Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/KnUVBZFdW2I98TT666iyPy3XdM8.roa
File:                     KnUVBZFdW2I98TT666iyPy3XdM8.roa (raw, json)
Hash identifier:          KEek3U9+MbQ5X4r9VE5iSpZYCNIv3VlziZVlcmtc85c=
Subject key identifier:   2A:75:15:05:91:5D:5B:62:3D:F1:34:FA:EB:A8:B2:3F:2D:D7:74:CF
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018C48570933AA3BB5AFA68607A976D107E6
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/KnUVBZFdW2I98TT666iyPy3XdM8.roa
Signing time:             Fri 08 Dec 2023 07:31:52 +0000
ROA not before:           Fri 08 Dec 2023 07:31:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205544
IP address blocks:        2a0f:e6c6:1::/48 maxlen: 48
                          2a13:e101:1::/48 maxlen: 48
                          2a0f:e1c0:1::/48 maxlen: 48
                          2a12:ecc0:1::/48 maxlen: 48
                          2a13:3380:1::/48 maxlen: 48
                          2a0f:e6c7:1::/48 maxlen: 48
                          2a12:ecc0:f::/48 maxlen: 48
                          2a13:c700:1::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
                          2a13:e101:2::/48 maxlen: 48
                          2a0f:e1c0:2::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:48:57:09:33:aa:3b:b5:af:a6:86:07:a9:76:d1:07:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Dec  8 07:31:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a751505915d5b623df134faeba8b23f2dd774cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:b2:5f:81:88:a8:f7:83:3a:97:ed:01:91:
                    b3:b9:04:be:29:b2:36:58:aa:a5:2b:15:24:c5:f6:
                    df:3a:f9:23:65:c9:30:dd:51:9f:c4:a0:51:b5:f5:
                    5b:e4:21:5f:81:ee:e8:96:5b:74:89:0c:6f:76:db:
                    7c:15:f2:7f:ad:10:6c:da:67:aa:8a:03:11:e3:94:
                    8c:d0:6e:e6:42:21:ca:f7:19:08:c5:c9:ab:ee:62:
                    3f:8a:50:63:51:d9:a5:0f:c5:9e:75:43:0b:e7:a5:
                    30:23:2a:7e:33:6a:3c:74:d7:86:df:85:d9:36:4f:
                    5a:13:36:52:1e:20:31:e1:d9:10:6a:4d:e3:63:30:
                    ff:93:1f:fb:9c:03:aa:48:e4:84:3b:97:17:94:29:
                    9c:df:d4:78:47:b9:2a:38:c5:be:66:52:c0:dc:b2:
                    ff:7f:94:61:c4:6a:0e:4a:81:f5:e9:e7:d9:18:c6:
                    39:6d:a5:4c:e9:93:42:07:b3:a7:8c:46:9c:a4:19:
                    a2:d9:12:cf:12:5b:a1:48:eb:47:8b:bf:80:82:a0:
                    1d:06:54:f5:b6:df:bb:b5:f1:86:4c:3b:d3:1e:8b:
                    4b:d4:13:2b:bf:a1:3e:99:bc:7a:80:bf:59:3b:b1:
                    3c:e7:df:68:da:d5:7e:e6:53:77:e0:ab:bb:a9:95:
                    5f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:75:15:05:91:5D:5B:62:3D:F1:34:FA:EB:A8:B2:3F:2D:D7:74:CF
