Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/umqlQfFNZb09tNxstX9982aAuNo.roa
File:                     umqlQfFNZb09tNxstX9982aAuNo.roa (raw, json)
Hash identifier:          R9uSieB9rSeQjkZil5z0Tx1dnoEZ5V3GZDdV8veR/og=
Subject key identifier:   BA:6A:A5:41:F1:4D:65:BD:3D:B4:DC:6C:B5:7F:7D:F3:66:80:B8:DA
Certificate issuer:       /CN=1f0614e195c1656a28e8b19b22784e8b55bb4533
Certificate serial:       054C6CDC
Authority key identifier: 1F:06:14:E1:95:C1:65:6A:28:E8:B1:9B:22:78:4E:8B:55:BB:45:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HwYU4ZXBZWoo6LGbInhOi1W7RTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/umqlQfFNZb09tNxstX9982aAuNo.roa
Signing time:             Sat 01 Jan 2022 13:58:58 +0000
ROA not before:           Sat 01 Jan 2022 13:58:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51373
IP address blocks:        185.44.217.0/24 maxlen: 24
                          185.44.216.0/24 maxlen: 24
                          185.44.216.0/22 maxlen: 22
                          185.44.219.0/24 maxlen: 24
                          185.44.218.0/24 maxlen: 24
                          185.80.59.0/24 maxlen: 24
                          193.33.8.0/23 maxlen: 23
                          94.24.79.0/24 maxlen: 24
                          91.218.159.0/24 maxlen: 24
                          91.218.158.0/24 maxlen: 24
                          91.218.157.0/24 maxlen: 24
                          91.218.156.0/24 maxlen: 24
                          91.218.156.0/22 maxlen: 22
                          94.24.28.0/24 maxlen: 24
                          2a04:9a40::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 88894684 (0x54c6cdc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f0614e195c1656a28e8b19b22784e8b55bb4533
        Validity
            Not Before: Jan  1 13:58:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ba6aa541f14d65bd3db4dc6cb57f7df36680b8da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:92:7d:31:14:14:0c:01:e6:92:16:82:83:38:
                    f5:94:a0:fc:cb:de:01:7e:47:34:89:1d:4c:eb:0c:
                    f1:f4:ca:4c:5d:74:25:d2:ff:b3:18:08:3e:a7:e5:
                    1f:e1:6b:a1:54:ad:c8:e6:e7:c2:48:07:6f:e1:b7:
                    cc:6d:12:f5:e1:38:c4:1d:41:d1:56:62:f3:c9:7b:
                    75:68:01:34:1b:ad:97:ff:8b:68:ed:0c:1d:e5:94:
                    88:d1:08:6f:20:0b:70:f2:04:0d:b4:fc:84:bd:31:
                    66:5d:e0:52:2b:c2:dc:15:97:46:0f:cc:c5:67:ca:
                    76:04:c0:1a:08:c1:05:a6:84:0f:2d:db:8c:c9:56:
                    08:cc:96:f4:50:23:23:6d:18:43:7d:7a:37:51:f2:
                    5a:5e:52:ce:0a:56:6a:1d:91:69:af:9c:1d:36:eb:
                    57:bf:3b:67:9b:32:58:16:a2:8a:3c:7e:1d:16:c1:
                    66:c4:50:04:13:22:0a:c8:78:f0:d3:99:1c:89:f4:
                    06:b3:00:ce:8d:95:c5:41:d5:91:61:ee:be:32:a7:
                    d3:c8:dd:cc:a4:45:b3:72:cd:7f:f4:de:58:fa:74:
                    0a:76:24:71:82:9a:b4:fa:f0:6a:04:e6:63:c3:7f:
                    61:25:09:6d:a1:c1:ce:c8:f3:d2:75:b5:d4:02:a5:
                    93:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6A:A5:41:F1:4D:65:BD:3D:B4:DC:6C:B5:7F:7D:F3:66:80:B8:DA
            X509v3 Authority Key Identifier:
