Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/zDTTUqORJu-coWUafFmuXNb_tfE.roa
File:                     zDTTUqORJu-coWUafFmuXNb_tfE.roa (raw, json)
Hash identifier:          wZ3Rvp3jwuIuuNcOIahW2RlM8g/Gdil2r8rxzR6/1ko=
Subject key identifier:   CC:34:D3:52:A3:91:26:EF:9C:A1:65:1A:7C:59:AE:5C:D6:FF:B5:F1
Certificate issuer:       /CN=7b148db42f90e96447bd7f63edd8a7ccbeeaa842
Certificate serial:       01855E887C547A384D971C45F49E807DD33C
Authority key identifier: 7B:14:8D:B4:2F:90:E9:64:47:BD:7F:63:ED:D8:A7:CC:BE:EA:A8:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/exSNtC-Q6WRHvX9j7dinzL7qqEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/zDTTUqORJu-coWUafFmuXNb_tfE.roa
Signing time:             Thu 29 Dec 2022 15:38:01 +0000
ROA not before:           Thu 29 Dec 2022 15:38:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60501
IP address blocks:        185.187.62.0/24 maxlen: 24
                          193.43.208.0/24 maxlen: 24
                          194.156.180.0/22 maxlen: 22
                          185.30.64.0/22 maxlen: 22
                          185.109.24.0/22 maxlen: 22
                          185.109.24.0/24 maxlen: 24
                          185.109.25.0/24 maxlen: 24
                          185.109.26.0/24 maxlen: 24
                          185.109.27.0/24 maxlen: 24
                          2a00:ae20::/32 maxlen: 32
                          2a06:4dc0::/29 maxlen: 29
                          2a04:f440::/29 maxlen: 29
                          2a0d:cc0::/29 maxlen: 29
                          2a0f:ccc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:5e:88:7c:54:7a:38:4d:97:1c:45:f4:9e:80:7d:d3:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b148db42f90e96447bd7f63edd8a7ccbeeaa842
        Validity
            Not Before: Dec 29 15:38:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cc34d352a39126ef9ca1651a7c59ae5cd6ffb5f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1c:67:22:54:f1:b2:37:41:b8:38:56:ce:66:
                    b8:38:46:eb:3f:18:19:87:3e:80:d9:b8:a5:a3:71:
                    30:61:6e:dc:a5:73:61:ce:78:8b:37:73:9e:68:81:
                    3e:37:b5:2c:c0:d3:e7:61:59:34:12:61:b9:fe:a3:
                    2b:a0:18:f2:13:a9:dc:38:3b:c5:e2:ca:8a:7c:b1:
                    f2:95:c3:2a:a3:6c:3a:2d:aa:86:0a:ae:69:3d:84:
                    53:90:b8:51:49:86:7d:ce:76:f6:a8:5e:92:10:55:
                    08:d3:59:5b:6d:13:2f:60:14:f8:5a:85:83:d8:1a:
                    be:89:ad:3f:11:21:98:c1:83:7a:91:74:82:74:62:
                    f4:98:da:be:e3:b4:c5:f1:aa:3e:01:ce:e4:37:00:
                    7f:a4:15:c8:3b:ca:97:f4:e7:ef:f8:05:e3:e7:44:
                    28:60:3c:7b:41:bd:89:1a:a0:b6:2c:b0:48:33:c5:
                    f4:bd:53:11:01:26:41:80:e3:c6:fb:d9:f8:1c:de:
                    e2:3b:dc:43:6a:f0:77:ff:4b:71:a5:13:75:54:5b:
                    c1:de:f2:8d:e0:5e:f8:d6:a3:21:94:16:3e:27:5b:
                    d0:6c:e3:5f:da:e6:cd:b5:24:de:d5:0f:29:43:cf:
                    4e:0f:70:2a:b6:96:7d:97:5c:e2:94:7b:33:44:39:
                    c5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:34:D3:52:A3:91:26:EF:9C:A1:65:1A:7C:59:AE:5C:D6:FF:B5:F1
            X509v3 Authority Key Identifier:
