Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NWGl06wQkrZX05DlsaLV9S6kTPc.roa
File:                     NWGl06wQkrZX05DlsaLV9S6kTPc.roa (raw, json)
Hash identifier:          nNy7y2pqZtTFwh/JOOTnsEhK37P8OKq91TPh5SJNvVA=
Subject key identifier:   35:61:A5:D3:AC:10:92:B6:57:D3:90:E5:B1:A2:D5:F5:2E:A4:4C:F7
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0183B182F6C5694C9EA608545767D9F67E17
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NWGl06wQkrZX05DlsaLV9S6kTPc.roa
Signing time:             Fri 07 Oct 2022 08:14:53 +0000
ROA not before:           Fri 07 Oct 2022 08:14:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6453
IP address blocks:        176.236.0.0/16 maxlen: 24
                          85.153.128.0/17 maxlen: 24
                          212.252.0.0/15 maxlen: 24
                          91.93.0.0/16 maxlen: 24
                          195.33.192.0/18 maxlen: 24
                          213.254.128.0/19 maxlen: 24
                          213.74.0.0/16 maxlen: 24
                          176.88.0.0/16 maxlen: 24
                          84.51.0.0/18 maxlen: 24
                          217.131.0.0/16 maxlen: 24
                          213.14.207.0/24 maxlen: 24
                          176.232.0.0/14 maxlen: 24
                          213.14.0.0/16 maxlen: 24
                          2a01:730::/32 maxlen: 48
                          2a01:188::/32 maxlen: 48
                          2a03:3c0::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b1:82:f6:c5:69:4c:9e:a6:08:54:57:67:d9:f6:7e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Oct  7 08:14:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3561a5d3ac1092b657d390e5b1a2d5f52ea44cf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4e:e4:ab:28:c3:6d:b8:8f:eb:35:d1:cc:69:
                    15:1d:fb:11:e3:2f:00:d2:cc:0c:01:81:a6:5a:f2:
                    cc:43:25:36:03:7b:42:c6:9e:f4:c1:b1:be:45:87:
                    7e:3e:31:79:32:9f:9e:40:c2:ff:64:85:ef:18:a0:
                    40:f1:23:53:6b:3e:b3:39:97:cd:c6:5b:49:f9:4f:
                    1f:38:37:e2:aa:e5:5b:e3:c2:4f:b0:cd:b1:4f:c7:
                    33:8b:46:b3:5b:02:d0:2f:ae:23:68:d9:9e:40:45:
                    b9:0d:2c:f7:bd:15:0b:3a:70:62:bc:40:e3:07:66:
                    cf:f8:82:e2:49:62:12:e7:26:37:a6:2c:ff:23:5b:
                    22:fa:5e:83:1c:dd:f4:25:a8:4f:ef:43:f5:00:13:
                    24:5d:5c:18:8a:22:b8:5d:81:b3:1c:21:55:72:b1:
                    0e:0e:d2:ca:17:dc:c8:86:9e:fd:32:ae:ed:d7:24:
                    19:ca:0c:11:f0:25:45:c6:e5:7a:db:4a:ab:f8:31:
                    3a:a1:2e:97:0f:cb:45:2d:36:78:69:ff:2e:73:20:
                    c4:b3:a4:a4:e3:bd:5f:56:93:9c:67:8f:bc:16:04:
                    f4:8b:59:6a:6d:05:46:c8:ce:2b:b4:35:3c:98:bd:
                    95:a7:d4:48:ca:b9:2d:23:b9:0a:a4:40:ec:b5:7c:
                    48:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:61:A5:D3:AC:10:92:B6:57:D3:90:E5:B1:A2:D5:F5:2E:A4:4C:F7
