Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/CRONcy1TgCsB61LYDrakQdDnVhk.roa
File:                     CRONcy1TgCsB61LYDrakQdDnVhk.roa (raw, json)
Hash identifier:          2AlglROeP/3V2UtTAhk90StT6vFRaUS9MdTOab/X9eY=
Subject key identifier:   09:13:8D:73:2D:53:80:2B:01:EB:52:D8:0E:B6:A4:41:D0:E7:56:19
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       06F522B8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/CRONcy1TgCsB61LYDrakQdDnVhk.roa
Signing time:             Sun 20 Feb 2022 09:14:04 +0000
ROA not before:           Sun 20 Feb 2022 09:14:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207046
IP address blocks:        185.247.4.0/22 maxlen: 24
                          194.113.28.0/22 maxlen: 24
                          185.247.5.0/24 maxlen: 24
                          185.247.6.0/23 maxlen: 24
                          185.209.36.0/22 maxlen: 22
                          194.146.220.0/22 maxlen: 22
                          185.221.16.0/23 maxlen: 23
                          185.227.206.0/24 maxlen: 24
                          45.134.84.0/22 maxlen: 24
                          185.221.22.0/23 maxlen: 23
                          185.227.207.0/24 maxlen: 24
                          185.249.204.0/22 maxlen: 22
                          185.250.182.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 116728504 (0x6f522b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 20 09:14:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=09138d732d53802b01eb52d80eb6a441d0e75619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4a:1a:d0:27:fd:5f:41:d8:ad:02:c2:90:51:
                    ec:7e:59:00:b5:e5:b6:1d:2a:09:a5:2f:e1:5f:23:
                    39:63:b6:b0:48:9f:90:b0:2d:90:24:83:11:8c:10:
                    fd:ca:58:59:ca:12:70:0a:54:e7:e0:d7:e9:88:dd:
                    c8:c4:e6:93:73:a4:2b:d3:72:36:3a:60:21:ed:e1:
                    36:dd:d0:09:8f:83:05:30:83:42:45:56:92:e1:c4:
                    64:de:88:44:fa:c9:a6:9e:a8:6a:fc:53:dc:94:a9:
                    f4:83:50:d9:00:f0:8c:de:68:0f:24:69:a0:6d:e1:
                    07:a7:f2:5b:4d:48:9e:1f:9c:83:fa:1c:16:88:7a:
                    81:9f:e8:35:5e:91:8c:4a:35:03:5a:55:ba:39:68:
                    39:a9:b1:b4:09:b8:22:2d:6d:81:51:8e:df:5e:37:
                    c3:50:5d:22:87:01:64:2e:3d:6f:5d:df:c6:00:8d:
                    60:b2:6b:c1:04:9f:cf:ff:b0:25:45:13:12:06:14:
                    16:90:24:a7:5e:f6:11:af:f2:9d:f0:6d:fa:7f:8d:
                    9e:cc:11:91:7c:4d:e3:e6:e8:f9:2e:b5:c1:c3:95:
                    c9:64:f2:65:c8:4e:49:3d:7a:cc:57:e4:64:19:c1:
                    53:41:61:cc:c8:3d:db:0c:c8:93:89:f5:5e:ec:c1:
                    dd:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:13:8D:73:2D:53:80:2B:01:EB:52:D8:0E:B6:A4:41:D0:E7:56:19
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/CRONcy1TgCsB61LYDrakQdDnVhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.84.0/22
                  185.209.36.0/22
