Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/7uarrSEwgfNwHUYfQQkphZcwFps.roa
File:                     7uarrSEwgfNwHUYfQQkphZcwFps.roa (raw, json)
Hash identifier:          wtImxIk7V7RsudUKzXbQ7tYamCUwzTKARvYzuRAzDBs=
Subject key identifier:   EE:E6:AB:AD:21:30:81:F3:70:1D:46:1F:41:09:29:85:97:30:16:9B
Certificate issuer:       /CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
Certificate serial:       01855A03E16CA5170D18CFB9EE5174D7CB67
Authority key identifier: 6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/7uarrSEwgfNwHUYfQQkphZcwFps.roa
Signing time:             Wed 28 Dec 2022 18:34:41 +0000
ROA not before:           Wed 28 Dec 2022 18:34:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204957
IP address blocks:        185.237.224.0/23 maxlen: 23
                          91.210.164.0/23 maxlen: 23
                          91.90.195.0/24 maxlen: 24
                          91.90.194.0/24 maxlen: 24
                          91.90.193.0/24 maxlen: 24
                          92.118.151.0/24 maxlen: 24
                          92.118.150.0/24 maxlen: 24
                          92.118.149.0/24 maxlen: 24
                          185.253.44.0/23 maxlen: 23
                          185.253.46.0/23 maxlen: 23
                          2a0a:8c44::/32 maxlen: 32
                          2a0a:8c45::/32 maxlen: 32
                          2a0a:8c43::/32 maxlen: 32
                          2a0a:8c42::/32 maxlen: 32
                          2a0a:8c41::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:5a:03:e1:6c:a5:17:0d:18:cf:b9:ee:51:74:d7:cb:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
        Validity
            Not Before: Dec 28 18:34:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=eee6abad213081f3701d461f410929859730169b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6e:d8:93:f3:73:33:59:43:48:7b:11:85:b1:
                    1a:ea:14:08:0b:dd:d2:02:01:64:d3:ea:b3:0b:be:
                    12:38:97:27:c7:7b:25:63:be:c0:2f:32:83:51:45:
                    6b:b6:d5:d5:72:b2:34:ce:24:fe:11:12:be:39:a4:
                    d6:74:7c:25:60:1d:e5:40:4a:cb:6d:cf:2f:a9:de:
                    a8:77:84:b0:7f:3a:00:5b:97:db:92:62:a5:df:cb:
                    99:14:9d:42:90:06:f1:4f:63:c4:0c:60:d5:eb:15:
                    10:b1:53:02:2b:6e:9d:27:0f:32:a5:c4:a2:ed:a2:
                    09:28:a6:8f:ac:cc:84:fc:6b:92:4a:10:8d:c7:0e:
                    c2:12:7c:9c:e2:c1:75:8f:bf:d0:e7:3f:82:3e:ea:
                    be:bc:96:93:db:d2:81:ea:23:cf:01:46:ed:72:40:
                    fa:5a:97:1b:f5:b0:46:80:2d:34:85:0c:4d:4e:5f:
                    e5:01:3f:c1:30:53:5d:d6:29:06:b4:d5:40:10:d7:
                    c5:5d:5e:86:0b:a2:5e:cf:cc:89:89:7b:9e:65:0b:
                    19:af:cc:3a:27:74:b8:e7:e3:7c:db:c2:8a:4f:88:
                    34:a7:13:15:4d:c4:61:36:92:e7:a6:2e:8c:7a:f3:
                    eb:44:c8:68:fe:2c:a2:ae:46:5e:99:c2:6a:44:32:
                    e7:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:E6:AB:AD:21:30:81:F3:70:1D:46:1F:41:09:29:85:97:30:16:9B
