Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/hIg0CC_7gL5_1lmJeQF-h-p_6m0.roa
File:                     hIg0CC_7gL5_1lmJeQF-h-p_6m0.roa (raw, json)
Hash identifier:          581sOxnt3YDzMIt2j+pxi4vA3qfIv+ziE+H6pJQX4EA=
Subject key identifier:   84:88:34:08:2F:FB:80:BE:7F:D6:59:89:79:01:7E:87:EA:7F:EA:6D
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       01821214CFD7CC33FB3756D31E10DFDAF14D
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/hIg0CC_7gL5_1lmJeQF-h-p_6m0.roa
Signing time:             Mon 18 Jul 2022 16:12:09 +0000
ROA not before:           Mon 18 Jul 2022 16:12:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398343
IP address blocks:        85.158.145.0/24 maxlen: 24
                          85.158.148.0/22 maxlen: 22
                          85.158.146.0/24 maxlen: 24
                          5.178.0.0/22 maxlen: 22
                          109.205.211.0/24 maxlen: 24
                          185.81.216.0/22 maxlen: 22
                          88.151.195.0/24 maxlen: 24
                          46.23.98.0/24 maxlen: 24
                          164.215.96.0/22 maxlen: 22
                          46.23.96.0/24 maxlen: 24
                          164.215.100.0/24 maxlen: 24
                          46.23.99.0/24 maxlen: 24
                          46.23.111.0/24 maxlen: 24
                          46.23.108.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:12:14:cf:d7:cc:33:fb:37:56:d3:1e:10:df:da:f1:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jul 18 16:12:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=848834082ffb80be7fd6598979017e87ea7fea6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d2:8d:e7:8d:bb:8d:71:ce:48:d6:42:67:4c:
                    cd:2d:48:ee:d7:aa:b7:fe:89:9e:23:ee:1c:fc:04:
                    67:4d:3d:1d:38:24:54:a0:66:19:c8:fa:69:95:b7:
                    18:55:9e:8f:81:e3:d4:51:61:0a:fa:a0:d6:5a:2d:
                    07:e0:93:58:de:15:ef:5e:07:bc:f8:e6:b3:6e:5c:
                    98:e7:ef:84:0b:a3:76:2f:07:f9:79:92:c7:83:aa:
                    3b:db:70:be:36:4a:aa:75:d9:eb:e7:80:2f:6b:ef:
                    05:58:79:9f:99:fe:21:3d:1b:28:4d:0f:ef:62:05:
                    06:19:ee:6a:1d:2a:47:5a:70:f9:19:ed:da:d0:45:
                    f1:11:c6:7d:89:51:7a:39:88:4a:85:ca:f2:c8:96:
                    94:76:81:cb:4e:d4:b5:98:e2:46:ab:58:8f:8b:50:
                    96:9a:5c:cc:ad:39:b2:64:b8:77:a4:c6:f0:c8:88:
                    34:72:17:72:a4:c4:05:c4:ea:62:be:af:ac:cd:4e:
                    35:65:ba:e3:9b:5f:b3:32:78:1c:27:56:34:f8:04:
                    2f:8b:a1:c7:45:6a:13:1e:70:3a:6f:bc:77:11:75:
                    a4:82:d5:6b:21:c3:20:68:33:34:60:96:1c:df:c4:
                    af:65:c5:4e:2f:0b:03:ec:00:33:de:fa:bd:79:16:
                    1b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:88:34:08:2F:FB:80:BE:7F:D6:59:89:79:01:7E:87:EA:7F:EA:6D