                keyid:1F:06:14:E1:95:C1:65:6A:28:E8:B1:9B:22:78:4E:8B:55:BB:45:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HwYU4ZXBZWoo6LGbInhOi1W7RTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/umqlQfFNZb09tNxstX9982aAuNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/HwYU4ZXBZWoo6LGbInhOi1W7RTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.156.0/22
                  94.24.28.0/24
                  94.24.79.0/24
                  185.44.216.0/22
                  185.80.59.0/24
                  193.33.8.0/23
                IPv6:
                  2a04:9a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:bb:ac:3b:ba:3f:90:d0:d3:da:35:81:72:b2:46:09:d9:a5:
         1b:f0:b6:e2:4e:c2:65:4f:b3:49:cd:dd:2f:59:cf:79:9f:2e:
         37:bb:95:10:dd:46:41:91:ea:26:4d:9c:7c:17:d6:80:79:59:
         c5:eb:8b:d4:4e:ba:14:9f:2d:76:86:f0:fc:b4:68:57:d5:42:
         50:4b:c3:29:27:82:ea:87:f7:d0:95:31:ea:99:f6:aa:9f:5f:
         0a:75:53:9e:46:a1:cf:02:cc:1a:62:8d:94:68:f1:1c:53:1e:
         2c:8c:e3:80:4c:38:f1:b3:f7:86:ee:a8:e9:7a:68:f0:09:54:
         4b:af:ef:4d:52:27:fe:c2:9d:6a:06:c4:69:27:a7:c2:65:26:
         84:e2:a2:bf:5a:d8:3e:05:11:d5:17:ec:ec:e9:b3:8a:99:dd:
         20:20:b2:61:b8:c3:23:52:fe:a3:c3:47:2a:55:60:9e:7b:e8:
         75:2b:91:80:a6:c8:7d:36:3a:04:7d:d4:02:8b:b2:05:73:18:
         45:a0:43:d0:69:03:25:c1:a2:77:4b:9e:ea:74:f7:d8:81:07:
         ef:a7:94:a4:7f:33:11:38:85:b2:5a:19:66:99:88:2f:29:7d:
         59:dc:58:4e:29:09:85:e7:39:74:d9:fc:aa:b7:16:34:52:57:
         eb:aa:dc:25
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEBUxs3DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjA2MTRlMTk1YzE2NTZhMjhlOGIxOWIyMjc4NGU4YjU1YmI0NTMzMB4XDTIyMDEw
MTEzNTg1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmE2YWE1NDFmMTRk
NjViZDNkYjRkYzZjYjU3ZjdkZjM2NjgwYjhkYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALiSfTEUFAwB5pIWgoM49ZSg/MveAX5HNIkdTOsM8fTKTF10
JdL/sxgIPqflH+FroVStyObnwkgHb+G3zG0S9eE4xB1B0VZi88l7dWgBNButl/+L
aO0MHeWUiNEIbyALcPIEDbT8hL0xZl3gUivC3BWXRg/MxWfKdgTAGgjBBaaEDy3b
jMlWCMyW9FAjI20YQ316N1HyWl5SzgpWah2Raa+cHTbrV787Z5syWBaiijx+HRbB
ZsRQBBMiCsh48NOZHIn0BrMAzo2VxUHVkWHuvjKn08jdzKRFs3LNf/TeWPp0CnYk
cYKatPrwagTmY8N/YSUJbaHBzsjz0nW11AKlkz8CAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBS6aqVB8U1lvT203Gy1f33zZoC42jAfBgNVHSMEGDAWgBQfBhThlcFlaijo
sZsieE6LVbtFMzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0h3WVU0WlhCWldvbzZMR2JJbmhPaTFXN1JUTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWUvMTBlYmNjLWM4MzItNGQzMy04OGI1LWJlZjg3MmRhZWNlNy8x
L3VtcWxRZkZOWmIwOXROeHN0WDk5ODJhQXVOby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUv
MTBlYmNjLWM4MzItNGQzMy04OGI1LWJlZjg3MmRhZWNlNy8xL0h3WVU0WlhCWldv
bzZMR2JJbmhPaTFXN1JUTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEAlvanAMEAF4YHAMEAF4YTwMEArks
2AMEALlQOwMEAcEhCDANBAIAAjAHAwUDKgSaQDANBgkqhkiG9w0BAQsFAAOCAQEA
srusO7o/kNDT2jWBcrJGCdmlG/C24k7CZU+zSc3dL1nPeZ8uN7uVEN1GQZHqJk2c
fBfWgHlZxeuL1E66FJ8tdobw/LRoV9VCUEvDKSeC6of30JUx6pn2qp9fCnVTnkah
zwLMGmKNlGjxHFMeLIzjgEw48bP3hu6o6Xpo8AlUS6/vTVIn/sKdagbEaSenwmUm
hOKiv1rYPgUR1Rfs7OmzipndICCyYbjDI1L+o8NHKlVgnnvodSuRgKbIfTY6BH3U
AouyBXMYRaBD0GkDJcGid0ue6nT32IEH76eUpH8zETiFsloZZpmILyl9WdxYTikJ
hec5dNn8qrcWNFJX66rcJQ==
-----END CERTIFICATE-----