Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/756eef-6629-463a-99ff-46a43ef0221b/1/LoiNHCn-retY7J1lqsGnLarptaw.roa
File:                     LoiNHCn-retY7J1lqsGnLarptaw.roa (raw, json)
Hash identifier:          DhRDHK+hu/yams2p1yFlMAXfKuVY46BHhRJKBy+/cRg=
Subject key identifier:   2E:88:8D:1C:29:FE:AD:EB:58:EC:9D:65:AA:C1:A7:2D:AA:E9:B5:AC
Certificate issuer:       /CN=bdd244214d76468d3fb72abad1892ef23dede978
Certificate serial:       018A5F73E18D2BE3502E651B7130B30330C0
Authority key identifier: BD:D2:44:21:4D:76:46:8D:3F:B7:2A:BA:D1:89:2E:F2:3D:ED:E9:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vdJEIU12Ro0_tyq60Yku8j3t6Xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/756eef-6629-463a-99ff-46a43ef0221b/1/LoiNHCn-retY7J1lqsGnLarptaw.roa
Signing time:             Mon 04 Sep 2023 09:09:04 +0000
ROA not before:           Mon 04 Sep 2023 09:09:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6730
IP address blocks:        46.140.0.0/17 maxlen: 17
                          46.140.0.0/16 maxlen: 16
                          81.7.224.0/20 maxlen: 20
                          81.7.224.0/19 maxlen: 19
                          62.2.0.0/17 maxlen: 17
                          62.2.0.0/16 maxlen: 16
                          178.82.0.0/16 maxlen: 16
                          31.10.128.0/18 maxlen: 18
                          31.10.128.0/17 maxlen: 17
                          80.219.0.0/16 maxlen: 16
                          31.10.192.0/18 maxlen: 18
                          46.127.0.0/16 maxlen: 16
                          46.140.128.0/17 maxlen: 17
                          80.218.0.0/16 maxlen: 16
                          80.218.0.0/15 maxlen: 15
                          62.2.128.0/17 maxlen: 17
                          46.126.0.0/16 maxlen: 16
                          46.126.0.0/15 maxlen: 15
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5f:73:e1:8d:2b:e3:50:2e:65:1b:71:30:b3:03:30:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdd244214d76468d3fb72abad1892ef23dede978
        Validity
            Not Before: Sep  4 09:09:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e888d1c29feadeb58ec9d65aac1a72daae9b5ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:74:e7:bb:49:ba:e4:ac:0b:00:d3:a7:8a:a9:
                    7d:96:00:5d:f9:ca:b4:a3:da:a5:3c:3c:60:46:35:
                    d5:4d:c4:dc:9b:8a:32:63:1b:4e:e3:70:30:ef:72:
                    35:bd:fe:0c:b4:5e:15:24:ef:76:82:2c:78:ac:a3:
                    27:9b:43:5a:68:55:31:60:96:81:29:84:9a:2f:33:
                    c9:10:00:1d:64:07:c5:8c:65:86:29:e0:50:de:0c:
                    15:9b:c2:6b:05:cd:ff:c0:6f:e6:b2:3f:a2:8e:e8:
                    b0:58:b4:5c:ed:b3:41:2a:b5:71:f5:2a:80:14:00:
                    73:cf:ca:54:83:9c:e9:76:18:6c:e9:21:4a:6b:1a:
                    e5:8e:9c:2b:e2:db:3f:df:d4:11:70:ee:31:10:6b:
                    1f:59:83:84:2c:bb:a0:28:0a:04:98:a8:2a:80:01:
                    84:54:6d:1e:8c:7b:9f:4f:1e:8b:98:c7:6c:58:24:
                    cb:d5:83:b5:b0:0d:cf:3b:8b:26:66:d0:b9:7a:c1:
                    3a:d5:97:c3:db:e9:cf:de:b2:cc:2e:61:a5:70:9b:
                    57:04:a7:55:c9:f2:90:0f:bf:74:90:6a:65:bd:7e:
                    55:0e:93:c1:ed:3e:eb:cc:74:c8:2d:c4:86:70:f0:
                    2b:67:fe:6f:97:eb:d1:25:f9:27:17:1d:bf:01:1c:
                    f2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:88:8D:1C:29:FE:AD:EB:58:EC:9D:65:AA:C1:A7:2D:AA:E9:B5:AC
