Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/i7qd-Xc2BtD6sooDPY3TubRXWnA.roa
File:                     i7qd-Xc2BtD6sooDPY3TubRXWnA.roa (raw, json)
Hash identifier:          Do4m5xpMq7W3Vd9/rELtfVM0AHKtZWtaBGaZuw3VVYQ=
Subject key identifier:   8B:BA:9D:F9:77:36:06:D0:FA:B2:8A:03:3D:8D:D3:B9:B4:57:5A:70
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       01856C65F470925E7A309686DFA12411C38D
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/i7qd-Xc2BtD6sooDPY3TubRXWnA.roa
Signing time:             Sun 01 Jan 2023 08:14:59 +0000
ROA not before:           Sun 01 Jan 2023 08:14:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61431
IP address blocks:        109.196.128.0/24 maxlen: 24
                          109.196.130.0/24 maxlen: 24
                          109.196.129.0/24 maxlen: 24
                          109.196.131.0/24 maxlen: 24
                          109.196.135.0/24 maxlen: 24
                          109.196.134.0/24 maxlen: 24
                          109.196.136.0/23 maxlen: 23
                          109.196.138.0/23 maxlen: 23
                          109.196.140.0/24 maxlen: 24
                          109.196.142.0/24 maxlen: 24
                          109.196.141.0/24 maxlen: 24
                          109.196.143.0/24 maxlen: 24
                          188.68.5.0/24 maxlen: 24
                          95.181.215.0/24 maxlen: 24
                          95.181.214.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:65:f4:70:92:5e:7a:30:96:86:df:a1:24:11:c3:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 08:14:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8bba9df9773606d0fab28a033d8dd3b9b4575a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:bb:52:96:0c:05:23:81:38:7b:ee:7d:59:90:
                    ef:d7:ed:85:0b:97:6c:14:02:2c:0b:06:e6:45:96:
                    d5:e0:f9:84:ab:13:26:65:01:fe:ca:9b:51:f4:ce:
                    ed:f3:2f:40:ce:38:16:6a:3d:38:db:f5:7a:63:4a:
                    94:c8:70:41:09:c2:7d:ac:30:02:48:b6:1f:19:27:
                    a9:60:f4:42:1e:3b:37:f7:44:e3:0d:61:71:15:2f:
                    d7:1e:fd:61:c8:ed:eb:67:a6:ed:7a:8d:48:87:0d:
                    06:de:7e:8b:86:5b:21:6e:fb:1f:fd:82:97:0a:c2:
                    4c:1a:b8:a4:27:f7:02:eb:47:b4:ce:66:9c:b7:f8:
                    57:b4:4c:e7:6d:82:74:b8:f3:3a:4f:aa:d8:ee:1d:
                    03:17:fb:e3:7c:5d:4c:23:73:b3:bf:a1:73:61:ad:
                    e4:f5:68:ea:c3:6f:5d:2c:02:8c:8a:2c:ce:d2:75:
                    1a:61:f1:a7:ef:e8:6d:15:cd:9a:cf:fd:97:f1:28:
                    9e:db:6d:3e:61:6b:83:e0:4f:75:10:89:e3:4c:ef:
                    81:e1:f0:4d:90:45:61:89:6d:9f:e5:73:ff:26:d2:
                    b4:6a:17:93:39:73:18:0b:35:1b:f3:52:9f:40:98:
