Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/_NZJB9vvn97Vo2rXqrNmPtThFTk.roa
File:                     _NZJB9vvn97Vo2rXqrNmPtThFTk.roa (raw, json)
Hash identifier:          2HEUJGmomvIAWNUmdQLWonQ7nY6sSuIk3VmRtpVw+kY=
Subject key identifier:   FC:D6:49:07:DB:EF:9F:DE:D5:A3:6A:D7:AA:B3:66:3E:D4:E1:15:39
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0182ABA6976FFD12102B3BBB120F6039D9A8
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/_NZJB9vvn97Vo2rXqrNmPtThFTk.roa
Signing time:             Wed 17 Aug 2022 11:53:17 +0000
ROA not before:           Wed 17 Aug 2022 11:53:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204339
IP address blocks:        45.95.200.0/24 maxlen: 24
                          2a0d:2dc2::/32 maxlen: 32
                          2a0b:da01::/32 maxlen: 32
                          2a0d:2dc6::/32 maxlen: 32
                          2a0b:da04::/32 maxlen: 32
                          2a0d:2dc5::/32 maxlen: 32
                          2a0d:2dc1::/32 maxlen: 32
                          2a0d:2dc7::/32 maxlen: 32
                          2a0b:da05::/32 maxlen: 32
                          2a0d:2dc4::/32 maxlen: 32
                          2a0b:da02::/32 maxlen: 32
                          2a0d:2dc0::/32 maxlen: 32
                          2a0b:da03::/32 maxlen: 32
                          2a0b:da07::/32 maxlen: 32
                          2a0b:da00::/32 maxlen: 32
                          2a0d:2dc3::/32 maxlen: 32
                          2a0b:da06::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ab:a6:97:6f:fd:12:10:2b:3b:bb:12:0f:60:39:d9:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Aug 17 11:53:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fcd64907dbef9fded5a36ad7aab3663ed4e11539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:45:6a:ec:ae:0a:cd:8e:8c:0b:0c:6c:b1:2a:
                    3a:87:d7:18:16:48:45:c8:af:6c:5a:e7:3b:25:3f:
                    f9:6b:12:d7:ab:00:e2:ea:d0:fa:6a:50:63:11:39:
                    5c:7c:ac:72:e7:49:28:dd:f5:f8:2d:6b:39:fa:ce:
                    72:b4:16:9c:c9:4e:1c:f6:ad:cf:b2:7e:e7:3a:1f:
                    0e:9a:fa:ce:ae:92:04:e7:69:a0:cd:66:b9:a6:8d:
                    fd:fe:90:d6:6c:f2:59:08:d3:9d:f0:11:b7:69:1c:
                    21:36:8a:03:4f:a9:4b:60:30:2b:d3:a0:b6:30:f1:
                    34:6f:48:82:55:f9:84:24:a5:68:f9:89:60:90:82:
                    54:d9:9e:fa:4e:1d:85:42:c2:3a:2e:d2:2e:97:1b:
                    5d:1e:15:b5:3a:2c:78:16:60:1c:dc:57:04:56:7c:
                    00:1e:11:db:f2:bd:f4:1a:53:4f:79:f2:51:55:60:
                    61:67:d9:e5:a9:3b:13:cd:e2:94:d5:2f:9c:d3:43:
                    3c:2b:09:56:69:89:bb:04:74:8e:dc:12:c5:67:d7:
                    69:8d:60:50:f7:53:89:1c:e7:3f:f9:b7:1a:44:f3:
                    a4:4b:4b:5e:ce:c6:66:88:ed:34:14:15:fd:6a:6d:
                    c5:b4:f0:6c:bb:ea:0a:c3:f0:6c:13:e6:92:9e:95:
                    5b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:D6:49:07:DB:EF:9F:DE:D5:A3:6A:D7:AA:B3:66:3E:D4:E1:15:39
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/_NZJB9vvn97Vo2rXqrNmPtThFTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.200.0/24
                IPv6:
                  2a0b:da00::/29
                  2a0d:2dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:6a:3c:d9:58:1a:a5:2d:b3:ec:af:e6:1a:62:17:d9:a7:af:
         73:2c:18:31:29:10:da:d7:57:ab:63:b5:ae:b3:50:2c:97:b4:
         ff:b0:14:d6:d6:f9:85:83:9d:23:c9:5f:1a:b1:0a:80:38:4a:
         cb:69:2d:cd:fd:d6:54:68:c9:1d:e2:d3:fd:5d:cd:3c:bf:90:
         75:92:48:98:cb:ec:25:86:d5:5a:d2:b4:86:91:b0:d9:d3:ad:
         01:a8:a3:35:43:70:4a:7c:d4:d1:4e:3b:76:67:75:ba:85:94:
         30:d4:09:34:d3:79:63:29:11:ef:d4:54:ad:c5:0b:fd:e1:89:
         d4:e3:c7:96:86:a9:30:45:f1:d7:51:f0:73:f5:a1:45:fb:2f:
         2c:c9:80:df:cf:94:83:09:37:32:96:c6:48:51:11:ef:0e:3d:
         30:ac:84:39:73:2e:05:5e:17:f6:a1:d7:92:a6:67:ea:ce:d4:
         9b:e2:4e:05:e0:27:f5:9c:a9:e0:86:bf:e4:78:8a:a2:72:79:
         05:e2:52:b7:90:8c:0c:17:7e:3e:bd:3d:22:12:b0:de:26:00:
         3c:97:3c:95:bc:89:59:e8:47:ae:37:10:f5:bd:90:00:be:e2:
         5b:44:f4:72:07:4b:63:17:2a:92:a7:15:21:07:39:7d:14:6e:
         4f:b9:22:17
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYKrppdv/RIQKzu7Eg9gOdmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIwODE3MTE1MzE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2Q2NDkwN2RiZWY5ZmRlZDVhMzZhZDdhYWIzNjYzZWQ0ZTExNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0Vq7K4KzY6MCwxssSo6h9cYFkhF
yK9sWuc7JT/5axLXqwDi6tD6alBjETlcfKxy50ko3fX4LWs5+s5ytBacyU4c9q3P
sn7nOh8OmvrOrpIE52mgzWa5po39/pDWbPJZCNOd8BG3aRwhNooDT6lLYDAr06C2
MPE0b0iCVfmEJKVo+YlgkIJU2Z76Th2FQsI6LtIulxtdHhW1Oix4FmAc3FcEVnwA
HhHb8r30GlNPefJRVWBhZ9nlqTsTzeKU1S+c00M8KwlWaYm7BHSO3BLFZ9dpjWBQ
91OJHOc/+bcaRPOkS0tezsZmiO00FBX9am3FtPBsu+oKw/BsE+aSnpVbuQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPzWSQfb75/e1aNq16qzZj7U4RU5MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvX05aSkI5dnZuOTdWbzJyWHFyTm1QdFRoRlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQALV/IMBQE
AgACMA4DBQMqC9oAAwUDKg0twDANBgkqhkiG9w0BAQsFAAOCAQEAZ2o82VgapS2z
7K/mGmIX2aevcywYMSkQ2tdXq2O1rrNQLJe0/7AU1tb5hYOdI8lfGrEKgDhKy2kt
zf3WVGjJHeLT/V3NPL+QdZJImMvsJYbVWtK0hpGw2dOtAaijNUNwSnzU0U47dmd1
uoWUMNQJNNN5YykR79RUrcUL/eGJ1OPHloapMEXx11Hwc/WhRfsvLMmA38+Ugwk3
MpbGSFER7w49MKyEOXMuBV4X9qHXkqZn6s7Um+JOBeAn9Zyp4Ia/5HiKonJ5BeJS
t5CMDBd+Pr09IhKw3iYAPJc8lbyJWehHrjcQ9b2QAL7iW0T0cgdLYxcqkqcVIQc5
fRRuT7kiFw==
-----END CERTIFICATE-----