Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/WNCmHLXJtNM4ZPV4_n1afwOHito.roa
File:                     WNCmHLXJtNM4ZPV4_n1afwOHito.roa (raw, json)
Hash identifier:          +JlR0D5cJe8j/kjeBSOhRR0+zJJ2+xQuh/cMrAuerBc=
Subject key identifier:   58:D0:A6:1C:B5:C9:B4:D3:38:64:F5:78:FE:7D:5A:7F:03:87:8A:DA
Certificate issuer:       /CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
Certificate serial:       018449E75B64E52B47D8B1437938B3406AFB
Authority key identifier: 6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/WNCmHLXJtNM4ZPV4_n1afwOHito.roa
Signing time:             Sat 05 Nov 2022 22:26:49 +0000
ROA not before:           Sat 05 Nov 2022 22:26:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204957
IP address blocks:        185.237.224.0/23 maxlen: 23
                          91.90.195.0/24 maxlen: 24
                          91.90.194.0/24 maxlen: 24
                          91.90.193.0/24 maxlen: 24
                          92.118.151.0/24 maxlen: 24
                          92.118.150.0/24 maxlen: 24
                          92.118.149.0/24 maxlen: 24
                          185.253.44.0/23 maxlen: 23
                          185.253.46.0/23 maxlen: 23
                          2a0a:8c44::/32 maxlen: 32
                          2a0a:8c45::/32 maxlen: 32
                          2a0a:8c43::/32 maxlen: 32
                          2a0a:8c42::/32 maxlen: 32
                          2a0a:8c41::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:49:e7:5b:64:e5:2b:47:d8:b1:43:79:38:b3:40:6a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
        Validity
            Not Before: Nov  5 22:26:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=58d0a61cb5c9b4d33864f578fe7d5a7f03878ada
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2f:4b:f0:22:69:49:27:76:9e:80:31:e3:f3:
                    5d:47:b3:69:18:c4:81:8f:54:32:6b:bf:b7:c2:87:
                    d0:a8:0a:c5:83:42:a6:c3:7b:96:30:0b:51:86:50:
                    46:6f:e5:8f:ef:35:06:10:91:93:6c:b3:a0:fd:81:
                    75:95:41:df:84:f9:b4:64:0a:f9:19:1d:24:75:f1:
                    11:1f:f3:d0:e2:24:5f:89:e2:2b:27:69:da:fd:b3:
                    85:6c:62:e3:2a:8c:a5:90:d5:83:2f:02:82:f8:ea:
                    50:95:66:82:0c:85:57:a3:b8:a3:f2:c6:47:8e:5d:
                    f0:78:05:3b:14:cb:a9:4a:c1:2f:a2:c4:b5:c9:29:
                    25:d0:bf:f5:3b:d9:13:00:17:a9:cc:27:ab:bf:82:
                    b1:10:eb:d0:a0:96:cf:8f:81:0d:8f:50:9d:dc:f2:
                    05:8f:5f:28:76:7f:06:31:6f:ca:a0:4a:75:cf:96:
                    5a:c0:a3:6c:72:10:61:00:35:1a:27:e6:55:42:8b:
                    84:23:bf:53:b7:d8:4e:e6:09:e5:66:c8:51:77:2b:
                    1e:23:30:69:3b:2b:f0:12:a6:d4:bf:03:c0:bc:e9:
                    b1:ae:6f:10:cc:74:41:5b:9b:97:52:47:cf:d5:e3:
                    40:85:bc:4e:43:00:ba:df:83:9d:24:1d:a6:7f:4b:
                    d6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D0:A6:1C:B5:C9:B4:D3:38:64:F5:78:FE:7D:5A:7F:03:87:8A:DA