                keyid:7B:14:8D:B4:2F:90:E9:64:47:BD:7F:63:ED:D8:A7:CC:BE:EA:A8:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/exSNtC-Q6WRHvX9j7dinzL7qqEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/zDTTUqORJu-coWUafFmuXNb_tfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/exSNtC-Q6WRHvX9j7dinzL7qqEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.64.0/22
                  185.109.24.0/22
                  185.187.62.0/24
                  193.43.208.0/24
                  194.156.180.0/22
                IPv6:
                  2a00:ae20::/32
                  2a04:f440::/29
                  2a06:4dc0::/29
                  2a0d:cc0::/29
                  2a0f:ccc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:f7:c5:8a:a2:e9:f9:93:e8:94:48:26:55:1f:a7:c0:af:a3:
         d3:4a:d5:a0:94:ca:5b:0f:2f:dc:bc:7b:f0:ad:3d:20:a0:e3:
         b1:86:b2:62:a2:8a:e0:e3:8f:60:30:02:a5:6c:71:f7:1a:47:
         c1:8a:b5:a5:1e:1c:e6:23:a3:24:c9:21:4e:88:f6:68:b3:9e:
         8f:96:52:05:be:8e:df:da:f3:59:dc:4d:74:7c:be:42:fb:13:
         8d:89:ee:de:1b:00:91:3f:cb:09:87:00:c8:75:f8:25:71:93:
         8a:a2:22:ab:7e:6b:2f:0c:ae:5f:bd:3e:69:02:0c:fb:d8:ed:
         74:07:f9:86:a6:cc:bf:cd:03:55:f3:31:d8:f5:60:b8:fa:eb:
         bb:fb:11:19:0a:1c:07:fe:79:82:15:4c:74:97:6d:3d:67:1f:
         5d:8b:8d:73:2b:f2:66:33:54:27:c4:32:cc:34:3b:ea:8b:01:
         21:14:fb:c4:75:37:e4:3b:5c:21:70:7b:0a:f8:b8:e7:8b:df:
         88:1c:e2:70:41:c5:08:63:19:2e:fb:6d:85:65:21:46:ca:2d:
         a2:7f:a3:30:74:ae:35:05:c1:9b:3e:c8:71:65:03:bd:db:2c:
         fb:08:19:6e:f5:dc:af:b0:67:54:31:cd:9f:fd:8f:9b:cd:65:
         15:53:88:72
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYVeiHxUejhNlxxF9J6AfdM8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMTQ4ZGI0MmY5MGU5NjQ0N2JkN2Y2M2VkZDhhN2NjYmVl
YWE4NDIwHhcNMjIxMjI5MTUzODAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzM0ZDM1MmEzOTEyNmVmOWNhMTY1MWE3YzU5YWU1Y2Q2ZmZiNWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhxnIlTxsjdBuDhWzma4OEbrPxgZ
hz6A2bilo3EwYW7cpXNhzniLN3OeaIE+N7UswNPnYVk0EmG5/qMroBjyE6ncODvF
4sqKfLHylcMqo2w6LaqGCq5pPYRTkLhRSYZ9znb2qF6SEFUI01lbbRMvYBT4WoWD
2Bq+ia0/ESGYwYN6kXSCdGL0mNq+47TF8ao+Ac7kNwB/pBXIO8qX9Ofv+AXj50Qo
YDx7Qb2JGqC2LLBIM8X0vVMRASZBgOPG+9n4HN7iO9xDavB3/0txpRN1VFvB3vKN
4F741qMhlBY+J1vQbONf2ubNtSTe1Q8pQ89OD3AqtpZ9l1zilHszRDnFYwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFMw001KjkSbvnKFlGnxZrlzW/7XxMB8GA1UdIwQY
MBaAFHsUjbQvkOlkR71/Y+3Yp8y+6qhCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXhTTnRDLVE2V1JIdlg5ajdkaW56TDdxcUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9mMjQ4ODUtYTRkYi00ZmExLWE3MmQt
ODZkNmMxMzA1MzU3LzEvekRUVFVxT1JKdS1jb1dVYWZGbXVYTmJfdGZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9mMjQ4ODUtYTRkYi00ZmExLWE3MmQtODZkNmMxMzA1MzU3
LzEvZXhTTnRDLVE2V1JIdlg5ajdkaW56TDdxcUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTAkBAIAATAeAwQCuR5AAwQC
uW0YAwQAubs+AwQAwSvQAwQCwpy0MCkEAgACMCMDBQAqAK4gAwUDKgT0QAMFAyoG
TcADBQMqDQzAAwUDKg/MwDANBgkqhkiG9w0BAQsFAAOCAQEAf/fFiqLp+ZPolEgm
VR+nwK+j00rVoJTKWw8v3Lx78K09IKDjsYayYqKK4OOPYDACpWxx9xpHwYq1pR4c
5iOjJMkhToj2aLOej5ZSBb6O39rzWdxNdHy+QvsTjYnu3hsAkT/LCYcAyHX4JXGT
iqIiq35rLwyuX70+aQIM+9jtdAf5hqbMv80DVfMx2PVguPrru/sRGQocB/55ghVM
dJdtPWcfXYuNcyvyZjNUJ8QyzDQ76osBIRT7xHU35DtcIXB7Cvi454vfiBzicEHF
CGMZLvtthWUhRsoton+jMHSuNQXBmz7IcWUDvdss+wgZbvXcr7BnVDHNn/2Pm81l
FVOIcg==
-----END CERTIFICATE-----