Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lWvNuBpIyreEuCcLKDkXaBvoPVk.roa
File:                     lWvNuBpIyreEuCcLKDkXaBvoPVk.roa (raw, json)
Hash identifier:          kv8MWv2nclEv5Cgb629L1hROOv0h9D6/t4sQ0Eq8EUk=
Subject key identifier:   95:6B:CD:B8:1A:48:CA:B7:84:B8:27:0B:28:39:17:68:1B:E8:3D:59
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0185444CCC2AC149F2CADEBC95491BD26708
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lWvNuBpIyreEuCcLKDkXaBvoPVk.roa
Signing time:             Sat 24 Dec 2022 13:22:41 +0000
ROA not before:           Sat 24 Dec 2022 13:22:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210644
IP address blocks:        185.174.137.0/24 maxlen: 24
                          185.229.65.0/24 maxlen: 24
                          185.174.136.0/24 maxlen: 24
                          185.229.66.0/24 maxlen: 24
                          185.106.94.0/24 maxlen: 24
                          185.112.83.0/24 maxlen: 24
                          45.142.122.0/24 maxlen: 24
                          185.17.0.0/24 maxlen: 24
                          45.138.74.0/24 maxlen: 24
                          5.252.118.0/24 maxlen: 24
                          2a0e:d607::/48 maxlen: 48
                          2a0e:d606::/48 maxlen: 48
                          2a0e:d602:1::/48 maxlen: 48
                          2a0e:d602::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:44:4c:cc:2a:c1:49:f2:ca:de:bc:95:49:1b:d2:67:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Dec 24 13:22:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=956bcdb81a48cab784b8270b283917681be83d59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:69:7f:12:77:aa:85:fa:be:20:42:28:35:87:
                    8a:f1:57:ed:8f:77:9c:91:1e:b2:44:78:bd:77:17:
                    9f:97:62:56:45:91:c7:7b:2e:d7:f8:99:e1:54:a4:
                    62:06:61:b7:f4:d8:ac:4c:07:fa:03:77:42:13:75:
                    76:98:69:37:de:47:87:8e:dd:ba:95:1a:99:1b:71:
                    e0:f0:19:08:44:86:b3:78:6c:d1:e6:90:ac:aa:06:
                    95:e7:33:90:c7:ef:01:ee:77:56:91:21:ed:21:36:
                    ad:50:8f:4b:83:0e:26:4d:5d:87:e0:1d:ab:2b:d5:
                    b2:dd:44:46:6c:66:c5:55:6d:d1:b0:e3:68:21:fd:
                    07:55:d7:ba:39:ed:43:b4:d6:fc:fd:b1:69:27:b4:
                    29:20:00:7a:99:c1:6f:f8:48:c1:fd:58:a0:6a:8c:
                    aa:1f:cc:29:ff:c1:48:29:fa:e3:b1:c3:97:b8:0b:
                    70:9b:72:8c:8a:41:e4:8f:46:ea:35:a7:5a:57:71:
                    6d:b2:fa:6c:51:89:93:bb:64:3f:d4:31:90:70:f6:
                    3f:2d:93:83:8e:45:7e:c2:e7:3d:84:cd:fb:07:c5:
                    7b:4c:bc:42:10:b6:6e:b4:87:c1:66:0a:87:d1:3b:
                    10:28:12:bc:e7:29:a7:52:95:20:da:e7:e3:7d:95:
                    1b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:6B:CD:B8:1A:48:CA:B7:84:B8:27:0B:28:39:17:68:1B:E8:3D:59