            X509v3 Authority Key Identifier:
                keyid:6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/WNCmHLXJtNM4ZPV4_n1afwOHito.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.193.0-91.90.195.255
                  92.118.149.0-92.118.151.255
                  185.237.224.0/23
                  185.253.44.0/22
                IPv6:
                  2a0a:8c41::-2a0a:8c45:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0b:a0:ca:37:46:e6:ba:9d:6e:1d:af:2c:b2:ad:58:63:f9:d4:
         78:4f:8c:21:1f:fa:0a:6e:70:6b:c8:c6:e4:26:0f:e2:46:49:
         70:a2:99:57:97:35:43:63:7b:ff:ca:6d:a6:5c:24:15:88:6e:
         0f:42:43:56:a4:cc:3d:9f:45:78:e7:45:33:69:49:d4:dd:02:
         58:6a:f9:67:52:85:e8:e2:17:4a:1b:c1:a5:f2:18:0a:78:37:
         ec:8a:4d:1b:ff:5e:aa:89:f9:ce:74:ea:38:04:5a:cc:76:9f:
         1b:3f:03:48:cf:16:a7:42:ed:17:a8:20:4f:90:14:cc:36:27:
         b0:0c:71:bc:bc:d9:9f:e3:85:bd:85:24:0c:cc:07:89:cd:84:
         58:cd:93:60:0b:84:2f:96:79:fa:39:ca:a3:6b:47:bd:0f:37:
         3f:eb:ba:d4:38:0d:06:36:d2:35:65:ec:a7:42:2f:86:8c:af:
         39:fe:72:21:b6:1e:b3:0a:2d:90:c9:b2:48:d4:a0:79:40:10:
         32:68:ed:8b:61:ca:1a:42:5f:b1:b5:9e:31:a0:0d:e5:b6:31:
         36:6c:3f:cc:56:cd:ef:be:bd:6d:ec:d7:c4:70:bc:a7:1a:a3:
         24:43:3f:a6:0e:41:7e:b4:18:98:9e:f8:ad:35:33:0c:13:9a:
         bb:39:bf:15
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYRJ51tk5StH2LFDeTizQGr7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmY2NkZmZkYTZhNGM0ODkxNGI1ZThjZGU3ZGE1ZDgyMGI5
Yzk3MTgwHhcNMjIxMTA1MjIyNjQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQwYTYxY2I1YzliNGQzMzg2NGY1NzhmZTdkNWE3ZjAzODc4YWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmi9L8CJpSSd2noAx4/NdR7NpGMSB
j1Qya7+3wofQqArFg0Kmw3uWMAtRhlBGb+WP7zUGEJGTbLOg/YF1lUHfhPm0ZAr5
GR0kdfERH/PQ4iRfieIrJ2na/bOFbGLjKoylkNWDLwKC+OpQlWaCDIVXo7ij8sZH
jl3weAU7FMupSsEvosS1ySkl0L/1O9kTABepzCerv4KxEOvQoJbPj4ENj1Cd3PIF
j18odn8GMW/KoEp1z5ZawKNschBhADUaJ+ZVQouEI79Tt9hO5gnlZshRdyseIzBp
OyvwEqbUvwPAvOmxrm8QzHRBW5uXUkfP1eNAhbxOQwC634OdJB2mf0vWbwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFFjQphy1ybTTOGT1eP59Wn8Dh4raMB8GA1UdIwQY
MBaAFG/M3/2mpMSJFLXozefaXYILnJcYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQt
YTc3NGU0MWQyNjRjLzEvV05DbUhMWEp0Tk00WlBWNF9uMWFmd09IaXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQtYTc3NGU0MWQyNjRj
LzEvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAuBAIAATAoMAwDBABbWsED
BAJbWsAwDAMEAFx2lQMEA1x2kAMEAbnt4AMEArn9LDAWBAIAAjAQMA4DBQAqCoxB
AwUBKgqMRDANBgkqhkiG9w0BAQsFAAOCAQEAC6DKN0bmup1uHa8ssq1YY/nUeE+M
IR/6Cm5wa8jG5CYP4kZJcKKZV5c1Q2N7/8ptplwkFYhuD0JDVqTMPZ9FeOdFM2lJ
1N0CWGr5Z1KF6OIXShvBpfIYCng37IpNG/9eqon5znTqOARazHafGz8DSM8Wp0Lt
F6ggT5AUzDYnsAxxvLzZn+OFvYUkDMwHic2EWM2TYAuEL5Z5+jnKo2tHvQ83P+u6
1DgNBjbSNWXsp0IvhoyvOf5yIbYeswotkMmySNSgeUAQMmjti2HKGkJfsbWeMaAN
5bYxNmw/zFbN7769bezXxHC8pxqjJEM/pg5BfrQYmJ74rTUzDBOauzm/FQ==
-----END CERTIFICATE-----