Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/Pj8lHp0xPjOvidhRPNxxpJVnG1U.roa
File:                     Pj8lHp0xPjOvidhRPNxxpJVnG1U.roa (raw, json)
Hash identifier:          bKI185HWS0T7ooSCRAYhtuiFOfM6vxMib7dOYVcUR8I=
Subject key identifier:   3E:3F:25:1E:9D:31:3E:33:AF:89:D8:51:3C:DC:71:A4:95:67:1B:55
Certificate issuer:       /CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
Certificate serial:       01833201DE2CACC42AEF8286C8C3A0413B7C
Authority key identifier: E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/Pj8lHp0xPjOvidhRPNxxpJVnG1U.roa
Signing time:             Mon 12 Sep 2022 14:02:06 +0000
ROA not before:           Mon 12 Sep 2022 14:02:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41436
IP address blocks:        83.229.83.0/24 maxlen: 24
                          83.229.82.0/24 maxlen: 24
                          63.250.56.0/24 maxlen: 24
                          63.250.57.0/24 maxlen: 24
                          185.220.204.0/24 maxlen: 24
                          185.220.205.0/24 maxlen: 24
                          45.91.168.0/24 maxlen: 24
                          194.146.38.0/24 maxlen: 24
                          194.146.39.0/24 maxlen: 24
                          5.180.180.0/24 maxlen: 24
                          5.180.182.0/24 maxlen: 24
                          5.180.183.0/24 maxlen: 24
                          5.180.181.0/24 maxlen: 24
                          2a06:c5c0:200::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:32:01:de:2c:ac:c4:2a:ef:82:86:c8:c3:a0:41:3b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
        Validity
            Not Before: Sep 12 14:02:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3e3f251e9d313e33af89d8513cdc71a495671b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8e:4b:ec:b7:8d:a2:7d:05:d5:c2:9d:0b:04:
                    fe:2f:2d:33:f4:b4:cc:f9:34:b6:ab:eb:34:2e:8c:
                    fd:a2:aa:3f:45:55:ce:39:1f:91:0b:d6:cb:cc:e6:
                    b5:d4:35:75:05:e9:fd:27:bf:d1:19:a3:4f:44:73:
                    6a:a5:bd:3d:10:fc:73:6f:64:b3:8f:c8:ba:e7:a3:
                    da:78:95:d0:60:40:14:5c:18:35:26:e9:64:0c:e3:
                    22:d2:ac:15:8f:ca:16:95:96:2a:e5:13:42:ea:98:
                    de:30:2a:78:9e:14:de:f3:bb:66:21:0d:61:7b:5f:
                    60:81:a9:70:29:4a:57:24:17:39:de:8c:64:f7:87:
                    7f:92:04:4e:f7:65:9a:5a:33:2d:d1:7e:7e:63:54:
                    dc:ed:31:35:7d:1d:e7:21:a9:f2:ea:0f:87:d9:7a:
                    6f:3a:fc:b6:74:33:73:ec:ba:76:55:c9:a1:fd:f6:
                    5d:8e:7c:6d:65:83:38:eb:9a:60:11:bf:f2:59:fb:
                    66:64:34:1b:91:c2:1d:c2:42:55:dc:3f:39:1b:10:
                    24:44:d5:87:78:4d:7d:1a:42:2a:2c:7b:38:4c:90:
                    9e:60:65:74:b7:e4:b8:c1:aa:f3:38:b1:89:dc:b9:
                    fc:b3:70:1b:3e:42:8f:59:fe:15:26:b7:16:ec:ad:
                    7e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:3F:25:1E:9D:31:3E:33:AF:89:D8:51:3C:DC:71:A4:95:67:1B:55
