Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/REfj1dfJv7t5GPb_6mWxwNonJLM.roa
File:                     REfj1dfJv7t5GPb_6mWxwNonJLM.roa (raw, json)
Hash identifier:          /GlNtJWrBhAyRY3qXpR0L1GHl7KDztGTSCpR/ZAsjAk=
Subject key identifier:   44:47:E3:D5:D7:C9:BF:BB:79:18:F6:FF:EA:65:B1:C0:DA:27:24:B3
Certificate issuer:       /CN=b0b6a49bcc10de340e39d203f56658bd7d648ddf
Certificate serial:       03CC4C0D
Authority key identifier: B0:B6:A4:9B:CC:10:DE:34:0E:39:D2:03:F5:66:58:BD:7D:64:8D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLakm8wQ3jQOOdID9WZYvX1kjd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/REfj1dfJv7t5GPb_6mWxwNonJLM.roa
Signing time:             Sat 01 Jan 2022 15:00:13 +0000
ROA not before:           Sat 01 Jan 2022 15:00:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31225
IP address blocks:        83.219.224.0/19 maxlen: 19
                          83.219.227.0/24 maxlen: 24
                          83.219.228.0/24 maxlen: 24
                          83.219.233.0/24 maxlen: 24
                          83.219.231.0/24 maxlen: 24
                          83.219.232.0/24 maxlen: 24
                          83.219.229.0/24 maxlen: 24
                          83.219.234.0/24 maxlen: 24
                          83.219.235.0/24 maxlen: 24
                          83.219.238.0/24 maxlen: 24
                          83.219.239.0/24 maxlen: 24
                          83.219.236.0/24 maxlen: 24
                          83.219.237.0/24 maxlen: 24
                          83.219.241.0/24 maxlen: 24
                          83.219.242.0/24 maxlen: 24
                          83.219.246.0/24 maxlen: 24
                          83.219.244.0/24 maxlen: 24
                          83.219.248.0/24 maxlen: 24
                          83.219.249.0/24 maxlen: 24
                          83.219.247.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63720461 (0x3cc4c0d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b6a49bcc10de340e39d203f56658bd7d648ddf
        Validity
            Not Before: Jan  1 15:00:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4447e3d5d7c9bfbb7918f6ffea65b1c0da2724b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:42:fe:ba:71:ac:ff:62:4c:2a:22:ed:d6:08:
                    4d:ea:50:ad:45:61:0f:b3:73:c7:f2:fb:62:74:07:
                    50:70:04:88:4a:31:29:15:61:b0:e6:5a:71:d2:fe:
                    53:ff:f8:e3:b1:d2:05:b5:9b:67:41:23:40:03:99:
                    4c:29:e1:72:bc:93:b8:a8:55:e2:f9:0f:61:e7:4a:
                    64:45:d8:19:ba:b2:9a:8b:39:80:e0:0a:06:2e:c3:
                    4d:26:19:41:56:81:d0:d3:21:14:88:94:1c:ca:7e:
                    f6:d4:0c:95:fe:98:4a:72:17:0a:77:22:39:26:2c:
                    ed:74:60:64:9c:cc:85:b1:6a:bd:0b:88:8b:87:be:
                    01:c1:7d:41:6d:84:43:1d:da:12:6e:d5:ec:fc:6e:
                    d4:0a:de:62:20:c2:f3:7b:a6:22:51:c1:9a:fe:23:
                    84:d0:7c:b2:e8:c6:d4:0b:bb:d5:70:7a:2f:c4:3f:
                    74:0b:76:d4:5a:3a:e3:5d:4e:39:12:40:22:19:a5:
                    3b:31:e0:93:6e:65:51:01:ec:d7:38:b5:2d:79:68:
                    a1:6e:6d:5f:48:82:67:72:14:aa:46:f8:2c:82:0c:
                    d9:56:dd:29:d7:26:3b:ed:1e:33:a0:f8:71:4e:69:
                    f2:f3:c0:5e:19:37:ad:5d:e6:b4:52:5f:fe:3f:dc:
                    dd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:47:E3:D5:D7:C9:BF:BB:79:18:F6:FF:EA:65:B1:C0:DA:27:24:B3
            X509v3 Authority Key Identifier:
                keyid:B0:B6:A4:9B:CC:10:DE:34:0E:39:D2:03:F5:66:58:BD:7D:64:8D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLakm8wQ3jQOOdID9WZYvX1kjd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/REfj1dfJv7t5GPb_6mWxwNonJLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/sLakm8wQ3jQOOdID9WZYvX1kjd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.219.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         20:6c:e9:20:60:dd:82:0a:aa:e4:e3:8b:03:5c:10:cb:be:4b:
         2a:9b:9f:7d:9f:56:97:84:f2:d3:ad:08:d1:87:6e:03:de:b3:
         8e:03:df:2b:51:88:53:d8:6a:bd:32:6d:af:9e:05:c5:1a:d4:
         16:5a:db:d3:1f:10:1f:21:61:1f:56:19:6a:d0:81:6d:df:85:
         e7:cd:33:86:9a:dc:21:fa:9f:e0:84:58:25:ab:11:57:e5:08:
         1f:0f:af:4c:c6:7c:20:37:6b:2d:0f:6f:6e:ab:01:9c:81:d5:
         f9:e2:5b:f2:fb:89:62:f5:d0:06:3e:55:a6:c0:b7:4f:e2:7b:
         58:bd:92:d1:dd:33:3c:8b:90:a7:23:5e:f5:84:ef:8a:54:26:
         1f:af:3a:71:6d:bc:f2:19:d3:dc:80:46:04:6e:9a:73:65:31:
         4a:07:c4:47:bf:5f:4a:34:9f:72:39:f8:bc:d5:7b:b0:6e:69:
         34:74:89:d1:b7:ae:c6:b3:47:0e:26:25:34:2a:60:a6:f9:41:
         6c:d3:cf:8b:6d:ef:bd:66:84:c7:fb:c6:30:a6:1d:5b:bb:3b:
         d9:63:d4:df:ba:07:97:ca:3b:be:e1:6b:88:ad:70:d4:cc:9b:
         34:21:09:0a:4b:fb:97:bb:86:32:ac:20:c0:fc:e7:84:fc:8f:
         39:a2:14:03
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA8xMDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MGI2YTQ5YmNjMTBkZTM0MGUzOWQyMDNmNTY2NThiZDdkNjQ4ZGRmMB4XDTIyMDEw
MTE1MDAxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDQ0N2UzZDVkN2M5
YmZiYjc5MThmNmZmZWE2NWIxYzBkYTI3MjRiMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALRC/rpxrP9iTCoi7dYITepQrUVhD7Nzx/L7YnQHUHAEiEox
KRVhsOZacdL+U//447HSBbWbZ0EjQAOZTCnhcryTuKhV4vkPYedKZEXYGbqymos5
gOAKBi7DTSYZQVaB0NMhFIiUHMp+9tQMlf6YSnIXCnciOSYs7XRgZJzMhbFqvQuI
i4e+AcF9QW2EQx3aEm7V7Pxu1AreYiDC83umIlHBmv4jhNB8sujG1Au71XB6L8Q/
dAt21Fo6411OORJAIhmlOzHgk25lUQHs1zi1LXlooW5tX0iCZ3IUqkb4LIIM2Vbd
KdcmO+0eM6D4cU5p8vPAXhk3rV3mtFJf/j/c3d8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRER+PV18m/u3kY9v/qZbHA2ickszAfBgNVHSMEGDAWgBSwtqSbzBDeNA45
0gP1Zli9fWSN3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NMYWttOHdRM2pRT09kSUQ5V1pZdlgxa2pkOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2YvOWNjMzljLWRkN2ItNDg5Mi05NGJmLWVlNDZhYzAxODYwMC8x
L1JFZmoxZGZKdjd0NUdQYl82bVd4d05vbkpMTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Yv
OWNjMzljLWRkN2ItNDg5Mi05NGJmLWVlNDZhYzAxODYwMC8xL3NMYWttOHdRM2pR
T09kSUQ5V1pZdlgxa2pkOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBVPb4DANBgkqhkiG9w0BAQsFAAOC
AQEAIGzpIGDdggqq5OOLA1wQy75LKpuffZ9Wl4Ty060I0YduA96zjgPfK1GIU9hq
vTJtr54FxRrUFlrb0x8QHyFhH1YZatCBbd+F580zhprcIfqf4IRYJasRV+UIHw+v
TMZ8IDdrLQ9vbqsBnIHV+eJb8vuJYvXQBj5VpsC3T+J7WL2S0d0zPIuQpyNe9YTv
ilQmH686cW288hnT3IBGBG6ac2UxSgfER79fSjSfcjn4vNV7sG5pNHSJ0beuxrNH
DiYlNCpgpvlBbNPPi23vvWaEx/vGMKYdW7s72WPU37oHl8o7vuFriK1w1MybNCEJ
Ckv7l7uGMqwgwPznhPyPOaIUAw==
-----END CERTIFICATE-----