Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/rD2y_tp4X3-p8JB5H1ky2CsEgdA.roa
File:                     rD2y_tp4X3-p8JB5H1ky2CsEgdA.roa (raw, json)
Hash identifier:          NRbDwRANG72Vy8wTotW3Weoi5Vtcb3gM8ANZY3xCJ6w=
Subject key identifier:   AC:3D:B2:FE:DA:78:5F:7F:A9:F0:90:79:1F:59:32:D8:2B:04:81:D0
Certificate issuer:       /CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Certificate serial:       018570C2E7A8469E8B494E84DFBD3E93D528
Authority key identifier: 6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/rD2y_tp4X3-p8JB5H1ky2CsEgdA.roa
Signing time:             Mon 02 Jan 2023 04:34:59 +0000
ROA not before:           Mon 02 Jan 2023 04:34:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16024
IP address blocks:        156.67.56.0/23 maxlen: 23
                          156.67.56.0/24 maxlen: 24
                          156.67.57.0/24 maxlen: 24
                          217.70.160.0/20 maxlen: 24
                          149.232.190.0/23 maxlen: 24
                          185.47.232.0/22 maxlen: 24
                          46.28.32.0/21 maxlen: 24
                          185.159.32.0/22 maxlen: 24
                          149.232.244.0/22 maxlen: 24
                          149.232.248.0/22 maxlen: 24
                          2a02:1670::/29 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:c2:e7:a8:46:9e:8b:49:4e:84:df:bd:3e:93:d5:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
        Validity
            Not Before: Jan  2 04:34:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac3db2feda785f7fa9f090791f5932d82b0481d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9f:22:9b:53:3f:61:0d:1b:df:0d:d1:07:0c:
                    2f:9e:26:c6:d9:bd:38:88:4a:c7:c1:40:e9:d7:84:
                    b3:38:cf:d8:60:85:9c:16:7a:92:0d:06:72:10:d5:
                    85:d1:fb:af:41:63:c6:83:fd:f4:31:e0:0f:c6:cc:
                    82:70:78:9c:a9:88:e3:65:50:2a:b4:7d:1e:37:c2:
                    d6:0f:aa:ca:4d:ed:b3:68:9d:a9:b3:b0:72:04:25:
                    24:3d:c4:0e:94:2b:af:36:9c:fc:ac:f7:f8:b1:1a:
                    b0:25:21:ba:e5:8b:d8:6c:a8:f2:45:62:a5:60:b6:
                    ba:e3:ef:e5:ab:6a:b4:25:78:33:ee:ec:ca:91:13:
                    0e:5f:ae:9e:93:cd:6c:37:4f:67:39:95:10:0e:4a:
                    ed:5c:8b:e7:10:73:6d:b1:47:a4:1d:aa:a2:ff:7c:
                    19:34:cb:d5:75:96:15:64:4f:79:23:30:e5:48:1b:
                    50:81:01:f3:6d:e5:d1:5d:ca:79:14:60:ff:6b:e1:
                    5c:e0:5e:26:91:26:a2:ab:be:73:72:37:10:24:ed:
                    5c:e9:04:86:ec:8c:0d:31:fb:ed:7b:11:ad:98:f6:
                    df:61:08:af:90:39:bd:96:f7:c3:09:8d:eb:19:ff:
                    f3:e7:a3:bb:5c:d9:19:d1:12:fd:65:2f:42:53:2f:
                    41:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3D:B2:FE:DA:78:5F:7F:A9:F0:90:79:1F:59:32:D8:2B:04:81:D0
            X509v3 Authority Key Identifier:
                keyid:6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/rD2y_tp4X3-p8JB5H1ky2CsEgdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.32.0/21
                  149.232.190.0/23
                  149.232.244.0-149.232.251.255
                  156.67.56.0/23
                  185.47.232.0/22
                  185.159.32.0/22
                  217.70.160.0/20
                IPv6:
                  2a02:1670::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:d2:30:83:e2:5b:00:85:d3:29:21:f5:2a:dd:42:61:b2:5b:
         a1:f8:35:3e:8f:61:d8:32:46:12:68:61:a6:b4:b3:a8:8f:c0:
         d4:22:6b:f0:85:00:50:fa:ab:5f:8f:47:50:93:ea:63:8c:54:
         08:dd:ff:18:23:16:50:95:92:c0:78:c1:1e:bb:b3:2b:f0:36:
         06:9d:89:05:3c:ad:6b:cb:4f:1a:a4:71:bc:8b:04:b5:ff:6e:
         b1:f5:e4:0e:04:1f:76:ac:ba:82:48:e4:cf:1d:55:2e:de:c1:
         51:07:bf:7b:6d:65:46:ef:96:c0:c8:9b:de:ce:9d:08:43:0d:
         a7:ec:cf:70:ba:ea:a5:db:c9:3b:5d:20:75:33:d4:61:b2:e0:
         be:63:eb:39:be:c1:45:f1:24:bc:a7:41:48:f8:b0:f9:db:8b:
         aa:64:c5:fb:31:b0:10:6e:46:3a:da:13:fb:60:75:15:91:00:
         a5:77:b7:ba:9e:02:c2:69:98:1d:63:ef:f1:71:47:1d:60:10:
         85:30:88:c8:47:f1:b8:57:cb:95:9b:22:c1:45:fa:fe:be:21:
         ef:8f:ad:d6:7c:a2:6a:8c:d1:db:82:d9:a6:51:59:e6:c4:3d:
         0d:f6:10:52:f5:be:50:33:a8:ee:4d:4c:e8:c3:33:94:8a:d3:
         03:12:f6:28
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYVwwueoRp6LSU6E370+k9UoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmM2Q4OWE4MWZjMjk5ZjM5YzA5MmU0ZjZkMDE3M2E5YTlj
ZmJjNjUwHhcNMjMwMTAyMDQzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNkYjJmZWRhNzg1ZjdmYTlmMDkwNzkxZjU5MzJkODJiMDQ4MWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5J8im1M/YQ0b3w3RBwwvnibG2b04
iErHwUDp14SzOM/YYIWcFnqSDQZyENWF0fuvQWPGg/30MeAPxsyCcHicqYjjZVAq
tH0eN8LWD6rKTe2zaJ2ps7ByBCUkPcQOlCuvNpz8rPf4sRqwJSG65YvYbKjyRWKl
YLa64+/lq2q0JXgz7uzKkRMOX66ek81sN09nOZUQDkrtXIvnEHNtsUekHaqi/3wZ
NMvVdZYVZE95IzDlSBtQgQHzbeXRXcp5FGD/a+Fc4F4mkSaiq75zcjcQJO1c6QSG
7IwNMfvtexGtmPbfYQivkDm9lvfDCY3rGf/z56O7XNkZ0RL9ZS9CUy9BpwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFKw9sv7aeF9/qfCQeR9ZMtgrBIHQMB8GA1UdIwQY
MBaAFG89iagfwpnznAkuT20Bc6mpz7xlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAt
MzA5YjdiOTYwZDE0LzEvckQyeV90cDRYMy1wOEpCNUgxa3kyQ3NFZ2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAtMzA5YjdiOTYwZDE0
LzEvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDLhwgAwQB
lei+MAwDBAKV6PQDBAKV6PgDBAGcQzgDBAK5L+gDBAK5nyADBATZRqAwDQQCAAIw
BwMFAyoCFnAwDQYJKoZIhvcNAQELBQADggEBAAfSMIPiWwCF0ykh9SrdQmGyW6H4
NT6PYdgyRhJoYaa0s6iPwNQia/CFAFD6q1+PR1CT6mOMVAjd/xgjFlCVksB4wR67
syvwNgadiQU8rWvLTxqkcbyLBLX/brH15A4EH3asuoJI5M8dVS7ewVEHv3ttZUbv
lsDIm97OnQhDDafsz3C66qXbyTtdIHUz1GGy4L5j6zm+wUXxJLynQUj4sPnbi6pk
xfsxsBBuRjraE/tgdRWRAKV3t7qeAsJpmB1j7/FxRx1gEIUwiMhH8bhXy5WbIsFF
+v6+Ie+PrdZ8omqM0duC2aZRWebEPQ32EFL1vlAzqO5NTOjDM5SK0wMS9ig=
-----END CERTIFICATE-----