Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/tpMKFBnWYEkOo4ZvE_RmqFxClC4.roa
File:                     tpMKFBnWYEkOo4ZvE_RmqFxClC4.roa (raw, json)
Hash identifier:          prieuYQ9Qc2S7sJAp+JZf6NlcTuaHRHpHhYfRKS0f60=
Subject key identifier:   B6:93:0A:14:19:D6:60:49:0E:A3:86:6F:13:F4:66:A8:5C:42:94:2E
Certificate issuer:       /CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
Certificate serial:       0519FE98
Authority key identifier: 69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/tpMKFBnWYEkOo4ZvE_RmqFxClC4.roa
Signing time:             Sat 01 Jan 2022 11:02:45 +0000
ROA not before:           Sat 01 Jan 2022 11:02:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202015
IP address blocks:        79.141.173.0/24 maxlen: 24
                          91.193.19.0/24 maxlen: 24
                          194.124.229.0/24 maxlen: 24
                          77.83.199.0/24 maxlen: 24
                          193.42.38.0/24 maxlen: 24
                          79.141.162.0/23 maxlen: 23
                          79.141.160.0/23 maxlen: 23
                          79.141.172.0/24 maxlen: 24
                          185.33.84.0/23 maxlen: 23
                          185.33.86.0/23 maxlen: 23
                          2a01:8640:b::/48 maxlen: 48
                          2a01:8640:5::/48 maxlen: 48
                          2a01:8640:e::/48 maxlen: 48
                          2a01:8640:4::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 85589656 (0x519fe98)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
        Validity
            Not Before: Jan  1 11:02:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b6930a1419d660490ea3866f13f466a85c42942e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c3:36:69:9d:13:ef:c2:b5:7f:bd:fc:3f:a0:
                    1c:5e:38:9b:f9:8a:43:e6:52:3d:41:d1:9f:c6:0b:
                    c4:ec:96:7d:6d:6b:ea:33:46:c2:b2:ca:c7:44:ec:
                    ed:8a:a3:f0:e1:ce:76:5b:44:b0:01:3f:0e:fb:43:
                    44:d1:4e:df:e6:bb:fa:01:cc:da:77:a3:77:e9:ba:
                    04:a9:37:a9:35:58:d4:3e:7f:c3:63:71:23:09:2d:
                    85:01:4b:cf:42:09:ca:90:a0:4d:c2:98:42:eb:54:
                    eb:66:36:f7:b6:7f:df:4e:4e:ee:9b:e4:9d:e5:15:
                    42:ed:eb:0c:47:7e:5c:89:90:dd:89:1b:97:87:3b:
                    c5:ef:f5:fc:f0:ca:35:da:7c:0e:46:86:3d:ce:d3:
                    45:67:fc:a3:ae:60:8a:f8:4f:80:96:53:18:53:e7:
                    9a:bf:b7:21:3e:1e:e5:c6:42:31:41:3e:5d:7c:33:
                    42:59:01:d1:66:80:75:d0:f6:0c:9e:78:c8:ff:86:
                    7c:aa:0e:d3:f0:5d:f9:22:ab:1b:e8:c8:64:d5:2a:
                    91:3b:33:a4:c7:35:6d:25:67:e7:0c:e8:7a:17:dd:
                    06:92:c0:fe:81:4c:97:52:ce:35:84:ac:e6:3a:7d:
                    9c:87:c6:1e:48:b6:86:65:17:73:79:98:5b:ff:22:
                    15:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:93:0A:14:19:D6:60:49:0E:A3:86:6F:13:F4:66:A8:5C:42:94:2E
            X509v3 Authority Key Identifier:
                keyid:69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/tpMKFBnWYEkOo4ZvE_RmqFxClC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.199.0/24