            X509v3 Authority Key Identifier:
                keyid:E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/Pj8lHp0xPjOvidhRPNxxpJVnG1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5b15I6_brofQeyMI3TidnPCC7W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.180.0/22
                  45.91.168.0/24
                  63.250.56.0/23
                  83.229.82.0/23
                  185.220.204.0/23
                  194.146.38.0/23
                IPv6:
                  2a06:c5c0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:52:90:d3:6a:89:3d:cc:e1:d7:02:6f:8c:56:52:c4:e3:88:
         fc:bb:6b:61:90:d7:1a:c3:e5:1e:37:8f:55:89:fb:e5:03:88:
         c5:80:cb:76:3d:9c:ff:f4:51:e9:f6:61:09:88:9e:4f:86:31:
         04:cd:c3:c4:f8:79:ad:cf:44:07:88:e9:1c:08:31:95:fb:0d:
         7f:c1:20:36:36:28:1f:27:83:2a:cb:41:9d:07:51:7b:3e:1f:
         83:2c:99:cb:08:30:37:d2:a6:0f:b9:41:5c:0c:9b:72:8d:fd:
         c1:42:b0:46:0b:72:da:59:7f:59:51:e3:71:ef:1a:46:fa:24:
         f3:cf:99:4d:42:88:d9:5a:a1:02:76:8c:7e:cf:02:f4:f9:c0:
         e3:70:04:61:1f:4b:b4:fc:3f:8e:04:00:4b:b3:55:b7:81:ea:
         38:02:b1:64:27:f2:ea:22:e1:31:aa:4f:f1:98:db:b8:39:98:
         74:0f:22:c2:31:24:d2:8c:2d:c1:33:cd:70:9c:76:11:7b:c8:
         75:26:00:55:f5:3a:21:50:d7:82:35:81:1c:77:36:a7:92:99:
         e2:34:bf:b8:7f:66:19:9d:1a:a1:48:54:31:3c:50:5d:5e:47:
         54:42:53:a1:9b:39:d6:64:39:1e:36:e4:0a:9d:e9:0b:e7:cc:
         43:a3:c9:8b
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYMyAd4srMQq74KGyMOgQTt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmQ3OTIzYWZkYmFlODdkMDdiMjMwOGRkMzg5ZDljZjA4
MmVkNmQwHhcNMjIwOTEyMTQwMjA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTNmMjUxZTlkMzEzZTMzYWY4OWQ4NTEzY2RjNzFhNDk1NjcxYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyI5L7LeNon0F1cKdCwT+Ly0z9LTM
+TS2q+s0Loz9oqo/RVXOOR+RC9bLzOa11DV1Ben9J7/RGaNPRHNqpb09EPxzb2Sz
j8i656PaeJXQYEAUXBg1JulkDOMi0qwVj8oWlZYq5RNC6pjeMCp4nhTe87tmIQ1h
e19ggalwKUpXJBc53oxk94d/kgRO92WaWjMt0X5+Y1Tc7TE1fR3nIany6g+H2Xpv
Ovy2dDNz7Lp2Vcmh/fZdjnxtZYM465pgEb/yWftmZDQbkcIdwkJV3D85GxAkRNWH
eE19GkIqLHs4TJCeYGV0t+S4warzOLGJ3Ln8s3AbPkKPWf4VJrcW7K1+XwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFD4/JR6dMT4zr4nYUTzccaSVZxtVMB8GA1UdIwQY
MBaAFOW9eSOv266H0HsjCN04nZzwgu1tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2Ut
MjZkMWU1NDU3OGYxLzEvUGo4bEhwMHhQak92aWRoUlBOeHhwSlZuRzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2UtMjZkMWU1NDU3OGYx
LzEvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQCBbS0AwQA
LVuoAwQBP/o4AwQBU+VSAwQBudzMAwQBwpImMA8EAgACMAkDBwAqBsXAAgAwDQYJ
KoZIhvcNAQELBQADggEBAMZSkNNqiT3M4dcCb4xWUsTjiPy7a2GQ1xrD5R43j1WJ
++UDiMWAy3Y9nP/0Uen2YQmInk+GMQTNw8T4ea3PRAeI6RwIMZX7DX/BIDY2KB8n
gyrLQZ0HUXs+H4MsmcsIMDfSpg+5QVwMm3KN/cFCsEYLctpZf1lR43HvGkb6JPPP
mU1CiNlaoQJ2jH7PAvT5wONwBGEfS7T8P44EAEuzVbeB6jgCsWQn8uoi4TGqT/GY
27g5mHQPIsIxJNKMLcEzzXCcdhF7yHUmAFX1OiFQ14I1gRx3NqeSmeI0v7h/Zhmd
GqFIVDE8UF1eR1RCU6GbOdZkOR425Aqd6QvnzEOjyYs=
-----END CERTIFICATE-----