Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/THw4AJMpt-aNZ8mSbxMDl6t4o9o.roa
File:                     THw4AJMpt-aNZ8mSbxMDl6t4o9o.roa (raw, json)
Hash identifier:          gxO+XWKr2FHSXBETba8kiZ4c53/BG3Rjs+YlRMEHDJo=
Subject key identifier:   4C:7C:38:00:93:29:B7:E6:8D:67:C9:92:6F:13:03:97:AB:78:A3:DA
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       0186C01757735D9A182FFE2AB81417AC40B5
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/THw4AJMpt-aNZ8mSbxMDl6t4o9o.roa
Signing time:             Wed 08 Mar 2023 07:20:00 +0000
ROA not before:           Wed 08 Mar 2023 07:20:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5384
IP address blocks:        109.177.16.0/20 maxlen: 20
                          109.177.240.0/21 maxlen: 21
                          109.177.32.0/20 maxlen: 20
                          109.177.248.0/21 maxlen: 21
                          109.177.48.0/20 maxlen: 20
                          109.177.64.0/20 maxlen: 20
                          109.177.176.0/20 maxlen: 20
                          109.177.192.0/20 maxlen: 20
                          109.177.192.0/18 maxlen: 18
                          109.177.208.0/20 maxlen: 20
                          109.177.0.0/20 maxlen: 20
                          109.177.0.0/18 maxlen: 18
                          109.177.0.0/17 maxlen: 17
                          109.177.224.0/20 maxlen: 20
                          109.177.0.0/16 maxlen: 16
                          109.177.128.0/17 maxlen: 17
                          109.177.128.0/20 maxlen: 20
                          109.177.128.0/18 maxlen: 18
                          109.177.144.0/20 maxlen: 20
                          109.177.160.0/20 maxlen: 20
                          109.177.64.0/18 maxlen: 18
                          109.177.80.0/20 maxlen: 20
                          109.177.96.0/20 maxlen: 20
                          109.177.112.0/20 maxlen: 20
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c0:17:57:73:5d:9a:18:2f:fe:2a:b8:14:17:ac:40:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Mar  8 07:20:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c7c38009329b7e68d67c9926f130397ab78a3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:39:df:5b:04:b1:63:49:12:d3:68:96:45:be:
                    dd:55:9e:af:4d:bd:d7:08:81:00:c3:61:c3:7d:b8:
                    ae:69:83:23:d4:1e:20:59:0e:a4:0d:63:98:66:8c:
                    d6:df:52:49:c3:e5:a8:28:16:ee:94:ce:c1:07:e2:
                    94:16:09:4d:f0:3b:bd:f8:a1:70:2e:b0:27:d9:b5:
                    77:e1:02:a9:cb:57:25:8b:67:04:3e:2f:fd:9f:2b:
                    d8:5c:9c:0b:68:e5:54:6a:0f:c9:ff:2a:c3:af:ad:
                    ef:4f:8d:b7:dd:5c:cb:6c:48:ca:26:31:02:53:09:
                    8d:e5:27:bf:0e:66:c3:be:c7:c9:61:29:54:43:4a:
                    1f:52:58:98:e9:4b:de:db:71:20:dc:26:fc:16:92:
                    f4:e3:51:ff:03:84:17:77:b4:d9:34:19:2d:76:92:
                    95:56:00:b3:01:ca:b8:29:d4:2d:ef:4b:7d:4c:f6:
                    2b:9b:37:52:df:f0:e6:a1:b2:ca:6d:12:4d:76:57:
                    9a:46:d4:d2:0c:96:2e:fb:d3:f6:bd:89:f5:f8:62:
                    c2:6c:5a:cb:65:41:92:50:80:0e:ee:97:8e:be:31:
                    d9:4a:04:9e:c1:bc:aa:78:9a:50:27:9b:36:fb:e9:
                    78:83:7a:0c:b6:e4:93:f9:24:2a:cf:37:24:1b:b7:
                    8c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:7C:38:00:93:29:B7:E6:8D:67:C9:92:6F:13:03:97:AB:78:A3:DA
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/THw4AJMpt-aNZ8mSbxMDl6t4o9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.177.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         82:a6:62:ba:72:79:ad:10:53:c0:bf:d7:bd:03:c7:70:1a:70:
         ee:e4:53:69:da:a0:c1:ad:2e:ed:f3:dc:0a:70:4a:f1:f9:68:
         2b:c7:57:3b:b0:f2:70:89:d5:34:be:e6:ae:b7:f3:92:3f:09:
         cc:54:00:b1:27:4f:86:93:2d:a6:d4:b7:0d:e0:fb:f9:ad:75:
         66:b6:ab:49:c1:7c:e5:a7:a4:7f:07:74:88:9e:3a:a4:dd:01:
         9e:41:1f:6e:f3:98:a6:cd:c2:9f:87:a3:f5:4a:1a:1a:c7:0f:
         7e:26:67:99:26:09:d7:5d:1b:96:a3:32:1b:3e:df:a1:9a:0c:
         08:e6:a2:99:2a:48:32:98:47:cd:79:08:61:95:34:94:1e:2a:
         08:0c:f3:64:3a:a7:de:37:4a:13:f9:9d:3e:42:c6:d8:2d:dc:
         ef:ba:28:76:81:bd:9a:c8:c6:8d:b3:61:b5:65:9a:7b:09:3c:
         35:eb:07:21:c7:7e:67:6d:23:dd:15:2e:f7:e6:6d:53:ac:a0:
         c3:70:da:93:9a:b5:b7:56:16:bb:22:f0:de:ff:55:5d:41:77:
         b7:44:3b:9d:2b:03:f9:06:23:a3:67:81:76:55:f7:d7:33:d5:
         9e:fc:0d:79:72:c9:11:95:d2:3c:06:e4:e8:6c:4f:83:b9:c3:
         2b:5c:a1:11
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYbAF1dzXZoYL/4quBQXrEC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjMwMzA4MDcyMDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzdjMzgwMDkzMjliN2U2OGQ2N2M5OTI2ZjEzMDM5N2FiNzhhM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTnfWwSxY0kS02iWRb7dVZ6vTb3X
CIEAw2HDfbiuaYMj1B4gWQ6kDWOYZozW31JJw+WoKBbulM7BB+KUFglN8Du9+KFw
LrAn2bV34QKpy1cli2cEPi/9nyvYXJwLaOVUag/J/yrDr63vT4233VzLbEjKJjEC
UwmN5Se/DmbDvsfJYSlUQ0ofUliY6Uve23Eg3Cb8FpL041H/A4QXd7TZNBktdpKV
VgCzAcq4KdQt70t9TPYrmzdS3/DmobLKbRJNdleaRtTSDJYu+9P2vYn1+GLCbFrL
ZUGSUIAO7peOvjHZSgSewbyqeJpQJ5s2++l4g3oMtuST+SQqzzckG7eMGwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEx8OACTKbfmjWfJkm8TA5ereKPaMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvVEh3NEFKTXB0LWFOWjhtU2J4TURsNnQ0bzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAbbEwDQYJ
KoZIhvcNAQELBQADggEBAIKmYrpyea0QU8C/170Dx3AacO7kU2naoMGtLu3z3Apw
SvH5aCvHVzuw8nCJ1TS+5q6385I/CcxUALEnT4aTLabUtw3g+/mtdWa2q0nBfOWn
pH8HdIieOqTdAZ5BH27zmKbNwp+Ho/VKGhrHD34mZ5kmCdddG5ajMhs+36GaDAjm
opkqSDKYR815CGGVNJQeKggM82Q6p943ShP5nT5Cxtgt3O+6KHaBvZrIxo2zYbVl
mnsJPDXrByHHfmdtI90VLvfmbVOsoMNw2pOatbdWFrsi8N7/VV1Bd7dEO50rA/kG
I6NngXZV99cz1Z78DXlyyRGV0jwG5OhsT4O5wytcoRE=
-----END CERTIFICATE-----