Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/rG0WwcMdPv4gp2Ll51N9Sc3wm24.roa
File:                     rG0WwcMdPv4gp2Ll51N9Sc3wm24.roa (raw, json)
Hash identifier:          BOJNk1DJZaCadTpdr9N3BAR/maovayS42G/Jm56TLXg=
Subject key identifier:   AC:6D:16:C1:C3:1D:3E:FE:20:A7:62:E5:E7:53:7D:49:CD:F0:9B:6E
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0184141F631509F48C92983BBDDFEE16E4B0
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/rG0WwcMdPv4gp2Ll51N9Sc3wm24.roa
Signing time:             Wed 26 Oct 2022 11:48:32 +0000
ROA not before:           Wed 26 Oct 2022 11:48:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202723
IP address blocks:        185.112.59.0/24 maxlen: 24
                          185.177.237.0/24 maxlen: 24
                          185.76.240.0/24 maxlen: 24
                          185.76.241.0/24 maxlen: 24
                          185.76.242.0/24 maxlen: 24
                          185.79.138.0/24 maxlen: 24
                          185.24.109.0/24 maxlen: 24
                          185.77.138.0/24 maxlen: 24
                          185.77.139.0/24 maxlen: 24
                          185.95.230.0/24 maxlen: 24
                          185.95.231.0/24 maxlen: 24
                          185.105.47.0/24 maxlen: 24
                          185.75.135.0/24 maxlen: 24
                          185.75.134.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:14:1f:63:15:09:f4:8c:92:98:3b:bd:df:ee:16:e4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Oct 26 11:48:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ac6d16c1c31d3efe20a762e5e7537d49cdf09b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:26:80:63:da:89:a8:ac:fc:5b:38:71:a1:9a:
                    4d:31:22:33:62:44:c6:32:61:79:75:97:e1:5e:d5:
                    9d:27:44:0d:00:28:44:b4:a9:2f:cc:72:0f:54:de:
                    da:8b:d0:1f:0f:0e:77:d0:39:6e:64:d5:2f:7f:2b:
                    f2:62:f2:1b:1e:58:cb:12:73:93:62:c5:44:56:6e:
                    25:1b:e2:aa:a5:7b:5c:5f:ca:3e:f0:77:14:a9:11:
                    f3:fa:84:14:5d:4b:fd:ce:07:bb:a1:50:19:c6:ff:
                    e2:99:22:4d:3c:37:9c:55:6d:50:d9:ae:d5:54:5a:
                    08:c6:1b:d3:56:90:d4:5e:c3:5c:ec:1a:09:3e:7e:
                    c1:b8:6a:39:c7:3e:ec:20:63:1c:fa:4c:1a:47:47:
                    4e:d6:83:1a:4d:de:c9:58:47:c0:95:2b:d1:05:1c:
                    d0:6f:48:31:3e:54:61:b6:24:1d:f2:86:42:22:ac:
                    9c:f9:86:89:f8:61:da:6d:9c:6c:c3:45:d9:5b:53:
                    13:23:ad:70:26:ab:0f:e6:29:3a:28:18:ff:f0:fa:
                    e9:31:a5:09:10:af:a0:a9:54:77:17:5f:54:ce:bb:
                    5a:7a:a4:5d:7c:bf:77:c7:f4:45:64:27:40:67:0f:
                    e1:0b:9e:8c:73:7d:e0:73:1f:b4:9d:1a:85:bf:1c:
                    9b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:6D:16:C1:C3:1D:3E:FE:20:A7:62:E5:E7:53:7D:49:CD:F0:9B:6E
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/rG0WwcMdPv4gp2Ll51N9Sc3wm24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.109.0/24
                  185.75.134.0/23
                  185.76.240.0-185.76.242.255
                  185.77.138.0/23
                  185.79.138.0/24
                  185.95.230.0/23
                  185.105.47.0/24
                  185.112.59.0/24
                  185.177.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:e4:48:e0:28:54:11:a8:0d:f3:6f:ab:41:b5:89:e8:2e:44:
         53:69:71:d8:8f:2c:79:fd:64:d7:86:1a:08:48:1e:39:44:b1:
         44:66:1d:e7:40:4a:6a:5a:c1:c8:78:e5:da:9f:66:5f:7b:b1:
         80:5b:0c:1b:44:b3:6a:26:57:05:ec:c1:fe:3d:c8:4b:b7:cb:
         99:3e:de:f2:7b:3d:65:88:63:23:a3:58:28:ea:db:89:1b:f4:
         1c:a1:5e:a8:03:ed:a9:7a:e3:ea:97:bd:15:77:b7:37:0c:b5:
         2d:f7:7b:b9:a8:0e:a9:97:3f:52:b3:76:74:6e:67:e2:13:06:
         1b:b1:1c:3b:73:7b:7f:aa:ba:47:1b:66:42:79:ca:58:2e:49:
         99:bb:cc:47:7c:3e:79:a0:64:80:90:43:ee:0a:13:f9:a0:7e:
         03:67:fb:88:42:eb:af:4d:d1:b9:6b:96:b2:53:48:27:8c:fe:
         51:2f:ef:a6:61:70:d3:bb:c7:3e:a1:7c:c4:6a:d1:9b:75:01:
         b2:63:a9:65:b1:91:06:d1:07:d9:31:98:46:88:9e:87:18:70:
         99:3a:cc:85:83:f7:4c:01:59:85:52:33:c0:77:f2:33:04:45:
         5d:7f:e6:43:de:b0:8d:32:50:4e:b2:f8:ff:9f:82:53:cd:80:
         42:a4:9e:cb
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYQUH2MVCfSMkpg7vd/uFuSwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIxMDI2MTE0ODMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzZkMTZjMWMzMWQzZWZlMjBhNzYyZTVlNzUzN2Q0OWNkZjA5YjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCaAY9qJqKz8WzhxoZpNMSIzYkTG
MmF5dZfhXtWdJ0QNAChEtKkvzHIPVN7ai9AfDw530DluZNUvfyvyYvIbHljLEnOT
YsVEVm4lG+KqpXtcX8o+8HcUqRHz+oQUXUv9zge7oVAZxv/imSJNPDecVW1Q2a7V
VFoIxhvTVpDUXsNc7BoJPn7BuGo5xz7sIGMc+kwaR0dO1oMaTd7JWEfAlSvRBRzQ
b0gxPlRhtiQd8oZCIqyc+YaJ+GHabZxsw0XZW1MTI61wJqsP5ik6KBj/8PrpMaUJ
EK+gqVR3F19UzrtaeqRdfL93x/RFZCdAZw/hC56Mc33gcx+0nRqFvxybFQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKxtFsHDHT7+IKdi5edTfUnN8JtuMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvckcwV3djTWRQdjRncDJMbDUxTjlTYzN3bTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAuRhtAwQB
uUuGMAwDBAS5TPADBAC5TPIDBAG5TYoDBAC5T4oDBAG5X+YDBAC5aS8DBAC5cDsD
BAC5se0wDQYJKoZIhvcNAQELBQADggEBAKfkSOAoVBGoDfNvq0G1ieguRFNpcdiP
LHn9ZNeGGghIHjlEsURmHedASmpawch45dqfZl97sYBbDBtEs2omVwXswf49yEu3
y5k+3vJ7PWWIYyOjWCjq24kb9ByhXqgD7al64+qXvRV3tzcMtS33e7moDqmXP1Kz
dnRuZ+ITBhuxHDtze3+qukcbZkJ5ylguSZm7zEd8PnmgZICQQ+4KE/mgfgNn+4hC
669N0blrlrJTSCeM/lEv76ZhcNO7xz6hfMRq0Zt1AbJjqWWxkQbRB9kxmEaInocY
cJk6zIWD90wBWYVSM8B38jMERV1/5kPesI0yUE6y+P+fglPNgEKknss=
-----END CERTIFICATE-----