Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/Y4c15TZ954IjmriAnhjJNuLSMAU.roa
File:                     Y4c15TZ954IjmriAnhjJNuLSMAU.roa (raw, json)
Hash identifier:          4fBz37pQQYCumNWcH++onOMMZzV82VqbMgCYrWRWG7o=
Subject key identifier:   63:87:35:E5:36:7D:E7:82:23:9A:B8:80:9E:18:C9:36:E2:D2:30:05
Certificate issuer:       /CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
Certificate serial:       01850842CBBDD021F90546F95BB43E430873
Authority key identifier: E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/Y4c15TZ954IjmriAnhjJNuLSMAU.roa
Signing time:             Mon 12 Dec 2022 21:34:33 +0000
ROA not before:           Mon 12 Dec 2022 21:34:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21497
IP address blocks:        128.124.0.0/16 maxlen: 19
                          77.52.0.0/16 maxlen: 18
                          5.207.0.0/16 maxlen: 17
                          88.214.64.0/18 maxlen: 19
                          46.133.0.0/16 maxlen: 19
                          178.133.0.0/16 maxlen: 19
                          31.144.0.0/16 maxlen: 19
                          80.255.64.0/20 maxlen: 21
                          89.209.0.0/16 maxlen: 19
                          2a00:f50::/30 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:08:42:cb:bd:d0:21:f9:05:46:f9:5b:b4:3e:43:08:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
        Validity
            Not Before: Dec 12 21:34:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=638735e5367de782239ab8809e18c936e2d23005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:91:d9:1e:5c:8c:0e:09:82:3b:3d:7d:72:50:
                    a1:83:9d:3d:09:f8:05:c2:fd:b8:52:97:50:4a:cd:
                    22:74:ca:0b:09:1f:19:81:67:96:c7:ef:9f:37:27:
                    cd:cd:ff:09:f6:df:1e:e7:6f:09:e9:c8:bc:00:2e:
                    fa:17:c6:48:be:bc:9b:21:0e:00:93:38:e9:47:7c:
                    9a:b2:88:87:63:3e:8d:6c:6a:b1:03:58:d5:62:15:
                    fd:22:21:d3:2f:63:93:10:57:1e:4b:d6:0f:dd:6e:
                    d3:b8:c6:c4:b9:02:7f:8b:f2:24:c4:ad:65:25:23:
                    6f:fa:fb:c9:e3:b3:cd:17:1e:f3:ad:6c:1f:44:c8:
                    d4:fb:4a:6b:db:f8:f9:d6:28:78:e4:74:13:dc:ac:
                    39:34:5e:0d:dc:a9:d4:62:8f:bb:37:86:f2:62:61:
                    da:a9:7d:6a:30:86:69:74:a6:ed:80:bb:e5:09:40:
                    5d:d5:4d:a8:50:5a:bd:c3:c2:b9:be:18:10:53:e5:
                    0d:62:a1:ae:cb:cf:66:08:5b:81:aa:78:0d:9e:ef:
                    e3:1e:79:42:0e:1a:da:2d:85:b3:fa:31:8b:15:b4:
                    1f:2b:15:0d:67:e0:f0:9e:ae:1b:f9:8a:cd:77:75:
                    c0:c9:3f:7d:9d:7e:9b:73:75:b9:e2:81:81:bf:47:
                    d1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:87:35:E5:36:7D:E7:82:23:9A:B8:80:9E:18:C9:36:E2:D2:30:05
            X509v3 Authority Key Identifier:
                keyid:E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/Y4c15TZ954IjmriAnhjJNuLSMAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.207.0.0/16
                  31.144.0.0/16
                  46.133.0.0/16
                  77.52.0.0/16
                  80.255.64.0/20
                  88.214.64.0/18
                  89.209.0.0/16
                  128.124.0.0/16
                  178.133.0.0/16
                IPv6:
                  2a00:f50::/30

    Signature Algorithm: sha256WithRSAEncryption
         23:86:5d:f4:16:79:79:6a:ce:a1:33:df:39:3c:12:63:2f:b0:
         46:1c:c9:d7:7a:1a:46:02:9b:b5:e9:e9:c2:0c:b7:01:79:4b:
         60:f1:76:6f:40:d3:96:2c:f7:2a:95:a7:f4:05:d4:1f:8c:6e:
         ff:ca:63:0b:5a:f7:89:6f:cd:2b:b8:32:48:23:f2:2e:04:ae:
         f0:d5:c8:11:75:af:88:a7:d4:44:0b:78:d5:e3:2b:eb:59:5a:
         95:94:25:d3:c1:bb:8a:70:ab:ac:63:81:9b:b7:3b:ce:ee:fb:
         c7:7a:95:44:a1:d6:e2:6f:78:c8:cd:41:ba:eb:83:f1:76:df:
         f7:90:92:18:3a:36:2b:75:3c:ed:b8:5b:79:fe:be:e5:89:2a:
         a1:0e:32:a9:b3:13:c0:ec:da:32:ea:c8:de:0b:02:98:a5:3b:
         d9:02:37:db:5d:57:51:45:c6:1e:df:e7:c8:f3:11:91:c1:71:
         d5:b9:cc:99:a0:b1:e5:11:dd:32:09:25:ca:77:6f:6e:c8:65:
         39:2a:dc:ab:4f:bd:20:85:cb:e5:5d:7e:42:f1:45:52:86:cf:
         76:6f:68:d4:d5:f1:e4:6f:3d:b5:07:b1:60:b9:23:f0:e9:44:
         03:5c:31:89:8a:f8:e6:4d:de:2d:ea:dd:c1:3e:4e:7c:c9:49:
         ec:5f:f6:d9
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYUIQsu90CH5BUb5W7Q+QwhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2FkYzhhNDIxYzFmMjJmMWUyOTA0Y2NmZGJiY2VjNWRi
ZTFiMTEwHhcNMjIxMjEyMjEzNDMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg3MzVlNTM2N2RlNzgyMjM5YWI4ODA5ZTE4YzkzNmUyZDIzMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppHZHlyMDgmCOz19clChg509CfgF
wv24UpdQSs0idMoLCR8ZgWeWx++fNyfNzf8J9t8e528J6ci8AC76F8ZIvrybIQ4A
kzjpR3yasoiHYz6NbGqxA1jVYhX9IiHTL2OTEFceS9YP3W7TuMbEuQJ/i/IkxK1l
JSNv+vvJ47PNFx7zrWwfRMjU+0pr2/j51ih45HQT3Kw5NF4N3KnUYo+7N4byYmHa
qX1qMIZpdKbtgLvlCUBd1U2oUFq9w8K5vhgQU+UNYqGuy89mCFuBqngNnu/jHnlC
DhraLYWz+jGLFbQfKxUNZ+Dwnq4b+YrNd3XAyT99nX6bc3W54oGBv0fR4wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGOHNeU2feeCI5q4gJ4YyTbi0jAFMB8GA1UdIwQY
MBaAFOHK3IpCHB8i8eKQTM/bvOxdvhsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQt
NzQyZGMwYzk3MGMwLzEvWTRjMTVUWjk1NElqbXJpQW5oakpOdUxTTUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQtNzQyZGMwYzk3MGMw
LzEvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjA1BAIAATAvAwMABc8DAwAf
kAMDAC6FAwMATTQDBARQ/0ADBAZY1kADAwBZ0QMDAIB8AwMAsoUwDQQCAAIwBwMF
AioAD1AwDQYJKoZIhvcNAQELBQADggEBACOGXfQWeXlqzqEz3zk8EmMvsEYcydd6
GkYCm7Xp6cIMtwF5S2Dxdm9A05Ys9yqVp/QF1B+Mbv/KYwta94lvzSu4Mkgj8i4E
rvDVyBF1r4in1EQLeNXjK+tZWpWUJdPBu4pwq6xjgZu3O87u+8d6lUSh1uJveMjN
Qbrrg/F23/eQkhg6Nit1PO24W3n+vuWJKqEOMqmzE8Ds2jLqyN4LApilO9kCN9td
V1FFxh7f58jzEZHBcdW5zJmgseUR3TIJJcp3b27IZTkq3KtPvSCFy+VdfkLxRVKG
z3ZvaNTV8eRvPbUHsWC5I/DpRANcMYmK+OZN3i3q3cE+TnzJSexf9tk=
-----END CERTIFICATE-----