Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/xaBKK01YnKPIeGQ7ex1JAsnSuo0.roa
File:                     xaBKK01YnKPIeGQ7ex1JAsnSuo0.roa (raw, json)
Hash identifier:          iHr9WYwv81hXQk2Pe4tB+Uhrz9TmyBGy0koiA/p3tvM=
Subject key identifier:   C5:A0:4A:2B:4D:58:9C:A3:C8:78:64:3B:7B:1D:49:02:C9:D2:BA:8D
Certificate issuer:       /CN=4345d0773c7ade08d44819e3b611bd297a3989d3
Certificate serial:       01856DAF6230B153FADC6400275F3AAFE196
Authority key identifier: 43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/xaBKK01YnKPIeGQ7ex1JAsnSuo0.roa
Signing time:             Sun 01 Jan 2023 14:14:48 +0000
ROA not before:           Sun 01 Jan 2023 14:14:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61430
IP address blocks:        185.237.211.0/24 maxlen: 24
                          185.237.210.0/24 maxlen: 24
                          185.237.208.0/23 maxlen: 23
                          185.126.101.0/24 maxlen: 24
                          185.126.100.0/22 maxlen: 22
                          185.126.100.0/24 maxlen: 24
                          185.126.103.0/24 maxlen: 24
                          185.126.102.0/24 maxlen: 24
                          91.213.252.0/24 maxlen: 24
                          91.228.191.0/24 maxlen: 24
                          91.228.190.0/23 maxlen: 23
                          91.228.190.0/24 maxlen: 24
                          2a06:c040::/32 maxlen: 33
                          2a06:c041::/32 maxlen: 32
                          2001:67c:1944::/48 maxlen: 48
                          2001:67c:2ad4::/48 maxlen: 49
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:af:62:30:b1:53:fa:dc:64:00:27:5f:3a:af:e1:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4345d0773c7ade08d44819e3b611bd297a3989d3
        Validity
            Not Before: Jan  1 14:14:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c5a04a2b4d589ca3c878643b7b1d4902c9d2ba8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fe:7b:97:05:e9:b8:4c:f0:14:dd:10:8a:93:
                    8d:e9:ad:52:48:ec:e9:c0:fa:b8:19:20:dc:8d:a6:
                    9f:fb:0d:01:75:fb:39:9b:36:f4:98:d8:ed:5f:c9:
                    02:1b:78:9f:16:d7:fa:fd:b2:0c:47:01:8a:6e:41:
                    89:ec:d5:08:a2:3f:5c:6d:b9:43:7d:93:69:0b:53:
                    b9:1d:7b:12:d6:93:fe:c1:d0:47:40:7c:2a:cf:27:
                    ed:f1:05:3d:8d:05:b5:aa:17:49:84:d6:2c:23:73:
                    28:1e:26:f2:3b:58:20:a4:e3:6d:f3:d4:14:e1:28:
                    8f:28:d1:b1:86:b7:46:56:ee:34:04:0c:13:5b:7f:
                    89:dc:39:63:b5:d9:6b:5f:c2:39:3d:14:61:64:ab:
                    be:2e:06:5e:5c:21:b4:6d:c1:30:b6:bf:a5:ff:81:
                    ba:7f:cd:4a:f5:b2:5b:cd:5a:cf:5a:e6:65:77:09:
                    2f:81:e1:42:af:a9:ea:aa:f3:fb:d8:97:0d:32:04:
                    b4:a1:99:67:9b:aa:27:52:73:ce:78:ed:ba:b7:03:
                    d6:f7:c1:f5:6a:2b:df:80:8a:95:ef:2e:ae:3c:e7:
                    3f:6c:24:b3:6b:9b:29:73:b7:55:53:d7:b7:d3:55:
                    9d:dd:71:79:c4:81:a7:de:a4:6f:6b:ab:e3:55:d5:
