Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/F0zBixkT4BKr3D_zCZIMd7fODmc.roa
File:                     F0zBixkT4BKr3D_zCZIMd7fODmc.roa (raw, json)
Hash identifier:          9HdAY6M5Rrjrgtksk4Ue3yK6ugkuCtBbRMlquzRiLgA=
Subject key identifier:   17:4C:C1:8B:19:13:E0:12:AB:DC:3F:F3:09:92:0C:77:B7:CE:0E:67
Certificate issuer:       /CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
Certificate serial:       01821A7099CD1C67A6EAF154AA6E4C246CAB
Authority key identifier: 62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/F0zBixkT4BKr3D_zCZIMd7fODmc.roa
Signing time:             Wed 20 Jul 2022 07:09:23 +0000
ROA not before:           Wed 20 Jul 2022 07:09:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61333
IP address blocks:        94.228.108.0/24 maxlen: 24
                          94.228.110.0/24 maxlen: 24
                          94.228.96.0/24 maxlen: 24
                          94.228.98.0/24 maxlen: 24
                          94.228.100.0/24 maxlen: 24
                          94.228.104.0/24 maxlen: 24
                          94.228.105.0/24 maxlen: 24
                          149.126.64.0/24 maxlen: 24
                          149.126.65.0/24 maxlen: 24
                          149.126.67.0/24 maxlen: 24
                          149.126.66.0/24 maxlen: 24
                          149.126.70.0/24 maxlen: 24
                          194.169.198.0/24 maxlen: 24
                          193.200.249.0/24 maxlen: 24
                          2a00:e30:ed00::/41 maxlen: 48
                          2a00:e30:3000::/41 maxlen: 41
                          2a00:e30:2100::/41 maxlen: 41

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:1a:70:99:cd:1c:67:a6:ea:f1:54:aa:6e:4c:24:6c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
        Validity
            Not Before: Jul 20 07:09:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=174cc18b1913e012abdc3ff309920c77b7ce0e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:95:b9:60:72:5b:24:83:08:c8:e3:75:13:e8:
                    07:f7:d6:e9:5e:7e:b0:8e:e9:e6:64:27:44:7c:41:
                    f6:a1:ae:2f:8a:cb:18:93:c8:f8:da:f9:10:f3:e7:
                    10:a1:08:e0:be:cf:0d:3f:81:d3:92:75:45:63:e6:
                    5f:bc:79:27:cd:f2:ac:18:d4:84:b7:ad:82:66:a3:
                    d4:55:3a:cc:2a:64:35:ca:c7:ca:70:08:7f:d5:5c:
                    9e:c1:c4:29:3b:8f:3e:c1:7f:14:21:97:38:56:72:
                    45:b9:53:4f:5a:eb:e3:08:89:60:64:01:68:3c:aa:
                    46:e6:3e:78:44:69:09:74:d8:bb:92:6b:d7:54:32:
                    14:7e:15:de:48:1f:87:15:ab:ea:25:b1:84:ba:fe:
                    4d:dc:ec:24:2f:76:7b:a1:f3:83:c4:41:5c:63:95:
                    63:72:a4:e1:3e:95:6e:f5:89:33:bd:bc:d5:a5:bd:
                    60:cf:cf:97:5a:57:de:ee:3c:dc:99:fe:37:78:80:
                    2e:68:2d:0a:49:55:e9:3b:a2:ec:30:d0:d9:69:3b:
                    fd:db:de:ea:39:01:e9:5c:05:01:44:90:53:56:4a:
                    c7:e9:06:77:c8:7f:d7:f7:ff:26:c6:ed:24:35:88:
                    e0:0f:20:49:f2:27:ad:96:8a:9b:67:2b:52:5e:49:
                    16:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4C:C1:8B:19:13:E0:12:AB:DC:3F:F3:09:92:0C:77:B7:CE:0E:67
