Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MbeN6u9hbdbXYiZcK29vU9-M4V8.roa
File:                     MbeN6u9hbdbXYiZcK29vU9-M4V8.roa (raw, json)
Hash identifier:          dDZjWBNOr9/S2ojiJo0wlMBzREbmLeu4/0rKvqr4EqY=
Subject key identifier:   31:B7:8D:EA:EF:61:6D:D6:D7:62:26:5C:2B:6F:6F:53:DF:8C:E1:5F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0183268F4DBC60595672A000805736771721
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MbeN6u9hbdbXYiZcK29vU9-M4V8.roa
Signing time:             Sat 10 Sep 2022 08:41:09 +0000
ROA not before:           Sat 10 Sep 2022 08:41:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211405
IP address blocks:        2a0e:b107:1c10::/48 maxlen: 48
                          2a0e:b107:1c15::/48 maxlen: 48
                          2a0e:b107:1c1a::/48 maxlen: 48
                          2a0e:b107:1c1f::/48 maxlen: 48
                          2a0e:b107:1c14::/48 maxlen: 48
                          2a0e:b107:1c19::/48 maxlen: 48
                          2a0e:b107:1c1e::/48 maxlen: 48
                          2a0e:b107:1c13::/48 maxlen: 48
                          2a0e:b107:1c18::/48 maxlen: 48
                          2a0e:b107:1c1d::/48 maxlen: 48
                          2a0e:b107:1c12::/48 maxlen: 48
                          2a0e:b107:1c17::/48 maxlen: 48
                          2a0e:b107:1c1c::/48 maxlen: 48
                          2a0e:b107:1c11::/48 maxlen: 48
                          2a0e:b107:1c16::/48 maxlen: 48
                          2a0e:b107:1c1b::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:26:8f:4d:bc:60:59:56:72:a0:00:80:57:36:77:17:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 10 08:41:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=31b78deaef616dd6d762265c2b6f6f53df8ce15f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:54:64:0e:18:fe:50:c2:99:9e:87:a3:39:61:
                    8e:bb:3f:17:c3:0a:97:33:81:8c:93:38:cd:6f:25:
                    43:04:05:29:00:45:20:2a:88:5d:e8:20:f8:32:4e:
                    07:93:61:4c:f5:b4:c7:d9:29:6d:9e:8e:2b:bf:bd:
                    31:91:d9:89:f3:86:3f:ac:23:84:9a:8b:b0:65:43:
                    f0:4c:c1:a2:66:da:fc:66:40:d2:9a:60:14:8b:2a:
                    72:c1:e5:a1:8b:16:a4:bb:5f:6a:c3:e0:b9:6a:69:
                    59:1e:a0:0f:93:df:fa:93:1e:86:68:8f:9e:c5:f9:
                    bb:48:b4:fd:66:30:a8:66:7a:f9:b1:01:57:10:c5:
                    97:a0:8c:24:2a:cc:66:5f:94:08:43:45:f7:c5:63:
                    50:14:4d:90:c6:33:31:a8:9f:c8:ed:60:6b:35:e7:
                    5f:f7:eb:3f:6e:02:3b:78:0f:f5:96:fc:c8:8f:eb:
                    f3:8f:ab:8d:3e:e1:9b:2d:df:c8:d6:e4:5e:65:9d:
                    09:b7:d1:10:69:32:3d:ed:44:20:85:48:0f:1e:82:
                    20:36:56:ed:e1:50:b4:2a:e4:93:f3:bb:b8:d4:6c:
                    53:e3:d5:77:dc:dc:08:b9:9c:88:b4:19:eb:75:81:
                    01:f7:6d:33:37:1d:07:33:55:1c:37:af:7c:2e:95:
                    18:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B7:8D:EA:EF:61:6D:D6:D7:62:26:5C:2B:6F:6F:53:DF:8C:E1:5F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MbeN6u9hbdbXYiZcK29vU9-M4V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1c10::/44

    Signature Algorithm: sha256WithRSAEncryption
         88:71:1b:18:ae:c8:ba:1c:9e:2c:8c:9f:ba:f8:28:89:fb:79:
         4a:ec:aa:1c:49:89:f8:38:24:ab:97:8d:1c:fc:20:b6:94:24:
         4c:d1:c5:98:d3:04:8a:22:5e:7a:9e:4a:5d:16:59:fd:b3:8a:
         26:12:e1:ce:cf:ef:a9:66:9f:bd:f2:71:2d:10:27:68:79:9d:
         71:76:a5:8b:71:c4:b5:e5:81:69:02:63:6c:44:bb:4b:4e:a9:
         fe:2a:d1:53:5c:a7:1d:9b:a5:75:73:51:bf:a0:a5:e0:3d:1d:
         75:69:af:cc:72:80:99:fb:b8:72:11:83:1e:f9:47:ee:0b:9f:
         45:88:58:61:ed:48:b2:b8:2d:28:9e:55:61:9b:ae:c8:6f:8d:
         25:94:57:ee:51:a4:5f:c6:4e:46:64:e3:a3:29:68:b7:34:d3:
         d2:75:69:b8:df:46:56:f8:76:87:f3:7e:4a:4e:2e:d2:e3:5e:
         62:fd:2e:53:3d:2d:e2:4c:17:eb:1f:75:fe:cb:22:a8:b9:96:
         22:c3:ba:01:72:39:4f:0a:7a:6e:03:3c:2d:16:dc:d9:a9:59:
         89:9e:f3:9a:59:04:6b:bf:cd:e5:e5:c6:b6:d7:72:41:cd:eb:
         0d:c4:28:ae:b4:8f:eb:3f:f0:32:22:8d:0b:c3:bc:ab:da:90:
         bb:2e:18:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYMmj028YFlWcqAAgFc2dxchMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIwOTEwMDg0MTA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI3OGRlYWVmNjE2ZGQ2ZDc2MjI2NWMyYjZmNmY1M2RmOGNlMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlRkDhj+UMKZnoejOWGOuz8XwwqX
M4GMkzjNbyVDBAUpAEUgKohd6CD4Mk4Hk2FM9bTH2Sltno4rv70xkdmJ84Y/rCOE
mouwZUPwTMGiZtr8ZkDSmmAUiypyweWhixaku19qw+C5amlZHqAPk9/6kx6GaI+e
xfm7SLT9ZjCoZnr5sQFXEMWXoIwkKsxmX5QIQ0X3xWNQFE2QxjMxqJ/I7WBrNedf
9+s/bgI7eA/1lvzIj+vzj6uNPuGbLd/I1uReZZ0Jt9EQaTI97UQghUgPHoIgNlbt
4VC0KuST87u41GxT49V33NwIuZyItBnrdYEB920zNx0HM1UcN698LpUYhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDG3jervYW3W12ImXCtvb1PfjOFfMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTWJlTjZ1OWhiZGJYWWlaY0syOXZVOS1NNFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxwQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCIcRsYrsi6HJ4sjJ+6+CiJ+3lK7KocSYn4OCSr
l40c/CC2lCRM0cWY0wSKIl56nkpdFln9s4omEuHOz++pZp+98nEtECdoeZ1xdqWL
ccS15YFpAmNsRLtLTqn+KtFTXKcdm6V1c1G/oKXgPR11aa/McoCZ+7hyEYMe+Ufu
C59FiFhh7UiyuC0onlVhm67Ib40llFfuUaRfxk5GZOOjKWi3NNPSdWm430ZW+HaH
835KTi7S415i/S5TPS3iTBfrH3X+yyKouZYiw7oBcjlPCnpuAzwtFtzZqVmJnvOa
WQRrv83l5ca213JBzesNxCiutI/rP/AyIo0Lw7yr2pC7LhhN
-----END CERTIFICATE-----