            X509v3 Authority Key Identifier:
                keyid:6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/7uarrSEwgfNwHUYfQQkphZcwFps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.193.0-91.90.195.255
                  91.210.164.0/23
                  92.118.149.0-92.118.151.255
                  185.237.224.0/23
                  185.253.44.0/22
                IPv6:
                  2a0a:8c41::-2a0a:8c45:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         82:9a:41:e1:9b:c5:fd:8c:17:c3:17:54:0a:78:83:09:71:2f:
         f5:3b:f1:b6:12:72:17:5f:8b:52:1d:1c:b7:a8:fc:3e:a6:df:
         90:8a:5b:10:71:33:2b:99:8b:bf:ba:36:f6:ae:de:01:c9:da:
         55:53:4c:91:a9:31:3c:6d:75:9b:22:cb:a6:e4:dc:d2:27:20:
         ea:46:fa:81:39:50:47:0b:89:d4:63:c6:ab:36:ff:b9:34:2a:
         85:33:26:1a:dc:cf:3d:e4:05:38:7e:61:27:4e:1b:36:9d:a5:
         43:6f:63:0a:55:eb:e1:e7:78:00:40:36:a0:e3:1f:5d:19:cb:
         42:0a:f0:93:22:d7:79:c4:8f:50:d4:fe:84:02:d1:87:b5:6e:
         e8:60:51:57:3c:8f:72:3b:42:7b:9a:10:e6:13:1e:78:10:60:
         65:4b:6a:bc:5e:1c:c2:f5:f4:6c:90:63:67:21:9a:e8:b6:22:
         ff:d1:87:e7:aa:02:de:cc:6c:4f:54:49:f3:64:05:a4:f4:8f:
         07:dc:92:92:05:1e:53:b3:55:36:cf:ee:7f:21:53:ae:db:d5:
         d4:c2:99:b1:a0:d2:27:5a:f1:e3:28:d7:3e:c9:be:f3:01:2e:
         7d:4f:51:79:cc:27:81:1e:b7:27:05:81:f8:16:d8:aa:42:34:
         dc:8f:5f:81
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVaA+FspRcNGM+57lF018tnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmY2NkZmZkYTZhNGM0ODkxNGI1ZThjZGU3ZGE1ZDgyMGI5
Yzk3MTgwHhcNMjIxMjI4MTgzNDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWU2YWJhZDIxMzA4MWYzNzAxZDQ2MWY0MTA5Mjk4NTk3MzAxNjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW7Yk/NzM1lDSHsRhbEa6hQIC93S
AgFk0+qzC74SOJcnx3slY77ALzKDUUVrttXVcrI0ziT+ERK+OaTWdHwlYB3lQErL
bc8vqd6od4SwfzoAW5fbkmKl38uZFJ1CkAbxT2PEDGDV6xUQsVMCK26dJw8ypcSi
7aIJKKaPrMyE/GuSShCNxw7CEnyc4sF1j7/Q5z+CPuq+vJaT29KB6iPPAUbtckD6
Wpcb9bBGgC00hQxNTl/lAT/BMFNd1ikGtNVAENfFXV6GC6Jez8yJiXueZQsZr8w6
J3S45+N828KKT4g0pxMVTcRhNpLnpi6MevPrRMho/iyirkZemcJqRDLnVQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFO7mq60hMIHzcB1GH0EJKYWXMBabMB8GA1UdIwQY
MBaAFG/M3/2mpMSJFLXozefaXYILnJcYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQt
YTc3NGU0MWQyNjRjLzEvN3VhcnJTRXdnZk53SFVZZlFRa3BoWmN3RnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQtYTc3NGU0MWQyNjRj
LzEvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA0BAIAATAuMAwDBABbWsED
BAJbWsADBAFb0qQwDAMEAFx2lQMEA1x2kAMEAbnt4AMEArn9LDAWBAIAAjAQMA4D
BQAqCoxBAwUBKgqMRDANBgkqhkiG9w0BAQsFAAOCAQEAgppB4ZvF/YwXwxdUCniD
CXEv9TvxthJyF1+LUh0ct6j8PqbfkIpbEHEzK5mLv7o29q7eAcnaVVNMkakxPG11
myLLpuTc0icg6kb6gTlQRwuJ1GPGqzb/uTQqhTMmGtzPPeQFOH5hJ04bNp2lQ29j
ClXr4ed4AEA2oOMfXRnLQgrwkyLXecSPUNT+hALRh7Vu6GBRVzyPcjtCe5oQ5hMe
eBBgZUtqvF4cwvX0bJBjZyGa6LYi/9GH56oC3sxsT1RJ82QFpPSPB9ySkgUeU7NV
Ns/ufyFTrtvV1MKZsaDSJ1rx4yjXPsm+8wEufU9RecwngR63JwWB+BbYqkI03I9f
gQ==
-----END CERTIFICATE-----