                    3e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A0:4A:2B:4D:58:9C:A3:C8:78:64:3B:7B:1D:49:02:C9:D2:BA:8D
            X509v3 Authority Key Identifier:
                keyid:43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/xaBKK01YnKPIeGQ7ex1JAsnSuo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.252.0/24
                  91.228.190.0/23
                  185.126.100.0/22
                  185.237.208.0/22
                IPv6:
                  2001:67c:1944::/48
                  2001:67c:2ad4::/48
                  2a06:c040::/31

    Signature Algorithm: sha256WithRSAEncryption
         a0:55:64:21:1b:a2:ef:dd:89:09:d7:df:87:06:00:a5:a9:3e:
         29:91:a5:ec:2f:35:de:4f:20:35:18:f9:eb:03:99:d9:c7:2e:
         e8:0a:3d:f0:87:80:46:75:d7:de:ea:30:b0:c1:d8:c2:cd:c0:
         0b:7f:7c:20:90:0a:4e:b5:80:18:30:87:9c:1d:e0:28:55:d3:
         68:ce:5f:c3:3d:f8:47:d5:b0:73:af:b7:c0:5f:22:5d:8c:a3:
         25:42:57:ab:74:31:63:d9:a4:73:be:67:80:22:f9:74:a1:88:
         da:69:5c:95:40:b3:6e:80:55:2f:21:fc:2b:1f:ae:fb:9f:a6:
         2f:31:36:fb:95:a8:f9:33:44:2c:02:ac:54:ea:a0:28:f0:b8:
         6b:52:ba:64:55:34:2f:59:3c:90:c3:56:8b:00:dd:29:49:04:
         af:67:52:fe:0d:b2:94:dc:d7:71:c1:a7:10:6d:af:58:d4:b8:
         6a:93:4d:ba:12:ba:8d:1f:32:d8:6f:6b:55:60:5a:68:d6:3f:
         e5:84:17:a8:64:64:24:77:73:51:77:b8:bc:49:f9:87:58:cd:
         73:46:fc:1b:f0:00:17:c7:c2:8b:e1:5a:b9:7b:3c:9d:b8:18:
         92:7c:27:7d:90:10:79:94:b1:46:5b:e1:1e:ce:fa:24:fb:be:
         72:1e:f1:73
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVtr2IwsVP63GQAJ186r+GWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNDVkMDc3M2M3YWRlMDhkNDQ4MTllM2I2MTFiZDI5N2Ez
OTg5ZDMwHhcNMjMwMTAxMTQxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWEwNGEyYjRkNTg5Y2EzYzg3ODY0M2I3YjFkNDkwMmM5ZDJiYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf57lwXpuEzwFN0QipON6a1SSOzp
wPq4GSDcjaaf+w0Bdfs5mzb0mNjtX8kCG3ifFtf6/bIMRwGKbkGJ7NUIoj9cbblD
fZNpC1O5HXsS1pP+wdBHQHwqzyft8QU9jQW1qhdJhNYsI3MoHibyO1ggpONt89QU
4SiPKNGxhrdGVu40BAwTW3+J3DljtdlrX8I5PRRhZKu+LgZeXCG0bcEwtr+l/4G6
f81K9bJbzVrPWuZldwkvgeFCr6nqqvP72JcNMgS0oZlnm6onUnPOeO26twPW98H1
aivfgIqV7y6uPOc/bCSza5spc7dVU9e301Wd3XF5xIGn3qRva6vjVdU+eQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFMWgSitNWJyjyHhkO3sdSQLJ0rqNMB8GA1UdIwQY
MBaAFENF0Hc8et4I1EgZ47YRvSl6OYnTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUt
NGM5MDVhZGJmMDc2LzEveGFCS0swMVluS1BJZUdRN2V4MUpBc25TdW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUtNGM5MDVhZGJmMDc2
LzEvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAeBAIAATAYAwQAW9X8AwQB
W+S+AwQCuX5kAwQCue3QMB8EAgACMBkDBwAgAQZ8GUQDBwAgAQZ8KtQDBQEqBsBA
MA0GCSqGSIb3DQEBCwUAA4IBAQCgVWQhG6Lv3YkJ19+HBgClqT4pkaXsLzXeTyA1
GPnrA5nZxy7oCj3wh4BGddfe6jCwwdjCzcALf3wgkApOtYAYMIecHeAoVdNozl/D
PfhH1bBzr7fAXyJdjKMlQlerdDFj2aRzvmeAIvl0oYjaaVyVQLNugFUvIfwrH677
n6YvMTb7laj5M0QsAqxU6qAo8LhrUrpkVTQvWTyQw1aLAN0pSQSvZ1L+DbKU3Ndx
wacQba9Y1Lhqk026ErqNHzLYb2tVYFpo1j/lhBeoZGQkd3NRd7i8SfmHWM1zRvwb
8AAXx8KL4Vq5ezyduBiSfCd9kBB5lLFGW+Eezvok+75yHvFz
-----END CERTIFICATE-----