Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/vHAufcIh5X-VFjZd9LrK2P5JgD0.roa
File:                     vHAufcIh5X-VFjZd9LrK2P5JgD0.roa (raw, json)
Hash identifier:          IrglBMm0EE1rRXQbmzpjVF+SjVvJuJdGIZcFIZRyvvk=
Subject key identifier:   BC:70:2E:7D:C2:21:E5:7F:95:16:36:5D:F4:BA:CA:D8:FE:49:80:3D
Certificate issuer:       /CN=6fee27d594ddb2f09c8cb59245801c9af5a34c22
Certificate serial:       1C8910D8
Authority key identifier: 6F:EE:27:D5:94:DD:B2:F0:9C:8C:B5:92:45:80:1C:9A:F5:A3:4C:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b-4n1ZTdsvCcjLWSRYAcmvWjTCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/vHAufcIh5X-VFjZd9LrK2P5JgD0.roa
Signing time:             Sat 01 Jan 2022 03:51:51 +0000
ROA not before:           Sat 01 Jan 2022 03:51:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     196745
IP address blocks:        37.143.138.0/24 maxlen: 24
                          37.143.139.0/24 maxlen: 24
                          37.143.136.0/24 maxlen: 24
                          37.143.136.0/21 maxlen: 24
                          37.143.140.0/24 maxlen: 24
                          37.143.141.0/24 maxlen: 24
                          37.143.143.0/24 maxlen: 24
                          37.143.142.0/24 maxlen: 24
                          2a00:b340:33::/48 maxlen: 48
                          2a00:b340:34::/48 maxlen: 48
                          2a00:b340:32::/48 maxlen: 48
                          2a00:b340:31::/48 maxlen: 48
                          2a00:b340:35::/48 maxlen: 48
                          2a00:b340:30::/48 maxlen: 48
                          2a00:b340:20::/48 maxlen: 48
                          2a00:b340:10::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 478744792 (0x1c8910d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fee27d594ddb2f09c8cb59245801c9af5a34c22
        Validity
            Not Before: Jan  1 03:51:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bc702e7dc221e57f9516365df4bacad8fe49803d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a7:0a:78:d0:6c:7c:1d:8a:da:fd:fc:85:5a:
                    61:cb:2f:53:ac:46:ad:89:07:1b:93:27:ff:81:b1:
                    82:bc:f3:af:96:1f:4b:37:4c:99:5f:c1:0e:90:b6:
                    b8:5c:14:83:cf:f7:47:8f:2f:2e:f4:d1:da:fb:76:
                    96:e4:5e:21:89:10:a5:59:75:6e:9f:4e:ad:cc:51:
                    90:88:2a:23:b2:7c:9f:3a:15:e3:04:f8:a4:a4:5a:
                    7b:a6:1b:0e:c8:17:b2:68:69:92:f7:46:b8:e3:71:
                    17:71:a6:0b:49:f5:18:48:94:d4:4d:8f:19:41:c3:
                    c6:6a:39:6b:d3:fc:bd:49:da:e9:62:75:79:9f:b1:
                    28:1d:be:73:d4:94:3f:de:20:c7:d6:f2:6c:c3:96:
                    12:07:ff:86:93:51:d3:6d:c0:44:c0:0b:8f:24:43:
                    a4:93:7b:9e:58:a6:7e:c1:98:b6:87:50:db:5c:01:
                    1f:9b:3a:a0:ce:1e:06:23:95:ed:cc:f3:c4:f4:83:
                    3d:51:68:39:c8:0a:10:0d:da:c9:2c:35:7e:df:0d:
                    04:57:06:0d:52:ef:62:11:00:df:ca:8b:26:55:53:
                    c4:38:d2:df:ac:36:96:88:22:a2:39:56:5d:3e:a5:
                    9b:db:55:bd:c5:c0:53:0d:5f:4a:2f:8f:e2:40:6e:
                    e2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:70:2E:7D:C2:21:E5:7F:95:16:36:5D:F4:BA:CA:D8:FE:49:80:3D
