Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/eIEBU5ZOdneThP2YnTN9T55-ziQ.roa
File:                     eIEBU5ZOdneThP2YnTN9T55-ziQ.roa (raw, json)
Hash identifier:          x5/0YJEYxxdvvmMn6LfkyUZxDyC6V9k0KKwyDMe5Px4=
Subject key identifier:   78:81:01:53:96:4E:76:77:93:84:FD:98:9D:33:7D:4F:9E:7E:CE:24
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       0184D21FA81D770F9AC922CF9ADF99813202
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/eIEBU5ZOdneThP2YnTN9T55-ziQ.roa
Signing time:             Fri 02 Dec 2022 09:16:40 +0000
ROA not before:           Fri 02 Dec 2022 09:16:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8360
IP address blocks:        193.194.11.0/24 maxlen: 24
                          193.194.10.0/24 maxlen: 24
                          193.194.8.0/23 maxlen: 23
                          194.127.71.0/24 maxlen: 24
                          194.127.68.0/24 maxlen: 24
                          194.127.70.0/24 maxlen: 24
                          194.127.69.0/24 maxlen: 24
                          194.127.72.0/24 maxlen: 24
                          194.127.73.0/24 maxlen: 24
                          194.127.78.0/24 maxlen: 24
                          194.127.75.0/24 maxlen: 24
                          194.127.74.0/24 maxlen: 24
                          194.127.77.0/24 maxlen: 24
                          193.58.218.0/23 maxlen: 23
                          193.58.220.0/23 maxlen: 23
                          193.58.220.0/24 maxlen: 24
                          194.127.30.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d2:1f:a8:1d:77:0f:9a:c9:22:cf:9a:df:99:81:32:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Dec  2 09:16:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=78810153964e76779384fd989d337d4f9e7ece24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:98:6c:b0:3d:5a:f0:7b:44:d1:27:7f:67:f1:
                    8b:a6:5b:c3:f1:eb:3f:8f:73:fc:0a:fe:55:68:ca:
                    d8:cf:e3:75:dc:ae:36:ef:a2:d6:16:bc:3c:70:53:
                    8c:8e:6a:b1:f6:83:4c:0d:39:60:f9:f0:77:a3:25:
                    54:f5:42:9c:29:6a:33:28:97:41:00:e4:db:8c:af:
                    61:f0:b8:4f:23:7e:bf:e6:01:f9:5a:14:68:bb:80:
                    e5:89:b6:f4:21:36:f7:39:a8:22:27:4c:58:65:dd:
                    45:0e:b1:40:ec:c9:e7:42:73:4b:40:25:a6:ab:54:
                    37:bf:19:7d:b7:02:75:5f:d8:d8:d2:99:fc:4a:dd:
                    57:5b:d1:36:16:6c:67:53:98:12:69:ab:f7:c9:2d:
                    25:9b:68:93:c8:e7:12:66:ad:60:6f:7a:b2:47:70:
                    5b:6d:83:82:6d:e7:70:02:64:54:b6:df:c9:58:4b:
                    51:81:c0:52:fc:4c:23:29:47:ef:29:1a:7d:be:68:
                    25:bc:51:ad:07:9f:06:68:d6:f9:dc:a8:d3:69:27:
                    7b:de:75:34:f7:1d:e4:0e:d8:9a:d8:ec:8d:77:b4:
                    16:01:e3:86:07:e5:98:36:78:03:bc:cc:d9:a6:9e:
                    d5:fe:69:9c:17:f2:8e:a9:06:f8:e5:46:2b:72:7f:
                    17:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:81:01:53:96:4E:76:77:93:84:FD:98:9D:33:7D:4F:9E:7E:CE:24
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/eIEBU5ZOdneThP2YnTN9T55-ziQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.218.0-193.58.221.255
                  193.194.8.0/22
                  194.127.30.0/24
                  194.127.68.0-194.127.75.255
                  194.127.77.0-194.127.78.255

    Signature Algorithm: sha256WithRSAEncryption
         70:ae:83:39:ea:c9:3a:a4:3f:0f:31:c9:93:27:cc:a6:47:e0:
         34:82:bd:85:08:3c:d3:2b:d3:8f:77:25:78:f6:f3:4a:87:f3:
         b3:37:61:f4:cf:1b:ba:ff:43:8f:65:69:7a:dd:5a:5a:a9:67:
         f9:9c:1b:77:de:e8:4d:0c:54:9d:79:fa:2f:1d:1d:27:35:06:
         44:19:7e:78:ef:00:96:11:8e:29:8e:9f:c0:63:c4:30:c4:53:
         f5:12:eb:0f:c7:b7:2d:50:16:cb:ce:29:c9:d3:e8:7e:07:58:
         f0:a6:7a:a6:ee:d6:29:60:b8:42:a1:fa:1a:2f:d6:27:0f:95:
         4e:22:12:6e:30:50:53:39:6e:94:96:3e:90:cd:38:9b:a5:cd:
         db:c1:7d:95:5b:ca:85:ef:29:f6:ea:ec:47:ce:02:07:fb:df:
         20:41:cb:8e:97:57:11:cc:bd:fd:a8:99:eb:55:4e:0e:c0:36:
         2b:c1:c7:ba:4f:35:fd:aa:2a:4b:fe:99:a7:2c:83:0b:b6:6f:
         c5:5f:3c:d3:7f:a4:ca:28:78:15:9c:e9:c8:f1:4c:c3:f9:82:
         73:ea:10:d2:2c:05:e1:d2:1f:96:a4:0f:67:6f:e7:27:07:f6:
         a9:b2:25:92:6d:ca:b5:38:f4:ae:20:75:7d:c5:ef:3f:2b:ac:
         ec:ac:5a:b8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYTSH6gddw+aySLPmt+ZgTICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjIxMjAyMDkxNjQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODgxMDE1Mzk2NGU3Njc3OTM4NGZkOTg5ZDMzN2Q0ZjllN2VjZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgphssD1a8HtE0Sd/Z/GLplvD8es/
j3P8Cv5VaMrYz+N13K4276LWFrw8cFOMjmqx9oNMDTlg+fB3oyVU9UKcKWozKJdB
AOTbjK9h8LhPI36/5gH5WhRou4Dlibb0ITb3OagiJ0xYZd1FDrFA7MnnQnNLQCWm
q1Q3vxl9twJ1X9jY0pn8St1XW9E2FmxnU5gSaav3yS0lm2iTyOcSZq1gb3qyR3Bb
bYOCbedwAmRUtt/JWEtRgcBS/EwjKUfvKRp9vmglvFGtB58GaNb53KjTaSd73nU0
9x3kDtia2OyNd7QWAeOGB+WYNngDvMzZpp7V/mmcF/KOqQb45UYrcn8X+wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFHiBAVOWTnZ3k4T9mJ0zfU+efs4kMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvZUlFQlU1Wk9kbmVUaFAyWW5UTjlUNTUtemlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2MAwDBAHBOtoD
BAHBOtwDBALBwggDBADCfx4wDAMEAsJ/RAMEAsJ/SDAMAwQAwn9NAwQAwn9OMA0G
CSqGSIb3DQEBCwUAA4IBAQBwroM56sk6pD8PMcmTJ8ymR+A0gr2FCDzTK9OPdyV4
9vNKh/OzN2H0zxu6/0OPZWl63VpaqWf5nBt33uhNDFSdefovHR0nNQZEGX547wCW
EY4pjp/AY8QwxFP1EusPx7ctUBbLzinJ0+h+B1jwpnqm7tYpYLhCofoaL9YnD5VO
IhJuMFBTOW6Ulj6QzTibpc3bwX2VW8qF7yn26uxHzgIH+98gQcuOl1cRzL39qJnr
VU4OwDYrwce6TzX9qipL/pmnLIMLtm/FXzzTf6TKKHgVnOnI8UzD+YJz6hDSLAXh
0h+WpA9nb+cnB/apsiWSbcq1OPSuIHV9xe8/K6zsrFq4
-----END CERTIFICATE-----