Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/xxy5F8NVocW3jGPqgWxDk9A0IdI.roa
File:                     xxy5F8NVocW3jGPqgWxDk9A0IdI.roa (raw, json)
Hash identifier:          0AXzzjs8G5AriMWuUgq0isbvnXbOAgxQweFm3dmZ5jY=
Subject key identifier:   C7:1C:B9:17:C3:55:A1:C5:B7:8C:63:EA:81:6C:43:93:D0:34:21:D2
Certificate issuer:       /CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Certificate serial:       0184CD6814AA45655FFF12B4F84F0DFA4F73
Authority key identifier: 11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/xxy5F8NVocW3jGPqgWxDk9A0IdI.roa
Signing time:             Thu 01 Dec 2022 11:17:41 +0000
ROA not before:           Thu 01 Dec 2022 11:17:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50149
IP address blocks:        62.122.216.0/22 maxlen: 22
                          94.154.128.0/22 maxlen: 22
                          45.150.188.0/22 maxlen: 22
                          89.104.107.0/24 maxlen: 24
                          89.104.125.0/24 maxlen: 24
                          89.104.119.0/24 maxlen: 24
                          185.228.90.0/23 maxlen: 23
                          185.228.88.0/23 maxlen: 23
                          185.228.88.0/22 maxlen: 22
                          185.240.48.0/22 maxlen: 22
                          2a00:ab01::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:cd:68:14:aa:45:65:5f:ff:12:b4:f8:4f:0d:fa:4f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11b69b59d19f2987e49f1852d60bb1777f80a301
        Validity
            Not Before: Dec  1 11:17:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c71cb917c355a1c5b78c63ea816c4393d03421d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c2:29:4d:5d:5b:c1:ca:19:31:b6:67:98:ab:
                    bf:52:7e:ad:e5:1d:90:38:f9:61:34:6c:9f:6c:d7:
                    d9:6e:81:53:89:3b:29:ae:16:c4:1e:54:bb:f0:92:
                    ea:fa:5d:ed:0b:47:96:7b:66:79:f3:2f:4d:08:d5:
                    e5:81:07:db:5d:0b:10:6e:02:35:c3:56:de:2c:1a:
                    02:3f:ae:0b:4c:86:2f:16:a1:46:31:91:76:76:de:
                    53:49:14:45:6b:e1:e3:41:7c:88:c8:12:d5:8e:88:
                    30:59:2e:67:57:ec:42:56:da:52:ce:e8:c4:37:b5:
                    83:42:05:c5:8d:19:7a:df:06:70:fb:43:82:98:33:
                    4c:ed:05:ca:f6:74:74:8d:c5:e7:00:89:fb:83:e6:
                    cc:ea:96:ca:14:93:e0:fe:00:bb:70:82:48:08:89:
                    da:d7:41:0b:f5:1a:73:c9:86:3e:2a:71:7f:83:cd:
                    4c:36:78:9a:6f:29:81:bd:4e:90:0d:c8:82:a0:e6:
                    f9:d3:82:93:5f:3d:49:b2:ff:21:43:b9:90:e9:4b:
                    07:0b:1b:1e:03:60:92:e2:dd:4f:14:e1:67:57:86:
                    a2:09:f8:59:b1:d5:73:83:56:57:e0:22:8e:f1:09:
                    51:91:6f:68:08:77:45:3d:db:52:82:8c:1c:7a:aa:
                    dd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:1C:B9:17:C3:55:A1:C5:B7:8C:63:EA:81:6C:43:93:D0:34:21:D2
            X509v3 Authority Key Identifier:
