Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/o_08OG-pplGIerDLpgW5aUikqf8.roa
File:                     o_08OG-pplGIerDLpgW5aUikqf8.roa (raw, json)
Hash identifier:          j3Wr/PyseqwxbZwY+6JeQW/aYpDie9ibmMiPaGScmRE=
Subject key identifier:   A3:FD:3C:38:6F:A9:A6:51:88:7A:B0:CB:A6:05:B9:69:48:A4:A9:FF
Certificate issuer:       /CN=0191496469167c5b1d8920b98bd51af3fe35ade5
Certificate serial:       01823B5BD4B1573202EF70E9D25EF1534E63
Authority key identifier: 01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/o_08OG-pplGIerDLpgW5aUikqf8.roa
Signing time:             Tue 26 Jul 2022 16:34:10 +0000
ROA not before:           Tue 26 Jul 2022 16:34:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42353
IP address blocks:        185.63.140.0/24 maxlen: 24
                          185.63.141.0/24 maxlen: 24
                          185.63.142.0/24 maxlen: 24
                          185.63.143.0/24 maxlen: 24
                          178.22.136.0/24 maxlen: 24
                          178.22.137.0/24 maxlen: 24
                          178.22.139.0/24 maxlen: 24
                          178.22.136.0/23 maxlen: 23
                          178.22.136.0/21 maxlen: 21
                          178.22.143.0/24 maxlen: 24
                          178.22.140.0/23 maxlen: 23
                          178.22.140.0/24 maxlen: 24
                          178.22.142.0/23 maxlen: 23
                          178.22.141.0/24 maxlen: 24
                          194.0.210.0/24 maxlen: 24
                          2a02:28c8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3b:5b:d4:b1:57:32:02:ef:70:e9:d2:5e:f1:53:4e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0191496469167c5b1d8920b98bd51af3fe35ade5
        Validity
            Not Before: Jul 26 16:34:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a3fd3c386fa9a651887ab0cba605b96948a4a9ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5d:03:60:7d:53:63:2e:99:34:12:9a:06:39:
                    9b:a2:72:30:49:ae:d6:55:f5:cf:65:bf:c8:98:fc:
                    9b:e4:9c:98:3a:ce:8c:f2:76:ac:41:01:cb:15:47:
                    6c:90:4e:9c:15:d4:2a:59:8d:9a:ac:d6:d0:78:4f:
                    a1:90:bb:41:8b:df:de:64:d8:57:05:aa:6f:84:7e:
                    85:16:9a:43:7d:8d:a7:f9:df:f6:de:cc:cf:92:68:
                    c2:8b:ec:58:76:37:cc:61:c4:c0:c7:c5:0b:1b:df:
                    e5:1b:f5:f5:f5:93:28:a6:d3:ba:33:af:25:57:0b:
                    65:70:9d:c9:95:6f:7b:dc:8e:17:e4:3d:19:e8:ca:
                    45:21:7c:60:22:38:f4:a1:cb:24:f2:d4:95:b3:fc:
                    ba:4f:70:fc:b2:6f:b2:8c:c4:e0:e5:ab:d9:93:de:
                    0f:89:32:d9:3e:3b:ed:c0:62:ba:0e:56:bb:4c:da:
                    fc:74:41:69:af:a1:97:f6:93:08:34:ac:85:74:f2:
                    b9:ba:44:8f:b0:77:03:df:45:58:29:90:f7:1b:94:
                    76:8f:d4:fd:90:75:70:fb:35:f6:31:7b:60:a2:68:
                    1a:32:7a:40:ee:2f:27:a4:df:1b:68:6f:e2:37:f7:
                    7f:f9:9b:f9:0b:ca:17:8f:a7:a2:81:09:fa:fa:16:
                    dc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FD:3C:38:6F:A9:A6:51:88:7A:B0:CB:A6:05:B9:69:48:A4:A9:FF
            X509v3 Authority Key Identifier:
                keyid:01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/o_08OG-pplGIerDLpgW5aUikqf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/AZFJZGkWfFsdiSC5i9Ua8_41reU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.136.0/21
                  185.63.140.0/22
                  194.0.210.0/24
                IPv6:
                  2a02:28c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:39:21:1e:d5:c0:ed:3a:91:22:f2:ea:59:9e:53:5f:24:f9:
         24:67:f5:fd:67:98:d0:d9:4f:3b:c4:89:91:3e:e4:72:44:ee:
         db:d0:d1:88:d1:cc:3f:91:5f:e7:eb:d8:46:43:5a:98:4b:28:
         55:74:4a:89:dc:76:d8:8d:68:19:33:8e:e7:c8:54:34:89:f9:
         6e:d5:42:4a:76:d8:e7:22:ec:a5:4e:a0:d3:6e:b0:50:48:12:
         e0:c4:b4:67:e3:bb:50:f7:76:81:65:2a:fe:51:29:29:2d:7c:
         d2:40:ca:1a:ee:89:5e:dc:e5:5d:8a:4f:da:c3:3c:dc:3a:4f:
         73:52:da:2d:cf:a6:41:75:a1:76:b2:3b:02:05:83:22:f6:c3:
         b7:52:44:fb:e4:54:4f:6a:d4:fd:e4:09:e9:f5:9d:f5:58:62:
         f0:f0:ac:3a:52:43:d0:b7:20:84:b3:2a:ec:64:4f:9c:b0:f4:
         77:0d:96:f1:3c:a6:2b:ad:d1:9f:fe:e7:5b:3b:0d:3d:8a:1e:
         c5:dd:e0:00:64:2c:fb:25:10:8c:bc:28:04:11:49:46:42:af:
         d8:44:99:4d:d9:3d:6b:78:cf:54:9e:18:52:3d:42:d2:da:bb:
         21:15:7e:7a:99:54:6d:3a:78:c0:74:1b:52:91:7c:93:6e:6c:
         8b:59:cf:c9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYI7W9SxVzIC73Dp0l7xU05jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTE0OTY0NjkxNjdjNWIxZDg5MjBiOThiZDUxYWYzZmUz
NWFkZTUwHhcNMjIwNzI2MTYzNDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ZkM2MzODZmYTlhNjUxODg3YWIwY2JhNjA1Yjk2OTQ4YTRhOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkl0DYH1TYy6ZNBKaBjmbonIwSa7W
VfXPZb/ImPyb5JyYOs6M8nasQQHLFUdskE6cFdQqWY2arNbQeE+hkLtBi9/eZNhX
BapvhH6FFppDfY2n+d/23szPkmjCi+xYdjfMYcTAx8ULG9/lG/X19ZMoptO6M68l
VwtlcJ3JlW973I4X5D0Z6MpFIXxgIjj0ocsk8tSVs/y6T3D8sm+yjMTg5avZk94P
iTLZPjvtwGK6Dla7TNr8dEFpr6GX9pMINKyFdPK5ukSPsHcD30VYKZD3G5R2j9T9
kHVw+zX2MXtgomgaMnpA7i8npN8baG/iN/d/+Zv5C8oXj6eigQn6+hbcUQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKP9PDhvqaZRiHqwy6YFuWlIpKn/MB8GA1UdIwQY
MBaAFAGRSWRpFnxbHYkguYvVGvP+Na3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTkt
YmYyZjk3ZjFlMzRmLzEvb18wOE9HLXBwbEdJZXJETHBnVzVhVWlrcWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTktYmYyZjk3ZjFlMzRm
LzEvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDshaIAwQC
uT+MAwQAwgDSMA0EAgACMAcDBQAqAijIMA0GCSqGSIb3DQEBCwUAA4IBAQDGOSEe
1cDtOpEi8upZnlNfJPkkZ/X9Z5jQ2U87xImRPuRyRO7b0NGI0cw/kV/n69hGQ1qY
SyhVdEqJ3HbYjWgZM47nyFQ0iflu1UJKdtjnIuylTqDTbrBQSBLgxLRn47tQ93aB
ZSr+USkpLXzSQMoa7ole3OVdik/awzzcOk9zUtotz6ZBdaF2sjsCBYMi9sO3UkT7
5FRPatT95Anp9Z31WGLw8Kw6UkPQtyCEsyrsZE+csPR3DZbxPKYrrdGf/udbOw09
ih7F3eAAZCz7JRCMvCgEEUlGQq/YRJlN2T1reM9UnhhSPULS2rshFX56mVRtOnjA
dBtSkXyTbmyLWc/J
-----END CERTIFICATE-----