Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BXExY8MSqnlhMTS75mg23gHoPus.roa
File:                     BXExY8MSqnlhMTS75mg23gHoPus.roa (raw, json)
Hash identifier:          P82JCMzhVQj0Gf1VLgca+MifBpo66feeHJGxLkHfxt4=
Subject key identifier:   05:71:31:63:C3:12:AA:79:61:31:34:BB:E6:68:36:DE:01:E8:3E:EB
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01846BB6F5399ECBA5B1714F9FA0F5224F7A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BXExY8MSqnlhMTS75mg23gHoPus.roa
Signing time:             Sat 12 Nov 2022 12:01:03 +0000
ROA not before:           Sat 12 Nov 2022 12:01:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399975
IP address blocks:        2a0f:140::/29 maxlen: 29
                          2a0f:e540::/29 maxlen: 29
                          2a0f:1440::/29 maxlen: 29
                          2a0f:cc00::/29 maxlen: 29
                          2a13:1380::/29 maxlen: 29
                          2a0f:fc00::/29 maxlen: 29
                          2a0f:2f80::/29 maxlen: 29
                          2a0f:e4c0::/29 maxlen: 29
                          2a0f:2d80::/29 maxlen: 29
                          2a13:1480::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:6b:b6:f5:39:9e:cb:a5:b1:71:4f:9f:a0:f5:22:4f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov 12 12:01:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=05713163c312aa79613134bbe66836de01e83eeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:75:83:25:f9:b7:6f:cf:ee:2b:8a:ed:cc:b9:
                    92:ee:a9:aa:41:de:7c:55:17:b9:92:68:0c:f9:ad:
                    5a:6b:05:dc:cb:12:56:64:f7:7f:6c:d8:0d:fd:a7:
                    37:24:f2:50:e1:3c:a1:22:2c:85:f5:c6:6a:65:62:
                    dc:75:90:0d:44:19:3d:13:aa:75:29:65:34:1d:c7:
                    d3:ad:03:11:cf:49:39:25:00:1c:a2:64:e1:d0:33:
                    65:b7:7f:96:5e:68:71:d1:0f:c0:a4:0f:73:6e:85:
                    ef:54:6e:eb:1e:32:15:32:2f:2b:f5:25:45:4c:3f:
                    6f:01:1f:19:47:05:30:67:dc:03:c1:70:e1:05:5a:
                    48:c8:f4:2b:06:89:04:72:96:40:3e:d7:d0:0d:17:
                    1f:27:bb:2b:30:ba:14:bd:8d:41:87:8f:61:1e:ce:
                    f8:65:d8:3c:0a:5b:43:d5:d9:c4:67:20:54:73:3b:
                    70:b9:48:c8:4f:dd:a6:cb:b4:13:58:65:0e:86:a1:
                    d8:5f:05:83:4f:75:d6:93:07:57:55:40:c0:1d:d5:
                    1d:d4:7d:d3:c3:41:cb:ee:67:a5:bf:c8:9e:00:41:
                    fe:ff:26:6b:c9:7c:41:5d:b1:b3:9f:11:75:a1:f1:
                    1c:d8:ad:90:47:6c:08:55:18:6e:f0:93:e0:99:88:
                    9d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:71:31:63:C3:12:AA:79:61:31:34:BB:E6:68:36:DE:01:E8:3E:EB
