Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/z0YXjVmvPI5PSUg1GXZjuILyaZ0.roa
File:                     z0YXjVmvPI5PSUg1GXZjuILyaZ0.roa (raw, json)
Hash identifier:          bDLN9jDT2qEzhH+vjAJTfuZ/eAj7X5dovhWSIHfTeKk=
Subject key identifier:   CF:46:17:8D:59:AF:3C:8E:4F:49:48:35:19:76:63:B8:82:F2:69:9D
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       0182844E530691DE74CA704A352D0426C644
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/z0YXjVmvPI5PSUg1GXZjuILyaZ0.roa
Signing time:             Tue 09 Aug 2022 20:31:41 +0000
ROA not before:           Tue 09 Aug 2022 20:31:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     54203
IP address blocks:        185.147.214.0/24 maxlen: 24
                          185.147.215.0/24 maxlen: 24
                          2a03:efc0:1100::/40 maxlen: 40
                          2a03:efc0:1500::/40 maxlen: 40
                          2a03:efc0:1700::/40 maxlen: 40
                          2a03:efc0:1900::/40 maxlen: 40
                          2a03:efc0:900::/40 maxlen: 40
                          2a03:efc0:200::/40 maxlen: 40
                          2a03:efc0:1300::/40 maxlen: 40

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:84:4e:53:06:91:de:74:ca:70:4a:35:2d:04:26:c6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Aug  9 20:31:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cf46178d59af3c8e4f494835197663b882f2699d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:43:11:bc:18:b0:12:fc:32:97:2d:31:5e:c6:
                    48:c6:8c:80:c6:68:a6:1c:9b:8c:1e:06:0c:af:1f:
                    f9:76:5c:3b:e9:91:32:44:05:93:71:9e:2f:a5:7c:
                    40:42:3e:5e:4b:81:a8:24:56:bb:04:49:af:ae:03:
                    6a:a7:7a:9d:4f:d3:6c:ef:9e:ec:cf:02:60:19:16:
                    e6:b6:28:ff:04:7d:db:f1:06:1e:d3:1e:12:f1:fa:
                    83:bb:6d:3f:f0:a1:94:b6:ae:f2:98:6f:3d:38:72:
                    09:26:ab:de:de:d2:36:87:ae:dd:05:c0:bc:19:5a:
                    94:f9:bc:9e:ec:86:04:fa:a5:53:f0:98:11:99:94:
                    fe:80:3d:09:f9:41:85:cc:03:d2:cd:d0:ff:6a:38:
                    af:3b:61:b5:f9:5a:82:32:16:61:92:04:95:8f:27:
                    a5:c8:d6:33:50:05:51:ed:37:08:30:39:73:51:39:
                    e6:0b:b8:ba:ca:54:01:f4:9a:44:fa:b3:eb:96:09:
                    aa:02:8e:99:42:bf:fe:a6:80:bc:a4:b8:e3:a4:fd:
                    4a:d3:4c:71:59:c0:1c:e6:05:54:0e:29:2e:ae:84:
                    67:f7:9f:c0:d2:29:47:41:06:4e:08:86:9a:11:8f:
                    34:a8:fe:ad:d9:08:e3:20:e0:ce:fa:9f:ae:4b:7a:
                    ee:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:46:17:8D:59:AF:3C:8E:4F:49:48:35:19:76:63:B8:82:F2:69:9D
