Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jS7Cw9NYkihm_zv83BWb-pZ1Obs.roa
File:                     jS7Cw9NYkihm_zv83BWb-pZ1Obs.roa (raw, json)
Hash identifier:          gKmIFHaN8JCpz2eHgQQCPr63K53GjFo3gGWTYUcQHGU=
Subject key identifier:   8D:2E:C2:C3:D3:58:92:28:66:FF:3B:FC:DC:15:9B:FA:96:75:39:BB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0183AC6131FDE7D246C74CF19703191715E7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jS7Cw9NYkihm_zv83BWb-pZ1Obs.roa
Signing time:             Thu 06 Oct 2022 08:19:54 +0000
ROA not before:           Thu 06 Oct 2022 08:19:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a10:cc42:1000::/36 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ac:61:31:fd:e7:d2:46:c7:4c:f1:97:03:19:17:15:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct  6 08:19:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8d2ec2c3d358922866ff3bfcdc159bfa967539bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:cf:61:05:a1:c5:22:28:15:92:f8:b8:14:07:
                    84:0a:fd:51:c0:01:88:e9:24:6f:a8:38:bb:c4:a8:
                    4b:60:dc:77:5b:14:7a:cf:a5:a2:06:c5:f7:86:57:
                    dc:48:f9:f8:83:08:92:a9:52:4c:c5:23:e8:df:0e:
                    69:06:a2:6c:ec:57:a5:21:eb:6e:44:c6:0a:6a:be:
                    e5:b6:d9:68:40:d4:60:a4:8a:f2:55:63:ad:41:bb:
                    b6:69:03:7a:da:1b:d5:13:fd:d7:97:29:1c:b7:58:
                    14:b7:d2:12:6e:53:04:b5:57:ab:d1:b2:e0:41:08:
                    c9:a2:8f:95:60:f9:d7:b5:b5:90:b7:bd:43:f5:75:
                    78:72:1c:43:82:29:5c:e3:95:81:b8:26:ac:35:e7:
                    de:c6:1a:34:ef:10:a9:76:6d:d8:93:a7:ec:30:3b:
                    4e:c1:d8:e9:a1:c9:c2:6d:96:11:af:e4:4e:fb:86:
                    f8:8a:3d:f9:95:3e:b8:57:96:4e:1f:61:ce:cc:f3:
                    bb:f8:b2:ac:b5:31:34:dd:d9:38:97:35:71:db:ad:
                    61:2f:5e:f9:b3:3e:ae:57:b9:60:5c:bc:03:1f:71:
                    38:71:a5:d9:a8:5d:cc:7c:83:76:62:d6:61:7a:64:
                    7f:7d:fc:41:91:fd:7c:0b:c4:7a:15:9b:7d:9f:10:
                    55:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:2E:C2:C3:D3:58:92:28:66:FF:3B:FC:DC:15:9B:FA:96:75:39:BB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jS7Cw9NYkihm_zv83BWb-pZ1Obs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a10:cc42:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         b7:49:1e:ca:a0:c3:77:e5:0e:2b:0e:fb:ee:7a:f3:1e:22:7b:
         9a:42:19:c8:9b:96:8a:3d:c9:8c:bd:a4:75:83:9c:c5:74:68:
         f8:43:47:31:d0:8d:a1:72:c0:5d:53:7c:db:62:eb:b3:51:6a:
         12:6b:df:b2:23:e1:cb:26:5b:0f:27:df:11:74:56:7e:6e:8c:
         39:ab:04:f3:d4:e3:b6:47:8e:0e:eb:1a:a3:dd:f7:e8:10:c2:
         09:2d:11:98:18:46:94:0d:c5:6d:fe:c3:b1:5b:14:ca:a3:67:
         fb:ad:36:a7:93:66:2b:c6:66:45:54:37:f5:2f:f4:84:93:ee:
         0f:aa:a0:7e:82:0a:16:0b:a8:e1:3e:ca:d0:ed:ae:6c:9f:39:
         50:f4:4f:c7:a3:a6:88:67:33:c6:7b:4d:91:4d:ac:b8:d4:e9:
         22:b6:90:2c:5d:2d:86:be:d5:fc:be:ed:dc:eb:da:15:0b:7a:
         6a:e8:99:da:bd:10:81:ba:4c:f0:d1:60:8f:45:0e:a2:7f:d0:
         13:3e:c2:5b:ec:06:27:89:56:d4:12:c3:9b:46:94:cc:e4:5d:
         a2:4f:f3:14:b3:8c:af:65:d2:d8:52:36:a7:2a:28:01:a0:f3:
         7a:03:a5:97:bc:2a:16:8a:be:6a:94:56:32:08:12:f9:45:57:
         ee:28:d2:56
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYOsYTH959JGx0zxlwMZFxXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMDA2MDgxOTU0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDJlYzJjM2QzNTg5MjI4NjZmZjNiZmNkYzE1OWJmYTk2NzUzOWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp89hBaHFIigVkvi4FAeECv1RwAGI
6SRvqDi7xKhLYNx3WxR6z6WiBsX3hlfcSPn4gwiSqVJMxSPo3w5pBqJs7FelIetu
RMYKar7lttloQNRgpIryVWOtQbu2aQN62hvVE/3Xlykct1gUt9ISblMEtVer0bLg
QQjJoo+VYPnXtbWQt71D9XV4chxDgilc45WBuCasNefexho07xCpdm3Yk6fsMDtO
wdjpocnCbZYRr+RO+4b4ij35lT64V5ZOH2HOzPO7+LKstTE03dk4lzVx261hL175
sz6uV7lgXLwDH3E4caXZqF3MfIN2YtZhemR/ffxBkf18C8R6FZt9nxBVhQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFI0uwsPTWJIoZv87/NwVm/qWdTm7MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvalM3Q3c5TllraWhtX3p2ODNCV2ItcFoxT2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgACMHYDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBwAqDrECAS8wEgMHBCoOsQcF
0AMHBCoOsQcF4AMHBCoOsQcJAAMHACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMH
ACoOsQcYcAMGBCoQzEIQMA0GCSqGSIb3DQEBCwUAA4IBAQC3SR7KoMN35Q4rDvvu
evMeInuaQhnIm5aKPcmMvaR1g5zFdGj4Q0cx0I2hcsBdU3zbYuuzUWoSa9+yI+HL
JlsPJ98RdFZ+bow5qwTz1OO2R44O6xqj3ffoEMIJLRGYGEaUDcVt/sOxWxTKo2f7
rTank2YrxmZFVDf1L/SEk+4PqqB+ggoWC6jhPsrQ7a5snzlQ9E/Ho6aIZzPGe02R
Tay41OkitpAsXS2GvtX8vu3c69oVC3pq6JnavRCBukzw0WCPRQ6if9ATPsJb7AYn
iVbUEsObRpTM5F2iT/MUs4yvZdLYUjanKigBoPN6A6WXvCoWir5qlFYyCBL5RVfu
KNJW
-----END CERTIFICATE-----