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/lWvNuBpIyreEuCcLKDkXaBvoPVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.118.0/24
                  45.138.74.0/24
                  45.142.122.0/24
                  185.17.0.0/24
                  185.106.94.0/24
                  185.112.83.0/24
                  185.174.136.0/23
                  185.229.65.0-185.229.66.255
                IPv6:
                  2a0e:d602::/47
                  2a0e:d606::/48
                  2a0e:d607::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:0b:40:35:b8:6a:6a:e6:c0:f2:2a:d3:67:b9:96:d8:f3:e0:
         d8:a8:93:de:ae:dc:58:ba:40:fb:29:f8:bc:0c:c5:19:96:d7:
         19:cc:22:08:08:89:7d:35:7b:3e:04:4b:e5:a6:70:6b:8b:d3:
         a2:ea:91:93:30:3d:a0:13:0e:11:b8:fe:c8:54:1c:ee:1a:de:
         d0:7b:59:bc:fd:d0:25:32:a8:2c:37:d1:8e:c9:b6:b0:36:fe:
         e6:f5:90:ef:f7:86:78:2a:1e:97:98:dc:d4:b7:63:33:19:d0:
         e5:cd:09:a8:a9:dc:ff:ce:04:02:9d:ab:2f:0b:1a:e4:28:cb:
         f7:35:67:0c:a3:06:d2:30:0e:9f:cd:b0:43:7a:f6:8d:b2:08:
         d1:74:b1:04:0f:fd:b8:ac:a1:e3:7f:f1:f3:83:79:55:80:61:
         07:ce:f1:1e:3e:46:49:75:07:40:68:3d:ed:8f:7d:04:25:28:
         54:2a:70:9b:00:ef:31:42:b3:d8:ca:14:15:89:98:5c:aa:db:
         2b:d9:03:bd:ff:4b:43:3f:54:cc:6c:86:6d:14:59:29:b8:dc:
         c5:5b:e8:23:31:b7:1e:aa:cf:ab:5f:81:75:ad:91:ad:c0:3b:
         6d:31:70:00:c1:df:84:c7:a4:24:ec:64:83:86:2a:fc:dd:91:
         4c:1e:f8:3d
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYVETMwqwUnyyt68lUkb0mcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjIxMjI0MTMyMjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTZiY2RiODFhNDhjYWI3ODRiODI3MGIyODM5MTc2ODFiZTgzZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2l/Eneqhfq+IEIoNYeK8Vftj3ec
kR6yRHi9dxefl2JWRZHHey7X+JnhVKRiBmG39NisTAf6A3dCE3V2mGk33keHjt26
lRqZG3Hg8BkIRIazeGzR5pCsqgaV5zOQx+8B7ndWkSHtITatUI9Lgw4mTV2H4B2r
K9Wy3URGbGbFVW3RsONoIf0HVde6Oe1DtNb8/bFpJ7QpIAB6mcFv+EjB/Vigaoyq
H8wp/8FIKfrjscOXuAtwm3KMikHkj0bqNadaV3FtsvpsUYmTu2Q/1DGQcPY/LZOD
jkV+wuc9hM37B8V7TLxCELZutIfBZgqH0TsQKBK85ymnUpUg2ufjfZUbAwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFJVrzbgaSMq3hLgnCyg5F2gb6D1ZMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbFd2TnVCcEl5cmVFdUNjTEtEa1hhQnZvUFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzA+BAIAATA4AwQABfx2AwQA
LYpKAwQALY56AwQAuREAAwQAuWpeAwQAuXBTAwQBua6IMAwDBAC55UEDBAC55UIw
IQQCAAIwGwMHASoO1gIAAAMHACoO1gYAAAMHACoO1gcAADANBgkqhkiG9w0BAQsF
AAOCAQEABgtANbhqaubA8irTZ7mW2PPg2KiT3q7cWLpA+yn4vAzFGZbXGcwiCAiJ
fTV7PgRL5aZwa4vTouqRkzA9oBMOEbj+yFQc7hre0HtZvP3QJTKoLDfRjsm2sDb+
5vWQ7/eGeCoel5jc1LdjMxnQ5c0JqKnc/84EAp2rLwsa5CjL9zVnDKMG0jAOn82w
Q3r2jbII0XSxBA/9uKyh43/x84N5VYBhB87xHj5GSXUHQGg97Y99BCUoVCpwmwDv
MUKz2MoUFYmYXKrbK9kDvf9LQz9UzGyGbRRZKbjcxVvoIzG3HqrPq1+Bda2RrcA7
bTFwAMHfhMekJOxkg4Yq/N2RTB74PQ==
-----END CERTIFICATE-----