Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/0RjnWmS4PRPsc45vESYGCcaZbo8.roa
File:                     0RjnWmS4PRPsc45vESYGCcaZbo8.roa (raw, json)
Hash identifier:          l7S25hwP6UO5OLyLlgNSySlY6damkDHtB1No4PM8Mto=
Subject key identifier:   D1:18:E7:5A:64:B8:3D:13:EC:73:8E:6F:11:26:06:09:C6:99:6E:8F
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       1D6BBF3C
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/0RjnWmS4PRPsc45vESYGCcaZbo8.roa
Signing time:             Wed 30 Mar 2022 18:14:16 +0000
ROA not before:           Wed 30 Mar 2022 18:14:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3319
IP address blocks:        195.178.144.0/21 maxlen: 21
                          195.178.152.0/22 maxlen: 22
                          212.111.220.0/24 maxlen: 24
                          212.111.222.0/24 maxlen: 24
                          212.111.221.0/24 maxlen: 24
                          212.111.223.0/24 maxlen: 24
                          77.47.244.0/22 maxlen: 22
                          77.47.152.0/24 maxlen: 24
                          77.47.154.0/24 maxlen: 24
                          77.47.153.0/24 maxlen: 24
                          77.47.155.0/24 maxlen: 24
                          77.47.182.0/24 maxlen: 24
                          77.47.181.0/24 maxlen: 24
                          77.47.183.0/24 maxlen: 24
                          77.47.180.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 493600572 (0x1d6bbf3c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar 30 18:14:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d118e75a64b83d13ec738e6f11260609c6996e8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:64:6a:20:3a:cb:e3:ee:ab:d1:a2:35:fb:8d:
                    c9:55:82:96:6e:f4:0f:52:24:12:5e:1d:e1:c0:4f:
                    8b:53:a9:ed:37:10:7f:dc:9c:e8:5a:6d:62:a1:8f:
                    19:16:34:4d:88:8e:3a:ce:45:d7:eb:fa:51:13:25:
                    5c:5a:51:07:23:89:31:14:a7:95:ff:c8:c5:f3:90:
                    86:61:b0:27:da:0b:2f:1c:8c:41:15:7b:63:26:b2:
                    e3:24:5b:05:96:4c:56:c7:57:55:8d:c3:df:1d:c6:
                    31:7a:b2:2c:42:2e:c6:9e:4e:0e:2f:b1:4e:2a:17:
                    c2:71:95:75:0e:e4:89:85:8a:72:b3:96:65:91:a4:
                    f5:34:33:16:84:44:c8:c3:26:a5:79:90:01:f1:d8:
                    39:1b:0c:e6:d4:84:a0:4a:03:fe:c6:17:e0:00:55:
                    0a:ea:42:03:31:48:d3:1d:83:9f:e0:5c:40:fa:6b:
                    7e:71:e1:dc:5f:64:7c:96:20:a4:8a:86:f1:aa:08:
                    1f:1a:d4:1c:7c:8c:9e:c8:f1:53:ec:f7:15:ea:06:
                    34:f8:8c:b3:aa:13:76:8d:b3:24:26:e4:9c:60:42:
                    57:1c:f9:38:07:7d:f4:10:ce:43:fe:a3:8e:45:80:
                    0d:53:e4:de:5a:8c:60:67:b4:11:cb:fa:31:aa:2a:
                    15:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:18:E7:5A:64:B8:3D:13:EC:73:8E:6F:11:26:06:09:C6:99:6E:8F