                    0a:6b:65:e6:ad:31:df:71:1e:73:ca:bc:88:ac:24:
                    bf:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:BA:9D:F9:77:36:06:D0:FA:B2:8A:03:3D:8D:D3:B9:B4:57:5A:70
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/i7qd-Xc2BtD6sooDPY3TubRXWnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.214.0/23
                  109.196.128.0/22
                  109.196.134.0-109.196.143.255
                  188.68.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:2e:3c:80:22:16:fb:56:2b:23:9f:e7:a3:00:82:2e:c5:ef:
         48:9d:51:96:fe:b3:32:ee:87:30:b5:6e:9a:ad:7a:17:3e:a2:
         df:8b:71:da:03:57:1a:0f:57:90:bc:18:b3:e9:9d:ac:c9:11:
         b6:db:2f:26:e1:d3:59:ae:47:92:d9:71:64:6b:fd:65:84:4a:
         02:95:09:a2:cf:2b:03:cb:0c:af:0b:b9:c1:63:c2:9d:f9:3e:
         da:ba:30:12:da:c3:c0:ae:98:8d:cb:f9:98:8b:c3:2e:be:a6:
         c2:c2:18:46:33:ec:53:a8:26:06:95:1d:51:82:21:b3:4d:1c:
         29:cb:b1:14:13:94:2a:40:8f:7b:35:03:ac:37:3a:58:7f:ce:
         17:a9:a8:85:0e:a9:75:5b:ef:75:fe:c5:a1:44:0d:d3:1c:64:
         1c:92:63:5a:e0:9d:d9:d8:1d:e6:90:e2:5d:55:f4:c1:3a:02:
         24:72:0d:53:a1:42:b8:e7:d0:88:31:4b:4e:d7:6d:71:cb:a6:
         12:ee:c9:eb:ca:99:51:75:34:5c:9a:72:76:ef:82:b9:ac:a9:
         b4:e3:1e:e7:2b:ce:bd:52:66:fd:4b:fe:50:58:0f:e6:fd:bb:
         dd:8c:4a:62:cb:fd:81:de:b6:15:75:26:43:bb:7f:ac:d3:d6:
         ed:65:7c:2e
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVsZfRwkl56MJaG36EkEcONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjMwMTAxMDgxNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmJhOWRmOTc3MzYwNmQwZmFiMjhhMDMzZDhkZDNiOWI0NTc1YTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbtSlgwFI4E4e+59WZDv1+2FC5ds
FAIsCwbmRZbV4PmEqxMmZQH+yptR9M7t8y9AzjgWaj042/V6Y0qUyHBBCcJ9rDAC
SLYfGSepYPRCHjs390TjDWFxFS/XHv1hyO3rZ6bteo1Ihw0G3n6Lhlshbvsf/YKX
CsJMGrikJ/cC60e0zmact/hXtEznbYJ0uPM6T6rY7h0DF/vjfF1MI3Ozv6FzYa3k
9Wjqw29dLAKMiizO0nUaYfGn7+htFc2az/2X8Sie220+YWuD4E91EInjTO+B4fBN
kEVhiW2f5XP/JtK0aheTOXMYCzUb81KfQJgKa2XmrTHfcR5zyryIrCS/EQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIu6nfl3NgbQ+rKKAz2N07m0V1pwMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvaTdxZC1YYzJCdEQ2c29vRFBZM1R1YlJYV25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBX7XWAwQC
bcSAMAwDBAFtxIYDBARtxIADBAC8RAUwDQYJKoZIhvcNAQELBQADggEBAEsuPIAi
FvtWKyOf56MAgi7F70idUZb+szLuhzC1bpqtehc+ot+LcdoDVxoPV5C8GLPpnazJ
EbbbLybh01muR5LZcWRr/WWESgKVCaLPKwPLDK8LucFjwp35Ptq6MBLaw8CumI3L
+ZiLwy6+psLCGEYz7FOoJgaVHVGCIbNNHCnLsRQTlCpAj3s1A6w3Olh/zhepqIUO
qXVb73X+xaFEDdMcZBySY1rgndnYHeaQ4l1V9ME6AiRyDVOhQrjn0IgxS07XbXHL
phLuyevKmVF1NFyacnbvgrmsqbTjHucrzr1SZv1L/lBYD+b9u92MSmLL/YHethV1
JkO7f6zT1u1lfC4=
-----END CERTIFICATE-----