Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lt-xmHA-T_rWYvQFSTzEtIT7oM8.roa
File:                     lt-xmHA-T_rWYvQFSTzEtIT7oM8.roa (raw, json)
Hash identifier:          Ggk2QeBQgBv3mBPjsChbDSU7fNRamo0lj1jFc8g5W+E=
Subject key identifier:   96:DF:B1:98:70:3E:4F:FA:D6:62:F4:05:49:3C:C4:B4:84:FB:A0:CF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0718A354
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lt-xmHA-T_rWYvQFSTzEtIT7oM8.roa
Signing time:             Mon 07 Mar 2022 09:07:47 +0000
ROA not before:           Mon 07 Mar 2022 09:07:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        185.230.52.0/23 maxlen: 24
                          185.255.124.0/24 maxlen: 24
                          185.223.76.0/22 maxlen: 24
                          185.225.0.0/22 maxlen: 22
                          185.121.12.0/22 maxlen: 24
                          185.206.248.0/22 maxlen: 24
                          185.226.104.0/22 maxlen: 24
                          185.234.20.0/22 maxlen: 24
                          185.194.28.0/22 maxlen: 24
                          185.223.152.0/22 maxlen: 22
                          185.194.29.0/24 maxlen: 24
                          185.223.153.0/24 maxlen: 24
                          45.8.20.0/22 maxlen: 24
                          185.246.112.0/22 maxlen: 24
                          185.238.228.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 119055188 (0x718a354)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar  7 09:07:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=96dfb198703e4ffad662f405493cc4b484fba0cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:be:d4:18:e5:28:b3:67:26:f0:15:22:0f:6b:
                    8f:23:cc:f4:83:36:c0:3c:3f:99:3e:ef:91:b2:5a:
                    a6:80:a0:23:89:09:9b:f3:19:f2:3e:72:e2:b5:96:
                    41:fc:d2:25:b0:f2:5f:60:7e:43:ab:12:9d:2f:76:
                    d3:7a:81:08:54:8d:2b:b9:fd:1c:81:00:8d:29:fa:
                    b0:bb:1b:01:a2:1f:44:f3:b5:cb:07:3d:c6:d4:72:
                    b2:a5:87:82:d2:94:46:b1:91:9b:86:22:a1:05:cb:
                    47:32:86:ca:8e:01:1c:89:9b:76:1e:89:18:b1:8e:
                    2a:49:2c:62:1f:a3:21:0f:7c:19:11:57:ed:44:87:
                    0d:2a:25:db:f4:98:b2:94:58:36:92:b0:2e:13:cf:
                    85:d0:23:07:c4:b2:3a:6e:56:a6:ac:46:49:9c:a0:
                    b9:30:e9:da:eb:00:e2:8a:1c:ca:9b:0d:0c:dc:d2:
                    30:b0:72:9f:58:35:54:cb:44:de:07:2a:31:3d:a1:
                    1f:34:04:82:6b:54:a6:51:d2:f5:1e:cc:eb:ad:a3:
                    82:54:9a:53:22:0d:bf:75:cd:06:c5:74:a7:cb:fb:
                    5a:7d:e1:a0:f9:5d:50:1d:fb:60:bc:72:57:bb:1a:
                    0f:37:51:9d:f1:bc:23:5b:75:96:40:aa:ba:bf:21:
                    fa:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DF:B1:98:70:3E:4F:FA:D6:62:F4:05:49:3C:C4:B4:84:FB:A0:CF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lt-xmHA-T_rWYvQFSTzEtIT7oM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.20.0/22
                  185.121.12.0/22
                  185.194.28.0/22
