Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/qvENPc6v-okSsfw-NU0bcZoox1w.roa
File:                     qvENPc6v-okSsfw-NU0bcZoox1w.roa (raw, json)
Hash identifier:          MnuZMf4d2a0kyXjZZDQjxtqW/AtKZtR8ibfDf2PSCBE=
Subject key identifier:   AA:F1:0D:3D:CE:AF:FA:89:12:B1:FC:3E:35:4D:1B:71:9A:28:C7:5C
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       1030CB3C
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/qvENPc6v-okSsfw-NU0bcZoox1w.roa
Signing time:             Wed 19 Jan 2022 12:52:52 +0000
ROA not before:           Wed 19 Jan 2022 12:52:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210554
IP address blocks:        185.197.133.0/24 maxlen: 32
                          2a06:e881:8707::/48 maxlen: 128
                          2a06:e881:870c::/48 maxlen: 128
                          2a06:e881:870d::/48 maxlen: 128
                          2a06:e881:8702::/48 maxlen: 128
                          2a06:e881:8703::/48 maxlen: 128
                          2a06:e881:8708::/48 maxlen: 128
                          2a06:e881:8709::/48 maxlen: 128
                          2a06:e881:870e::/48 maxlen: 128
                          2a06:e881:870f::/48 maxlen: 128
                          2a06:e881:8704::/48 maxlen: 128
                          2a06:e881:870a::/48 maxlen: 128
                          2a06:e881:870b::/48 maxlen: 128
                          2a06:e881:8700::/48 maxlen: 128
                          2a06:e881:8701::/48 maxlen: 128
                          2a06:e881:8706::/48 maxlen: 128

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 271633212 (0x1030cb3c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan 19 12:52:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aaf10d3dceaffa8912b1fc3e354d1b719a28c75c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f0:07:21:cf:96:67:00:2b:e7:ce:e4:8a:20:
                    6e:af:5f:86:cc:11:0f:4a:f5:a9:5b:48:57:fb:ff:
                    e8:cc:26:d4:1b:ba:54:8d:7f:13:12:fa:3c:8a:e3:
                    b5:c4:ef:d3:74:11:1a:6e:e1:7a:1c:6a:41:ca:78:
                    29:e3:0f:00:cf:b2:fb:78:60:d3:eb:cc:6b:c6:ae:
                    96:9b:a9:55:26:e5:01:3b:d6:0e:8f:b0:2f:3e:bf:
                    5e:b0:fe:ad:4d:c9:91:41:8e:d1:62:c5:1d:cf:dc:
                    d6:cf:0c:93:6a:05:2a:34:73:60:8e:47:bd:7b:08:
                    8b:6b:41:b2:1e:59:00:06:21:b3:58:69:e4:52:ad:
                    da:f2:25:06:dc:3b:e5:80:7e:1b:70:d0:61:77:06:
                    22:2c:9e:38:b3:36:51:7f:47:2c:1d:17:3c:9c:6e:
                    f5:bb:fd:20:98:17:ed:9e:0d:e1:40:2a:8e:93:c5:
                    0b:4b:2a:81:73:96:af:76:9b:a1:e4:cd:54:e7:29:
                    1e:1b:ed:48:ef:4e:73:fa:d9:53:dd:d8:45:5f:5b:
                    ba:91:09:b1:55:37:10:6e:25:43:50:92:31:85:37:
                    ad:af:9d:cd:34:65:be:7d:e7:8f:74:63:dc:f8:4c:
                    ff:f2:b9:c6:d4:52:e1:76:f8:4a:ab:9a:39:39:e5:
                    34:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F1:0D:3D:CE:AF:FA:89:12:B1:FC:3E:35:4D:1B:71:9A:28:C7:5C