            X509v3 Authority Key Identifier:
                keyid:62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/F0zBixkT4BKr3D_zCZIMd7fODmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.96.0/24
                  94.228.98.0/24
                  94.228.100.0/24
                  94.228.104.0/23
                  94.228.108.0/24
                  94.228.110.0/24
                  149.126.64.0/22
                  149.126.70.0/24
                  193.200.249.0/24
                  194.169.198.0/24
                IPv6:
                  2a00:e30:2100::/41
                  2a00:e30:3000::/41
                  2a00:e30:ed00::/41

    Signature Algorithm: sha256WithRSAEncryption
         8a:df:e6:2b:34:66:c6:8e:1e:03:2d:6e:ce:3e:a4:3e:c3:42:
         eb:10:d0:2f:03:5f:05:92:e9:5f:6e:0d:3e:f0:1f:35:5a:d8:
         a0:e1:a0:b4:3e:be:30:fd:18:8d:1f:ee:61:3e:eb:c5:19:1c:
         86:9b:1c:5e:9c:6f:5b:ee:4a:04:d8:0d:67:0f:57:5f:ed:36:
         52:ad:6c:43:10:0f:a1:22:f6:ce:57:ea:18:35:c2:07:2a:8b:
         6f:8a:17:0c:91:7c:67:f2:6e:82:33:f5:a5:df:0c:12:8e:cd:
         07:d4:3c:17:02:50:94:fa:3b:7b:e7:83:e9:d2:fb:71:a0:15:
         3c:ec:f1:26:75:05:c7:85:76:21:54:e0:40:f1:4d:fd:b0:6f:
         04:4d:fb:8a:97:52:83:be:b4:ab:27:b0:e1:ff:fe:b4:21:1a:
         50:4b:26:59:3c:91:e8:7c:89:b0:2a:c4:ed:3d:a0:c8:80:e7:
         9e:7b:f0:a6:6b:ab:a8:2c:bc:6f:71:d0:33:c2:4b:1f:e9:44:
         11:82:4b:04:b7:49:db:30:46:a5:f3:ca:96:31:5d:9d:46:f6:
         ae:da:5c:12:87:07:4f:a1:41:13:80:6f:cb:60:aa:47:83:7a:
         d4:4b:69:f8:5a:0b:97:9c:5c:f0:50:64:75:ee:1f:57:4a:32:
         f0:db:f5:d9
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYIacJnNHGem6vFUqm5MJGyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMzUyNmFkOWZiZWM1NzRmYTRlYzNkOWJhZGI1NDMzZmRh
YWNhN2IwHhcNMjIwNzIwMDcwOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzRjYzE4YjE5MTNlMDEyYWJkYzNmZjMwOTkyMGM3N2I3Y2UwZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpW5YHJbJIMIyON1E+gH99bpXn6w
junmZCdEfEH2oa4vissYk8j42vkQ8+cQoQjgvs8NP4HTknVFY+ZfvHknzfKsGNSE
t62CZqPUVTrMKmQ1ysfKcAh/1VyewcQpO48+wX8UIZc4VnJFuVNPWuvjCIlgZAFo
PKpG5j54RGkJdNi7kmvXVDIUfhXeSB+HFavqJbGEuv5N3OwkL3Z7ofODxEFcY5Vj
cqThPpVu9YkzvbzVpb1gz8+XWlfe7jzcmf43eIAuaC0KSVXpO6LsMNDZaTv9297q
OQHpXAUBRJBTVkrH6QZ3yH/X9/8mxu0kNYjgDyBJ8ietloqbZytSXkkW+QIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFBdMwYsZE+ASq9w/8wmSDHe3zg5nMB8GA1UdIwQY
MBaAFGI1Jq2fvsV0+k7D2brbVDP9qsp7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2Yt
ODFjOGNlNzUwMTI0LzEvRjB6Qml4a1Q0QktyM0RfekNaSU1kN2ZPRG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2YtODFjOGNlNzUwMTI0
LzEvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBCBAIAATA8AwQAXuRgAwQA
XuRiAwQAXuRkAwQBXuRoAwQAXuRsAwQAXuRuAwQClX5AAwQAlX5GAwQAwcj5AwQA
wqnGMCEEAgACMBsDBwcqAA4wIQADBwcqAA4wMAADBwcqAA4w7QAwDQYJKoZIhvcN
AQELBQADggEBAIrf5is0ZsaOHgMtbs4+pD7DQusQ0C8DXwWS6V9uDT7wHzVa2KDh
oLQ+vjD9GI0f7mE+68UZHIabHF6cb1vuSgTYDWcPV1/tNlKtbEMQD6Ei9s5X6hg1
wgcqi2+KFwyRfGfyboIz9aXfDBKOzQfUPBcCUJT6O3vng+nS+3GgFTzs8SZ1BceF
diFU4EDxTf2wbwRN+4qXUoO+tKsnsOH//rQhGlBLJlk8keh8ibAqxO09oMiA5557
8KZrq6gsvG9x0DPCSx/pRBGCSwS3SdswRqXzypYxXZ1G9q7aXBKHB0+hQROAb8tg
qkeDetRLafhaC5ecXPBQZHXuH1dKMvDb9dk=
-----END CERTIFICATE-----