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/0RjnWmS4PRPsc45vESYGCcaZbo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.152.0/22
                  77.47.180.0/22
                  77.47.244.0/22
                  195.178.144.0-195.178.155.255
                  212.111.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:5f:45:a2:74:e7:d6:b8:df:85:56:d2:a6:88:ee:fe:e4:b0:
         93:75:f4:86:0c:25:33:fd:db:00:cf:81:b2:c6:3a:60:79:b3:
         0f:96:30:96:9e:ca:0e:8e:d4:90:eb:ef:96:40:ca:d9:79:8e:
         38:a1:7e:a1:ab:92:a5:6a:cb:eb:3e:1b:8b:22:e5:4e:03:6b:
         61:cc:c5:bf:c3:55:bb:b5:d8:26:82:26:05:14:67:17:e7:c8:
         56:90:55:ad:c8:e3:88:79:67:5e:f6:2e:24:83:09:34:03:5d:
         96:67:52:c6:7b:c9:2d:b3:41:6e:9c:c7:ed:85:17:1e:9d:4d:
         85:a1:17:a1:8b:7f:e2:3e:ff:03:c3:0d:28:b0:19:24:cc:65:
         ef:a2:e2:41:7b:a4:bb:54:83:42:1d:90:3d:94:2e:9e:64:d5:
         91:ba:2e:74:d3:f6:37:45:51:6b:90:7c:c4:32:c7:3f:db:72:
         72:a5:f2:85:6b:4c:57:f2:b7:0c:cd:3e:8e:07:b0:15:17:93:
         ce:3b:e7:cd:88:6c:1c:fc:c1:75:58:2b:8d:5a:cb:d8:6d:af:
         d2:b0:62:ca:16:20:d2:ed:62:40:16:45:a2:7e:ff:92:8d:f1:
         a0:ac:82:c2:b7:9f:79:c7:65:e7:7c:c6:7d:e0:10:11:c1:a4:
         5c:2c:67:2c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEHWu/PDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
OTQyNjMyNWFjYjhjZTYwOWE2ODZmYTY1NWIwNTg5Njg4MDliMzQ2MB4XDTIyMDMz
MDE4MTQxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDExOGU3NWE2NGI4
M2QxM2VjNzM4ZTZmMTEyNjA2MDljNjk5NmU4ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKdkaiA6y+Puq9GiNfuNyVWClm70D1IkEl4d4cBPi1Op7TcQ
f9yc6FptYqGPGRY0TYiOOs5F1+v6URMlXFpRByOJMRSnlf/IxfOQhmGwJ9oLLxyM
QRV7Yyay4yRbBZZMVsdXVY3D3x3GMXqyLEIuxp5ODi+xTioXwnGVdQ7kiYWKcrOW
ZZGk9TQzFoREyMMmpXmQAfHYORsM5tSEoEoD/sYX4ABVCupCAzFI0x2Dn+BcQPpr
fnHh3F9kfJYgpIqG8aoIHxrUHHyMnsjxU+z3FeoGNPiMs6oTdo2zJCbknGBCVxz5
OAd99BDOQ/6jjkWADVPk3lqMYGe0Ecv6MaoqFaMCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBTRGOdaZLg9E+xzjm8RJgYJxplujzAfBgNVHSMEGDAWgBQZQmMlrLjOYJpo
b6ZVsFiWiAmzRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dVSmpKYXk0em1DYWFHLW1WYkJZbG9nSnMwWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvOGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8x
LzBSam5XbVM0UFJQc2M0NXZFU1lHQ2NhWmJvOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
OGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8xL0dVSmpKYXk0em1D
YWFHLW1WYkJZbG9nSnMwWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJgMEAk0vmAMEAk0vtAMEAk0v9DAMAwQE
w7KQAwQCw7KYAwQC1G/cMA0GCSqGSIb3DQEBCwUAA4IBAQB6X0WidOfWuN+FVtKm
iO7+5LCTdfSGDCUz/dsAz4GyxjpgebMPljCWnsoOjtSQ6++WQMrZeY44oX6hq5Kl
asvrPhuLIuVOA2thzMW/w1W7tdgmgiYFFGcX58hWkFWtyOOIeWde9i4kgwk0A12W
Z1LGe8kts0FunMfthRcenU2FoRehi3/iPv8Dww0osBkkzGXvouJBe6S7VINCHZA9
lC6eZNWRui500/Y3RVFrkHzEMsc/23JypfKFa0xX8rcMzT6OB7AVF5POO+fNiGwc
/MF1WCuNWsvYba/SsGLKFiDS7WJAFkWifv+SjfGgrILCt595x2XnfMZ94BARwaRc
LGcs
-----END CERTIFICATE-----