Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PCpibrqqk4050Y97zRRup1zjkjw.roa
File:                     PCpibrqqk4050Y97zRRup1zjkjw.roa (raw, json)
Hash identifier:          M6A9RqdM8OU9yZot4GFmFqSnjVxZrYy+5AVT0p3fcI8=
Subject key identifier:   3C:2A:62:6E:BA:AA:93:8D:39:D1:8F:7B:CD:14:6E:A7:5C:E3:92:3C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0184BDDC476AEB1F1CA0177EB23E64609B7B
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PCpibrqqk4050Y97zRRup1zjkjw.roa
Signing time:             Mon 28 Nov 2022 10:50:40 +0000
ROA not before:           Mon 28 Nov 2022 10:50:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397373
IP address blocks:        104.249.24.0/24 maxlen: 24
                          216.173.83.0/24 maxlen: 24
                          104.249.28.0/24 maxlen: 24
                          104.249.27.0/24 maxlen: 24
                          104.249.26.0/24 maxlen: 24
                          104.249.32.0/22 maxlen: 22
                          104.143.228.0/24 maxlen: 24
                          216.173.101.0/24 maxlen: 24
                          104.249.56.0/22 maxlen: 22
                          104.143.253.0/24 maxlen: 24
                          45.43.128.0/21 maxlen: 21
                          45.43.128.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:bd:dc:47:6a:eb:1f:1c:a0:17:7e:b2:3e:64:60:9b:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov 28 10:50:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3c2a626ebaaa938d39d18f7bcd146ea75ce3923c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:76:c2:ec:4b:8a:d0:14:21:7d:92:fa:7e:15:
                    5b:95:82:d2:06:52:f9:d1:60:a1:17:40:47:a9:c0:
                    a9:ed:50:50:12:d0:68:a8:34:78:67:3f:63:2d:de:
                    d8:6c:29:be:bf:15:17:6a:0d:23:a3:bb:cb:14:8d:
                    1d:a5:d3:f2:4c:7b:00:c6:a9:88:26:3f:6d:2b:17:
                    18:ea:12:ab:d2:23:2e:45:6e:89:09:09:19:e6:e9:
                    a1:07:92:3f:f5:50:b7:df:30:df:d6:85:fe:6b:ff:
                    25:16:ae:63:f5:be:79:00:99:fd:0e:19:1a:01:14:
                    77:8e:d5:e0:c3:25:79:58:d5:da:ba:7e:b1:1e:f9:
                    63:99:3e:3f:e9:d7:ec:a7:d1:05:a1:b5:f0:c4:c1:
                    ae:b3:7e:cb:c0:1f:a3:88:cc:43:72:ab:d3:e2:20:
                    d4:8b:03:64:42:23:a4:9f:62:6e:69:c0:86:0c:3e:
                    65:f6:b6:22:25:77:3a:3b:03:ec:72:30:80:34:42:
                    bf:9e:4a:09:40:95:79:b7:01:b0:54:07:09:ae:0a:
                    86:2d:3b:2b:76:6f:86:82:27:e3:ef:95:c7:99:cd:
                    70:f0:19:1d:69:4a:58:83:99:96:c3:53:78:19:89:
                    aa:b1:aa:ec:e1:e5:a1:e2:bd:f9:1e:30:e8:24:8a:
