Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/p_25goggBsqoLyiW9HME8Kx-4No.roa
File:                     p_25goggBsqoLyiW9HME8Kx-4No.roa (raw, json)
Hash identifier:          zkPtWW+H9iWcO4ro1EMX8fXaVa8MVWhmqF3b8BMnoHY=
Subject key identifier:   A7:FD:B9:82:88:20:06:CA:A8:2F:28:96:F4:73:04:F0:AC:7E:E0:DA
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0183C684B426A9298E0DB21C28A93B8964FC
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/p_25goggBsqoLyiW9HME8Kx-4No.roa
Signing time:             Tue 11 Oct 2022 10:08:48 +0000
ROA not before:           Tue 11 Oct 2022 10:08:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        185.132.125.0/24 maxlen: 24
                          45.136.196.0/24 maxlen: 24
                          45.136.197.0/24 maxlen: 24
                          45.136.198.0/24 maxlen: 24
                          45.136.199.0/24 maxlen: 24
                          176.97.64.0/23 maxlen: 23
                          185.87.148.0/23 maxlen: 23
                          188.116.22.0/24 maxlen: 24
                          195.54.171.0/24 maxlen: 24
                          176.97.70.0/23 maxlen: 23
                          176.97.68.0/23 maxlen: 23
                          176.97.66.0/23 maxlen: 23
                          5.61.62.0/23 maxlen: 23
                          5.61.60.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c6:84:b4:26:a9:29:8e:0d:b2:1c:28:a9:3b:89:64:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Oct 11 10:08:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a7fdb982882006caa82f2896f47304f0ac7ee0da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fe:b0:5f:35:e9:21:40:20:a1:fc:fc:30:97:
                    e8:1f:69:3b:e1:5c:98:01:b0:0c:3f:a7:e5:bb:8b:
                    be:07:65:12:53:8f:5e:4e:0c:56:c9:24:5f:1d:c8:
                    12:1d:64:a2:92:98:e8:37:91:02:a6:43:c9:5e:8f:
                    a0:37:37:d7:66:bf:a2:86:87:54:49:d2:6e:6b:3a:
                    b2:51:74:bd:d8:dd:0d:8b:52:2b:9b:a4:4b:54:4f:
                    12:3e:71:da:ee:9c:f1:9b:99:02:21:66:e3:1a:21:
                    83:68:3c:28:3b:fd:da:4f:53:d5:71:53:f1:db:6d:
                    54:32:94:95:6f:b7:b0:2d:92:13:8f:0c:a4:6f:97:
                    58:f8:e0:e5:5b:0b:60:77:5a:db:3a:0b:9a:f0:75:
                    58:d6:3c:d0:ec:22:4a:1c:cd:2a:36:72:b8:64:36:
                    87:4a:33:cd:8c:8a:30:f3:9e:58:a8:39:28:ba:7d:
                    8a:88:bf:ae:30:90:38:19:13:8c:10:e1:88:c5:e4:
                    87:8f:71:a2:99:03:f5:b3:4e:a1:3f:b6:11:b7:21:
                    08:f7:63:e1:68:55:f7:4f:df:25:ee:ba:c9:13:f4:
                    39:07:26:fc:cb:5f:ae:e6:50:64:59:55:3f:30:86:
                    35:6f:b5:8f:54:0a:29:53:93:58:fe:b1:a7:09:ff:
                    ef:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:FD:B9:82:88:20:06:CA:A8:2F:28:96:F4:73:04:F0:AC:7E:E0:DA
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/p_25goggBsqoLyiW9HME8Kx-4No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.60.0/22
                  45.136.196.0/22
                  176.97.64.0/21
                  185.87.148.0/23
                  185.132.125.0/24
                  188.116.22.0/24
                  195.54.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:db:89:c2:f7:a7:3f:50:00:81:0c:f8:c7:f0:46:bb:02:76:
         b2:c0:1b:7f:4c:ed:07:c4:46:43:07:fd:4c:63:34:a2:92:1c:
         92:b3:2d:4b:9d:30:01:d0:82:07:7e:5d:2c:96:df:2d:a9:c7:
         52:30:11:ba:08:88:f5:4f:c8:4a:d1:c3:3f:f7:3b:74:69:69:
         21:59:78:7d:1b:f1:b7:5a:de:a3:a7:b1:9c:f4:23:c5:e5:9c:
         b7:14:77:ca:4d:24:b5:14:21:a3:fd:bd:b5:3c:ed:c5:22:d2:
         a3:27:54:a8:c6:4c:29:bd:fb:e0:5e:9a:ab:ea:2b:d0:d0:b6:
         4e:2d:3f:7b:19:20:a0:41:59:78:01:18:bf:26:a7:97:8a:5e:
         c9:33:9e:f6:4f:65:c6:20:b0:62:52:10:dd:b8:4d:46:db:ea:
         2f:d8:d8:f6:4c:cd:95:98:2a:a8:58:05:94:4a:18:31:69:42:
         b3:56:7a:ae:ee:50:f1:f4:ea:09:15:7a:af:fd:c9:6e:5c:2f:
         2d:b6:ca:81:20:5f:2a:ec:4d:8f:7a:73:aa:ca:cd:fa:99:8c:
         ce:2f:d8:aa:81:f2:e9:fd:ed:16:25:19:5d:b9:88:2b:22:d1:
         60:22:99:6d:30:f0:e4:c7:c5:76:6b:11:e6:2e:7e:a4:e4:5d:
         35:d5:04:99
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYPGhLQmqSmODbIcKKk7iWT8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjIxMDExMTAwODQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2ZkYjk4Mjg4MjAwNmNhYTgyZjI4OTZmNDczMDRmMGFjN2VlMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP6wXzXpIUAgofz8MJfoH2k74VyY
AbAMP6flu4u+B2USU49eTgxWySRfHcgSHWSikpjoN5ECpkPJXo+gNzfXZr+ihodU
SdJuazqyUXS92N0Ni1Irm6RLVE8SPnHa7pzxm5kCIWbjGiGDaDwoO/3aT1PVcVPx
221UMpSVb7ewLZITjwykb5dY+ODlWwtgd1rbOgua8HVY1jzQ7CJKHM0qNnK4ZDaH
SjPNjIow855YqDkoun2KiL+uMJA4GROMEOGIxeSHj3GimQP1s06hP7YRtyEI92Ph
aFX3T98l7rrJE/Q5Byb8y1+u5lBkWVU/MIY1b7WPVAopU5NY/rGnCf/vEQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKf9uYKIIAbKqC8olvRzBPCsfuDaMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvcF8yNWdvZ2dCc3FvTHlpVzlITUU4S3gtNE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCBT08AwQC
LYjEAwQDsGFAAwQBuVeUAwQAuYR9AwQAvHQWAwQAwzarMA0GCSqGSIb3DQEBCwUA
A4IBAQDa24nC96c/UACBDPjH8Ea7AnaywBt/TO0HxEZDB/1MYzSikhySsy1LnTAB
0IIHfl0slt8tqcdSMBG6CIj1T8hK0cM/9zt0aWkhWXh9G/G3Wt6jp7Gc9CPF5Zy3
FHfKTSS1FCGj/b21PO3FItKjJ1SoxkwpvfvgXpqr6ivQ0LZOLT97GSCgQVl4ARi/
JqeXil7JM572T2XGILBiUhDduE1G2+ov2Nj2TM2VmCqoWAWUShgxaUKzVnqu7lDx
9OoJFXqv/cluXC8ttsqBIF8q7E2PenOqys36mYzOL9iqgfLp/e0WJRlduYgrItFg
IpltMPDkx8V2axHmLn6k5F011QSZ
-----END CERTIFICATE-----