Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/mB0DdPXox8ijz4EtHCxHKl-tZns.roa
File:                     mB0DdPXox8ijz4EtHCxHKl-tZns.roa (raw, json)
Hash identifier:          IjrQ2MpRcbNsUucYWorTKf3CWlOMjtiH/Z+D589yHoo=
Subject key identifier:   98:1D:03:74:F5:E8:C7:C8:A3:CF:81:2D:1C:2C:47:2A:5F:AD:66:7B
Certificate issuer:       /CN=2ef957aba2ef00352850e202464c71d33ca81448
Certificate serial:       01857082BDDD41DA523933403CDF134ACD94
Authority key identifier: 2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/mB0DdPXox8ijz4EtHCxHKl-tZns.roa
Signing time:             Mon 02 Jan 2023 03:24:54 +0000
ROA not before:           Mon 02 Jan 2023 03:24:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2199
IP address blocks:        194.199.12.0/24 maxlen: 24
                          195.83.190.0/24 maxlen: 24
                          194.57.170.0/24 maxlen: 24
                          194.254.97.0/24 maxlen: 24
                          193.54.136.0/24 maxlen: 24
                          194.199.98.0/24 maxlen: 24
                          194.199.97.0/24 maxlen: 24
                          195.83.255.0/24 maxlen: 24
                          195.83.254.0/24 maxlen: 24
                          194.199.95.0/24 maxlen: 24
                          195.83.214.0/24 maxlen: 24
                          194.199.74.0/24 maxlen: 24
                          2001:661:2000::/35 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:82:bd:dd:41:da:52:39:33:40:3c:df:13:4a:cd:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef957aba2ef00352850e202464c71d33ca81448
        Validity
            Not Before: Jan  2 03:24:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=981d0374f5e8c7c8a3cf812d1c2c472a5fad667b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:42:2f:2a:0a:bb:b6:a7:28:49:50:2d:6b:d1:
                    20:7d:fe:a0:d0:af:0c:99:dc:64:bd:3f:f4:53:51:
                    7c:ef:b6:13:bb:77:6f:a1:c3:7c:0d:5f:9c:4a:c7:
                    e1:77:ba:52:e1:6e:a1:ab:4e:d5:00:a8:f4:1c:5e:
                    37:0e:fb:be:bc:30:89:87:fa:9d:c4:d9:56:4e:72:
                    36:82:d5:05:4d:ef:3e:bd:0f:7b:f7:62:e3:2d:b3:
                    06:94:2c:f8:de:30:9f:a5:ef:14:51:a4:93:3e:56:
                    6f:c1:d3:9f:91:8f:66:e8:27:11:16:27:8a:99:98:
                    8b:77:4c:d3:e0:b2:ff:1a:38:2f:49:be:19:12:9a:
                    e5:a0:34:56:79:0d:18:2c:be:dc:55:05:12:cb:1a:
                    f7:19:32:0c:60:47:96:8c:f0:78:20:a1:ca:72:00:
                    4f:75:59:00:d0:cf:ad:77:86:5e:f0:d7:f4:6a:15:
                    23:79:0f:e4:50:63:0e:26:20:bb:57:d9:5a:3e:14:
                    8b:86:ac:67:a8:64:94:50:cd:dc:15:30:5d:32:08:
                    d6:83:ab:57:1e:3b:96:72:8b:5c:f4:61:7a:64:03:
                    2a:ff:69:41:cf:da:a7:18:33:25:c3:e7:d1:19:93:
                    fb:63:96:ec:3a:95:28:9c:96:db:1f:13:69:20:9c:
                    3f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:1D:03:74:F5:E8:C7:C8:A3:CF:81:2D:1C:2C:47:2A:5F:AD:66:7B
            X509v3 Authority Key Identifier:
                keyid:2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/mB0DdPXox8ijz4EtHCxHKl-tZns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.54.136.0/24
                  194.57.170.0/24
                  194.199.12.0/24
                  194.199.74.0/24
                  194.199.95.0/24
                  194.199.97.0-194.199.98.255
                  194.254.97.0/24
                  195.83.190.0/24
                  195.83.214.0/24
                  195.83.254.0/23
                IPv6:
                  2001:661:2000::/35

    Signature Algorithm: sha256WithRSAEncryption
         5d:45:00:c4:8d:3f:a7:e2:2e:87:58:4f:32:d4:e8:10:e2:dd:
         0c:4f:e7:cd:67:d4:45:f1:94:5f:61:fe:61:b0:55:ae:9f:e7:
         f7:ef:6d:a2:41:97:0a:d1:72:86:e4:3c:8f:55:6d:fe:12:03:
         d5:7b:9d:7d:68:f1:7e:7f:cf:ad:86:68:6d:f8:0d:5d:53:71:
         e7:fc:77:97:4d:b0:ef:1c:ff:1b:57:4a:63:d1:bf:a7:05:b5:
         65:f3:2c:fc:80:08:a2:20:14:3f:f7:9b:3d:a8:f4:95:1e:cb:
         25:0a:84:ae:a9:6b:ae:ea:45:dc:02:34:85:11:97:32:bd:8b:
         61:dd:52:ff:7e:b3:53:09:94:bf:8f:1b:75:24:40:31:42:30:
         cd:2b:2c:37:87:6c:29:01:1c:6a:22:62:e0:2d:4b:09:93:aa:
         0b:ab:06:67:94:cb:9c:60:23:b6:b5:84:29:20:34:06:bf:56:
         84:32:17:ff:75:69:1a:6c:2b:41:fe:f1:44:ea:f6:c2:a0:d3:
         6d:8a:b2:58:36:67:f3:71:23:53:fd:57:ca:e6:89:1f:45:15:
         7c:54:bb:d3:7c:39:ea:40:88:37:6a:60:bf:b9:a6:0e:83:24:
         bd:51:e5:92:6a:09:b4:f0:fb:7a:06:ea:14:19:9f:a1:5c:56:
         92:e7:e3:dd
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVwgr3dQdpSOTNAPN8TSs2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjk1N2FiYTJlZjAwMzUyODUwZTIwMjQ2NGM3MWQzM2Nh
ODE0NDgwHhcNMjMwMTAyMDMyNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODFkMDM3NGY1ZThjN2M4YTNjZjgxMmQxYzJjNDcyYTVmYWQ2NjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkIvKgq7tqcoSVAta9Egff6g0K8M
mdxkvT/0U1F877YTu3dvocN8DV+cSsfhd7pS4W6hq07VAKj0HF43Dvu+vDCJh/qd
xNlWTnI2gtUFTe8+vQ9792LjLbMGlCz43jCfpe8UUaSTPlZvwdOfkY9m6CcRFieK
mZiLd0zT4LL/GjgvSb4ZEprloDRWeQ0YLL7cVQUSyxr3GTIMYEeWjPB4IKHKcgBP
dVkA0M+td4Ze8Nf0ahUjeQ/kUGMOJiC7V9laPhSLhqxnqGSUUM3cFTBdMgjWg6tX
HjuWcotc9GF6ZAMq/2lBz9qnGDMlw+fRGZP7Y5bsOpUonJbbHxNpIJw/twIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJgdA3T16MfIo8+BLRwsRypfrWZ7MB8GA1UdIwQY
MBaAFC75V6ui7wA1KFDiAkZMcdM8qBRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYt
MDRhMjdjNGQ1NDUzLzEvbUIwRGRQWG94OGlqejRFdEhDeEhLbC10Wm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYtMDRhMjdjNGQ1NDUz
LzEvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBKBAIAATBEAwQAwTaIAwQA
wjmqAwQAwscMAwQAwsdKAwQAwsdfMAwDBADCx2EDBADCx2IDBADC/mEDBADDU74D
BADDU9YDBAHDU/4wDgQCAAIwCAMGBSABBmEgMA0GCSqGSIb3DQEBCwUAA4IBAQBd
RQDEjT+n4i6HWE8y1OgQ4t0MT+fNZ9RF8ZRfYf5hsFWun+f3722iQZcK0XKG5DyP
VW3+EgPVe519aPF+f8+thmht+A1dU3Hn/HeXTbDvHP8bV0pj0b+nBbVl8yz8gAii
IBQ/95s9qPSVHsslCoSuqWuu6kXcAjSFEZcyvYth3VL/frNTCZS/jxt1JEAxQjDN
Kyw3h2wpARxqImLgLUsJk6oLqwZnlMucYCO2tYQpIDQGv1aEMhf/dWkabCtB/vFE
6vbCoNNtirJYNmfzcSNT/VfK5okfRRV8VLvTfDnqQIg3amC/uaYOgyS9UeWSagm0
8Pt6BuoUGZ+hXFaS5+Pd
-----END CERTIFICATE-----