            X509v3 Authority Key Identifier:
                keyid:6F:EE:27:D5:94:DD:B2:F0:9C:8C:B5:92:45:80:1C:9A:F5:A3:4C:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b-4n1ZTdsvCcjLWSRYAcmvWjTCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/vHAufcIh5X-VFjZd9LrK2P5JgD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/b-4n1ZTdsvCcjLWSRYAcmvWjTCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.136.0/21
                IPv6:
                  2a00:b340:10::/48
                  2a00:b340:20::/48
                  2a00:b340:30::-2a00:b340:35:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2e:0d:7c:04:24:0b:3a:77:dc:b0:bb:6a:eb:c2:7c:f7:da:25:
         9f:8e:55:5a:1d:5b:f5:5a:a1:98:52:e6:6c:19:14:e2:7c:80:
         f6:9c:ce:21:27:84:4a:31:32:23:36:6b:67:d8:aa:02:a1:57:
         54:52:fa:d3:5d:40:98:c7:99:5d:37:94:ad:1c:76:9b:e8:14:
         5a:8f:2b:32:c6:55:66:06:ee:f8:05:28:78:b9:96:f6:c7:32:
         d8:77:c1:7d:4a:0b:a5:f1:35:ac:fc:15:27:d7:6b:ec:1b:e3:
         bd:10:14:99:08:f8:f3:c9:bc:92:23:f2:d9:e3:1a:02:fc:a2:
         4e:19:7f:a8:03:ab:58:ba:31:8e:ad:dc:c9:3b:d2:88:49:60:
         d1:da:8a:da:ae:61:84:2b:61:5a:7f:cb:fa:09:db:e0:f4:d9:
         f4:ed:75:40:d4:b0:68:8c:d5:52:82:e1:9c:9a:8b:41:23:91:
         48:4a:25:9a:f7:1a:f4:3a:79:e8:4c:cd:fd:3f:be:cd:18:92:
         a9:d3:ba:87:b8:37:18:1a:99:3e:d4:37:36:36:db:fa:d5:4e:
         69:a4:15:b6:ad:55:5c:26:2e:f8:6f:d5:24:9a:e3:a5:73:2c:
         47:85:29:50:23:cb:c9:8d:f4:92:4f:36:17:a1:76:c6:df:00:
         db:ed:84:7f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIEHIkQ2DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZmVlMjdkNTk0ZGRiMmYwOWM4Y2I1OTI0NTgwMWM5YWY1YTM0YzIyMB4XDTIyMDEw
MTAzNTE1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmM3MDJlN2RjMjIx
ZTU3Zjk1MTYzNjVkZjRiYWNhZDhmZTQ5ODAzZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKanCnjQbHwditr9/IVaYcsvU6xGrYkHG5Mn/4Gxgrzzr5Yf
SzdMmV/BDpC2uFwUg8/3R48vLvTR2vt2luReIYkQpVl1bp9OrcxRkIgqI7J8nzoV
4wT4pKRae6YbDsgXsmhpkvdGuONxF3GmC0n1GEiU1E2PGUHDxmo5a9P8vUna6WJ1
eZ+xKB2+c9SUP94gx9bybMOWEgf/hpNR023ARMALjyRDpJN7nlimfsGYtodQ21wB
H5s6oM4eBiOV7czzxPSDPVFoOcgKEA3aySw1ft8NBFcGDVLvYhEA38qLJlVTxDjS
36w2logiojlWXT6lm9tVvcXAUw1fSi+P4kBu4u8CAwEAAaOCAjcwggIzMB0GA1Ud
DgQWBBS8cC59wiHlf5UWNl30usrY/kmAPTAfBgNVHSMEGDAWgBRv7ifVlN2y8JyM
tZJFgBya9aNMIjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ItNG4xWlRkc3ZDY2pMV1NSWUFjbXZXalRDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmIvODk2YTQ4LWRjYTQtNGQyMy04ZjA3LTg3NTRhMWM5MDYwYi8x
L3ZIQXVmY0loNVgtVkZqWmQ5THJLMlA1SmdEMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIv
ODk2YTQ4LWRjYTQtNGQyMy04ZjA3LTg3NTRhMWM5MDYwYi8xL2ItNG4xWlRkc3ZD
Y2pMV1NSWUFjbXZXalRDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBN
BggrBgEFBQcBBwEB/wQ+MDwwDAQCAAEwBgMEAyWPiDAsBAIAAjAmAwcAKgCzQAAQ
AwcAKgCzQAAgMBIDBwQqALNAADADBwEqALNAADQwDQYJKoZIhvcNAQELBQADggEB
AC4NfAQkCzp33LC7auvCfPfaJZ+OVVodW/VaoZhS5mwZFOJ8gPacziEnhEoxMiM2
a2fYqgKhV1RS+tNdQJjHmV03lK0cdpvoFFqPKzLGVWYG7vgFKHi5lvbHMth3wX1K
C6XxNaz8FSfXa+wb470QFJkI+PPJvJIj8tnjGgL8ok4Zf6gDq1i6MY6t3Mk70ohJ
YNHaitquYYQrYVp/y/oJ2+D02fTtdUDUsGiM1VKC4Zyai0EjkUhKJZr3GvQ6eehM
zf0/vs0YkqnTuoe4NxgamT7UNzY22/rVTmmkFbatVVwmLvhv1SSa46VzLEeFKVAj
y8mN9JJPNhehdsbfANvthH8=
-----END CERTIFICATE-----