Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/8dhONjJLhRnG6ryJFKsx_QpT7ig.roa
File:                     8dhONjJLhRnG6ryJFKsx_QpT7ig.roa (raw, json)
Hash identifier:          LnDng/yCpFvhzGbH118551sBCcPtAS0RN9swy51krnY=
Subject key identifier:   F1:D8:4E:36:32:4B:85:19:C6:EA:BC:89:14:AB:31:FD:0A:53:EE:28
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018505A42BEE8BBB29D7F049DB4BE3960E57
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/8dhONjJLhRnG6ryJFKsx_QpT7ig.roa
Signing time:             Mon 12 Dec 2022 09:22:03 +0000
ROA not before:           Mon 12 Dec 2022 09:22:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41976
IP address blocks:        188.162.0.0/16 maxlen: 24
                          109.74.112.0/20 maxlen: 20
                          109.74.112.0/21 maxlen: 21
                          195.16.96.0/19 maxlen: 24
                          195.78.116.0/23 maxlen: 24
                          193.201.228.0/22 maxlen: 24
                          213.168.54.0/24 maxlen: 24
                          213.168.56.0/21 maxlen: 21
                          213.168.53.0/24 maxlen: 24
                          213.168.60.0/24 maxlen: 24
                          213.168.62.0/24 maxlen: 24
                          213.168.61.0/24 maxlen: 24
                          195.5.128.0/19 maxlen: 24
                          213.168.36.0/24 maxlen: 24
                          213.168.34.0/24 maxlen: 24
                          213.168.32.0/21 maxlen: 21
                          213.168.32.0/19 maxlen: 19
                          213.168.43.0/24 maxlen: 24
                          213.168.40.0/21 maxlen: 21
                          213.168.47.0/24 maxlen: 24
                          213.168.46.0/24 maxlen: 24
                          213.168.49.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:05:a4:2b:ee:8b:bb:29:d7:f0:49:db:4b:e3:96:0e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Dec 12 09:22:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f1d84e36324b8519c6eabc8914ab31fd0a53ee28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:72:dd:1c:a2:ac:a5:cb:31:05:ef:cb:7d:d0:
                    76:06:aa:2f:72:34:46:57:25:ec:ba:55:0c:3d:47:
                    83:35:25:1c:6f:9f:14:df:46:df:28:48:5a:3a:21:
                    65:2c:9a:93:84:f1:fc:57:10:9b:b1:2f:e0:b8:73:
                    b8:3d:81:d6:27:79:54:a1:60:b8:31:cd:38:02:70:
                    b9:2b:3f:31:7b:d4:c0:fc:b2:c5:d0:30:39:9d:28:
                    73:b4:7d:49:a3:13:2a:38:1b:6d:46:1b:b9:8b:9f:
                    a3:0c:e9:de:2f:bb:e2:a9:da:a6:21:fc:f9:fc:34:
                    11:89:a8:21:f5:14:9b:1a:c3:8a:eb:e1:b3:93:06:
                    73:b1:52:bb:39:fe:68:74:df:00:0c:d8:b2:3c:16:
                    aa:8b:45:f0:2e:4f:ca:2e:e9:e6:dd:8e:76:dc:b2:
                    b6:8a:b5:61:b5:37:e7:f8:3b:07:35:24:fb:50:65:
                    60:4e:a3:cb:ec:bb:6d:2d:b6:b4:07:93:f5:9c:15:
                    27:c1:08:4f:e3:28:14:b2:79:99:0f:fd:07:cb:1a:
                    2b:09:4b:cb:f8:d8:fc:9d:70:34:21:c1:55:45:ef:
                    f8:c4:a4:fd:23:fc:8b:ac:7a:38:f8:eb:ae:e7:e4:
                    fd:a3:6b:15:9b:4f:7e:42:85:4c:ab:ab:71:68:84:
                    f4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D8:4E:36:32:4B:85:19:C6:EA:BC:89:14:AB:31:FD:0A:53:EE:28
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/8dhONjJLhRnG6ryJFKsx_QpT7ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.74.112.0/20
                  188.162.0.0/16
                  193.201.228.0/22
                  195.5.128.0/19
                  195.16.96.0/19
                  195.78.116.0/23
                  213.168.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         69:e8:28:b6:d9:c5:91:e7:1f:08:01:f0:76:1e:e6:ba:0c:e5:
         41:37:7b:90:ab:e3:f3:f3:e6:a6:c6:9b:b0:6b:f3:d6:f0:b5:
         62:5b:11:a0:48:bf:3b:81:12:7f:7c:32:1a:75:67:87:66:4e:
         a2:76:8d:34:07:ec:a5:84:b7:b4:55:00:61:e5:3c:5a:e1:f8:
         c1:5f:a5:18:fc:f0:73:dd:ca:a4:69:8d:72:9f:90:14:d0:83:
         23:55:33:e8:06:3f:99:d4:cd:39:0a:99:cb:d3:2f:ea:13:31:
         9a:10:53:e4:fd:5a:34:e6:f0:e0:9f:e8:ad:0f:0e:7f:01:af:
         3d:a6:32:8c:63:b1:0c:c3:81:70:8f:9c:a7:1e:c8:76:0b:d3:
         e3:d3:1e:62:4c:d6:7a:1a:9b:51:fc:bd:cd:1e:6c:9e:29:7d:
         c2:ce:01:13:51:52:64:f7:41:a6:90:1a:73:df:c4:4c:75:fd:
         b0:3a:2c:12:a2:10:ce:4b:f9:a0:4d:1f:f8:97:eb:c9:e7:36:
         89:42:64:7e:76:dd:cf:6b:cb:92:43:c0:65:1d:97:2c:db:81:
         63:f4:c8:03:89:27:41:b8:25:1f:b6:7d:d7:8e:16:f5:57:38:
         e5:3a:6a:8c:3d:53:b7:28:57:84:0b:91:d2:ed:06:0f:ea:87:
         20:f4:e7:60
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYUFpCvui7sp1/BJ20vjlg5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjEyMDkyMjAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ4NGUzNjMyNGI4NTE5YzZlYWJjODkxNGFiMzFmZDBhNTNlZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnLdHKKspcsxBe/LfdB2BqovcjRG
VyXsulUMPUeDNSUcb58U30bfKEhaOiFlLJqThPH8VxCbsS/guHO4PYHWJ3lUoWC4
Mc04AnC5Kz8xe9TA/LLF0DA5nShztH1JoxMqOBttRhu5i5+jDOneL7viqdqmIfz5
/DQRiagh9RSbGsOK6+GzkwZzsVK7Of5odN8ADNiyPBaqi0XwLk/KLunm3Y523LK2
irVhtTfn+DsHNST7UGVgTqPL7LttLba0B5P1nBUnwQhP4ygUsnmZD/0HyxorCUvL
+Nj8nXA0IcFVRe/4xKT9I/yLrHo4+Ouu5+T9o2sVm09+QoVMq6txaIT08wIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFPHYTjYyS4UZxuq8iRSrMf0KU+4oMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvOGRoT05qSkxoUm5HNnJ5SkZLc3hfUXBUN2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAvBAIAATApAwQEbUpwAwMA
vKIDBALByeQDBAXDBYADBAXDEGADBAHDTnQDBAXVqCAwDQYJKoZIhvcNAQELBQAD
ggEBAGnoKLbZxZHnHwgB8HYe5roM5UE3e5Cr4/Pz5qbGm7Br89bwtWJbEaBIvzuB
En98Mhp1Z4dmTqJ2jTQH7KWEt7RVAGHlPFrh+MFfpRj88HPdyqRpjXKfkBTQgyNV
M+gGP5nUzTkKmcvTL+oTMZoQU+T9WjTm8OCf6K0PDn8Brz2mMoxjsQzDgXCPnKce
yHYL0+PTHmJM1noam1H8vc0ebJ4pfcLOARNRUmT3QaaQGnPfxEx1/bA6LBKiEM5L
+aBNH/iX68nnNolCZH523c9ry5JDwGUdlyzbgWP0yAOJJ0G4JR+2fdeOFvVXOOU6
aow9U7coV4QLkdLtBg/qhyD052A=
-----END CERTIFICATE-----