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/hIg0CC_7gL5_1lmJeQF-h-p_6m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.0.0/22
                  46.23.96.0/24
                  46.23.98.0/23
                  46.23.108.0/24
                  46.23.111.0/24
                  85.158.145.0-85.158.146.255
                  85.158.148.0/22
                  88.151.195.0/24
                  109.205.211.0/24
                  164.215.96.0-164.215.100.255
                  185.81.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:1c:70:34:bd:8d:38:b8:64:2c:2a:a7:4b:ff:50:6b:98:62:
         12:58:1a:65:9e:7a:b4:bb:77:db:05:27:59:b5:2b:ee:80:ec:
         58:22:7f:04:29:5a:d6:fb:84:7a:f1:7f:63:b9:82:f2:65:71:
         d9:0a:6f:7e:3c:6f:d7:26:fe:e6:4e:8a:e2:6e:20:96:91:24:
         76:70:8d:08:7b:e7:63:91:3a:7a:9c:01:dd:4a:73:67:2b:ed:
         fb:6e:eb:6e:98:ea:d0:61:3c:a5:a1:fa:90:54:02:87:8f:e6:
         f6:22:ac:aa:54:28:d3:48:28:33:04:79:d6:e8:f6:09:d4:0b:
         9f:6b:ad:9c:29:6a:62:7a:c6:fb:16:4e:43:23:0f:3a:0c:7f:
         af:48:bd:70:fa:69:da:16:fa:9a:98:eb:8b:63:42:32:9e:7f:
         4f:c3:ee:6a:29:a4:79:c0:de:d6:47:80:5c:f5:73:54:24:ce:
         df:f1:bf:ca:ee:7e:64:0e:6c:07:2b:e4:e3:8a:aa:2c:92:37:
         a1:2b:16:a3:95:ee:6f:27:31:e6:b9:e9:b5:e7:b9:5a:12:dc:
         18:9c:5c:92:49:eb:a5:a2:90:24:cd:57:18:9c:20:ef:ee:62:
         93:73:1e:de:0e:cf:b0:7c:58:40:ef:bd:8e:77:8b:c9:2f:f0:
         df:37:ac:f0
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYISFM/XzDP7N1bTHhDf2vFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjIwNzE4MTYxMjA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDg4MzQwODJmZmI4MGJlN2ZkNjU5ODk3OTAxN2U4N2VhN2ZlYTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltKN5427jXHOSNZCZ0zNLUju16q3
/omeI+4c/ARnTT0dOCRUoGYZyPpplbcYVZ6PgePUUWEK+qDWWi0H4JNY3hXvXge8
+OazblyY5++EC6N2Lwf5eZLHg6o723C+Nkqqddnr54Ava+8FWHmfmf4hPRsoTQ/v
YgUGGe5qHSpHWnD5Ge3a0EXxEcZ9iVF6OYhKhcryyJaUdoHLTtS1mOJGq1iPi1CW
mlzMrTmyZLh3pMbwyIg0chdypMQFxOpivq+szU41Zbrjm1+zMngcJ1Y0+AQvi6HH
RWoTHnA6b7x3EXWkgtVrIcMgaDM0YJYc38SvZcVOLwsD7AAz3vq9eRYbwwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFISINAgv+4C+f9ZZiXkBfofqf+ptMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvaElnMENDXzdnTDVfMWxtSmVRRi1oLXBfNm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQCBbIAAwQA
LhdgAwQBLhdiAwQALhdsAwQALhdvMAwDBABVnpEDBABVnpIDBAJVnpQDBABYl8MD
BABtzdMwDAMEBaTXYAMEAKTXZAMEArlR2DANBgkqhkiG9w0BAQsFAAOCAQEAtxxw
NL2NOLhkLCqnS/9Qa5hiElgaZZ56tLt32wUnWbUr7oDsWCJ/BCla1vuEevF/Y7mC
8mVx2Qpvfjxv1yb+5k6K4m4glpEkdnCNCHvnY5E6epwB3UpzZyvt+27rbpjq0GE8
paH6kFQCh4/m9iKsqlQo00goMwR51uj2CdQLn2utnClqYnrG+xZOQyMPOgx/r0i9
cPpp2hb6mpjri2NCMp5/T8PuaimkecDe1keAXPVzVCTO3/G/yu5+ZA5sByvk44qq
LJI3oSsWo5Xubycx5rnptee5WhLcGJxckknrpaKQJM1XGJwg7+5ik3Me3g7PsHxY
QO+9jneLyS/w3zes8A==
-----END CERTIFICATE-----