Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/sAbzM-soXVWlWlK4p7zEJg_ZW_I.roa
File:                     sAbzM-soXVWlWlK4p7zEJg_ZW_I.roa (raw, json)
Hash identifier:          0mZI/oyqhWSdMUiqqhBi2CYexBHacgRwnPcNiwjwcD0=
Subject key identifier:   B0:06:F3:33:EB:28:5D:55:A5:5A:52:B8:A7:BC:C4:26:0F:D9:5B:F2
Certificate issuer:       /CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
Certificate serial:       018234EBDA9F57D2298C147353ED2E172679
Authority key identifier: 13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/sAbzM-soXVWlWlK4p7zEJg_ZW_I.roa
Signing time:             Mon 25 Jul 2022 10:34:08 +0000
ROA not before:           Mon 25 Jul 2022 10:34:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50889
IP address blocks:        185.136.71.0/24 maxlen: 24
                          185.136.69.0/24 maxlen: 24
                          77.111.250.0/24 maxlen: 24
                          77.111.251.0/24 maxlen: 24
                          77.111.248.0/24 maxlen: 24
                          77.111.249.0/24 maxlen: 24
                          80.84.160.0/24 maxlen: 24
                          80.84.164.0/24 maxlen: 24
                          80.84.165.0/24 maxlen: 24
                          80.84.163.0/24 maxlen: 24
                          80.84.161.0/24 maxlen: 24
                          80.84.162.0/24 maxlen: 24
                          80.84.167.0/24 maxlen: 24
                          80.84.169.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:34:eb:da:9f:57:d2:29:8c:14:73:53:ed:2e:17:26:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
        Validity
            Not Before: Jul 25 10:34:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b006f333eb285d55a55a52b8a7bcc4260fd95bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:51:56:08:af:3a:cd:23:40:19:5f:1a:c7:1c:
                    20:67:1e:6b:5b:d9:9e:a2:f7:5f:60:ae:37:71:ea:
                    21:03:39:ac:6f:65:31:4d:1a:7c:be:4f:29:8c:82:
                    e1:61:a8:be:90:88:3f:f1:68:93:2f:c0:92:4c:2d:
                    e6:01:3f:78:30:fd:57:0a:15:db:82:c5:29:1b:c4:
                    9a:53:2a:54:f2:97:f9:b2:23:79:6c:f2:e9:4c:59:
                    76:7d:97:1c:48:53:72:48:5e:30:5c:09:00:cd:11:
                    9d:22:75:ca:b2:f6:d8:22:39:8d:07:3e:c6:ce:8b:
                    2e:af:a1:6b:15:30:42:61:bf:49:6b:fc:87:12:86:
                    29:cf:2f:7f:38:eb:ca:03:b6:54:21:a2:39:82:a1:
                    f4:7d:d7:2e:00:b3:0d:b1:d3:50:16:f0:ac:7e:d2:
                    30:1f:b8:43:f4:8b:0c:55:1e:c0:ca:24:85:f7:51:
                    c8:dd:26:c3:c4:f3:85:9e:c0:f3:ad:d2:6a:b6:f6:
                    ad:21:da:37:77:07:85:00:ca:d2:12:4c:e2:1e:a9:
                    5c:2f:ac:31:95:a7:15:16:14:08:e2:4f:03:5b:48:
                    97:43:fe:0a:c3:d5:32:46:07:23:bd:f7:0a:61:14:
                    76:f6:ce:9e:f9:de:2c:42:6f:a1:29:d3:e9:0d:f4:
                    00:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:06:F3:33:EB:28:5D:55:A5:5A:52:B8:A7:BC:C4:26:0F:D9:5B:F2
