Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/zcwzU5TNwLcqlZ6cwTi6O3lkumU.roa
File:                     zcwzU5TNwLcqlZ6cwTi6O3lkumU.roa (raw, json)
Hash identifier:          BLuR5Qy9BE1Lrqsmx0AhJTgrvpROib8E7+LffJAYfMI=
Subject key identifier:   CD:CC:33:53:94:CD:C0:B7:2A:95:9E:9C:C1:38:BA:3B:79:64:BA:65
Certificate issuer:       /CN=389755423f832a528c93136110f0fe4b10453582
Certificate serial:       018283BDABB28E6E822DDE69AEC31E243408
Authority key identifier: 38:97:55:42:3F:83:2A:52:8C:93:13:61:10:F0:FE:4B:10:45:35:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OJdVQj-DKlKMkxNhEPD-SxBFNYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/zcwzU5TNwLcqlZ6cwTi6O3lkumU.roa
Signing time:             Tue 09 Aug 2022 17:53:41 +0000
ROA not before:           Tue 09 Aug 2022 17:53:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205993
IP address blocks:        89.34.4.0/24 maxlen: 24
                          185.199.230.0/23 maxlen: 23
                          185.199.228.0/23 maxlen: 23
                          89.34.0.0/24 maxlen: 24
                          46.102.190.0/24 maxlen: 24
                          188.214.193.0/24 maxlen: 24
                          188.213.23.0/24 maxlen: 24
                          89.40.138.0/24 maxlen: 24
                          188.214.140.0/24 maxlen: 24
                          188.214.155.0/24 maxlen: 24
                          89.32.202.0/24 maxlen: 24
                          86.105.186.0/24 maxlen: 24
                          2a0a:a4c0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:83:bd:ab:b2:8e:6e:82:2d:de:69:ae:c3:1e:24:34:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=389755423f832a528c93136110f0fe4b10453582
        Validity
            Not Before: Aug  9 17:53:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cdcc335394cdc0b72a959e9cc138ba3b7964ba65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0b:d4:8d:90:06:c3:54:a5:0e:af:0c:cf:c8:
                    89:2d:a8:9e:c7:2b:7b:5c:f5:4d:61:97:0a:56:a1:
                    8a:4e:3b:6a:b3:72:62:0b:ad:69:81:96:94:cf:7f:
                    2e:5b:d4:a6:21:c6:c3:02:a7:4e:0d:c7:60:eb:cc:
                    ad:bc:ba:48:5e:0b:3c:10:e2:a0:65:a6:19:6b:43:
                    4a:5a:e8:a9:6b:27:a0:a1:4b:ac:82:00:0c:16:fa:
                    2c:89:6a:bf:93:c8:d2:21:4d:96:1d:f0:f7:2e:09:
                    4b:d6:16:53:5e:9a:72:41:86:0d:b9:a6:77:2b:64:
                    e6:da:70:8b:6e:80:20:78:36:c2:b6:d8:dd:ff:5f:
                    a3:f3:ee:56:a2:78:d2:5a:bf:59:22:eb:1f:b7:9e:
                    aa:8b:7b:1c:a0:e6:72:92:83:e2:28:3f:4f:21:ae:
                    43:cb:17:46:94:6e:3f:97:3e:a9:d8:31:9e:66:b1:
                    5e:40:1d:3d:13:15:64:83:7c:21:ae:a7:ea:39:d0:
                    a5:d2:3e:c2:46:79:02:1d:47:32:8a:dc:68:d7:e9:
                    42:dd:4d:72:f5:b9:69:ce:88:f2:c9:6a:f4:74:12:
                    f2:15:94:42:e2:bd:f2:cb:18:c9:53:4d:10:53:15:
                    d5:1d:d1:8d:5d:cd:da:d6:92:73:83:e7:b5:63:e6:
                    7e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CC:33:53:94:CD:C0:B7:2A:95:9E:9C:C1:38:BA:3B:79:64:BA:65
            X509v3 Authority Key Identifier:
                keyid:38:97:55:42:3F:83:2A:52:8C:93:13:61:10:F0:FE:4B:10:45:35:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJdVQj-DKlKMkxNhEPD-SxBFNYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/zcwzU5TNwLcqlZ6cwTi6O3lkumU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/d9b596-601e-4426-a428-46957bd8860d/1/OJdVQj-DKlKMkxNhEPD-SxBFNYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.190.0/24
                  86.105.186.0/24
                  89.32.202.0/24
                  89.34.0.0/24
                  89.34.4.0/24
                  89.40.138.0/24
                  185.199.228.0/22
                  188.213.23.0/24
                  188.214.140.0/24
                  188.214.155.0/24
                  188.214.193.0/24
                IPv6:
                  2a0a:a4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:ab:06:17:2f:97:9a:9c:b6:08:ce:2d:71:06:10:3a:a6:6d:
         2a:4f:30:ce:08:b8:8b:ed:3d:81:75:5d:b5:db:27:d3:5e:c2:
         90:76:f4:10:6f:a3:94:df:5d:1e:3d:23:1a:75:16:b5:5c:ac:
         fb:51:76:16:12:49:0e:a3:c5:26:d9:f6:57:f4:a2:69:8f:44:
         ad:2c:21:35:9d:83:5c:ce:e2:0e:40:89:31:f2:7d:a4:71:86:
         53:b2:bc:f2:df:fe:2f:21:04:14:72:a6:90:21:0d:43:f3:2a:
         b4:ff:21:49:4f:f8:dc:40:67:bc:af:36:a6:6f:fb:45:99:f1:
         a3:90:65:f4:8a:fc:89:e3:d5:b7:f6:e0:05:12:4c:b2:5b:6e:
         23:0e:f1:1a:76:07:8d:9d:ec:93:37:2f:f5:a4:86:4f:53:9b:
         71:13:ab:15:af:88:c8:ff:d0:34:3d:83:6f:46:e2:c3:d8:b5:
         d7:77:3c:88:10:3d:dc:85:85:7a:48:67:40:a8:26:43:e9:f1:
         ea:96:e8:0a:ea:5b:9e:b7:6a:a4:42:8a:6e:18:52:6a:f5:67:
         fb:20:df:74:61:dd:93:99:3b:67:68:07:30:72:47:2c:60:60:
         c6:4e:ee:42:99:88:76:d6:b5:13:9f:08:83:4c:9b:b2:71:1e:
         6e:f4:bf:1e
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYKDvauyjm6CLd5prsMeJDQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OTc1NTQyM2Y4MzJhNTI4YzkzMTM2MTEwZjBmZTRiMTA0
NTM1ODIwHhcNMjIwODA5MTc1MzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGNjMzM1Mzk0Y2RjMGI3MmE5NTllOWNjMTM4YmEzYjc5NjRiYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngvUjZAGw1SlDq8Mz8iJLaiexyt7
XPVNYZcKVqGKTjtqs3JiC61pgZaUz38uW9SmIcbDAqdODcdg68ytvLpIXgs8EOKg
ZaYZa0NKWuipayegoUusggAMFvosiWq/k8jSIU2WHfD3LglL1hZTXppyQYYNuaZ3
K2Tm2nCLboAgeDbCttjd/1+j8+5WonjSWr9ZIusft56qi3scoOZykoPiKD9PIa5D
yxdGlG4/lz6p2DGeZrFeQB09ExVkg3whrqfqOdCl0j7CRnkCHUcyitxo1+lC3U1y
9blpzojyyWr0dBLyFZRC4r3yyxjJU00QUxXVHdGNXc3a1pJzg+e1Y+Z+YwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFM3MM1OUzcC3KpWenME4ujt5ZLplMB8GA1UdIwQY
MBaAFDiXVUI/gypSjJMTYRDw/ksQRTWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0pkVlFqLURLbEtNa3hOaEVQRC1TeEJGTllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9kOWI1OTYtNjAxZS00NDI2LWE0Mjgt
NDY5NTdiZDg4NjBkLzEvemN3elU1VE53TGNxbFo2Y3dUaTZPM2xrdW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9kOWI1OTYtNjAxZS00NDI2LWE0MjgtNDY5NTdiZDg4NjBk
LzEvT0pkVlFqLURLbEtNa3hOaEVQRC1TeEJGTllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQALma+AwQA
Vmm6AwQAWSDKAwQAWSIAAwQAWSIEAwQAWSiKAwQCucfkAwQAvNUXAwQAvNaMAwQA
vNabAwQAvNbBMA0EAgACMAcDBQMqCqTAMA0GCSqGSIb3DQEBCwUAA4IBAQCbqwYX
L5eanLYIzi1xBhA6pm0qTzDOCLiL7T2BdV212yfTXsKQdvQQb6OU310ePSMadRa1
XKz7UXYWEkkOo8Um2fZX9KJpj0StLCE1nYNczuIOQIkx8n2kcYZTsrzy3/4vIQQU
cqaQIQ1D8yq0/yFJT/jcQGe8rzamb/tFmfGjkGX0ivyJ49W39uAFEkyyW24jDvEa
dgeNneyTNy/1pIZPU5txE6sVr4jI/9A0PYNvRuLD2LXXdzyIED3chYV6SGdAqCZD
6fHqlugK6luet2qkQopuGFJq9Wf7IN90Yd2TmTtnaAcwckcsYGDGTu5CmYh21rUT
nwiDTJuycR5u9L8e
-----END CERTIFICATE-----