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/qvENPc6v-okSsfw-NU0bcZoox1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.133.0/24
                IPv6:
                  2a06:e881:8700::-2a06:e881:8704:ffff:ffff:ffff:ffff:ffff
                  2a06:e881:8706::-2a06:e881:870f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         00:0a:59:e6:b8:79:3e:bd:e2:27:79:a5:21:d4:0b:ce:33:c0:
         73:4b:67:be:02:72:43:4f:c2:1a:9f:0d:68:23:ca:1e:38:e8:
         56:16:63:41:79:b6:03:c9:0d:a7:31:58:c4:40:04:8d:fb:fc:
         0b:df:f7:19:7d:f8:c0:36:07:59:50:e4:13:b4:6f:4e:85:b6:
         f2:9b:4a:d3:9b:5a:d1:0b:98:fb:48:9b:c7:0f:f4:9b:0c:4f:
         90:fe:98:0b:87:bc:4b:02:dd:db:bf:b4:79:68:03:bb:32:66:
         d4:c6:c0:b9:42:57:1f:64:26:89:d8:b9:b1:28:12:60:77:48:
         b1:5d:50:4f:3a:22:e4:bb:7c:e3:3d:6d:74:ca:41:9e:21:b8:
         68:72:f9:7d:06:ab:9c:bd:6c:b5:15:f9:35:9d:67:5f:c5:64:
         67:90:d1:50:93:64:54:21:d3:f9:d6:53:41:96:92:ae:6d:73:
         6d:8f:f0:96:34:af:30:8d:a6:44:9d:e4:c9:39:08:cc:4c:c6:
         3c:46:e3:a8:c2:a0:ac:40:1e:9c:66:62:3e:68:f0:10:a2:8d:
         b0:40:74:a8:31:9f:aa:29:6d:9d:78:62:36:38:80:08:f9:6d:
         4a:de:b4:bc:7f:6e:45:1b:07:90:23:7c:8d:d9:50:d6:22:9d:
         c6:47:4c:4d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIEEDDLPDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ODA3NGI0MTllYWQ0Y2VmZWEyZjJhZDJjMjU5ZDk3OGM1ZWQ3OTU0MB4XDTIyMDEx
OTEyNTI1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWFmMTBkM2RjZWFm
ZmE4OTEyYjFmYzNlMzU0ZDFiNzE5YTI4Yzc1YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMPwByHPlmcAK+fO5Iogbq9fhswRD0r1qVtIV/v/6Mwm1Bu6
VI1/ExL6PIrjtcTv03QRGm7hehxqQcp4KeMPAM+y+3hg0+vMa8aulpupVSblATvW
Do+wLz6/XrD+rU3JkUGO0WLFHc/c1s8Mk2oFKjRzYI5HvXsIi2tBsh5ZAAYhs1hp
5FKt2vIlBtw75YB+G3DQYXcGIiyeOLM2UX9HLB0XPJxu9bv9IJgX7Z4N4UAqjpPF
C0sqgXOWr3aboeTNVOcpHhvtSO9Oc/rZU93YRV9bupEJsVU3EG4lQ1CSMYU3ra+d
zTRlvn3nj3Rj3PhM//K5xtRS4Xb4SquaOTnlNN8CAwEAAaOCAjgwggI0MB0GA1Ud
DgQWBBSq8Q09zq/6iRKx/D41TRtxmijHXDAfBgNVHSMEGDAWgBS4B0tBnq1M7+ov
KtLCWdl4xe15VDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VBZExRWjZ0VE9fcUx5clN3bG5aZU1YdGVWUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWIvMWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8x
L3F2RU5QYzZ2LW9rU3Nmdy1OVTBiY1pvb3gxdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIv
MWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8xL3VBZExRWjZ0VE9f
cUx5clN3bG5aZU1YdGVWUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBO
BggrBgEFBQcBBwEB/wQ/MD0wDAQCAAEwBgMEALnFhTAtBAIAAjAnMBEDBgAqBuiB
hwMHACoG6IGHBDASAwcBKgbogYcGAwcEKgbogYcAMA0GCSqGSIb3DQEBCwUAA4IB
AQAAClnmuHk+veIneaUh1AvOM8BzS2e+AnJDT8Ianw1oI8oeOOhWFmNBebYDyQ2n
MVjEQASN+/wL3/cZffjANgdZUOQTtG9Ohbbym0rTm1rRC5j7SJvHD/SbDE+Q/pgL
h7xLAt3bv7R5aAO7MmbUxsC5QlcfZCaJ2LmxKBJgd0ixXVBPOiLku3zjPW10ykGe
Ibhocvl9BqucvWy1Ffk1nWdfxWRnkNFQk2RUIdP51lNBlpKubXNtj/CWNK8wjaZE
neTJOQjMTMY8RuOowqCsQB6cZmI+aPAQoo2wQHSoMZ+qKW2deGI2OIAI+W1K3rS8
f25FGweQI3yN2VDWIp3GR0xN
-----END CERTIFICATE-----