Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/rFO9a2ay2lEehHK5uaHzxXofuH4.roa
File:                     rFO9a2ay2lEehHK5uaHzxXofuH4.roa (raw, json)
Hash identifier:          4k1vYRBUdoSJPmUAoDitSrmC+HKVz11a6048p5OukTw=
Subject key identifier:   AC:53:BD:6B:66:B2:DA:51:1E:84:72:B9:B9:A1:F3:C5:7A:1F:B8:7E
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       018C81693A74321B1B31C43D3E026C1152D4
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/rFO9a2ay2lEehHK5uaHzxXofuH4.roa
Signing time:             Tue 19 Dec 2023 09:30:06 +0000
ROA not before:           Tue 19 Dec 2023 09:30:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25393
IP address blocks:        193.178.144.0/23 maxlen: 23
                          78.27.224.0/19 maxlen: 24
                          77.87.192.0/21 maxlen: 21
                          195.39.197.0/24 maxlen: 24
                          89.184.68.0/22 maxlen: 24
                          89.184.72.0/21 maxlen: 21
                          89.184.88.0/21 maxlen: 21
                          5.149.120.0/22 maxlen: 24
                          5.149.124.0/22 maxlen: 24
                          195.177.116.0/22 maxlen: 22
                          2a02:2278:200::/40 maxlen: 56
                          2a02:2278:204::/48 maxlen: 48
                          2a02:2278:100::/44 maxlen: 56
                          2a02:2278:208::/48 maxlen: 48
                          2a02:2279::/32 maxlen: 32
                          2a02:2279::/40 maxlen: 56
                          2a02:2279:1200::/40 maxlen: 56
                          2a02:2279:200::/40 maxlen: 56
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:81:69:3a:74:32:1b:1b:31:c4:3d:3e:02:6c:11:52:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Dec 19 09:30:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac53bd6b66b2da511e8472b9b9a1f3c57a1fb87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d3:4f:50:63:02:ee:00:8c:4d:93:1d:60:1e:
                    54:fe:c9:56:d2:33:7c:61:33:8a:6a:0f:ae:27:ef:
                    2e:4c:9f:72:98:90:7d:56:9a:54:00:52:7f:43:43:
                    7a:10:34:35:8b:30:ae:79:ee:03:ee:34:c7:08:3a:
                    cf:d5:ea:0e:fb:7c:f1:d7:50:0e:9f:30:6f:bb:1f:
                    2b:53:3e:66:a3:f0:30:44:22:61:bd:6c:b7:38:4d:
                    7f:76:3c:cf:20:0c:a9:d1:00:78:86:bc:55:f9:00:
                    22:f0:92:f1:d8:96:ed:d5:fb:10:97:ae:59:74:ba:
                    9c:54:65:57:96:18:a0:57:c5:d0:f2:e3:58:82:17:
                    76:56:88:27:33:88:61:cd:25:36:52:89:e2:bb:a7:
                    40:a7:5d:df:91:d5:45:40:26:10:f2:fe:3c:da:87:
                    5b:e3:02:e2:59:7b:d3:d0:2f:e0:cc:52:e6:9b:7e:
                    11:69:78:f7:48:7b:4a:23:9e:85:00:28:6d:1c:7b:
                    7e:13:68:9f:a8:84:3c:5a:84:ed:da:78:7a:40:40:
                    bb:ab:27:47:cd:06:8f:bf:86:80:0a:9d:59:48:32:
                    39:cc:a0:73:6a:6a:67:90:00:5b:6a:da:bc:e6:42:
                    5a:53:a8:28:f6:7e:e8:93:15:c0:3d:bf:3f:7b:cc:
                    71:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:53:BD:6B:66:B2:DA:51:1E:84:72:B9:B9:A1:F3:C5:7A:1F:B8:7E
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/rFO9a2ay2lEehHK5uaHzxXofuH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.120.0/21
                  77.87.192.0/21
                  78.27.224.0/19
                  89.184.68.0-89.184.79.255
                  89.184.88.0/21
                  193.178.144.0/23
                  195.39.197.0/24
                  195.177.116.0/22
                IPv6:
                  2a02:2278:100::/44
                  2a02:2278:200::/40
                  2a02:2279::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:9b:e2:58:83:52:1c:0d:e0:6d:10:24:d0:9d:dc:1d:10:a5:
         c6:23:c6:e4:de:7d:2d:7e:74:d9:7d:02:69:62:93:f2:6b:65:
         af:b1:92:26:61:3d:87:ad:0b:39:4f:bf:e2:b7:2a:34:73:b2:
         1c:01:17:74:75:49:10:13:a1:4b:45:a5:a1:e3:2e:15:08:2c:
         3a:69:ec:ff:3f:0c:47:fb:11:a8:2e:6c:a7:98:f0:79:fc:63:
         d3:06:54:a5:51:ce:66:3e:c2:28:b9:4e:a5:53:e2:17:92:b0:
         dd:cc:92:6e:3e:4a:90:57:ca:45:3d:a3:00:22:65:e3:a8:11:
         99:7e:57:4d:a6:0d:c5:5d:c4:d5:56:0a:57:f2:5f:25:77:38:
         62:56:23:23:56:cf:09:9f:64:1c:8b:08:c7:2e:dd:89:c7:7a:
         26:dc:69:28:83:b0:85:f6:ef:88:cc:68:ea:30:d6:cc:47:5e:
         76:e7:e3:71:c4:d2:e0:1d:a3:7f:82:64:a5:da:2b:49:90:ea:
         62:ac:08:a6:69:94:24:43:78:df:a0:89:63:31:b6:b4:9b:f5:
         e5:7a:45:10:fc:47:bb:fb:83:7a:88:e5:75:be:c2:af:42:5c:
         9c:b8:92:64:76:91:fb:92:f5:18:53:e4:c3:fd:59:11:b6:a5:
         10:98:c5:a4
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYyBaTp0MhsbMcQ9PgJsEVLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMxMjE5MDkzMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzUzYmQ2YjY2YjJkYTUxMWU4NDcyYjliOWExZjNjNTdhMWZiODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtNPUGMC7gCMTZMdYB5U/slW0jN8
YTOKag+uJ+8uTJ9ymJB9VppUAFJ/Q0N6EDQ1izCuee4D7jTHCDrP1eoO+3zx11AO
nzBvux8rUz5mo/AwRCJhvWy3OE1/djzPIAyp0QB4hrxV+QAi8JLx2Jbt1fsQl65Z
dLqcVGVXlhigV8XQ8uNYghd2VognM4hhzSU2Uoniu6dAp13fkdVFQCYQ8v482odb
4wLiWXvT0C/gzFLmm34RaXj3SHtKI56FAChtHHt+E2ifqIQ8WoTt2nh6QEC7qydH
zQaPv4aACp1ZSDI5zKBzampnkABbatq85kJaU6go9n7okxXAPb8/e8xxGQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFKxTvWtmstpRHoRyubmh88V6H7h+MB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvckZPOWEyYXkybEVlaEhLNXVhSHp4WG9mdUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDA+BAIAATA4AwQDBZV4AwQD
TVfAAwQFThvgMAwDBAJZuEQDBARZuEADBANZuFgDBAHBspADBADDJ8UDBALDsXQw
HgQCAAIwGAMHBCoCIngBAAMGACoCIngCAwUAKgIieTANBgkqhkiG9w0BAQsFAAOC
AQEAb5viWINSHA3gbRAk0J3cHRClxiPG5N59LX502X0CaWKT8mtlr7GSJmE9h60L
OU+/4rcqNHOyHAEXdHVJEBOhS0WloeMuFQgsOmns/z8MR/sRqC5sp5jwefxj0wZU
pVHOZj7CKLlOpVPiF5Kw3cySbj5KkFfKRT2jACJl46gRmX5XTaYNxV3E1VYKV/Jf
JXc4YlYjI1bPCZ9kHIsIxy7dicd6JtxpKIOwhfbviMxo6jDWzEdedufjccTS4B2j
f4JkpdorSZDqYqwIpmmUJEN436CJYzG2tJv15XpFEPxHu/uDeojldb7Cr0JcnLiS
ZHaR+5L1GFPkw/1ZEbalEJjFpA==
-----END CERTIFICATE-----