Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/16571f-c485-4e73-9cdf-cc3db54f6a47/1/6M-hJzHPGUFlc0licUSQEsvxlFE.roa
File:                     6M-hJzHPGUFlc0licUSQEsvxlFE.roa (raw, json)
Hash identifier:          T1xZ76egdgMa8kdOQ6Px8IbXQ+kHOhtxxnGe/8Rc3jo=
Subject key identifier:   E8:CF:A1:27:31:CF:19:41:65:73:49:62:71:44:90:12:CB:F1:94:51
Certificate issuer:       /CN=19a6857c5ba3f51dbe38f4c4a0c77c84ff0fb355
Certificate serial:       042983D8
Authority key identifier: 19:A6:85:7C:5B:A3:F5:1D:BE:38:F4:C4:A0:C7:7C:84:FF:0F:B3:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GaaFfFuj9R2-OPTEoMd8hP8Ps1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/16571f-c485-4e73-9cdf-cc3db54f6a47/1/6M-hJzHPGUFlc0licUSQEsvxlFE.roa
Signing time:             Sat 01 Jan 2022 15:02:31 +0000
ROA not before:           Sat 01 Jan 2022 15:02:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206065
IP address blocks:        185.172.0.0/22 maxlen: 24
                          185.197.68.0/22 maxlen: 24
                          188.121.128.0/19 maxlen: 24
                          92.61.184.0/21 maxlen: 24
                          37.221.0.0/18 maxlen: 24
                          37.235.16.0/20 maxlen: 24
                          91.184.64.0/20 maxlen: 24
                          94.139.160.0/20 maxlen: 24
                          37.19.80.0/20 maxlen: 24
                          37.19.81.0/24 maxlen: 24
                          185.30.76.0/22 maxlen: 24
                          92.119.68.0/22 maxlen: 24
                          213.207.192.0/20 maxlen: 24
                          81.91.144.0/20 maxlen: 24
                          2a0c:100::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 69829592 (0x42983d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19a6857c5ba3f51dbe38f4c4a0c77c84ff0fb355
        Validity
            Not Before: Jan  1 15:02:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e8cfa12731cf19416573496271449012cbf19451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:67:1c:63:df:b0:60:35:c6:b1:cc:16:00:4a:
                    f6:b8:dd:b0:1a:f7:11:54:ae:bb:47:c1:17:e3:1a:
                    4f:07:6d:3e:99:d3:e0:ef:a7:fb:c3:23:07:db:9f:
                    c6:b9:65:62:bf:20:0f:fa:78:8b:81:1f:2d:5c:b0:
                    de:94:76:32:06:51:24:be:0a:8e:cf:db:82:67:c8:
                    cc:91:f5:2a:e3:51:49:c5:2e:cf:30:76:85:18:84:
                    7d:a6:31:46:25:f5:f4:3b:b6:18:de:f0:3c:de:e7:
                    4c:1a:e7:04:86:9f:d3:e9:e5:c6:d3:9e:9f:51:89:
                    78:01:a2:9e:9d:13:bf:ff:00:3f:6f:47:a4:8a:20:
                    1d:7b:2b:ed:ed:0b:1e:30:3a:26:22:ca:32:c6:82:
                    64:3d:98:86:1e:eb:23:06:be:e0:f0:b0:0c:e9:a9:
                    7f:60:69:38:7a:5e:41:0e:61:ba:ef:97:03:67:5d:
                    3c:52:21:b9:de:8b:d8:14:cb:e9:35:72:31:70:c8:
                    9f:ec:42:25:27:0a:c0:e4:75:b3:c9:d8:66:cc:b0:
                    8d:e3:d3:bf:93:fa:4e:9a:b5:df:72:23:03:5b:b7:
                    20:3e:f6:57:5e:c7:f5:49:92:2c:de:18:d5:3d:c8:
                    e9:98:57:8d:96:98:eb:a7:91:72:c2:c5:34:fb:7a:
                    81:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:CF:A1:27:31:CF:19:41:65:73:49:62:71:44:90:12:CB:F1:94:51
            X509v3 Authority Key Identifier:
                keyid:19:A6:85:7C:5B:A3:F5:1D:BE:38:F4:C4:A0:C7:7C:84:FF:0F:B3:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GaaFfFuj9R2-OPTEoMd8hP8Ps1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/16571f-c485-4e73-9cdf-cc3db54f6a47/1/6M-hJzHPGUFlc0licUSQEsvxlFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/16571f-c485-4e73-9cdf-cc3db54f6a47/1/GaaFfFuj9R2-OPTEoMd8hP8Ps1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.80.0/20
                  37.221.0.0/18
                  37.235.16.0/20
                  81.91.144.0/20
                  91.184.64.0/20
                  92.61.184.0/21
                  92.119.68.0/22
                  94.139.160.0/20
                  185.30.76.0/22
                  185.172.0.0/22
                  185.197.68.0/22
                  188.121.128.0/19
                  213.207.192.0/20
                IPv6:
                  2a0c:100::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:fe:5f:bd:fb:c9:51:8f:40:35:38:97:66:95:1a:42:55:2c:
         56:51:66:e4:e2:e2:1d:d7:a0:15:c0:de:e5:08:b3:68:ef:88:
         79:05:7d:7c:72:e5:cc:57:8c:06:65:b9:59:16:dd:ce:8b:9d:
         56:ef:07:c1:6e:0c:5b:ac:93:4f:a9:80:09:b6:e8:7a:f5:c3:
         43:6b:a6:19:ce:5d:ff:5a:1a:ad:c4:86:b6:c2:a7:d7:26:c3:
         f5:ac:4b:18:18:a1:03:56:22:2e:4b:d7:ee:59:5b:f8:fe:54:
         d8:7a:55:2f:5f:dc:b6:7c:52:56:9b:4f:8d:44:f5:16:ab:7e:
         99:37:97:93:fd:d3:30:78:e1:44:80:9a:40:46:e7:bb:92:44:
         0a:f7:8e:91:3c:14:27:22:87:0f:8d:cd:f4:d1:68:9f:f5:29:
         55:1d:12:e0:fe:4f:83:37:0d:2e:7e:d4:30:86:fe:3e:ec:e8:
         ce:8b:b8:2d:24:0b:ba:2d:77:a2:5e:4d:d6:96:72:f1:e6:41:
         be:f5:c0:27:20:86:2c:1d:b5:d3:31:74:fb:a4:91:8f:f5:4a:
         c1:78:d7:52:0c:62:26:8f:72:30:02:63:25:07:4b:62:3d:a6:
         fa:1d:6b:32:b1:99:e1:a6:92:52:77:76:64:be:eb:6e:5a:e7:
         e7:67:2d:a9
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIEBCmD2DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
OWE2ODU3YzViYTNmNTFkYmUzOGY0YzRhMGM3N2M4NGZmMGZiMzU1MB4XDTIyMDEw
MTE1MDIzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZThjZmExMjczMWNm
MTk0MTY1NzM0OTYyNzE0NDkwMTJjYmYxOTQ1MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKJnHGPfsGA1xrHMFgBK9rjdsBr3EVSuu0fBF+MaTwdtPpnT
4O+n+8MjB9ufxrllYr8gD/p4i4EfLVyw3pR2MgZRJL4Kjs/bgmfIzJH1KuNRScUu
zzB2hRiEfaYxRiX19Du2GN7wPN7nTBrnBIaf0+nlxtOen1GJeAGinp0Tv/8AP29H
pIogHXsr7e0LHjA6JiLKMsaCZD2Yhh7rIwa+4PCwDOmpf2BpOHpeQQ5huu+XA2dd
PFIhud6L2BTL6TVyMXDIn+xCJScKwOR1s8nYZsywjePTv5P6Tpq133IjA1u3ID72
V17H9UmSLN4Y1T3I6ZhXjZaY66eRcsLFNPt6gRMCAwEAAaOCAmAwggJcMB0GA1Ud
DgQWBBToz6EnMc8ZQWVzSWJxRJASy/GUUTAfBgNVHSMEGDAWgBQZpoV8W6P1Hb44
9MSgx3yE/w+zVTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dhYUZmRnVqOVIyLU9QVEVvTWQ4aFA4UHMxVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODkvMTY1NzFmLWM0ODUtNGU3My05Y2RmLWNjM2RiNTRmNmE0Ny8x
LzZNLWhKekhQR1VGbGMwbGljVVNRRXN2eGxGRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODkv
MTY1NzFmLWM0ODUtNGU3My05Y2RmLWNjM2RiNTRmNmE0Ny8xL0dhYUZmRnVqOVIy
LU9QVEVvTWQ4aFA4UHMxVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB2
BggrBgEFBQcBBwEB/wRnMGUwVAQCAAEwTgMEBCUTUAMEBiXdAAMEBCXrEAMEBFFb
kAMEBFu4QAMEA1w9uAMEAlx3RAMEBF6LoAMEArkeTAMEArmsAAMEArnFRAMEBbx5
gAMEBNXPwDANBAIAAjAHAwUDKgwBADANBgkqhkiG9w0BAQsFAAOCAQEAtf5fvfvJ
UY9ANTiXZpUaQlUsVlFm5OLiHdegFcDe5QizaO+IeQV9fHLlzFeMBmW5WRbdzoud
Vu8HwW4MW6yTT6mACbboevXDQ2umGc5d/1oarcSGtsKn1ybD9axLGBihA1YiLkvX
7llb+P5U2HpVL1/ctnxSVptPjUT1Fqt+mTeXk/3TMHjhRICaQEbnu5JECveOkTwU
JyKHD43N9NFon/UpVR0S4P5PgzcNLn7UMIb+Puzozou4LSQLui13ol5N1pZy8eZB
vvXAJyCGLB210zF0+6SRj/VKwXjXUgxiJo9yMAJjJQdLYj2m+h1rMrGZ4aaSUnd2
ZL7rblrn52ctqQ==
-----END CERTIFICATE-----