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/z0YXjVmvPI5PSUg1GXZjuILyaZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.214.0/23
                IPv6:
                  2a03:efc0:200::/40
                  2a03:efc0:900::/40
                  2a03:efc0:1100::/40
                  2a03:efc0:1300::/40
                  2a03:efc0:1500::/40
                  2a03:efc0:1700::/40
                  2a03:efc0:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:ea:59:4d:d7:61:f2:58:59:0e:d9:bc:10:29:58:d0:b7:2e:
         90:4d:f5:ae:a7:ab:d7:13:c2:5d:1e:16:4f:c5:2d:b6:30:55:
         4d:ca:fa:ea:2b:d2:74:a6:7c:be:b5:56:e7:75:9d:a2:78:87:
         6b:fe:da:7a:72:d5:7a:8f:c3:f8:fc:66:21:e9:ca:4a:73:c2:
         cb:d7:52:35:de:db:2c:6b:cd:75:03:41:1e:7e:ba:15:cc:ff:
         8c:d3:5e:98:b1:20:af:00:4f:94:a0:22:52:6f:f1:61:79:20:
         c2:20:93:8f:b2:54:7f:df:4e:6b:45:80:ca:0c:05:5d:84:06:
         be:33:de:2d:8e:50:63:a6:01:7d:d5:ec:f2:40:7e:7e:fe:cf:
         d5:36:1b:02:1e:13:be:92:c5:30:7b:b2:9f:c5:b5:a0:99:70:
         93:9b:8e:8c:96:cd:4a:2b:d6:d7:c3:69:b0:a8:a2:38:d6:ac:
         84:ed:7d:b0:b8:fa:29:eb:cf:c9:f8:43:55:29:bc:59:4a:cd:
         53:c2:50:5a:70:22:b6:c3:f7:65:2b:e6:40:6f:16:ee:d1:26:
         f1:6f:ad:72:76:30:80:d5:ab:f8:8c:9f:f8:ac:3c:22:08:01:
         26:59:43:bd:dd:72:69:b1:7f:45:96:bf:26:d0:94:2d:57:42:
         1b:2b:cb:9f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYKETlMGkd50ynBKNS0EJsZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjIwODA5MjAzMTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQ2MTc4ZDU5YWYzYzhlNGY0OTQ4MzUxOTc2NjNiODgyZjI2OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0MRvBiwEvwyly0xXsZIxoyAxmim
HJuMHgYMrx/5dlw76ZEyRAWTcZ4vpXxAQj5eS4GoJFa7BEmvrgNqp3qdT9Ns757s
zwJgGRbmtij/BH3b8QYe0x4S8fqDu20/8KGUtq7ymG89OHIJJqve3tI2h67dBcC8
GVqU+bye7IYE+qVT8JgRmZT+gD0J+UGFzAPSzdD/ajivO2G1+VqCMhZhkgSVjyel
yNYzUAVR7TcIMDlzUTnmC7i6ylQB9JpE+rPrlgmqAo6ZQr/+poC8pLjjpP1K00xx
WcAc5gVUDikuroRn95/A0ilHQQZOCIaaEY80qP6t2QjjIODO+p+uS3ruXwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFM9GF41ZrzyOT0lINRl2Y7iC8mmdMB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvejBZWGpWbXZQSTVQU1VnMUdYWmp1SUx5YVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAMBAIAATAGAwQBuZPWMD4E
AgACMDgDBgAqA+/AAgMGACoD78AJAwYAKgPvwBEDBgAqA+/AEwMGACoD78AVAwYA
KgPvwBcDBgAqA+/AGTANBgkqhkiG9w0BAQsFAAOCAQEAJOpZTddh8lhZDtm8EClY
0LcukE31rqer1xPCXR4WT8UttjBVTcr66ivSdKZ8vrVW53WdoniHa/7aenLVeo/D
+PxmIenKSnPCy9dSNd7bLGvNdQNBHn66Fcz/jNNemLEgrwBPlKAiUm/xYXkgwiCT
j7JUf99Oa0WAygwFXYQGvjPeLY5QY6YBfdXs8kB+fv7P1TYbAh4TvpLFMHuyn8W1
oJlwk5uOjJbNSivW18NpsKiiONashO19sLj6KevPyfhDVSm8WUrNU8JQWnAitsP3
ZSvmQG8W7tEm8W+tcnYwgNWr+Iyf+Kw8IggBJllDvd1yabF/RZa/JtCULVdCGyvL
nw==
-----END CERTIFICATE-----