Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/h7lRONVU0KLUx1aQhGcqnyse5JY.roa
File:                     h7lRONVU0KLUx1aQhGcqnyse5JY.roa (raw, json)
Hash identifier:          IdkEm4gvBspNW3aXzTlSNoclUNh1Ls3vl1v5XE0piMk=
Subject key identifier:   87:B9:51:38:D5:54:D0:A2:D4:C7:56:90:84:67:2A:9F:2B:1E:E4:96
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       13306B10
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/h7lRONVU0KLUx1aQhGcqnyse5JY.roa
Signing time:             Sun 27 Mar 2022 19:26:39 +0000
ROA not before:           Sun 27 Mar 2022 19:26:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a10:cc42:1000::/36 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 321940240 (0x13306b10)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 27 19:26:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=87b95138d554d0a2d4c7569084672a9f2b1ee496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:79:02:34:11:ca:98:2a:33:22:0e:8f:bc:09:
                    d1:05:29:53:e8:ed:6a:db:37:66:8f:d5:95:6b:d4:
                    cf:33:57:47:a6:c8:0e:b5:04:07:25:96:88:3b:07:
                    eb:81:e9:fd:79:df:08:f7:6b:c1:88:d2:b3:e1:a3:
                    96:fc:c6:a5:d9:5f:77:f4:63:43:70:a8:f0:e9:f9:
                    13:3f:17:0b:7a:b7:2f:33:69:6c:7e:da:01:1c:d0:
                    59:e5:4d:8c:4a:70:40:2e:3d:96:34:a4:8f:86:97:
                    1a:89:ca:99:26:5e:b1:b1:35:84:88:54:cd:d6:8a:
                    e6:f4:2e:68:93:7d:43:5e:e6:10:87:15:c6:28:65:
                    c2:6f:b0:ed:af:a4:64:1f:19:d5:22:0f:a3:45:d3:
                    c6:15:7d:22:13:3f:63:e8:65:b3:50:a3:38:6b:19:
                    33:1b:f7:96:82:1b:22:22:43:c9:7e:2e:4b:44:60:
                    8e:8e:f2:5e:0a:80:fc:b8:a8:0f:39:57:7a:9a:1f:
                    b4:63:e6:13:66:b5:56:36:aa:fc:2b:5d:d8:53:5b:
                    b7:e8:14:73:ba:e5:b2:ab:b1:ad:8e:ce:9b:6f:1e:
                    50:d9:a3:62:10:f9:85:c6:73:97:fc:ed:3e:55:0a:
                    e8:38:51:11:89:08:4d:14:ce:35:45:ec:ea:41:b2:
                    06:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B9:51:38:D5:54:D0:A2:D4:C7:56:90:84:67:2A:9F:2B:1E:E4:96
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/h7lRONVU0KLUx1aQhGcqnyse5JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a10:cc42:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1b:7b:16:29:e1:89:f1:52:c2:fb:c5:78:ee:36:3c:ce:2e:a2:
         fe:77:06:83:c7:ec:0d:19:a5:39:3b:90:43:87:c1:27:82:d0:
         d2:4b:a8:29:b0:79:41:04:ee:44:f3:ec:9c:19:e9:fc:9f:f6:
         a9:73:44:fb:d6:0e:bf:12:cd:7a:37:cc:4e:7a:a9:30:89:e4:
         e5:d4:d9:00:79:6a:09:b9:0d:e4:0c:c1:ad:d4:94:dc:8f:1c:
         68:b2:8a:09:99:89:80:e1:ee:90:d4:5f:20:ba:6f:5c:ae:30:
         cf:95:82:a3:38:42:93:c9:32:fa:28:7b:34:b0:9a:82:66:e7:
         a5:dc:1a:ac:0a:85:31:5a:93:70:4f:a1:ae:6e:df:fe:28:3e:
         38:27:1c:d8:75:96:08:a6:b3:d4:aa:0f:38:1a:35:6b:45:33:
         8b:5a:a2:b1:7b:46:ff:e0:57:57:f6:8c:59:86:e6:f2:54:9b:
         55:de:bb:f2:3d:95:78:ed:1a:96:20:dc:54:3f:4f:d3:c4:46:
         b6:b2:cc:70:67:e6:e5:1b:d6:1b:8b:24:e9:c0:17:e1:93:6b:
         2b:6b:0e:ba:b1:f7:ff:4b:7c:3b:dc:39:f1:27:c4:8a:0d:f3:
         d0:e1:20:86:c3:d0:2a:36:a3:de:74:85:9e:48:8c:4b:0a:00:
         52:3b:fb:a0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIEEzBrEDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDMy
NzE5MjYzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODdiOTUxMzhkNTU0
ZDBhMmQ0Yzc1NjkwODQ2NzJhOWYyYjFlZTQ5NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMl5AjQRypgqMyIOj7wJ0QUpU+jtats3Zo/VlWvUzzNXR6bI
DrUEByWWiDsH64Hp/XnfCPdrwYjSs+GjlvzGpdlfd/RjQ3Co8On5Ez8XC3q3LzNp
bH7aARzQWeVNjEpwQC49ljSkj4aXGonKmSZesbE1hIhUzdaK5vQuaJN9Q17mEIcV
xihlwm+w7a+kZB8Z1SIPo0XTxhV9IhM/Y+hls1CjOGsZMxv3loIbIiJDyX4uS0Rg
jo7yXgqA/LioDzlXepoftGPmE2a1Vjaq/Ctd2FNbt+gUc7rlsquxrY7Om28eUNmj
YhD5hcZzl/ztPlUK6DhREYkITRTONUXs6kGyBvECAwEAAaOCAnswggJ3MB0GA1Ud
DgQWBBSHuVE41VTQotTHVpCEZyqfKx7kljAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L2g3bFJPTlZVMEtMVXgxYVFoR2NxbnlzZTVKWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
kAYIKwYBBQUHAQcBAf8EgYAwfjB8BAIAAjB2AwcAKg6XwAc2AwcAKg6XwAc/AwcA
Kg6XwAdQAwcAKg6XwAdvAwcAKg6xAgEvMBIDBwQqDrEHBdADBwQqDrEHBeADBwQq
DrEHCQADBwAqDrEHCfQDBwAqDrEHCfYDBwAqDrEHDfIDBwAqDrEHGHADBgQqEMxC
EDANBgkqhkiG9w0BAQsFAAOCAQEAG3sWKeGJ8VLC+8V47jY8zi6i/ncGg8fsDRml
OTuQQ4fBJ4LQ0kuoKbB5QQTuRPPsnBnp/J/2qXNE+9YOvxLNejfMTnqpMInk5dTZ
AHlqCbkN5AzBrdSU3I8caLKKCZmJgOHukNRfILpvXK4wz5WCozhCk8ky+ih7NLCa
gmbnpdwarAqFMVqTcE+hrm7f/ig+OCcc2HWWCKaz1KoPOBo1a0Uzi1qisXtG/+BX
V/aMWYbm8lSbVd678j2VeO0aliDcVD9P08RGtrLMcGfm5RvWG4sk6cAX4ZNrK2sO
urH3/0t8O9w58SfEig3z0OEghsPQKjaj3nSFnkiMSwoAUjv7oA==
-----END CERTIFICATE-----