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NWGl06wQkrZX05DlsaLV9S6kTPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.51.0.0/18
                  85.153.128.0/17
                  91.93.0.0/16
                  176.88.0.0/16
                  176.232.0.0-176.236.255.255
                  195.33.192.0/18
                  212.252.0.0/15
                  213.14.0.0/16
                  213.74.0.0/16
                  213.254.128.0/19
                  217.131.0.0/16
                IPv6:
                  2a01:188::/32
                  2a01:730::/32
                  2a03:3c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:b9:c6:11:6b:62:62:d2:b4:19:c4:cb:6f:54:d8:13:da:31:
         05:8c:db:a9:1a:2d:bb:08:ce:cf:cb:8a:b3:82:de:b2:2d:f2:
         d4:4e:da:5a:03:94:b6:59:68:d8:2b:a7:45:db:b6:e0:87:a5:
         34:2b:b2:2d:4c:81:af:62:d3:b7:ce:5a:a8:9f:7e:4e:06:f1:
         e0:25:cd:c7:e3:8b:76:ae:b5:70:69:bf:b6:93:e6:80:28:44:
         a6:b0:fd:a7:d0:d2:94:e2:48:41:a4:5d:8e:7e:bc:ec:80:43:
         32:4d:5b:1b:27:99:71:61:0d:52:b2:67:88:1a:76:8f:25:9a:
         3d:f3:83:00:d1:76:98:3f:16:73:7b:83:ca:5a:3f:59:1d:fe:
         b1:30:de:ba:33:b1:69:98:32:7d:b6:dc:d0:f6:78:ad:93:8f:
         35:3c:e4:cd:db:5f:32:cb:07:76:07:bf:aa:d4:38:c4:1c:7c:
         69:25:9d:de:f3:35:fa:05:1a:31:cf:6b:e6:8e:7a:d6:f9:66:
         34:f9:20:45:52:75:49:b5:b9:16:ff:c0:72:82:fc:68:47:ca:
         e6:ea:89:4a:52:58:f6:f6:bb:21:ac:71:87:8b:5b:69:e6:92:
         af:64:4c:32:52:29:9c:2d:5b:26:8e:84:84:53:5a:9b:02:ce:
         33:b4:eb:63
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYOxgvbFaUyepghUV2fZ9n4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjIxMDA3MDgxNDUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTYxYTVkM2FjMTA5MmI2NTdkMzkwZTViMWEyZDVmNTJlYTQ0Y2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU7kqyjDbbiP6zXRzGkVHfsR4y8A
0swMAYGmWvLMQyU2A3tCxp70wbG+RYd+PjF5Mp+eQML/ZIXvGKBA8SNTaz6zOZfN
xltJ+U8fODfiquVb48JPsM2xT8czi0azWwLQL64jaNmeQEW5DSz3vRULOnBivEDj
B2bP+ILiSWIS5yY3piz/I1si+l6DHN30JahP70P1ABMkXVwYiiK4XYGzHCFVcrEO
DtLKF9zIhp79Mq7t1yQZygwR8CVFxuV620qr+DE6oS6XD8tFLTZ4af8ucyDEs6Sk
471fVpOcZ4+8FgT0i1lqbQVGyM4rtDU8mL2Vp9RIyrktI7kKpEDstXxIaQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFDVhpdOsEJK2V9OQ5bGi1fUupEz3MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTldHbDA2d1FrclpYMDVEbHNhTFY5UzZrVFBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBIBAIAATBCAwQGVDMAAwQH
VZmAAwMAW10DAwCwWDAKAwMDsOgDAwCw7AMEBsMhwAMDAdT8AwMA1Q4DAwDVSgME
BdX+gAMDANmDMBsEAgACMBUDBQAqAQGIAwUAKgEHMAMFACoDA8AwDQYJKoZIhvcN
AQELBQADggEBABK5xhFrYmLStBnEy29U2BPaMQWM26kaLbsIzs/LirOC3rIt8tRO
2loDlLZZaNgrp0XbtuCHpTQrsi1Mga9i07fOWqiffk4G8eAlzcfji3autXBpv7aT
5oAoRKaw/afQ0pTiSEGkXY5+vOyAQzJNWxsnmXFhDVKyZ4gado8lmj3zgwDRdpg/
FnN7g8paP1kd/rEw3rozsWmYMn223ND2eK2TjzU85M3bXzLLB3YHv6rUOMQcfGkl
nd7zNfoFGjHPa+aOetb5ZjT5IEVSdUm1uRb/wHKC/GhHyubqiUpSWPb2uyGscYeL
W2nmkq9kTDJSKZwtWyaOhIRTWpsCzjO062M=
-----END CERTIFICATE-----