                keyid:11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/xxy5F8NVocW3jGPqgWxDk9A0IdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.188.0/22
                  62.122.216.0/22
                  89.104.107.0/24
                  89.104.119.0/24
                  89.104.125.0/24
                  94.154.128.0/22
                  185.228.88.0/22
                  185.240.48.0/22
                IPv6:
                  2a00:ab01::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:10:23:7f:8d:7d:6f:d6:f0:c6:ce:f3:78:40:71:fc:d6:cd:
         4a:4a:4d:0c:73:d3:00:9c:12:6c:58:ff:53:5a:36:27:b7:5c:
         1d:7b:db:fb:43:3b:2e:bb:51:06:37:f5:97:61:58:ad:51:8b:
         0e:5f:86:69:97:0d:c2:8e:3a:c0:e5:d4:80:7e:80:c4:3f:4f:
         7c:11:41:30:51:83:c9:eb:a3:b4:e3:e4:4f:ad:41:a9:c7:cb:
         d2:f5:33:c7:64:b0:ce:4f:c2:e1:d0:2f:28:69:ab:20:4d:1c:
         66:bf:06:28:26:87:34:5a:bb:3b:7c:e7:2e:95:04:29:c8:6d:
         9d:90:86:23:be:82:8c:63:cc:c6:06:06:9e:45:b2:e2:93:84:
         e5:40:3f:86:70:ab:00:58:0f:ea:ef:dc:41:ea:d5:a2:ae:7d:
         89:38:71:02:d2:ff:9f:99:11:df:e6:9d:b1:04:3b:d9:7f:a8:
         6c:d9:ff:14:95:bc:d1:b9:32:23:3f:ba:49:fa:1f:36:46:14:
         9d:13:65:78:df:60:d9:a3:85:57:38:91:25:89:b9:4e:35:50:
         9f:f7:98:04:20:97:75:ee:06:82:01:03:77:10:69:91:1a:28:
         89:e7:42:48:2e:f7:76:af:ab:62:e0:29:f7:30:47:a1:0d:12:
         22:00:c8:4b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYTNaBSqRWVf/xK0+E8N+k9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjY5YjU5ZDE5ZjI5ODdlNDlmMTg1MmQ2MGJiMTc3N2Y4
MGEzMDEwHhcNMjIxMjAxMTExNzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzFjYjkxN2MzNTVhMWM1Yjc4YzYzZWE4MTZjNDM5M2QwMzQyMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcIpTV1bwcoZMbZnmKu/Un6t5R2Q
OPlhNGyfbNfZboFTiTsprhbEHlS78JLq+l3tC0eWe2Z58y9NCNXlgQfbXQsQbgI1
w1beLBoCP64LTIYvFqFGMZF2dt5TSRRFa+HjQXyIyBLVjogwWS5nV+xCVtpSzujE
N7WDQgXFjRl63wZw+0OCmDNM7QXK9nR0jcXnAIn7g+bM6pbKFJPg/gC7cIJICIna
10EL9RpzyYY+KnF/g81MNniabymBvU6QDciCoOb504KTXz1Jsv8hQ7mQ6UsHCxse
A2CS4t1PFOFnV4aiCfhZsdVzg1ZX4CKO8QlRkW9oCHdFPdtSgowceqrdaQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFMccuRfDVaHFt4xj6oFsQ5PQNCHSMB8GA1UdIwQY
MBaAFBG2m1nRnymH5J8YUtYLsXd/gKMBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTIt
ZDE2OWMwODhiNDEyLzEveHh5NUY4TlZvY1czakdQcWdXeERrOUEwSWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTItZDE2OWMwODhiNDEy
LzEvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCLZa8AwQC
PnrYAwQAWWhrAwQAWWh3AwQAWWh9AwQCXpqAAwQCueRYAwQCufAwMA0EAgACMAcD
BQAqAKsBMA0GCSqGSIb3DQEBCwUAA4IBAQBDECN/jX1v1vDGzvN4QHH81s1KSk0M
c9MAnBJsWP9TWjYnt1wde9v7Qzsuu1EGN/WXYVitUYsOX4Zplw3CjjrA5dSAfoDE
P098EUEwUYPJ66O04+RPrUGpx8vS9TPHZLDOT8Lh0C8oaasgTRxmvwYoJoc0Wrs7
fOculQQpyG2dkIYjvoKMY8zGBgaeRbLik4TlQD+GcKsAWA/q79xB6tWirn2JOHEC
0v+fmRHf5p2xBDvZf6hs2f8UlbzRuTIjP7pJ+h82RhSdE2V432DZo4VXOJEliblO
NVCf95gEIJd17gaCAQN3EGmRGiiJ50JILvd2r6ti4Cn3MEehDRIiAMhL
-----END CERTIFICATE-----