                  185.221.16.0/23
                  185.221.22.0/23
                  185.227.206.0/23
                  185.247.4.0/22
                  185.249.204.0/22
                  185.250.182.0/23
                  194.113.28.0/22
                  194.146.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:e1:38:5e:89:5a:c2:80:77:60:88:d2:8b:00:e9:8a:17:9b:
         00:3e:36:b5:e6:50:25:a3:5f:f3:ff:2c:32:ad:be:43:3b:38:
         b7:ca:af:ed:24:03:d2:62:1e:1b:fb:4f:17:30:49:82:49:52:
         73:ca:12:1c:7b:13:a9:6f:eb:80:d5:f7:9a:79:64:d4:da:3b:
         0b:dd:ab:71:9f:94:8d:25:77:85:74:e2:3f:0c:39:b0:e3:3c:
         62:30:10:dc:ad:78:5e:23:66:4b:61:34:95:a2:e5:bf:aa:4d:
         e1:5c:15:c9:b1:d9:03:b1:6d:79:6f:95:ac:38:43:ce:68:16:
         f2:4b:b2:3c:45:f3:d3:42:d9:b3:b8:83:5a:df:74:9e:93:8f:
         84:0c:0e:78:56:1b:33:fc:d4:54:28:06:0f:d5:eb:df:f3:45:
         a8:7c:99:32:10:7d:77:07:b1:0a:06:91:29:d5:a3:5f:3c:a8:
         2a:a7:8f:b9:3a:ce:05:91:05:47:f4:1e:2d:3b:14:b2:6c:c1:
         9d:c0:26:64:20:4f:20:e8:f4:51:21:31:eb:ae:b9:f2:81:10:
         6b:57:b7:80:be:82:b4:5d:4e:18:89:d3:ee:af:0e:d2:10:ca:
         a6:c7:23:a8:a3:4e:aa:19:33:1b:95:08:eb:42:92:0b:09:59:
         7a:a8:2f:e4
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEBvUiuDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MDY3ODRjMTA1MDg1YjlkNmFkNWY3M2EwM2IyMGQ5YTVjMTE0Y2FmMB4XDTIyMDIy
MDA5MTQwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDkxMzhkNzMyZDUz
ODAyYjAxZWI1MmQ4MGViNmE0NDFkMGU3NTYxOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK1KGtAn/V9B2K0CwpBR7H5ZALXlth0qCaUv4V8jOWO2sEif
kLAtkCSDEYwQ/cpYWcoScApU5+DX6YjdyMTmk3OkK9NyNjpgIe3hNt3QCY+DBTCD
QkVWkuHEZN6IRPrJpp6oavxT3JSp9INQ2QDwjN5oDyRpoG3hB6fyW01Inh+cg/oc
Foh6gZ/oNV6RjEo1A1pVujloOamxtAm4Ii1tgVGO3143w1BdIocBZC49b13fxgCN
YLJrwQSfz/+wJUUTEgYUFpAkp172Ea/ynfBt+n+NnswRkXxN4+bo+S61wcOVyWTy
ZchOST16zFfkZBnBU0FhzMg92wzIk4n1XuzB3WUCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBQJE41zLVOAKwHrUtgOtqRB0OdWGTAfBgNVHSMEGDAWgBRgZ4TBBQhbnWrV
9zoDsg2aXBFMrzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lHZUV3UVVJVzUxcTFmYzZBN0lObWx3UlRLOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvMmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFiYy8x
L0NST05jeTFUZ0NzQjYxTFlEcmFrUWREblZoay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
MmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFiYy8xL1lHZUV3UVVJVzUx
cTFmYzZBN0lObWx3UlRLOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAi2GVAMEArnRJAMEAbndEAMEAbnd
FgMEAbnjzgMEArn3BAMEArn5zAMEAbn6tgMEAsJxHAMEAsKS3DANBgkqhkiG9w0B
AQsFAAOCAQEAAuE4XolawoB3YIjSiwDpihebAD42teZQJaNf8/8sMq2+Qzs4t8qv
7SQD0mIeG/tPFzBJgklSc8oSHHsTqW/rgNX3mnlk1No7C92rcZ+UjSV3hXTiPww5
sOM8YjAQ3K14XiNmS2E0laLlv6pN4VwVybHZA7FteW+VrDhDzmgW8kuyPEXz00LZ
s7iDWt90npOPhAwOeFYbM/zUVCgGD9Xr3/NFqHyZMhB9dwexCgaRKdWjXzyoKqeP
uTrOBZEFR/QeLTsUsmzBncAmZCBPIOj0USEx66658oEQa1e3gL6CtF1OGInT7q8O
0hDKpscjqKNOqhkzG5UI60KSCwlZeqgv5A==
-----END CERTIFICATE-----