            X509v3 Authority Key Identifier:
                keyid:BD:D2:44:21:4D:76:46:8D:3F:B7:2A:BA:D1:89:2E:F2:3D:ED:E9:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vdJEIU12Ro0_tyq60Yku8j3t6Xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/756eef-6629-463a-99ff-46a43ef0221b/1/LoiNHCn-retY7J1lqsGnLarptaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/756eef-6629-463a-99ff-46a43ef0221b/1/vdJEIU12Ro0_tyq60Yku8j3t6Xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.10.128.0/17
                  46.126.0.0/15
                  46.140.0.0/16
                  62.2.0.0/16
                  80.218.0.0/15
                  81.7.224.0/19
                  178.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6d:6a:5f:b9:b7:dc:f7:7c:da:90:b4:ba:0f:79:d6:e0:d0:3a:
         60:b6:df:92:02:a6:d9:e4:86:b5:f2:f6:fc:0f:a9:ba:1a:ee:
         c4:96:be:0b:29:1a:03:e7:f5:93:0a:c7:9e:d8:f1:25:c3:bb:
         92:b5:d6:c3:64:7a:09:85:45:1e:03:ea:8e:1b:db:e5:2f:9c:
         b3:cb:f8:8b:7b:a5:9f:ca:61:1e:56:a3:92:34:ef:d1:f9:c4:
         d7:00:87:53:2b:62:84:b3:62:c1:2b:31:a9:b8:9e:f5:5f:92:
         99:b3:54:99:e6:bc:8b:58:94:24:d9:16:24:68:7e:84:dd:fc:
         51:88:9d:5e:8f:e3:60:5c:be:41:af:ad:49:d6:e9:4e:bc:c8:
         b0:14:76:e3:99:e7:cb:96:7c:dd:77:c4:61:28:1c:82:74:22:
         79:26:7b:9c:01:84:c0:b0:3f:42:18:5f:00:eb:7f:bd:fa:2e:
         24:5b:c7:4e:a2:a6:9a:e5:1b:e7:dc:b0:ee:b9:d8:d0:d3:30:
         2f:96:70:c1:e7:4f:06:b7:3a:9e:1e:e5:41:d6:91:2a:af:9d:
         43:bf:ff:58:75:02:2a:25:ac:b8:92:11:df:41:03:3d:69:39:
         60:fc:0c:78:43:34:cf:39:be:95:69:45:e1:de:e2:88:c1:b5:
         b4:55:a6:66
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYpfc+GNK+NQLmUbcTCzAzDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZDI0NDIxNGQ3NjQ2OGQzZmI3MmFiYWQxODkyZWYyM2Rl
ZGU5NzgwHhcNMjMwOTA0MDkwOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTg4OGQxYzI5ZmVhZGViNThlYzlkNjVhYWMxYTcyZGFhZTliNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHTnu0m65KwLANOniql9lgBd+cq0
o9qlPDxgRjXVTcTcm4oyYxtO43Aw73I1vf4MtF4VJO92gix4rKMnm0NaaFUxYJaB
KYSaLzPJEAAdZAfFjGWGKeBQ3gwVm8JrBc3/wG/msj+ijuiwWLRc7bNBKrVx9SqA
FABzz8pUg5zpdhhs6SFKaxrljpwr4ts/39QRcO4xEGsfWYOELLugKAoEmKgqgAGE
VG0ejHufTx6LmMdsWCTL1YO1sA3PO4smZtC5esE61ZfD2+nP3rLMLmGlcJtXBKdV
yfKQD790kGplvX5VDpPB7T7rzHTILcSGcPArZ/5vl+vRJfknFx2/ARzyywIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFC6IjRwp/q3rWOydZarBpy2q6bWsMB8GA1UdIwQY
MBaAFL3SRCFNdkaNP7cqutGJLvI97el4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmRKRUlVMTJSbzBfdHlxNjBZa3U4ajN0NlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83NTZlZWYtNjYyOS00NjNhLTk5ZmYt
NDZhNDNlZjAyMjFiLzEvTG9pTkhDbi1yZXRZN0oxbHFzR25MYXJwdGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83NTZlZWYtNjYyOS00NjNhLTk5ZmYtNDZhNDNlZjAyMjFi
LzEvdmRKRUlVMTJSbzBfdHlxNjBZa3U4ajN0NlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAATAlAwQHHwqAAwMB
Ln4DAwAujAMDAD4CAwMBUNoDBAVRB+ADAwCyUjANBgkqhkiG9w0BAQsFAAOCAQEA
bWpfubfc93zakLS6D3nW4NA6YLbfkgKm2eSGtfL2/A+puhruxJa+CykaA+f1kwrH
ntjxJcO7krXWw2R6CYVFHgPqjhvb5S+cs8v4i3uln8phHlajkjTv0fnE1wCHUyti
hLNiwSsxqbie9V+SmbNUmea8i1iUJNkWJGh+hN38UYidXo/jYFy+Qa+tSdbpTrzI
sBR245nny5Z83XfEYSgcgnQieSZ7nAGEwLA/QhhfAOt/vfouJFvHTqKmmuUb59yw
7rnY0NMwL5ZwwedPBrc6nh7lQdaRKq+dQ7//WHUCKiWsuJIR30EDPWk5YPwMeEM0
zzm+lWlF4d7iiMG1tFWmZg==
-----END CERTIFICATE-----