Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/0nIF25ua4GdPM4kdn2441sI_jm0.roa
File:                     0nIF25ua4GdPM4kdn2441sI_jm0.roa (raw, json)
Hash identifier:          BIhU+BCErF84qrL5zkNIB8BnaV60Lk7os+cHYfyibGs=
Subject key identifier:   D2:72:05:DB:9B:9A:E0:67:4F:33:89:1D:9F:6E:38:D6:C2:3F:8E:6D
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0A1541D5
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/0nIF25ua4GdPM4kdn2441sI_jm0.roa
Signing time:             Thu 28 Apr 2022 07:53:00 +0000
ROA not before:           Thu 28 Apr 2022 07:53:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25206
IP address blocks:        89.252.216.0/24 maxlen: 24
                          89.252.216.0/22 maxlen: 22
                          89.252.217.0/24 maxlen: 24
                          89.252.219.0/24 maxlen: 24
                          89.252.218.0/24 maxlen: 24
                          89.252.233.0/24 maxlen: 24
                          89.252.232.0/22 maxlen: 22
                          89.252.232.0/21 maxlen: 21
                          89.252.232.0/24 maxlen: 24
                          89.252.235.0/24 maxlen: 24
                          89.252.234.0/24 maxlen: 24
                          89.252.237.0/24 maxlen: 24
                          89.252.236.0/24 maxlen: 24
                          89.252.238.0/24 maxlen: 24
                          89.252.239.0/24 maxlen: 24
                          89.252.248.0/22 maxlen: 22
                          89.252.249.0/24 maxlen: 24
                          89.252.248.0/24 maxlen: 24
                          89.252.250.0/24 maxlen: 24
                          89.252.251.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 169165269 (0xa1541d5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Apr 28 07:53:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d27205db9b9ae0674f33891d9f6e38d6c23f8e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a9:0f:99:fa:a3:50:e4:e4:38:89:f0:26:82:
                    45:c2:39:f3:5f:54:50:7a:fd:64:5f:2c:a7:97:1d:
                    92:9d:9b:86:87:72:86:dd:cb:87:02:a9:de:58:e3:
                    4c:a6:43:f4:73:db:14:48:23:15:6e:62:b6:c7:a7:
                    b9:25:88:d1:61:b7:38:1c:86:c5:e2:05:17:7b:24:
                    00:fa:a3:6e:c7:00:53:e6:80:13:ed:80:40:0c:26:
                    97:26:a4:ec:99:40:b2:7b:5d:50:72:b2:a2:f7:36:
                    5f:77:72:ac:45:d4:ae:de:43:48:2b:78:29:02:da:
                    1a:56:8e:3d:94:5a:7d:b1:49:f1:3f:e5:d9:7c:f0:
                    73:d7:72:dc:57:7c:6e:4e:17:43:5b:24:3d:87:f2:
                    01:0c:38:09:d0:b5:37:3e:7b:11:49:52:e6:ba:e2:
                    05:90:2b:1c:78:12:4d:13:5a:ec:4a:90:f3:02:43:
                    58:a8:71:20:44:2d:aa:51:ab:e2:1f:6c:d1:cf:8a:
                    f6:fd:27:41:b7:0c:1c:59:13:1e:ce:9e:3b:2a:37:
                    9c:1a:ee:22:d2:31:79:76:0b:99:27:88:7d:11:88:
                    f2:09:13:3b:1d:d0:ed:c1:67:54:a7:68:79:9e:f1:
                    23:f8:00:85:a8:b4:57:c6:1b:cf:1b:bd:23:c1:47:
                    fc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:72:05:DB:9B:9A:E0:67:4F:33:89:1D:9F:6E:38:D6:C2:3F:8E:6D
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/0nIF25ua4GdPM4kdn2441sI_jm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.216.0/22
                  89.252.232.0/21
                  89.252.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:2a:2c:31:b1:fe:c7:e2:a2:c1:19:01:4d:31:ba:f2:57:71:
         c5:c2:9a:51:a6:c2:7d:6e:a7:0c:05:46:a8:84:78:31:68:4f:
         78:c1:38:f2:56:37:e5:d3:38:f8:85:4e:5f:a7:60:01:cb:34:
         a8:88:9b:35:3f:2a:df:28:b6:7a:05:46:87:d0:96:6f:d8:a3:
         6c:98:98:06:65:6b:5d:06:3d:09:3a:d2:ae:9e:7e:61:3d:21:
         1c:e4:dd:67:94:67:fc:71:e8:a1:0b:22:78:df:00:93:fd:0a:
         5c:b9:52:5a:08:5a:d8:79:cc:3b:c2:0b:6c:43:74:af:85:f8:
         1a:f7:00:ef:c6:2a:da:a7:07:e7:a7:c3:16:0f:4c:fc:39:d1:
         f4:77:af:e3:83:00:07:45:21:30:c2:c6:a1:2c:a1:1c:53:96:
         c3:38:42:1a:89:3c:e8:b9:c0:7d:f1:d4:60:f4:ca:4d:37:ec:
         80:37:ec:8d:2c:f4:be:91:ad:e5:bf:11:d2:e2:68:47:f3:cb:
         11:cb:ab:82:c6:85:20:48:17:c5:56:dc:6d:f2:40:ed:2d:05:
         61:c1:38:37:9e:3b:75:d7:03:8b:69:f4:52:87:91:60:10:47:
         83:29:21:a6:42:a4:6a:e3:17:68:14:52:65:d1:d5:d0:35:06:
         9f:7c:d7:5c
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEChVB1TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MTA0YTQwODIxYzQxNzZjYzQyZTI1NWVmNmMxNzI3NDczYzNmMDBhMB4XDTIyMDQy
ODA3NTMwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDI3MjA1ZGI5Yjlh
ZTA2NzRmMzM4OTFkOWY2ZTM4ZDZjMjNmOGU2ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOKpD5n6o1Dk5DiJ8CaCRcI5819UUHr9ZF8sp5cdkp2bhody
ht3LhwKp3ljjTKZD9HPbFEgjFW5itsenuSWI0WG3OByGxeIFF3skAPqjbscAU+aA
E+2AQAwmlyak7JlAsntdUHKyovc2X3dyrEXUrt5DSCt4KQLaGlaOPZRafbFJ8T/l
2Xzwc9dy3Fd8bk4XQ1skPYfyAQw4CdC1Nz57EUlS5rriBZArHHgSTRNa7EqQ8wJD
WKhxIEQtqlGr4h9s0c+K9v0nQbcMHFkTHs6eOyo3nBruItIxeXYLmSeIfRGI8gkT
Ox3Q7cFnVKdoeZ7xI/gAhai0V8Ybzxu9I8FH/NECAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTScgXbm5rgZ08ziR2fbjjWwj+ObTAfBgNVHSMEGDAWgBRBBKQIIcQXbMQu
JV72wXJ0c8PwCjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FRU2tDQ0hFRjJ6RUxpVmU5c0Z5ZEhQRDhBby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvOTY5OTYyLTEyZDMtNDFiMi1hYjQzLWIyN2Q2ZTI3OGUxOC8x
LzBuSUYyNXVhNEdkUE00a2RuMjQ0MXNJX2ptMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
OTY5OTYyLTEyZDMtNDFiMi1hYjQzLWIyN2Q2ZTI3OGUxOC8xL1FRU2tDQ0hFRjJ6
RUxpVmU5c0Z5ZEhQRDhBby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAln82AMEA1n86AMEAln8+DANBgkq
hkiG9w0BAQsFAAOCAQEAjyosMbH+x+KiwRkBTTG68ldxxcKaUabCfW6nDAVGqIR4
MWhPeME48lY35dM4+IVOX6dgAcs0qIibNT8q3yi2egVGh9CWb9ijbJiYBmVrXQY9
CTrSrp5+YT0hHOTdZ5Rn/HHooQsieN8Ak/0KXLlSWgha2HnMO8ILbEN0r4X4GvcA
78Yq2qcH56fDFg9M/DnR9Hev44MAB0UhMMLGoSyhHFOWwzhCGok86LnAffHUYPTK
TTfsgDfsjSz0vpGt5b8R0uJoR/PLEcurgsaFIEgXxVbcbfJA7S0FYcE4N547ddcD
i2n0UoeRYBBHgykhpkKkauMXaBRSZdHV0DUGn3zXXA==
-----END CERTIFICATE-----