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BXExY8MSqnlhMTS75mg23gHoPus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:140::/29
                  2a0f:1440::/29
                  2a0f:2d80::/29
                  2a0f:2f80::/29
                  2a0f:cc00::/29
                  2a0f:e4c0::/29
                  2a0f:e540::/29
                  2a0f:fc00::/29
                  2a13:1380::/29
                  2a13:1480::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:8e:ca:d1:74:c4:2b:3f:ab:22:87:5b:de:aa:46:e2:4e:da:
         6d:c3:67:8a:c6:b0:93:c2:2e:d8:37:c4:36:6e:bd:ee:f3:2c:
         c5:db:b7:71:17:e0:48:2a:b9:62:12:0c:25:92:ad:e5:95:ce:
         4f:18:91:e2:6d:12:83:eb:0c:1b:3e:15:e7:48:ee:5f:85:e1:
         c7:2f:3f:7e:92:29:f6:f9:1c:2e:87:f1:89:a3:b7:52:58:66:
         6c:c0:9a:2d:8a:a1:7d:80:93:ca:9c:6f:09:8b:0a:98:7c:c5:
         1f:c5:66:74:2b:0a:dd:01:34:49:09:a4:ef:7c:a5:96:8c:43:
         ae:d1:65:b0:cd:fb:97:a9:a5:6f:3b:73:c2:14:af:07:3a:2a:
         b9:b5:3e:f2:8c:7b:d4:a0:21:96:0c:9f:66:5b:26:46:91:56:
         c5:6a:9e:ce:63:f8:84:3a:9e:23:bb:89:3e:ac:b0:ce:14:23:
         51:52:92:57:81:76:64:a0:ef:98:b3:6d:0f:7e:89:e3:6c:83:
         17:c2:29:dd:ad:52:7a:f9:0a:17:3a:1c:8c:2a:2f:b0:af:23:
         b7:05:c3:37:e7:f0:5e:0d:67:ac:6a:63:52:e6:5d:11:1c:81:
         03:f7:be:43:7e:49:a2:12:8a:2b:88:08:f1:90:ba:dc:62:ce:
         6f:00:68:d8
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYRrtvU5nsulsXFPn6D1Ik96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjIxMTEyMTIwMTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcxMzE2M2MzMTJhYTc5NjEzMTM0YmJlNjY4MzZkZTAxZTgzZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXWDJfm3b8/uK4rtzLmS7qmqQd58
VRe5kmgM+a1aawXcyxJWZPd/bNgN/ac3JPJQ4TyhIiyF9cZqZWLcdZANRBk9E6p1
KWU0HcfTrQMRz0k5JQAcomTh0DNlt3+WXmhx0Q/ApA9zboXvVG7rHjIVMi8r9SVF
TD9vAR8ZRwUwZ9wDwXDhBVpIyPQrBokEcpZAPtfQDRcfJ7srMLoUvY1Bh49hHs74
Zdg8CltD1dnEZyBUcztwuUjIT92my7QTWGUOhqHYXwWDT3XWkwdXVUDAHdUd1H3T
w0HL7melv8ieAEH+/yZryXxBXbGznxF1ofEc2K2QR2wIVRhu8JPgmYid4QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAVxMWPDEqp5YTE0u+ZoNt4B6D7rMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQlhFeFk4TVNxbmxoTVRTNzVtZzIzZ0hvUHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKg8BQAMF
AyoPFEADBQMqDy2AAwUDKg8vgAMFAyoPzAADBQMqD+TAAwUDKg/lQAMFAyoP/AAD
BQMqExOAAwUDKhMUgDANBgkqhkiG9w0BAQsFAAOCAQEAN47K0XTEKz+rIodb3qpG
4k7abcNnisawk8Iu2DfENm697vMsxdu3cRfgSCq5YhIMJZKt5ZXOTxiR4m0Sg+sM
Gz4V50juX4Xhxy8/fpIp9vkcLofxiaO3UlhmbMCaLYqhfYCTypxvCYsKmHzFH8Vm
dCsK3QE0SQmk73ylloxDrtFlsM37l6mlbztzwhSvBzoqubU+8ox71KAhlgyfZlsm
RpFWxWqezmP4hDqeI7uJPqywzhQjUVKSV4F2ZKDvmLNtD36J42yDF8Ip3a1SevkK
FzocjCovsK8jtwXDN+fwXg1nrGpjUuZdERyBA/e+Q35JohKKK4gI8ZC63GLObwBo
2A==
-----END CERTIFICATE-----