roa
File:                     O7zrrqgk4d-7rBxBCzY-4sH-S6s.roa (raw, json)
Hash identifier:          BrNrLI21XDxupdVK03O0PEyKxCZTcyiKBqI0/+wI7Xw=
Subject key identifier:   3B:BC:EB:AE:A8:24:E1:DF:BB:AC:1C:41:0B:36:3E:E2:C1:FE:4B:AB
Certificate issuer:       /CN=6f10d8e1564e40312c9ddf21ba2aa03ba559ead6
Certificate serial:       0A9E3236
Authority key identifier: 6F:10:D8:E1:56:4E:40:31:2C:9D:DF:21:BA:2A:A0:3B:A5:59:EA:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bxDY4VZOQDEsnd8huiqgO6VZ6tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/O7zrrqgk4d-7rBxBCzY-4sH-S6s.roa
Signing time:             Sat 01 Jan 2022 08:01:33 +0000
ROA not before:           Sat 01 Jan 2022 08:01:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     64476
IP address blocks:        185.253.168.0/22 maxlen: 22
                          185.253.168.0/24 maxlen: 24
                          85.190.64.0/20 maxlen: 20
                          185.161.168.0/22 maxlen: 22
                          185.231.8.0/22 maxlen: 24
                          85.190.84.0/22 maxlen: 22
                          85.190.80.0/22 maxlen: 22
                          85.190.81.0/24 maxlen: 24
                          85.190.79.0/24 maxlen: 24
                          85.190.88.0/21 maxlen: 21
                          2a0a:e800::/32 maxlen: 32
                          2a0a:e806::/32 maxlen: 32
                          2a0a:e804::/32 maxlen: 32
                          2a0a:e805:300::/40 maxlen: 40
                          2a0a:e805:400::/40 maxlen: 40
                          2a0a:e805:100::/40 maxlen: 40
                          2a0a:e805:500::/40 maxlen: 40
                          2a0a:e805::/32 maxlen: 32
                          2a0a:e803::/32 maxlen: 32
                          2a0a:e807::/32 maxlen: 32
                          2a0a:e801::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 178139702 (0xa9e3236)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f10d8e1564e40312c9ddf21ba2aa03ba559ead6
        Validity
            Not Before: Jan  1 08:01:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3bbcebaea824e1dfbbac1c410b363ee2c1fe4bab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:03:a4:56:52:e3:14:02:2c:52:a5:27:be:6b:
                    6d:a1:d5:36:c8:16:88:1b:53:e3:64:a6:20:7b:6a:
                    97:02:b4:f0:5d:73:1f:e1:86:c4:e1:94:04:18:6a:
                    53:50:c2:9a:27:14:02:3b:e2:11:9c:fe:d8:2d:68:
                    09:aa:e5:5e:e8:44:6c:10:52:f6:41:d1:aa:35:65:
                    6f:ac:89:ed:39:80:eb:95:88:61:54:49:de:b6:81:
                    03:76:2a:a7:fd:b7:20:a0:6c:db:a7:b7:74:7a:f1:
                    e1:79:19:06:7d:3b:39:03:66:5f:6f:c0:ee:74:a6:
                    3a:53:51:cd:b1:ef:a0:4a:6c:ee:dc:5e:ae:7b:82:
                    8b:fa:62:63:48:12:82:3c:d9:57:54:20:fb:0c:0e:
                    10:47:6c:ba:c5:87:e0:23:ac:8c:3f:ea:70:f3:4e:
                    6e:2b:aa:48:f8:0a:e0:c6:27:ac:74:ef:d0:d5:c7:
                    97:a8:42:f8:3a:50:a2:37:a9:73:72:6c:00:1e:6d:
                    6f:f6:09:d8:f8:8a:ac:34:ce:f9:c6:1c:90:3a:5f:
                    e8:dc:21:90:7c:61:77:75:a9:c7:00:d2:24:f5:d5:
                    68:df:7d:4c:28:85:05:bd:6c:1e:ee:51:d5:aa:42:
                    23:c9:84:58:b5:5e:05:1e:8e:d9:49:00:3f:ed:49:
                    44:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:BC:EB:AE:A8:24:E1:DF:BB:AC:1C:41:0B:36:3E:E2:C1:FE:4B:AB