                  185.206.248.0/22
                  185.223.76.0/22
                  185.223.152.0/22
                  185.225.0.0/22
                  185.226.104.0/22
                  185.230.52.0/23
                  185.234.20.0/22
                  185.238.228.0/22
                  185.246.112.0/22
                  185.255.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:2d:33:30:73:61:8d:f6:1c:d0:92:af:d5:71:ee:6f:18:dc:
         02:c0:b1:6a:17:2c:ee:1c:0b:41:be:07:2f:1e:15:1b:bf:d8:
         1e:0f:a1:3b:1e:3a:3e:49:77:c4:3a:1f:3b:4b:98:c2:23:6f:
         2e:bf:cb:a2:47:40:78:5d:1d:9c:de:6f:5c:e4:eb:fa:2f:35:
         d5:69:56:38:fa:4b:db:d9:73:a3:e6:1f:95:c9:4a:e7:89:86:
         85:45:f8:cc:a3:56:c5:9d:10:68:f9:0d:96:33:d0:d3:48:23:
         bb:8b:c6:11:a4:00:9d:53:c7:f1:6d:24:94:88:8a:c5:81:7c:
         aa:1b:73:ab:7b:6e:cf:0d:9e:cf:e1:b3:46:1e:77:1b:46:0c:
         c5:cd:97:c5:bf:73:5c:a0:70:93:b3:32:69:3c:ee:c2:b6:31:
         07:93:94:f1:ef:78:72:e6:c4:4f:c5:7f:7a:76:51:1f:b6:5d:
         87:0e:af:54:9b:47:ad:79:57:c9:24:3b:cc:95:56:d6:18:93:
         29:94:7b:fe:ab:de:b3:e5:7f:d3:73:d0:ad:ed:1d:40:dd:f5:
         69:17:b8:4c:55:aa:08:ca:39:cf:49:a7:99:fd:a8:77:c2:44:
         3f:c0:34:c9:17:fb:34:97:2b:57:12:70:d0:35:c2:da:0b:10:
         84:eb:4b:97
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIEBxijVDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MDY3ODRjMTA1MDg1YjlkNmFkNWY3M2EwM2IyMGQ5YTVjMTE0Y2FmMB4XDTIyMDMw
NzA5MDc0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTZkZmIxOTg3MDNl
NGZmYWQ2NjJmNDA1NDkzY2M0YjQ4NGZiYTBjZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKW+1BjlKLNnJvAVIg9rjyPM9IM2wDw/mT7vkbJapoCgI4kJ
m/MZ8j5y4rWWQfzSJbDyX2B+Q6sSnS9203qBCFSNK7n9HIEAjSn6sLsbAaIfRPO1
ywc9xtRysqWHgtKURrGRm4YioQXLRzKGyo4BHImbdh6JGLGOKkksYh+jIQ98GRFX
7USHDSol2/SYspRYNpKwLhPPhdAjB8SyOm5WpqxGSZyguTDp2usA4oocypsNDNzS
MLByn1g1VMtE3gcqMT2hHzQEgmtUplHS9R7M662jglSaUyINv3XNBsV0p8v7Wn3h
oPldUB37YLxyV7saDzdRnfG8I1t1lkCqur8h+iECAwEAAaOCAlEwggJNMB0GA1Ud
DgQWBBSW37GYcD5P+tZi9AVJPMS0hPugzzAfBgNVHSMEGDAWgBRgZ4TBBQhbnWrV
9zoDsg2aXBFMrzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lHZUV3UVVJVzUxcTFmYzZBN0lObWx3UlRLOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvMmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFiYy8x
L2x0LXhtSEEtVF9yV1l2UUZTVHpFdElUN29NOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
MmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFiYy8xL1lHZUV3UVVJVzUx
cTFmYzZBN0lObWx3UlRLOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBn
BggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAi0IFAMEArl5DAMEArnCHAMEArnO
+AMEArnfTAMEArnfmAMEArnhAAMEArniaAMEAbnmNAMEArnqFAMEArnu5AMEArn2
cAMEALn/fDANBgkqhkiG9w0BAQsFAAOCAQEAry0zMHNhjfYc0JKv1XHubxjcAsCx
ahcs7hwLQb4HLx4VG7/YHg+hOx46Pkl3xDofO0uYwiNvLr/LokdAeF0dnN5vXOTr
+i811WlWOPpL29lzo+YflclK54mGhUX4zKNWxZ0QaPkNljPQ00gju4vGEaQAnVPH
8W0klIiKxYF8qhtzq3tuzw2ez+GzRh53G0YMxc2Xxb9zXKBwk7MyaTzuwrYxB5OU
8e94cubET8V/enZRH7Zdhw6vVJtHrXlXySQ7zJVW1hiTKZR7/qves+V/03PQre0d
QN31aRe4TFWqCMo5z0mnmf2od8JEP8A0yRf7NJcrVxJw0DXC2gsQhOtLlw==
-----END CERTIFICATE-----