            X509v3 Authority Key Identifier:
                keyid:13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/sAbzM-soXVWlWlK4p7zEJg_ZW_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/E6D3FD_6IhE0QtyFie4TUuvj2qM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.248.0/22
                  80.84.160.0-80.84.165.255
                  80.84.167.0/24
                  80.84.169.0/24
                  185.136.69.0/24
                  185.136.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:cc:d7:b0:77:b5:2d:94:fc:ee:f1:8d:77:8b:6a:f8:c4:99:
         62:2e:3b:e4:52:55:d2:db:7a:ac:9b:77:e5:dd:6e:80:95:d2:
         e8:d6:44:83:6b:20:d6:55:38:41:17:0c:7e:9d:0e:c2:12:c5:
         c5:b8:85:09:e5:63:15:32:c9:b9:ce:9c:a7:04:16:89:c0:ba:
         3f:95:91:09:a4:c0:9c:4f:33:20:b6:05:ea:a8:26:9c:66:9d:
         e3:a6:2d:70:8e:f2:df:31:1d:bc:27:0b:76:f7:fe:b2:90:d2:
         e2:a3:32:43:28:d1:45:e0:9d:55:aa:ae:2b:39:2f:99:bc:71:
         56:dd:13:22:fd:12:2c:1e:89:40:41:72:67:6a:bd:56:c8:04:
         b1:d6:3a:3a:93:5f:5b:24:45:5a:01:8e:e4:82:b2:2f:7d:12:
         33:4e:06:60:ca:b8:11:c5:c7:76:8a:ad:ac:65:9b:09:17:03:
         15:1b:6c:08:b4:d6:2e:92:6e:4e:db:6a:5c:ff:2f:3b:0f:b3:
         68:19:32:c7:99:a7:43:b2:fb:6f:d1:8d:38:a5:c1:ff:19:8b:
         e4:df:b8:7d:75:a8:d7:9c:0b:53:37:c0:78:d5:41:f4:a0:fa:
         0e:bd:3c:f0:50:d5:70:1c:81:51:9a:53:0f:b5:45:d0:ef:dc:
         d7:6e:83:9c
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYI069qfV9IpjBRzU+0uFyZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYTBmNzE0M2ZmYTIyMTEzNDQyZGM4NTg5ZWUxMzUyZWJl
M2RhYTMwHhcNMjIwNzI1MTAzNDA4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDA2ZjMzM2ViMjg1ZDU1YTU1YTUyYjhhN2JjYzQyNjBmZDk1YmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlFWCK86zSNAGV8axxwgZx5rW9me
ovdfYK43ceohAzmsb2UxTRp8vk8pjILhYai+kIg/8WiTL8CSTC3mAT94MP1XChXb
gsUpG8SaUypU8pf5siN5bPLpTFl2fZccSFNySF4wXAkAzRGdInXKsvbYIjmNBz7G
zosur6FrFTBCYb9Ja/yHEoYpzy9/OOvKA7ZUIaI5gqH0fdcuALMNsdNQFvCsftIw
H7hD9IsMVR7AyiSF91HI3SbDxPOFnsDzrdJqtvatIdo3dweFAMrSEkziHqlcL6wx
lacVFhQI4k8DW0iXQ/4Kw9UyRgcjvfcKYRR29s6e+d4sQm+hKdPpDfQAaQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFLAG8zPrKF1VpVpSuKe8xCYP2VvyMB8GA1UdIwQY
MBaAFBOg9xQ/+iIRNELchYnuE1Lr49qjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgt
MTA0YTMzNDM3NjY1LzEvc0Fiek0tc29YVldsV2xLNHA3ekVKZ19aV19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgtMTA0YTMzNDM3NjY1
LzEvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCTW/4MAwD
BAVQVKADBAFQVKQDBABQVKcDBABQVKkDBAC5iEUDBAC5iEcwDQYJKoZIhvcNAQEL
BQADggEBAJbM17B3tS2U/O7xjXeLavjEmWIuO+RSVdLbeqybd+XdboCV0ujWRINr
INZVOEEXDH6dDsISxcW4hQnlYxUyybnOnKcEFonAuj+VkQmkwJxPMyC2BeqoJpxm
neOmLXCO8t8xHbwnC3b3/rKQ0uKjMkMo0UXgnVWqris5L5m8cVbdEyL9EiweiUBB
cmdqvVbIBLHWOjqTX1skRVoBjuSCsi99EjNOBmDKuBHFx3aKraxlmwkXAxUbbAi0
1i6Sbk7balz/LzsPs2gZMseZp0Oy+2/RjTilwf8Zi+TfuH11qNecC1M3wHjVQfSg
+g69PPBQ1XAcgVGaUw+1RdDv3Ndug5w=
-----END CERTIFICATE-----