            X509v3 Authority Key Identifier:
                keyid:6F:10:D8:E1:56:4E:40:31:2C:9D:DF:21:BA:2A:A0:3B:A5:59:EA:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bxDY4VZOQDEsnd8huiqgO6VZ6tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/O7zrrqgk4d-7rBxBCzY-4sH-S6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/bxDY4VZOQDEsnd8huiqgO6VZ6tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.190.64.0/19
                  185.161.168.0/22
                  185.231.8.0/22
                  185.253.168.0/22
                IPv6:
                  2a0a:e800::/31
                  2a0a:e803::-2a0a:e807:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         44:51:6a:e5:50:3c:cc:be:52:31:fe:c9:d4:05:db:f6:e1:2e:
         20:58:ef:3e:9c:56:99:97:9c:1f:31:0e:ec:b3:62:94:52:7c:
         aa:22:ce:c4:db:87:76:2e:86:af:f1:da:54:d2:f6:b1:da:18:
         26:13:b8:cc:c8:da:8f:ca:5f:85:0d:c1:31:9d:33:9b:1e:26:
         5b:9c:15:66:2c:82:db:d7:94:fa:ce:78:f9:a4:2c:98:f2:17:
         ea:60:71:a6:d8:14:9f:31:c3:45:64:25:4b:db:8b:37:c5:cf:
         3d:d2:d6:05:30:46:4d:a5:23:3b:2c:d9:3b:7b:e8:d7:97:d1:
         a4:16:fe:3d:f9:f8:e5:12:c0:7c:1f:28:84:71:85:d1:95:fd:
         9c:9d:44:4b:60:04:a9:e3:32:5c:59:0e:a8:43:24:68:f7:3f:
         04:9d:dd:c5:40:70:76:12:6b:14:ea:9f:81:ac:e9:58:55:4f:
         78:99:2e:f3:66:63:4f:4a:b6:08:d2:d7:f6:3f:e0:94:6e:c5:
         7c:00:38:5e:49:e3:85:ea:15:94:a0:3f:7a:49:7e:84:48:2f:
         2a:8c:90:24:58:ea:b4:12:4b:92:30:c3:9f:d8:c2:12:76:ed:
         87:ae:c0:83:61:47:27:93:86:37:fa:5d:dd:dc:0f:84:49:78:
         48:87:e6:63
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIECp4yNjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZjEwZDhlMTU2NGU0MDMxMmM5ZGRmMjFiYTJhYTAzYmE1NTllYWQ2MB4XDTIyMDEw
MTA4MDEzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2JiY2ViYWVhODI0
ZTFkZmJiYWMxYzQxMGIzNjNlZTJjMWZlNGJhYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOkDpFZS4xQCLFKlJ75rbaHVNsgWiBtT42SmIHtqlwK08F1z
H+GGxOGUBBhqU1DCmicUAjviEZz+2C1oCarlXuhEbBBS9kHRqjVlb6yJ7TmA65WI
YVRJ3raBA3Yqp/23IKBs26e3dHrx4XkZBn07OQNmX2/A7nSmOlNRzbHvoEps7txe
rnuCi/piY0gSgjzZV1Qg+wwOEEdsusWH4COsjD/qcPNObiuqSPgK4MYnrHTv0NXH
l6hC+DpQojepc3JsAB5tb/YJ2PiKrDTO+cYckDpf6NwhkHxhd3WpxwDSJPXVaN99
TCiFBb1sHu5R1apCI8mEWLVeBR6O2UkAP+1JREkCAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBQ7vOuuqCTh37usHEELNj7iwf5LqzAfBgNVHSMEGDAWgBRvENjhVk5AMSyd
3yG6KqA7pVnq1jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2J4RFk0VlpPUURFc25kOGh1aXFnTzZWWjZ0WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGYvY2ZkYTA1LTE5MGQtNDE0Mi1iZDRmLWI2YThmOGU4MGY3Yi8x
L083enJycWdrNGQtN3JCeEJDelktNHNILVM2cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYv
Y2ZkYTA1LTE5MGQtNDE0Mi1iZDRmLWI2YThmOGU4MGY3Yi8xL2J4RFk0VlpPUURF
c25kOGh1aXFnTzZWWjZ0WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wHgQCAAEwGAMEBVW+QAMEArmhqAMEArnnCAMEArn9
qDAdBAIAAjAXAwUBKgroADAOAwUAKgroAwMFAyoK6AAwDQYJKoZIhvcNAQELBQAD
ggEBAERRauVQPMy+UjH+ydQF2/bhLiBY7z6cVpmXnB8xDuyzYpRSfKoizsTbh3Yu
hq/x2lTS9rHaGCYTuMzI2o/KX4UNwTGdM5seJlucFWYsgtvXlPrOePmkLJjyF+pg
cabYFJ8xw0VkJUvbizfFzz3S1gUwRk2lIzss2Tt76NeX0aQW/j35+OUSwHwfKIRx
hdGV/ZydREtgBKnjMlxZDqhDJGj3PwSd3cVAcHYSaxTqn4Gs6VhVT3iZLvNmY09K
tgjS1/Y/4JRuxXwAOF5J44XqFZSgP3pJfoRILyqMkCRY6rQSS5Iww5/YwhJ27Yeu
wINhRyeThjf6Xd3cD4RJeEiH5mM=
-----END CERTIFICATE-----