Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/xlRXUNQpn4h3SsPGvaEPXLZXrRo.roa
File:                     xlRXUNQpn4h3SsPGvaEPXLZXrRo.roa (raw, json)
Hash identifier:          E+3+maoRSGvZsTUa8CA8LkpS6ETXlXnZBqUae31m6x8=
Subject key identifier:   C6:54:57:50:D4:29:9F:88:77:4A:C3:C6:BD:A1:0F:5C:B6:57:AD:1A
Certificate issuer:       /CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Certificate serial:       01845C1E0B39F7C8D3C725504D3567B77D95
Authority key identifier: 6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/xlRXUNQpn4h3SsPGvaEPXLZXrRo.roa
Signing time:             Wed 09 Nov 2022 11:19:43 +0000
ROA not before:           Wed 09 Nov 2022 11:19:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16024
IP address blocks:        156.67.56.0/23 maxlen: 23
                          156.67.56.0/24 maxlen: 24
                          156.67.57.0/24 maxlen: 24
                          217.70.160.0/20 maxlen: 24
                          149.232.190.0/23 maxlen: 24
                          185.47.232.0/22 maxlen: 24
                          46.28.32.0/21 maxlen: 24
                          185.159.32.0/22 maxlen: 24
                          149.232.244.0/22 maxlen: 24
                          149.232.248.0/22 maxlen: 24
                          2a02:1670::/29 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:5c:1e:0b:39:f7:c8:d3:c7:25:50:4d:35:67:b7:7d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
        Validity
            Not Before: Nov  9 11:19:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6545750d4299f88774ac3c6bda10f5cb657ad1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c0:4f:93:bd:c1:9f:e6:57:fe:77:e7:fe:88:
                    3a:ba:65:44:3b:ef:63:07:e4:cf:42:22:db:cf:04:
                    6f:8e:54:45:74:96:09:11:d4:55:3f:26:14:c4:d7:
                    6c:e5:3b:b8:2b:06:65:a7:9f:fb:4e:1c:de:53:0c:
                    39:7f:c1:a9:bc:a8:90:cb:c8:a5:10:9b:75:20:b3:
                    90:1b:a1:1c:9e:cb:99:13:b0:34:99:f4:71:15:2e:
                    02:fc:c7:77:2e:e0:aa:9c:e5:6a:7c:f3:67:90:13:
                    b8:5b:c4:89:43:52:ee:0b:c5:d0:d2:3d:4d:83:c7:
                    46:6f:a3:6e:46:fe:17:f7:59:b4:9f:a2:2a:bc:78:
                    53:1f:95:75:25:e0:0e:0b:f8:5c:d7:d6:bc:dd:a2:
                    14:6e:71:49:69:20:3f:f2:78:16:c4:5e:c2:63:7c:
                    ab:4a:d3:fd:fa:24:a0:c7:99:a2:67:f2:bb:73:48:
                    c4:28:b5:aa:32:8f:d2:57:43:af:c5:7e:ed:84:36:
                    d2:c5:5f:f5:ae:b1:61:3e:16:2a:4e:4e:31:32:18:
                    02:ff:80:25:6e:41:23:5b:5e:f3:23:26:b7:27:12:
                    be:19:a8:bb:7b:96:64:a6:5c:aa:2d:cc:fd:03:a1:
                    fd:6a:e9:b9:23:dc:94:be:65:c5:a3:c9:97:c1:33:
                    cc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:54:57:50:D4:29:9F:88:77:4A:C3:C6:BD:A1:0F:5C:B6:57:AD:1A
            X509v3 Authority Key Identifier:
                keyid:6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/xlRXUNQpn4h3SsPGvaEPXLZXrRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.32.0/21
                  149.232.190.0/23
                  149.232.244.0-149.232.251.255
                  156.67.56.0/23
                  185.47.232.0/22
                  185.159.32.0/22
                  217.70.160.0/20
                IPv6:
                  2a02:1670::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:7c:b1:4d:5a:9d:4c:18:ed:6a:83:14:b6:40:a4:fa:7f:e6:
         92:9c:07:3d:19:22:6b:10:eb:54:90:89:7b:d7:4b:82:b9:07:
         12:56:db:05:ca:54:ec:47:4b:b2:02:34:c4:74:fe:0e:17:1f:
         97:d3:02:ce:86:47:8b:5a:84:01:de:a8:df:89:c6:8b:8c:73:
         4a:11:21:08:b4:f5:54:af:ba:d8:ed:66:3b:d9:cb:a5:74:45:
         de:b7:b7:17:e0:dd:aa:95:c3:e9:de:bf:4a:22:2e:e3:70:d1:
         76:20:84:9c:d9:22:54:fe:36:5e:48:0e:3a:e5:eb:d4:bf:f5:
         52:e9:5d:a0:bb:bd:f0:3e:91:f0:1d:66:57:c8:4c:72:4e:3b:
         01:a8:d9:a7:e8:1b:d9:de:8f:eb:41:64:49:62:a3:40:e4:03:
         d7:26:7f:d8:97:ab:d7:4c:44:e2:74:04:0a:26:55:8f:e2:6f:
         e6:28:b8:8a:c7:8e:21:ae:4f:f5:4b:9f:82:33:3f:e7:19:ce:
         de:a5:fe:1d:b1:03:18:f2:75:fc:87:6d:00:08:ee:af:ba:be:
         8a:87:e4:03:9e:95:93:8f:d1:c8:c4:b4:c7:53:fd:f9:1b:7c:
         45:b4:69:e2:a3:5b:10:15:52:1d:f1:a2:2f:4b:97:5e:33:49:
         3b:38:86:23
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYRcHgs598jTxyVQTTVnt32VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmM2Q4OWE4MWZjMjk5ZjM5YzA5MmU0ZjZkMDE3M2E5YTlj
ZmJjNjUwHhcNMjIxMTA5MTExOTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjU0NTc1MGQ0Mjk5Zjg4Nzc0YWMzYzZiZGExMGY1Y2I2NTdhZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsBPk73Bn+ZX/nfn/og6umVEO+9j
B+TPQiLbzwRvjlRFdJYJEdRVPyYUxNds5Tu4KwZlp5/7ThzeUww5f8GpvKiQy8il
EJt1ILOQG6EcnsuZE7A0mfRxFS4C/Md3LuCqnOVqfPNnkBO4W8SJQ1LuC8XQ0j1N
g8dGb6NuRv4X91m0n6IqvHhTH5V1JeAOC/hc19a83aIUbnFJaSA/8ngWxF7CY3yr
StP9+iSgx5miZ/K7c0jEKLWqMo/SV0OvxX7thDbSxV/1rrFhPhYqTk4xMhgC/4Al
bkEjW17zIya3JxK+Gai7e5ZkplyqLcz9A6H9aum5I9yUvmXFo8mXwTPM+wIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFMZUV1DUKZ+Id0rDxr2hD1y2V60aMB8GA1UdIwQY
MBaAFG89iagfwpnznAkuT20Bc6mpz7xlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAt
MzA5YjdiOTYwZDE0LzEveGxSWFVOUXBuNGgzU3NQR3ZhRVBYTFpYclJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAtMzA5YjdiOTYwZDE0
LzEvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDLhwgAwQB
lei+MAwDBAKV6PQDBAKV6PgDBAGcQzgDBAK5L+gDBAK5nyADBATZRqAwDQQCAAIw
BwMFAyoCFnAwDQYJKoZIhvcNAQELBQADggEBADF8sU1anUwY7WqDFLZApPp/5pKc
Bz0ZImsQ61SQiXvXS4K5BxJW2wXKVOxHS7ICNMR0/g4XH5fTAs6GR4tahAHeqN+J
xouMc0oRIQi09VSvutjtZjvZy6V0Rd63txfg3aqVw+nev0oiLuNw0XYghJzZIlT+
Nl5IDjrl69S/9VLpXaC7vfA+kfAdZlfITHJOOwGo2afoG9nej+tBZElio0DkA9cm
f9iXq9dMROJ0BAomVY/ib+YouIrHjiGuT/VLn4IzP+cZzt6l/h2xAxjydfyHbQAI
7q+6voqH5AOelZOP0cjEtMdT/fkbfEW0aeKjWxAVUh3xoi9Ll14zSTs4hiM=
-----END CERTIFICATE-----