Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/ITxmwn7Pm0cmHeuUcMesyv-sEZs.roa
File:                     ITxmwn7Pm0cmHeuUcMesyv-sEZs.roa (raw, json)
Hash identifier:          HegtRAExgyqVIp2GajWaC9TmygqtOyaeXd8oEh6r/I0=
Subject key identifier:   21:3C:66:C2:7E:CF:9B:47:26:1D:EB:94:70:C7:AC:CA:FF:AC:11:9B
Certificate issuer:       /CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
Certificate serial:       185AD28C
Authority key identifier: A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/ITxmwn7Pm0cmHeuUcMesyv-sEZs.roa
Signing time:             Sat 01 Jan 2022 09:57:47 +0000
ROA not before:           Sat 01 Jan 2022 09:57:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57670
IP address blocks:        176.105.164.0/24 maxlen: 24
                          176.105.166.0/24 maxlen: 24
                          176.105.160.0/19 maxlen: 19
                          176.105.162.0/24 maxlen: 24
                          176.105.161.0/24 maxlen: 24
                          176.105.171.0/24 maxlen: 24
                          176.105.170.0/24 maxlen: 24
                          176.105.172.0/24 maxlen: 24
                          176.105.169.0/24 maxlen: 24
                          176.105.168.0/24 maxlen: 24
                          176.105.173.0/24 maxlen: 24
                          176.105.178.0/24 maxlen: 24
                          176.105.177.0/24 maxlen: 24
                          176.105.179.0/24 maxlen: 24
                          176.105.174.0/24 maxlen: 24
                          176.105.176.0/24 maxlen: 24
                          176.105.175.0/24 maxlen: 24
                          176.105.185.0/24 maxlen: 24
                          176.105.184.0/24 maxlen: 24
                          176.105.186.0/24 maxlen: 24
                          176.105.181.0/24 maxlen: 24
                          176.105.183.0/24 maxlen: 24
                          176.105.182.0/24 maxlen: 24
                          176.105.180.0/24 maxlen: 24
                          176.105.187.0/24 maxlen: 24
                          176.105.191.0/24 maxlen: 24
                          176.105.188.0/24 maxlen: 24
                          176.105.190.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 408605324 (0x185ad28c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
        Validity
            Not Before: Jan  1 09:57:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=213c66c27ecf9b47261deb9470c7accaffac119b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:84:34:61:e1:04:17:9c:dc:4d:a3:3d:c9:a2:
                    e9:fd:d3:66:99:54:d2:5d:b7:7b:cb:f7:0f:41:f7:
                    1d:d8:45:b9:57:77:30:c2:1e:6a:36:09:de:7b:f6:
                    41:33:9d:c1:17:f8:57:9d:c6:9c:80:15:d3:93:18:
                    56:bc:8c:d1:ad:ef:68:0e:b1:dd:c6:91:5e:a8:c7:
                    d7:75:99:d5:39:f4:1e:29:6c:98:87:76:a5:ca:93:
                    1d:9e:60:30:b3:c2:eb:ae:f5:d1:72:65:8d:76:1c:
                    a3:2c:ab:9b:72:8f:ce:9e:81:34:05:ec:75:8a:89:
                    98:86:77:0e:2f:66:3d:0e:33:d3:1e:ee:5e:61:0d:
                    eb:ca:fd:26:50:e3:b1:f1:bd:59:e8:56:2f:f5:3c:
                    67:11:4c:f0:8c:ad:de:8b:c8:f9:99:3c:1c:ce:ec:
                    e8:54:17:85:aa:90:49:41:32:03:6d:fe:ff:b9:cf:
                    85:41:7f:23:07:38:32:da:15:91:83:e7:95:a7:17:
                    54:33:c2:47:15:eb:0d:b6:f2:8f:a2:8d:ea:34:28:
                    46:12:10:45:83:16:97:59:b9:e9:5b:c6:81:3c:a2:
                    34:bb:cb:a0:d5:16:ed:59:ca:f3:65:d5:05:e9:01:
                    b7:a7:00:6f:0b:93:c7:76:76:ae:5f:29:88:58:e9:
                    1f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3C:66:C2:7E:CF:9B:47:26:1D:EB:94:70:C7:AC:CA:FF:AC:11:9B
            X509v3 Authority Key Identifier:
                keyid:A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/ITxmwn7Pm0cmHeuUcMesyv-sEZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6d:8e:3d:66:a7:b3:59:fe:6e:57:96:0b:d6:76:c6:61:ef:66:
         64:8a:be:48:8d:84:fe:6e:ee:05:c5:5e:4e:7a:a0:38:8c:de:
         24:8f:94:37:f5:ae:08:33:f5:24:1b:bc:ee:e3:37:5e:7d:fa:
         95:f4:d1:49:d0:39:42:3c:73:49:f4:f4:c4:63:f9:c7:28:c0:
         2d:7e:2b:38:72:c5:80:67:5f:c1:df:3d:d5:d1:bf:1a:36:7a:
         61:ae:74:ea:38:40:26:43:c2:60:fd:2f:34:03:83:f8:ec:6e:
         96:16:f6:a8:67:ab:9e:98:50:91:a2:f2:6a:59:25:d1:24:a1:
         30:df:10:84:7b:bb:21:de:97:95:58:bf:c6:ed:7f:87:fc:97:
         48:b0:6c:45:a5:c0:e1:d3:76:e1:ed:24:3a:56:b9:03:6d:71:
         4b:52:a9:6e:60:82:9b:63:1d:32:9d:84:77:03:83:8e:16:0d:
         68:ed:6c:e9:4f:ff:1b:67:fc:32:9f:2d:c7:72:a7:68:47:ff:
         55:1c:94:d7:76:17:94:42:c5:cb:fd:d7:36:0d:fe:61:ab:be:
         30:f4:49:bd:d6:a8:4d:59:1d:6c:0e:94:ed:03:a2:8a:e9:49:
         58:f0:5f:a4:b0:a4:7b:34:cb:73:f7:c3:89:51:a9:7f:e7:23:
         d7:19:a8:93
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEGFrSjDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MDE2NTg4YmQxY2NiMmRkMjIxYzZmODc4Mzg1Njc0NzVkN2VmMjliMB4XDTIyMDEw
MTA5NTc0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjEzYzY2YzI3ZWNm
OWI0NzI2MWRlYjk0NzBjN2FjY2FmZmFjMTE5YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ6ENGHhBBec3E2jPcmi6f3TZplU0l23e8v3D0H3HdhFuVd3
MMIeajYJ3nv2QTOdwRf4V53GnIAV05MYVryM0a3vaA6x3caRXqjH13WZ1Tn0Hils
mId2pcqTHZ5gMLPC66710XJljXYcoyyrm3KPzp6BNAXsdYqJmIZ3Di9mPQ4z0x7u
XmEN68r9JlDjsfG9WehWL/U8ZxFM8Iyt3ovI+Zk8HM7s6FQXhaqQSUEyA23+/7nP
hUF/Iwc4MtoVkYPnlacXVDPCRxXrDbbyj6KN6jQoRhIQRYMWl1m56VvGgTyiNLvL
oNUW7VnK82XVBekBt6cAbwuTx3Z2rl8piFjpHyUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQhPGbCfs+bRyYd65Rwx6zK/6wRmzAfBgNVHSMEGDAWgBSgFliL0cyy3SIc
b4eDhWdHXX7ymzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29CWllpOUhNc3QwaUhHLUhnNFZuUjExLThwcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2IvNGVjNTY5LThjYWYtNDE5OC1iYWUxLTc3MzEyMGZmN2MwZi8x
L0lUeG13bjdQbTBjbUhldVVjTWVzeXYtc0Vacy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Iv
NGVjNTY5LThjYWYtNDE5OC1iYWUxLTc3MzEyMGZmN2MwZi8xL29CWllpOUhNc3Qw
aUhHLUhnNFZuUjExLThwcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBbBpoDANBgkqhkiG9w0BAQsFAAOC
AQEAbY49ZqezWf5uV5YL1nbGYe9mZIq+SI2E/m7uBcVeTnqgOIzeJI+UN/WuCDP1
JBu87uM3Xn36lfTRSdA5QjxzSfT0xGP5xyjALX4rOHLFgGdfwd891dG/GjZ6Ya50
6jhAJkPCYP0vNAOD+Oxulhb2qGernphQkaLyalkl0SShMN8QhHu7Id6XlVi/xu1/
h/yXSLBsRaXA4dN24e0kOla5A21xS1KpbmCCm2MdMp2EdwODjhYNaO1s6U//G2f8
Mp8tx3KnaEf/VRyU13YXlELFy/3XNg3+Yau+MPRJvdaoTVkdbA6U7QOiiulJWPBf
pLCkezTLc/fDiVGpf+cj1xmokw==
-----END CERTIFICATE-----