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/KnUVBZFdW2I98TT666iyPy3XdM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e1c0:1::-2a0f:e1c0:2:ffff:ffff:ffff:ffff:ffff
                  2a0f:e440::/29
                  2a0f:e6c6:1::/48
                  2a0f:e6c7:1::/48
                  2a12:ecc0:1::/48
                  2a12:ecc0:f::/48
                  2a13:3380:1::/48
                  2a13:c700:1::/48
                  2a13:e101:1::-2a13:e101:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         24:a9:59:f0:6f:e6:ad:2b:58:45:c7:92:9a:99:88:c3:7c:56:
         85:56:8e:a9:a2:34:89:08:17:5f:b1:c9:fb:69:ab:2d:cd:75:
         81:8a:04:d3:17:9a:34:fc:75:62:af:bf:cd:84:ac:4c:43:a1:
         a6:7b:64:9a:56:21:a6:50:5a:55:02:43:d6:19:68:16:03:22:
         dd:26:45:f9:2d:25:9e:78:b0:82:4f:bf:5b:2f:63:15:ce:1d:
         5b:22:17:53:5f:92:03:47:65:11:1f:f6:5d:e2:81:56:4d:a3:
         49:9f:24:9b:c2:9f:c1:eb:dc:51:8b:12:b8:38:d9:5a:ce:32:
         3f:c2:99:64:dd:56:b8:1e:b4:64:eb:2c:e4:e7:37:cc:90:6e:
         e7:0f:f9:0a:2f:2a:23:85:6c:26:64:bb:38:d0:e6:ce:c3:90:
         07:40:fd:b6:74:fa:08:bf:75:3c:9e:95:ee:19:51:be:af:f1:
         e4:6c:bc:68:0a:e2:3e:99:ae:76:b8:32:b4:bc:be:a0:c5:93:
         4e:ef:ab:8b:2f:5d:ae:70:0d:e8:8c:df:43:08:f6:54:6d:01:
         2f:83:ee:59:f2:c6:8a:fb:75:1f:73:7b:cb:8b:f5:af:16:af:
         56:fb:20:a4:31:23:d5:b8:5a:5e:c9:c6:a4:97:06:7d:e2:14:
         72:6d:6d:9e
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYxIVwkzqju1r6aGB6l20QfmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMjA4MDczMTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc1MTUwNTkxNWQ1YjYyM2RmMTM0ZmFlYmE4YjIzZjJkZDc3NGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtKyX4GIqPeDOpftAZGzuQS+KbI2
WKqlKxUkxfbfOvkjZckw3VGfxKBRtfVb5CFfge7ollt0iQxvdtt8FfJ/rRBs2meq
igMR45SM0G7mQiHK9xkIxcmr7mI/ilBjUdmlD8WedUML56UwIyp+M2o8dNeG34XZ
Nk9aEzZSHiAx4dkQak3jYzD/kx/7nAOqSOSEO5cXlCmc39R4R7kqOMW+ZlLA3LL/
f5RhxGoOSoH16efZGMY5baVM6ZNCB7OnjEacpBmi2RLPEluhSOtHi7+AgqAdBlT1
tt+7tfGGTDvTHotL1BMrv6E+mbx6gL9ZO7E8599o2tV+5lN34Ku7qZVfMQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFCp1FQWRXVtiPfE0+uuosj8t13TPMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvS25VVkJaRmRXMkk5OFRUNjY2aXlQeTNYZE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBrBAIAAjBlMBIDBwAqD+HA
AAEDBwAqD+HAAAIDBQMqD+RAAwcAKg/mxgABAwcAKg/mxwABAwcAKhLswAABAwcA
KhLswAAPAwcAKhMzgAABAwcAKhPHAAABMBIDBwAqE+EBAAEDBwAqE+EBAAIwDQYJ
KoZIhvcNAQELBQADggEBACSpWfBv5q0rWEXHkpqZiMN8VoVWjqmiNIkIF1+xyftp
qy3NdYGKBNMXmjT8dWKvv82ErExDoaZ7ZJpWIaZQWlUCQ9YZaBYDIt0mRfktJZ54
sIJPv1svYxXOHVsiF1NfkgNHZREf9l3igVZNo0mfJJvCn8Hr3FGLErg42VrOMj/C
mWTdVrgetGTrLOTnN8yQbucP+QovKiOFbCZkuzjQ5s7DkAdA/bZ0+gi/dTyele4Z
Ub6v8eRsvGgK4j6Zrna4MrS8vqDFk07vq4svXa5wDeiM30MI9lRtAS+D7lnyxor7
dR9ze8uL9a8Wr1b7IKQxI9W4Wl7JxqSXBn3iFHJtbZ4=
-----END CERTIFICATE-----