Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/7247d2-0a28-4e4a-aa0c-fef41dd876c0/1/3Jw3t3z0d6rTblE45mRIN2pwwKU.roa
File:                     3Jw3t3z0d6rTblE45mRIN2pwwKU.roa (raw, json)
Hash identifier:          zJmyj69jpqWwpnU11D3Lh87Qh+U+6BNpXsMNjDauN7M=
Subject key identifier:   DC:9C:37:B7:7C:F4:77:AA:D3:6E:51:38:E6:64:48:37:6A:70:C0:A5
Certificate issuer:       /CN=1759436869089cd9c7e6d02028f24a2fe49b86d5
Certificate serial:       018A4F7FB6EC9E5CF24ADCE120B776BE1D96
Authority key identifier: 17:59:43:68:69:08:9C:D9:C7:E6:D0:20:28:F2:4A:2F:E4:9B:86:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1lDaGkInNnH5tAgKPJKL-SbhtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/7247d2-0a28-4e4a-aa0c-fef41dd876c0/1/3Jw3t3z0d6rTblE45mRIN2pwwKU.roa
Signing time:             Fri 01 Sep 2023 06:48:04 +0000
ROA not before:           Fri 01 Sep 2023 06:48:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57888
IP address blocks:        5.149.78.0/23 maxlen: 23
                          217.9.20.0/22 maxlen: 22
                          5.149.80.0/22 maxlen: 22
                          5.149.80.0/21 maxlen: 21
                          5.149.84.0/22 maxlen: 22
                          5.149.92.0/22 maxlen: 22
                          85.235.84.0/22 maxlen: 22
                          82.117.232.0/21 maxlen: 21
                          194.99.16.0/22 maxlen: 22
                          194.53.156.0/22 maxlen: 22
                          5.149.64.0/20 maxlen: 20
                          178.210.184.0/21 maxlen: 21
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4f:7f:b6:ec:9e:5c:f2:4a:dc:e1:20:b7:76:be:1d:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1759436869089cd9c7e6d02028f24a2fe49b86d5
        Validity
            Not Before: Sep  1 06:48:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc9c37b77cf477aad36e5138e66448376a70c0a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8b:e7:c6:3d:d4:62:ce:95:db:e2:6f:de:32:
                    77:e7:1b:d9:e8:c5:f8:b5:ae:77:a8:2f:84:d0:b5:
                    f1:9d:c7:62:81:26:2a:b6:ee:72:7d:08:d6:55:58:
                    f0:a4:70:2b:5f:76:41:fc:9f:ae:fc:1c:ab:df:db:
                    d3:c7:e4:f3:b0:65:33:63:4d:16:21:5e:88:f7:e5:
                    63:9c:70:e7:b1:5b:bd:ee:dd:0e:dc:3c:38:78:78:
                    03:1e:35:1c:ea:b3:5d:04:ab:44:32:b0:e5:18:0f:
                    9f:c4:2a:d1:7d:d6:d0:c1:b8:dd:5b:98:06:05:5a:
                    3c:fa:84:f8:10:b2:56:d3:d5:96:21:ab:48:7d:66:
                    da:27:24:be:be:15:e2:95:39:b6:69:44:80:2b:d4:
                    db:d9:05:79:ef:d5:40:7f:2b:d6:b5:88:d7:8d:d5:
                    f2:ca:a6:96:42:3b:ac:2e:7b:25:3f:92:38:2f:71:
                    75:c9:ca:66:87:bc:ca:85:4d:09:1a:fb:5e:65:ee:
                    f8:50:02:e3:97:aa:25:cd:5f:18:f4:99:56:c7:22:
                    48:8d:13:b2:7e:3b:ba:b6:c1:76:8b:d3:ce:01:a3:
                    f5:af:d0:68:6f:64:bd:65:28:f2:72:94:38:c3:ff:
                    42:75:d2:8e:72:9d:b4:39:46:78:75:99:83:77:ef:
                    d3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:9C:37:B7:7C:F4:77:AA:D3:6E:51:38:E6:64:48:37:6A:70:C0:A5
            X509v3 Authority Key Identifier:
                keyid:17:59:43:68:69:08:9C:D9:C7:E6:D0:20:28:F2:4A:2F:E4:9B:86:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1lDaGkInNnH5tAgKPJKL-SbhtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/7247d2-0a28-4e4a-aa0c-fef41dd876c0/1/3Jw3t3z0d6rTblE45mRIN2pwwKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/7247d2-0a28-4e4a-aa0c-fef41dd876c0/1/F1lDaGkInNnH5tAgKPJKL-SbhtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.64.0-5.149.87.255
                  5.149.92.0/22
                  82.117.232.0/21
                  85.235.84.0/22
                  178.210.184.0/21
                  194.53.156.0/22
                  194.99.16.0/22
                  217.9.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:fb:10:30:c3:0d:1a:c4:d6:88:fe:90:63:19:05:b7:2c:a8:
         9a:09:f5:44:16:54:dd:7c:b0:87:c1:d6:30:4d:7a:21:b0:17:
         69:79:9b:c8:7d:8f:92:9d:fd:01:cc:36:f4:ee:d5:e4:15:b9:
         ed:39:f0:cb:01:a2:65:9e:86:65:13:3b:2c:32:11:9f:1f:ec:
         81:c3:87:cc:e1:5d:d4:39:4a:bc:cc:21:9b:ff:c4:b3:c2:87:
         ea:87:da:5e:fc:16:be:f8:5b:27:72:09:20:2e:f2:b5:ae:91:
         89:53:95:b9:b5:c0:14:0e:56:7e:28:79:3e:06:78:f6:ba:de:
         20:26:4c:08:54:45:64:86:b0:73:e0:75:49:56:24:5f:99:c6:
         56:be:f3:f4:38:30:f2:ff:47:45:7a:f4:52:d1:ef:59:67:30:
         b7:72:57:e3:11:74:54:65:54:4f:cb:d6:e4:0c:a5:3e:21:5d:
         ff:28:b6:f6:df:14:3d:2e:5c:60:a1:f1:e1:70:74:e6:a8:d9:
         85:c1:ee:d9:79:32:3a:2c:81:6d:6f:15:89:52:74:2f:cb:84:
         de:4b:34:90:d2:1a:29:38:0e:5d:c1:3f:1a:74:85:ef:0c:ce:
         e7:29:89:a8:c9:9c:a1:b6:31:dd:82:d3:c2:06:ed:63:98:22:
         42:b8:f8:06
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYpPf7bsnlzyStzhILd2vh2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NTk0MzY4NjkwODljZDljN2U2ZDAyMDI4ZjI0YTJmZTQ5
Yjg2ZDUwHhcNMjMwOTAxMDY0ODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzljMzdiNzdjZjQ3N2FhZDM2ZTUxMzhlNjY0NDgzNzZhNzBjMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4vnxj3UYs6V2+Jv3jJ35xvZ6MX4
ta53qC+E0LXxncdigSYqtu5yfQjWVVjwpHArX3ZB/J+u/Byr39vTx+TzsGUzY00W
IV6I9+VjnHDnsVu97t0O3Dw4eHgDHjUc6rNdBKtEMrDlGA+fxCrRfdbQwbjdW5gG
BVo8+oT4ELJW09WWIatIfWbaJyS+vhXilTm2aUSAK9Tb2QV579VAfyvWtYjXjdXy
yqaWQjusLnslP5I4L3F1ycpmh7zKhU0JGvteZe74UALjl6olzV8Y9JlWxyJIjROy
fju6tsF2i9POAaP1r9Bob2S9ZSjycpQ4w/9CddKOcp20OUZ4dZmDd+/TyQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNycN7d89Heq025ROOZkSDdqcMClMB8GA1UdIwQY
MBaAFBdZQ2hpCJzZx+bQICjySi/km4bVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFsRGFHa0luTm5INXRBZ0tQSktMLVNiaHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS83MjQ3ZDItMGEyOC00ZTRhLWFhMGMt
ZmVmNDFkZDg3NmMwLzEvM0p3M3QzejBkNnJUYmxFNDVtUklOMnB3d0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS83MjQ3ZDItMGEyOC00ZTRhLWFhMGMtZmVmNDFkZDg3NmMw
LzEvRjFsRGFHa0luTm5INXRBZ0tQSktMLVNiaHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAYFlUAD
BAMFlVADBAIFlVwDBANSdegDBAJV61QDBAOy0rgDBALCNZwDBALCYxADBALZCRQw
DQYJKoZIhvcNAQELBQADggEBAGH7EDDDDRrE1oj+kGMZBbcsqJoJ9UQWVN18sIfB
1jBNeiGwF2l5m8h9j5Kd/QHMNvTu1eQVue058MsBomWehmUTOywyEZ8f7IHDh8zh
XdQ5SrzMIZv/xLPCh+qH2l78Fr74WydyCSAu8rWukYlTlbm1wBQOVn4oeT4GePa6
3iAmTAhURWSGsHPgdUlWJF+Zxla+8/Q4MPL/R0V69FLR71lnMLdyV+MRdFRlVE/L
1uQMpT4hXf8otvbfFD0uXGCh8eFwdOao2YXB7tl5MjosgW1vFYlSdC/LhN5LNJDS
Gik4Dl3BPxp0he8MzucpiajJnKG2Md2C08IG7WOYIkK4+AY=
-----END CERTIFICATE-----