                    0a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:2A:62:6E:BA:AA:93:8D:39:D1:8F:7B:CD:14:6E:A7:5C:E3:92:3C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PCpibrqqk4050Y97zRRup1zjkjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.128.0/21
                  104.143.228.0/24
                  104.143.253.0/24
                  104.249.24.0/24
                  104.249.26.0-104.249.28.255
                  104.249.32.0/22
                  104.249.56.0/22
                  216.173.83.0/24
                  216.173.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e8:bb:71:27:e9:d3:ae:cd:51:46:37:e6:e4:87:02:6a:0c:
         cc:de:10:8c:be:6b:97:0c:00:1d:30:80:61:c2:9c:d9:24:f3:
         54:7a:dc:5f:54:0a:ee:43:8c:36:f6:cc:13:e6:14:40:87:8a:
         ad:16:36:54:92:5f:a9:33:84:a2:4d:2a:47:5a:0f:78:46:dc:
         78:83:05:b7:a4:0e:be:27:c8:74:cb:b3:8a:5b:36:70:97:4a:
         7e:c5:85:f1:63:90:5c:9f:91:e4:7a:48:db:4e:e0:74:28:ab:
         05:de:4b:b5:1a:2c:d2:89:e6:5f:cb:0d:03:f2:d4:05:15:2a:
         98:18:89:70:64:38:58:46:59:b2:cd:51:70:e0:62:58:b7:c0:
         0d:3b:c1:79:df:39:e9:d4:73:d1:47:f4:ca:35:1e:5b:73:dd:
         fc:80:0d:82:ae:d7:82:0f:bc:2f:e5:e5:13:00:1a:75:49:31:
         e8:50:a7:ee:42:bc:3a:a8:68:18:99:e4:66:94:e3:d7:ae:31:
         31:07:3a:24:a1:66:04:d6:14:7e:16:45:10:0a:9d:90:29:bc:
         2a:8f:be:e0:76:7a:6f:e3:ad:7c:ab:31:68:00:ba:c0:65:f3:
         36:69:b0:f7:0c:f7:3b:bd:6c:75:41:f2:18:58:46:c9:e3:b0:
         90:3c:96:cb
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYS93Edq6x8coBd+sj5kYJt7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMTI4MTA1MDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzJhNjI2ZWJhYWE5MzhkMzlkMThmN2JjZDE0NmVhNzVjZTM5MjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXbC7EuK0BQhfZL6fhVblYLSBlL5
0WChF0BHqcCp7VBQEtBoqDR4Zz9jLd7YbCm+vxUXag0jo7vLFI0dpdPyTHsAxqmI
Jj9tKxcY6hKr0iMuRW6JCQkZ5umhB5I/9VC33zDf1oX+a/8lFq5j9b55AJn9Dhka
ARR3jtXgwyV5WNXaun6xHvljmT4/6dfsp9EFobXwxMGus37LwB+jiMxDcqvT4iDU
iwNkQiOkn2JuacCGDD5l9rYiJXc6OwPscjCANEK/nkoJQJV5twGwVAcJrgqGLTsr
dm+Ggifj75XHmc1w8BkdaUpYg5mWw1N4GYmqsars4eWh4r35HjDoJIoKaQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDwqYm66qpONOdGPe80Ubqdc45I8MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvUENwaWJycXFrNDA1MFk5N3pSUnVwMXpqa2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQDLSuAAwQA
aI/kAwQAaI/9AwQAaPkYMAwDBAFo+RoDBABo+RwDBAJo+SADBAJo+TgDBADYrVMD
BADYrWUwDQYJKoZIhvcNAQELBQADggEBAHrou3En6dOuzVFGN+bkhwJqDMzeEIy+
a5cMAB0wgGHCnNkk81R63F9UCu5DjDb2zBPmFECHiq0WNlSSX6kzhKJNKkdaD3hG
3HiDBbekDr4nyHTLs4pbNnCXSn7FhfFjkFyfkeR6SNtO4HQoqwXeS7UaLNKJ5l/L
DQPy1AUVKpgYiXBkOFhGWbLNUXDgYli3wA07wXnfOenUc9FH9Mo1Hltz3fyADYKu
14IPvC/l5RMAGnVJMehQp+5CvDqoaBiZ5GaU49euMTEHOiShZgTWFH4WRRAKnZAp
vCqPvuB2em/jrXyrMWgAusBl8zZpsPcM9zu9bHVB8hhYRsnjsJA8lss=
-----END CERTIFICATE-----