Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/573f0b-5325-41d3-b9ff-8f7d56b7b417/1/wfy63AKYSPeoOQxqlCBzAVKhD2Y.roa
File:                     wfy63AKYSPeoOQxqlCBzAVKhD2Y.roa (raw, json)
Hash identifier:          +gCrzNva4e4kNa4bPf5O3Fwz+c4DkUDUuCYPwowoHTY=
Subject key identifier:   C1:FC:BA:DC:02:98:48:F7:A8:39:0C:6A:94:20:73:01:52:A1:0F:66
Certificate issuer:       /CN=1bb29b3f158fa80710c12a58b69fb926098d5129
Certificate serial:       07DB89
Authority key identifier: 1B:B2:9B:3F:15:8F:A8:07:10:C1:2A:58:B6:9F:B9:26:09:8D:51:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G7KbPxWPqAcQwSpYtp-5JgmNUSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/573f0b-5325-41d3-b9ff-8f7d56b7b417/1/wfy63AKYSPeoOQxqlCBzAVKhD2Y.roa
Signing time:             Fri 27 May 2022 03:12:16 +0000
ROA not before:           Fri 27 May 2022 03:12:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47782
IP address blocks:        95.215.245.0/24 maxlen: 24
                          95.215.244.0/22 maxlen: 22
                          95.215.244.0/24 maxlen: 24
                          95.215.246.0/24 maxlen: 24
                          178.216.208.0/24 maxlen: 24
                          178.216.208.0/21 maxlen: 21
                          178.216.210.0/24 maxlen: 24
                          178.216.209.0/24 maxlen: 24
                          178.216.212.0/24 maxlen: 24
                          178.216.211.0/24 maxlen: 24
                          178.216.213.0/24 maxlen: 24
                          95.215.247.0/24 maxlen: 24
                          178.216.215.0/24 maxlen: 24
                          178.216.214.0/24 maxlen: 24
                          91.205.48.0/24 maxlen: 24
                          91.205.48.0/22 maxlen: 22
                          91.205.49.0/24 maxlen: 24
                          91.205.51.0/24 maxlen: 24
                          91.205.50.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 514953 (0x7db89)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bb29b3f158fa80710c12a58b69fb926098d5129
        Validity
            Not Before: May 27 03:12:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c1fcbadc029848f7a8390c6a9420730152a10f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ad:11:4c:44:ab:19:72:be:bd:b9:97:74:c4:
                    39:5e:c4:0b:eb:a9:1e:8f:be:24:19:b7:0a:7e:7a:
                    b6:b1:23:b5:09:e7:dd:a1:77:c5:7e:e9:2c:ba:46:
                    27:bb:bd:bd:9d:1b:76:ad:46:84:3f:96:b0:6c:37:
                    f4:f0:00:51:8d:0e:0c:1f:21:3e:5e:37:96:9d:5a:
                    ad:2a:73:c8:82:85:05:c3:b5:e2:8d:c5:cb:27:99:
                    52:8a:63:c3:02:52:f1:e7:02:10:c5:83:b8:d3:40:
                    6e:ab:c4:12:2b:fa:22:5b:41:b7:0b:ee:f4:3b:7c:
                    50:42:26:64:f5:57:5e:0c:32:10:4f:8f:3d:9f:78:
                    98:e0:9f:5c:1b:28:39:db:45:a0:37:96:57:41:a3:
                    59:bf:4e:c7:f1:48:26:22:a5:8c:22:99:25:44:b2:
                    72:a9:d1:a8:15:8f:61:a4:f1:ba:0d:f3:d6:21:1a:
                    ee:e9:03:b1:61:b9:c8:72:c3:fb:5f:09:20:69:60:
                    48:b6:34:0d:1a:88:b1:40:3c:f7:ef:f8:52:cb:01:
                    8f:df:60:84:51:4a:c8:33:6c:b1:7e:2b:f2:9d:99:
                    11:51:7b:12:02:7c:ac:1d:57:1a:64:f2:e4:5a:82:
                    29:02:ba:36:66:cf:8c:b8:c1:34:cb:84:d2:a7:1b:
                    50:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:FC:BA:DC:02:98:48:F7:A8:39:0C:6A:94:20:73:01:52:A1:0F:66
            X509v3 Authority Key Identifier:
                keyid:1B:B2:9B:3F:15:8F:A8:07:10:C1:2A:58:B6:9F:B9:26:09:8D:51:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G7KbPxWPqAcQwSpYtp-5JgmNUSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/573f0b-5325-41d3-b9ff-8f7d56b7b417/1/wfy63AKYSPeoOQxqlCBzAVKhD2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/573f0b-5325-41d3-b9ff-8f7d56b7b417/1/G7KbPxWPqAcQwSpYtp-5JgmNUSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.48.0/22
                  95.215.244.0/22
                  178.216.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5c:fa:32:ea:65:cd:c9:39:38:25:6d:a8:6c:44:50:e9:8e:76:
         b0:8f:36:69:83:25:95:21:a5:fb:09:38:ec:f9:72:4a:1c:5d:
         b7:eb:52:37:f2:14:ae:44:d9:0e:06:58:76:43:5c:e1:b3:c9:
         b4:2e:6c:a8:76:1e:80:3d:8e:31:36:51:9e:f9:07:e1:a8:e1:
         63:de:fe:b9:02:c1:32:87:b4:2a:56:8f:ea:41:44:a0:77:62:
         11:20:d6:93:a1:b0:33:43:69:4c:b2:37:b2:7a:62:60:9d:51:
         ba:47:d1:18:9d:e2:50:e4:14:92:09:e4:e4:2b:9a:89:a3:73:
         d5:60:ab:d8:b0:ad:93:c6:45:6a:47:9c:2e:b8:48:6c:af:a6:
         ac:d1:f3:a9:a0:4f:7a:05:cd:44:a1:ab:a8:6c:35:f7:b6:f0:
         46:30:6f:37:dd:ab:6c:28:48:0d:82:cf:65:64:54:8f:bd:76:
         75:3a:10:14:33:64:ad:2e:ea:b2:f1:d2:dd:30:89:f8:67:f5:
         35:57:c9:b1:0c:53:d0:66:4f:59:e5:d5:82:ae:48:81:ff:2c:
         dc:db:73:74:3b:80:85:0f:e6:52:55:97:50:b0:17:97:e4:d6:
         e0:33:3b:de:ff:cc:d1:43:37:60:62:3d:eb:d6:13:9c:6a:9c:
         86:37:05:15
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIDB9uJMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDFi
YjI5YjNmMTU4ZmE4MDcxMGMxMmE1OGI2OWZiOTI2MDk4ZDUxMjkwHhcNMjIwNTI3
MDMxMjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjMWZjYmFkYzAyOTg0
OGY3YTgzOTBjNmE5NDIwNzMwMTUyYTEwZjY2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAsa0RTESrGXK+vbmXdMQ5XsQL66kej74kGbcKfnq2sSO1Cefd
oXfFfuksukYnu729nRt2rUaEP5awbDf08ABRjQ4MHyE+XjeWnVqtKnPIgoUFw7Xi
jcXLJ5lSimPDAlLx5wIQxYO400Buq8QSK/oiW0G3C+70O3xQQiZk9VdeDDIQT489
n3iY4J9cGyg520WgN5ZXQaNZv07H8UgmIqWMIpklRLJyqdGoFY9hpPG6DfPWIRru
6QOxYbnIcsP7XwkgaWBItjQNGoixQDz37/hSywGP32CEUUrIM2yxfivynZkRUXsS
AnysHVcaZPLkWoIpAro2Zs+MuME0y4TSpxtQSQIDAQABo4ICFTCCAhEwHQYDVR0O
BBYEFMH8utwCmEj3qDkMapQgcwFSoQ9mMB8GA1UdIwQYMBaAFBuymz8Vj6gHEMEq
WLafuSYJjVEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
RzdLYlB4V1BxQWNRd1NwWXRwLTVKZ21OVVNrLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC84Yi81NzNmMGItNTMyNS00MWQzLWI5ZmYtOGY3ZDU2YjdiNDE3LzEv
d2Z5NjNBS1lTUGVvT1F4cWxDQnpBVktoRDJZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi81
NzNmMGItNTMyNS00MWQzLWI5ZmYtOGY3ZDU2YjdiNDE3LzEvRzdLYlB4V1BxQWNR
d1NwWXRwLTVKZ21OVVNrLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsG
CCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW80wAwQCX9f0AwQDstjQMA0GCSqG
SIb3DQEBCwUAA4IBAQBc+jLqZc3JOTglbahsRFDpjnawjzZpgyWVIaX7CTjs+XJK
HF2361I38hSuRNkOBlh2Q1zhs8m0Lmyodh6APY4xNlGe+QfhqOFj3v65AsEyh7Qq
Vo/qQUSgd2IRINaTobAzQ2lMsjeyemJgnVG6R9EYneJQ5BSSCeTkK5qJo3PVYKvY
sK2TxkVqR5wuuEhsr6as0fOpoE96Bc1EoauobDX3tvBGMG833atsKEgNgs9lZFSP
vXZ1OhAUM2StLuqy8dLdMIn4Z/U1V8mxDFPQZk9Z5dWCrkiB/yzc23N0O4CFD+ZS
VZdQsBeX5NbgMzve/8zRQzdgYj3r1hOcapyGNwUV
-----END CERTIFICATE-----