Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/yh9myJ_MFIffzHfi24sv4G4IgT8.roa
File:                     yh9myJ_MFIffzHfi24sv4G4IgT8.roa (raw, json)
Hash identifier:          wuJ4XgkNihD6t+3WesHQ4UhsmSjqLd1W0ns1G9HnyDQ=
Subject key identifier:   CA:1F:66:C8:9F:CC:14:87:DF:CC:77:E2:DB:8B:2F:E0:6E:08:81:3F
Certificate issuer:       /CN=704ab9688427073ff7e179de5af002e09f236013
Certificate serial:       018587EAAC826E4F8FE995B33D230A32BEC4
Authority key identifier: 70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/yh9myJ_MFIffzHfi24sv4G4IgT8.roa
Signing time:             Fri 06 Jan 2023 16:29:41 +0000
ROA not before:           Fri 06 Jan 2023 16:29:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52102
IP address blocks:        5.102.136.0/24 maxlen: 24
                          5.102.136.0/23 maxlen: 23
                          5.102.136.0/21 maxlen: 24
                          5.102.138.0/23 maxlen: 23
                          5.102.138.0/24 maxlen: 24
                          5.102.137.0/24 maxlen: 24
                          5.102.139.0/24 maxlen: 24
                          5.102.143.0/24 maxlen: 24
                          5.102.142.0/24 maxlen: 24
                          5.102.142.0/23 maxlen: 23
                          5.102.140.0/24 maxlen: 24
                          5.102.140.0/23 maxlen: 23
                          5.102.141.0/24 maxlen: 24
                          91.221.230.0/23 maxlen: 24
                          2a04:8880::/32 maxlen: 32
                          2a04:8881::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:87:ea:ac:82:6e:4f:8f:e9:95:b3:3d:23:0a:32:be:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=704ab9688427073ff7e179de5af002e09f236013
        Validity
            Not Before: Jan  6 16:29:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca1f66c89fcc1487dfcc77e2db8b2fe06e08813f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3d:df:45:b3:52:36:c8:73:ae:ca:93:c7:6b:
                    ab:c3:1b:e6:aa:cd:87:02:c0:35:07:8d:88:69:84:
                    62:0e:55:8f:13:ee:fa:de:3c:4c:24:d3:bf:fc:ee:
                    43:e4:94:fd:24:7c:87:66:a2:ad:1a:af:24:18:c9:
                    5c:d7:55:46:33:b0:8c:d7:0b:f4:7f:31:2f:39:c0:
                    27:02:71:d7:5e:35:fe:c5:d1:95:75:4e:5a:75:e3:
                    1c:fc:94:dc:87:7c:06:cc:2d:6d:e4:f9:8c:b5:64:
                    75:67:3d:33:4e:e9:04:96:0c:2f:24:e8:00:c4:ee:
                    54:fd:1f:d4:13:9d:28:bc:1f:e5:e0:73:0e:f7:44:
                    76:2f:13:4b:b2:2d:05:73:80:55:fa:f1:db:79:94:
                    c6:29:22:d7:d9:eb:4f:38:b4:eb:eb:32:aa:22:fa:
                    2c:df:c6:cb:b4:ef:ce:ec:15:9a:d9:f5:04:07:de:
                    87:79:f3:55:22:ef:ce:94:8c:d5:ce:f2:82:b2:af:
                    ea:0b:80:5a:54:13:dd:86:e2:95:bb:d8:11:f7:f7:
                    7f:50:4f:de:ef:a5:70:0c:5f:d2:c1:c2:fd:55:d6:
                    36:c7:db:bc:a0:9c:e6:38:44:81:30:bd:1e:f5:bc:
                    f8:8a:7a:d2:1a:f3:bf:22:fe:60:22:95:62:58:b0:
                    7e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:1F:66:C8:9F:CC:14:87:DF:CC:77:E2:DB:8B:2F:E0:6E:08:81:3F
            X509v3 Authority Key Identifier:
                keyid:70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/yh9myJ_MFIffzHfi24sv4G4IgT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/cEq5aIQnBz_34XneWvAC4J8jYBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.136.0/21
                  91.221.230.0/23
                IPv6:
                  2a04:8880::/31

    Signature Algorithm: sha256WithRSAEncryption
         5b:54:ae:e3:0c:ef:74:4e:c6:f8:c3:f6:a5:1f:08:78:a8:52:
         ef:08:17:8c:f1:77:64:82:55:55:4f:cc:ad:e6:44:63:72:4b:
         06:9c:73:c1:79:39:8e:30:83:33:6e:1e:1e:a9:0d:5a:df:05:
         dc:d5:a9:1c:2b:c1:7b:bd:0c:45:5e:18:1a:9b:32:14:fe:be:
         ef:44:9e:1f:5e:03:a0:a3:41:58:e6:cf:d8:4b:25:59:30:a0:
         85:ec:07:98:dc:91:a6:2c:26:ff:7f:08:a0:96:b8:ee:07:b5:
         27:6c:a4:28:0c:2a:08:1b:95:e3:b3:f2:82:5d:9e:2a:37:cc:
         eb:96:cf:18:d4:ae:a3:87:19:f5:5a:99:f8:4c:94:61:7b:dd:
         a3:4a:02:10:15:7d:6f:d1:03:de:03:19:43:cd:f8:90:f1:de:
         12:75:be:2b:35:0f:fa:a4:23:db:a2:17:34:9c:95:51:0b:d9:
         f5:14:e8:13:41:bd:4f:08:4e:42:f7:8a:00:b0:6d:13:f9:5a:
         c6:ba:57:f8:6a:91:fb:21:e2:f5:88:1b:99:27:37:36:e3:b3:
         28:7f:5b:9c:9c:50:75:07:e2:68:8f:60:d1:7e:17:06:fd:f9:
         5b:97:f5:00:5b:87:30:6e:9e:eb:0b:d2:94:8c:39:81:ac:46:
         12:2a:f0:18
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYWH6qyCbk+P6ZWzPSMKMr7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNGFiOTY4ODQyNzA3M2ZmN2UxNzlkZTVhZjAwMmUwOWYy
MzYwMTMwHhcNMjMwMTA2MTYyOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTFmNjZjODlmY2MxNDg3ZGZjYzc3ZTJkYjhiMmZlMDZlMDg4MTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD3fRbNSNshzrsqTx2urwxvmqs2H
AsA1B42IaYRiDlWPE+763jxMJNO//O5D5JT9JHyHZqKtGq8kGMlc11VGM7CM1wv0
fzEvOcAnAnHXXjX+xdGVdU5adeMc/JTch3wGzC1t5PmMtWR1Zz0zTukElgwvJOgA
xO5U/R/UE50ovB/l4HMO90R2LxNLsi0Fc4BV+vHbeZTGKSLX2etPOLTr6zKqIvos
38bLtO/O7BWa2fUEB96HefNVIu/OlIzVzvKCsq/qC4BaVBPdhuKVu9gR9/d/UE/e
76VwDF/SwcL9VdY2x9u8oJzmOESBML0e9bz4inrSGvO/Iv5gIpViWLB+iQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMofZsifzBSH38x34tuLL+BuCIE/MB8GA1UdIwQY
MBaAFHBKuWiEJwc/9+F53lrwAuCfI2ATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjIt
NDZhOGIxOTFhMzc0LzEveWg5bXlKX01GSWZmekhmaTI0c3Y0RzRJZ1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjItNDZhOGIxOTFhMzc0
LzEvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBWaIAwQB
W93mMA0EAgACMAcDBQEqBIiAMA0GCSqGSIb3DQEBCwUAA4IBAQBbVK7jDO90Tsb4
w/alHwh4qFLvCBeM8XdkglVVT8yt5kRjcksGnHPBeTmOMIMzbh4eqQ1a3wXc1akc
K8F7vQxFXhgamzIU/r7vRJ4fXgOgo0FY5s/YSyVZMKCF7AeY3JGmLCb/fwiglrju
B7UnbKQoDCoIG5Xjs/KCXZ4qN8zrls8Y1K6jhxn1Wpn4TJRhe92jSgIQFX1v0QPe
AxlDzfiQ8d4Sdb4rNQ/6pCPbohc0nJVRC9n1FOgTQb1PCE5C94oAsG0T+VrGulf4
apH7IeL1iBuZJzc247Mof1ucnFB1B+Joj2DRfhcG/flbl/UAW4cwbp7rC9KUjDmB
rEYSKvAY
-----END CERTIFICATE-----