Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/kkcQp15QILGzU0g8DSrWqTJad40.roa
File:                     kkcQp15QILGzU0g8DSrWqTJad40.roa (raw, json)
Hash identifier:          y2/2nAtt7nfaitMSAVguPXuY2M1zkl0LlIcxpqO/wMg=
Subject key identifier:   92:47:10:A7:5E:50:20:B1:B3:53:48:3C:0D:2A:D6:A9:32:5A:77:8D
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       0182C794D3A1F7B53C184C9962EDB20BAFE4
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/kkcQp15QILGzU0g8DSrWqTJad40.roa
Signing time:             Mon 22 Aug 2022 22:03:15 +0000
ROA not before:           Mon 22 Aug 2022 22:03:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2110
IP address blocks:        193.95.128.0/18 maxlen: 24
                          194.125.0.0/17 maxlen: 17
                          213.202.128.0/18 maxlen: 18
                          192.111.39.0/24 maxlen: 24
                          78.16.0.0/14 maxlen: 14
                          212.2.160.0/19 maxlen: 19
                          185.146.180.0/22 maxlen: 22
                          185.146.180.0/24 maxlen: 24
                          193.120.52.0/24 maxlen: 24
                          194.145.128.0/21 maxlen: 21
                          193.120.216.0/24 maxlen: 24
                          194.46.192.0/18 maxlen: 18
                          193.120.0.0/16 maxlen: 16
                          193.203.128.0/19 maxlen: 19
                          194.165.160.0/19 maxlen: 19
                          2001:7c8::/29 maxlen: 29
                          2001:7c8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c7:94:d3:a1:f7:b5:3c:18:4c:99:62:ed:b2:0b:af:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Aug 22 22:03:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=924710a75e5020b1b353483c0d2ad6a9325a778d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ab:1a:94:8c:f4:ab:90:87:25:df:a9:32:9c:
                    47:9f:de:b9:65:3d:07:a2:b9:73:d2:0a:c6:89:58:
                    4c:e8:49:9d:7a:e6:ee:fb:20:2a:50:71:9f:c3:ad:
                    38:bb:59:39:2d:75:d5:b6:d0:43:ea:91:e2:8f:07:
                    8b:34:79:19:57:2c:5c:a3:f7:5a:d3:7e:97:8e:3f:
                    6d:2f:6a:6d:e3:fd:d6:07:7e:22:fb:34:7f:79:bc:
                    83:23:ca:21:e1:25:5b:f0:15:d3:ab:df:d5:1e:40:
                    0b:f0:ee:71:84:05:75:e6:8a:4b:1a:b2:1c:fd:16:
                    80:6d:48:05:70:25:b8:db:f7:37:ac:9c:ba:af:16:
                    a6:1d:da:5a:72:b3:8e:f4:09:52:83:21:40:af:b2:
                    4e:b8:aa:33:a1:ae:66:63:71:a5:ee:dd:96:47:bd:
                    cd:c4:07:76:3d:f3:10:93:87:9c:47:b0:09:d2:07:
                    c9:a1:e8:75:23:2f:db:6c:f5:08:9c:34:74:91:19:
                    ae:5a:8c:d4:20:09:d0:d3:3a:de:55:4b:3b:0f:74:
                    1d:06:8d:3c:48:aa:d9:56:ec:3b:7f:22:db:1e:d1:
                    80:f4:b5:b7:d3:8f:7c:f5:1d:b5:71:ef:8d:03:78:
                    4f:5f:18:9a:51:63:2d:9b:1c:8b:4e:dc:07:d0:8e:
                    d6:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:47:10:A7:5E:50:20:B1:B3:53:48:3C:0D:2A:D6:A9:32:5A:77:8D
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/kkcQp15QILGzU0g8DSrWqTJad40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.16.0.0/14
                  185.146.180.0/22
                  192.111.39.0/24
                  193.95.128.0/18
                  193.120.0.0/16
                  193.203.128.0/19
                  194.46.192.0/18
                  194.125.0.0/17
                  194.145.128.0/21
                  194.165.160.0/19
                  212.2.160.0/19
                  213.202.128.0/18
                IPv6:
                  2001:7c8::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:79:0c:fa:ab:28:be:28:3b:16:ad:6f:ce:ac:84:4f:60:de:
         6a:be:9b:91:51:cc:9f:a2:b5:9b:9a:04:bf:c5:f7:bc:4e:60:
         00:72:70:f7:b6:18:35:48:82:60:81:5b:9f:ab:0e:04:c4:35:
         14:1d:9c:3e:23:af:a8:1e:a3:4b:20:5b:f3:1e:b0:27:fb:0f:
         84:5a:5c:11:fc:a0:bc:98:d6:24:de:01:02:ad:5b:69:93:76:
         57:e6:15:42:23:5d:ae:26:b6:9f:81:56:bb:e5:65:80:5d:a1:
         d9:d5:19:ee:75:18:c1:03:af:4e:59:15:f4:9a:87:70:b1:c4:
         21:d5:f5:02:a8:88:33:3d:e5:87:8a:02:9b:f4:b7:dc:a0:b8:
         30:94:6a:df:2e:5e:c9:8a:8b:d0:08:8f:23:93:f7:3e:21:82:
         b3:b2:7a:36:b4:48:59:f8:a4:cc:2f:3a:41:d7:7d:3d:99:84:
         73:90:3d:04:6d:05:01:cf:be:64:38:75:73:61:cb:5e:e0:e2:
         c1:78:1c:de:ea:8e:2b:81:76:3e:83:db:f8:a3:19:0d:95:52:
         6f:8a:6b:b9:5b:89:0e:57:56:0f:f7:7e:94:b8:59:f3:48:fa:
         47:26:63:d8:f7:35:4e:cf:ce:e7:14:67:8f:35:aa:9d:58:80:
         15:d8:93:1e
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYLHlNOh97U8GEyZYu2yC6/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjIwODIyMjIwMzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQ3MTBhNzVlNTAyMGIxYjM1MzQ4M2MwZDJhZDZhOTMyNWE3NzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArasalIz0q5CHJd+pMpxHn965ZT0H
orlz0grGiVhM6Emdeubu+yAqUHGfw604u1k5LXXVttBD6pHijweLNHkZVyxco/da
036Xjj9tL2pt4/3WB34i+zR/ebyDI8oh4SVb8BXTq9/VHkAL8O5xhAV15opLGrIc
/RaAbUgFcCW42/c3rJy6rxamHdpacrOO9AlSgyFAr7JOuKozoa5mY3Gl7t2WR73N
xAd2PfMQk4ecR7AJ0gfJoeh1Iy/bbPUInDR0kRmuWozUIAnQ0zreVUs7D3QdBo08
SKrZVuw7fyLbHtGA9LW304989R21ce+NA3hPXxiaUWMtmxyLTtwH0I7WZQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFJJHEKdeUCCxs1NIPA0q1qkyWneNMB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEva2tjUXAxNVFJTEd6VTBnOERTcldxVEphZDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwMCThADBAK5
krQDBADAbycDBAbBX4ADAwDBeAMEBcHLgAMEBsIuwAMEB8J9AAMEA8KRgAMEBcKl
oAMEBdQCoAMEBtXKgDANBAIAAjAHAwUDIAEHyDANBgkqhkiG9w0BAQsFAAOCAQEA
vnkM+qsovig7Fq1vzqyET2Dear6bkVHMn6K1m5oEv8X3vE5gAHJw97YYNUiCYIFb
n6sOBMQ1FB2cPiOvqB6jSyBb8x6wJ/sPhFpcEfygvJjWJN4BAq1baZN2V+YVQiNd
ria2n4FWu+VlgF2h2dUZ7nUYwQOvTlkV9JqHcLHEIdX1AqiIMz3lh4oCm/S33KC4
MJRq3y5eyYqL0AiPI5P3PiGCs7J6NrRIWfikzC86Qdd9PZmEc5A9BG0FAc++ZDh1
c2HLXuDiwXgc3uqOK4F2PoPb+KMZDZVSb4pruVuJDldWD/d+lLhZ80j6RyZj2Pc1
Ts/O5xRnjzWqnViAFdiTHg==
-----END CERTIFICATE-----