                  79.141.160.0/22
                  79.141.172.0/23
                  91.193.19.0/24
                  185.33.84.0/22
                  193.42.38.0/24
                  194.124.229.0/24
                IPv6:
                  2a01:8640:4::/47
                  2a01:8640:b::/48
                  2a01:8640:e::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:d0:34:45:2b:79:5a:57:44:00:7c:d8:f8:ff:5f:40:c4:fa:
         d8:76:1c:1f:3b:bd:8c:4c:a2:83:4f:79:6e:84:11:d8:8b:62:
         6e:af:1f:1d:c9:97:8c:c0:be:8c:b3:82:28:63:ff:01:bd:87:
         ab:8f:2a:cd:3b:fd:a7:f0:1f:ac:5e:6d:3d:39:ac:f4:87:97:
         34:7c:00:d5:b9:8d:6a:12:75:f2:b3:99:0d:09:3b:ba:dd:a2:
         53:fc:45:5d:61:9f:f1:dc:b9:ad:d2:02:61:a0:cc:c3:01:9c:
         c3:f3:da:7c:ef:58:45:0a:9d:e5:eb:a8:94:19:31:4e:d7:5a:
         a8:60:3a:38:4e:75:d1:ef:df:4e:82:2c:64:32:22:ea:86:1c:
         92:7e:1d:ed:89:3f:57:2d:04:50:c6:91:6a:2c:d1:ec:26:c5:
         f6:82:81:67:a3:59:ae:57:3f:7e:3e:95:fb:76:5d:9f:98:e6:
         99:26:8c:66:59:98:0d:7d:fd:1b:d2:dd:47:85:57:27:69:22:
         c9:59:19:a7:50:0c:02:a7:8c:04:99:5c:7b:77:31:da:9f:9f:
         ce:59:f4:77:f1:ce:1b:84:3f:d2:45:da:65:dd:14:81:cc:c4:
         c5:53:66:31:4c:99:28:98:3a:7b:b1:92:40:92:ca:a6:23:bf:
         0a:49:4a:3e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIEBRn+mDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
OTEyNDJjMzNiYzJlMmU5ZTQ1ODUwYTBmYzY0YWIyYzc1MDZhNGI4MB4XDTIyMDEw
MTExMDI0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjY5MzBhMTQxOWQ2
NjA0OTBlYTM4NjZmMTNmNDY2YTg1YzQyOTQyZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJjDNmmdE+/CtX+9/D+gHF44m/mKQ+ZSPUHRn8YLxOyWfW1r
6jNGwrLKx0Ts7Yqj8OHOdltEsAE/DvtDRNFO3+a7+gHM2nejd+m6BKk3qTVY1D5/
w2NxIwkthQFLz0IJypCgTcKYQutU62Y297Z/305O7pvkneUVQu3rDEd+XImQ3Ykb
l4c7xe/1/PDKNdp8DkaGPc7TRWf8o65givhPgJZTGFPnmr+3IT4e5cZCMUE+XXwz
QlkB0WaAddD2DJ54yP+GfKoO0/Bd+SKrG+jIZNUqkTszpMc1bSVn5wzoehfdBpLA
/oFMl1LONYSs5jp9nIfGHki2hmUXc3mYW/8iFZMCAwEAAaOCAlAwggJMMB0GA1Ud
DgQWBBS2kwoUGdZgSQ6jhm8T9GaoXEKULjAfBgNVHSMEGDAWgBRpEkLDO8Li6eRY
UKD8ZKssdQakuDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2FSSkN3enZDNHVua1dGQ2dfR1NyTEhVR3BMZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzcvNjM1NmI5LWM0OWYtNGI0ZC04ZTI5LTM2MmZmZThlZTI3MC8x
L3RwTUtGQm5XWUVrT280WnZFX1JtcUZ4Q2xDNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcv
NjM1NmI5LWM0OWYtNGI0ZC04ZTI5LTM2MmZmZThlZTI3MC8xL2FSSkN3enZDNHVu
a1dGQ2dfR1NyTEhVR3BMZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBm
BggrBgEFBQcBBwEB/wRXMFUwMAQCAAEwKgMEAE1TxwMEAk+NoAMEAU+NrAMEAFvB
EwMEArkhVAMEAMEqJgMEAMJ85TAhBAIAAjAbAwcBKgGGQAAEAwcAKgGGQAALAwcA
KgGGQAAOMA0GCSqGSIb3DQEBCwUAA4IBAQBG0DRFK3laV0QAfNj4/19AxPrYdhwf
O72MTKKDT3luhBHYi2Jurx8dyZeMwL6Ms4IoY/8BvYerjyrNO/2n8B+sXm09Oaz0
h5c0fADVuY1qEnXys5kNCTu63aJT/EVdYZ/x3Lmt0gJhoMzDAZzD89p871hFCp3l
66iUGTFO11qoYDo4TnXR799OgixkMiLqhhySfh3tiT9XLQRQxpFqLNHsJsX2goFn
o1muVz9+PpX7dl2fmOaZJoxmWZgNff0b0t1HhVcnaSLJWRmnUAwCp4wEmVx7dzHa
n5/OWfR38c4bhD/SRdpl3RSBzMTFU2YxTJkomDp7sZJAksqmI78KSUo+
-----END CERTIFICATE-----