Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/kMD1NVw5x-gl7CBkJLmMQ5Q0_Tc.roa
File:                     kMD1NVw5x-gl7CBkJLmMQ5Q0_Tc.roa (raw, json)
Hash identifier:          50+BDU+bMQoY8x/mULO0pLyU04ZggnHUItJ/hH0zGNk=
Subject key identifier:   90:C0:F5:35:5C:39:C7:E8:25:EC:20:64:24:B9:8C:43:94:34:FD:37
Certificate issuer:       /CN=27d7304c1b59dc22731bb53eff5a84ed9a30614c
Certificate serial:       0184612E7628B58AD2C7FA7F73BEA0928BEC
Authority key identifier: 27:D7:30:4C:1B:59:DC:22:73:1B:B5:3E:FF:5A:84:ED:9A:30:61:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/kMD1NVw5x-gl7CBkJLmMQ5Q0_Tc.roa
Signing time:             Thu 10 Nov 2022 10:55:45 +0000
ROA not before:           Thu 10 Nov 2022 10:55:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60781
IP address blocks:        83.149.64.0/18 maxlen: 18
                          95.168.160.0/20 maxlen: 20
                          82.192.64.0/19 maxlen: 19
                          37.48.64.0/18 maxlen: 18
                          81.17.47.0/24 maxlen: 24
                          62.212.64.0/19 maxlen: 19
                          5.79.64.0/18 maxlen: 18
                          212.7.192.0/20 maxlen: 20
                          85.17.0.0/16 maxlen: 16
                          95.211.0.0/16 maxlen: 16
                          2001:1af8::/32 maxlen: 32
                          2001:1af8:8000::/36 maxlen: 36
                          2001:1af8:8000::/40 maxlen: 40
                          2001:1af8:8110::/44 maxlen: 44
                          2001:1af8:8100::/44 maxlen: 44

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:61:2e:76:28:b5:8a:d2:c7:fa:7f:73:be:a0:92:8b:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27d7304c1b59dc22731bb53eff5a84ed9a30614c
        Validity
            Not Before: Nov 10 10:55:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90c0f5355c39c7e825ec206424b98c439434fd37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2d:83:52:14:e7:3d:2b:28:56:d3:8b:1b:d9:
                    07:db:5b:48:f5:d9:cc:33:1d:d1:cf:f1:8c:5f:8c:
                    fe:d4:8d:7b:99:b8:b0:d5:0b:a6:14:10:4d:e9:8d:
                    e4:cd:29:77:b5:5c:d5:85:e9:7d:9f:ca:6c:c2:3a:
                    a0:87:00:8f:54:c0:30:46:ba:32:b4:24:1f:57:4f:
                    bb:80:3f:da:bf:5d:30:65:7c:16:66:cb:90:ef:5a:
                    7d:a7:f1:3c:35:f5:9d:cf:72:87:e0:65:20:b1:24:
                    0e:72:18:84:dc:6a:ea:cc:8c:d8:2a:8c:3f:79:50:
                    ce:37:fc:90:dc:8e:a5:15:a2:fb:bc:97:0b:2d:33:
                    a7:89:11:d9:73:e1:8e:8a:5b:48:f9:17:18:da:f6:
                    f3:d7:8e:3b:5d:3f:83:9e:9a:21:58:e0:36:16:36:
                    bf:cb:41:71:c7:10:a0:14:45:2e:33:bd:35:ff:0e:
                    68:98:9c:18:d6:c5:18:2c:b6:2d:b8:66:3b:3a:b7:
                    0c:cb:a5:13:09:1a:9a:77:58:12:68:63:70:1b:da:
                    d3:33:23:be:12:54:23:77:25:2f:72:cf:ae:07:5b:
                    d6:3a:4c:f2:4a:dc:a2:ac:3f:d2:30:97:e3:26:7f:
                    7f:5c:36:6e:89:d7:b5:b7:97:93:71:0b:d7:f5:80:
                    6d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:C0:F5:35:5C:39:C7:E8:25:EC:20:64:24:B9:8C:43:94:34:FD:37
            X509v3 Authority Key Identifier:
                keyid:27:D7:30:4C:1B:59:DC:22:73:1B:B5:3E:FF:5A:84:ED:9A:30:61:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/kMD1NVw5x-gl7CBkJLmMQ5Q0_Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.79.64.0/18
                  37.48.64.0/18
                  62.212.64.0/19
                  81.17.47.0/24
                  82.192.64.0/19
                  83.149.64.0/18
                  85.17.0.0/16
                  95.168.160.0/20
                  95.211.0.0/16
                  212.7.192.0/20
                IPv6:
                  2001:1af8::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:ee:e7:5b:1d:fd:a2:77:84:d3:b4:b7:16:34:87:9c:13:21:
         19:89:3d:ba:61:0a:10:fc:95:cd:34:62:20:c4:5a:2b:52:ad:
         a4:6f:c0:c2:79:9d:d4:a4:7b:23:da:23:4a:cf:cf:00:02:e2:
         91:91:27:9a:a6:df:31:4a:83:e4:a2:f4:44:b0:6f:f9:15:d9:
         02:15:f3:16:9d:c0:0b:62:fe:14:b4:13:6b:7f:83:02:1f:e7:
         e0:f2:df:aa:d7:e4:2b:85:1d:a5:67:18:ab:60:00:d4:e1:6e:
         f7:76:d1:7a:72:9f:32:4f:1f:79:0c:68:3c:4b:51:b3:16:d8:
         aa:a5:a4:41:4c:e3:22:3e:30:38:df:d9:75:8d:31:6f:19:5d:
         7d:5a:f8:5e:c7:e2:21:e9:bc:e9:84:a5:25:93:93:91:eb:63:
         14:ee:35:32:68:7b:ea:ef:94:67:37:52:43:cb:ae:9f:0d:30:
         f9:2f:08:de:34:fa:f1:d7:89:6e:dc:53:37:ed:bd:7b:d4:6e:
         18:69:b4:62:94:c7:7b:2e:09:83:b6:f8:b9:a5:44:00:b3:97:
         c9:68:a9:2c:44:7c:6e:bc:b7:45:f5:8d:c6:47:c9:eb:e1:eb:
         c5:33:cc:1b:8f:bf:b5:90:99:2c:25:3d:62:e8:ea:7f:ca:ed:
         65:c9:2c:3d
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYRhLnYotYrSx/p/c76gkovsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZDczMDRjMWI1OWRjMjI3MzFiYjUzZWZmNWE4NGVkOWEz
MDYxNGMwHhcNMjIxMTEwMTA1NTQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGMwZjUzNTVjMzljN2U4MjVlYzIwNjQyNGI5OGM0Mzk0MzRmZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri2DUhTnPSsoVtOLG9kH21tI9dnM
Mx3Rz/GMX4z+1I17mbiw1QumFBBN6Y3kzSl3tVzVhel9n8pswjqghwCPVMAwRroy
tCQfV0+7gD/av10wZXwWZsuQ71p9p/E8NfWdz3KH4GUgsSQOchiE3GrqzIzYKow/
eVDON/yQ3I6lFaL7vJcLLTOniRHZc+GOiltI+RcY2vbz1447XT+DnpohWOA2Fja/
y0FxxxCgFEUuM701/w5omJwY1sUYLLYtuGY7OrcMy6UTCRqad1gSaGNwG9rTMyO+
ElQjdyUvcs+uB1vWOkzyStyirD/SMJfjJn9/XDZuide1t5eTcQvX9YBtjQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFJDA9TVcOcfoJewgZCS5jEOUNP03MB8GA1UdIwQY
MBaAFCfXMEwbWdwicxu1Pv9ahO2aMGFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjljd1RCdFozQ0p6RzdVLV8xcUU3Wm93WVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9jMTNlMTItZTUwZC00MzM4LThhMmYt
ZmZmYjVhNGU3NjJhLzEva01EMU5WdzV4LWdsN0NCa0pMbU1RNVEwX1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9jMTNlMTItZTUwZC00MzM4LThhMmYtZmZmYjVhNGU3NjJh
LzEvSjljd1RCdFozQ0p6RzdVLV8xcUU3Wm93WVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6AwQGBU9AAwQG
JTBAAwQFPtRAAwQAUREvAwQFUsBAAwQGU5VAAwMAVREDBARfqKADAwBf0wMEBNQH
wDANBAIAAjAHAwUAIAEa+DANBgkqhkiG9w0BAQsFAAOCAQEAA+7nWx39oneE07S3
FjSHnBMhGYk9umEKEPyVzTRiIMRaK1KtpG/Awnmd1KR7I9ojSs/PAALikZEnmqbf
MUqD5KL0RLBv+RXZAhXzFp3AC2L+FLQTa3+DAh/n4PLfqtfkK4UdpWcYq2AA1OFu
93bRenKfMk8feQxoPEtRsxbYqqWkQUzjIj4wON/ZdY0xbxldfVr4XsfiIem86YSl
JZOTketjFO41Mmh76u+UZzdSQ8uunw0w+S8I3jT68deJbtxTN+29e9RuGGm0YpTH
ey4Jg7b4uaVEALOXyWipLER8bry3RfWNxkfJ6+HrxTPMG4+/tZCZLCU9Yujqf8rt
ZcksPQ==
-----END CERTIFICATE-----