Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/r7v1OypdjLRD8jRtukifx9LR2Sg.roa
File:                     r7v1OypdjLRD8jRtukifx9LR2Sg.roa (raw, json)
Hash identifier:          QHqfvHMtEpmYIU6vRkqNaoidMru0cMV4C5ZT+ioH1pQ=
Subject key identifier:   AF:BB:F5:3B:2A:5D:8C:B4:43:F2:34:6D:BA:48:9F:C7:D2:D1:D9:28
Certificate issuer:       /CN=9054c699a81dd962a8860f3fb0b7d03343debf76
Certificate serial:       018572FA6AC4BC84C5A49B24CF0888B2AF62
Authority key identifier: 90:54:C6:99:A8:1D:D9:62:A8:86:0F:3F:B0:B7:D0:33:43:DE:BF:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kFTGmagd2WKohg8_sLfQM0Pev3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/r7v1OypdjLRD8jRtukifx9LR2Sg.roa
Signing time:             Mon 02 Jan 2023 14:54:52 +0000
ROA not before:           Mon 02 Jan 2023 14:54:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49148
IP address blocks:        95.130.240.0/24 maxlen: 24
                          185.160.177.0/24 maxlen: 24
                          185.160.178.0/24 maxlen: 24
                          185.160.176.0/24 maxlen: 24
                          185.160.176.0/22 maxlen: 22
                          185.160.179.0/24 maxlen: 24
                          95.130.242.0/24 maxlen: 24
                          95.130.243.0/24 maxlen: 24
                          95.130.240.0/21 maxlen: 21
                          95.130.241.0/24 maxlen: 24
                          95.130.246.0/24 maxlen: 24
                          95.130.244.0/24 maxlen: 24
                          95.130.245.0/24 maxlen: 24
                          95.130.247.0/24 maxlen: 24
                          2a00:b140::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:fa:6a:c4:bc:84:c5:a4:9b:24:cf:08:88:b2:af:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9054c699a81dd962a8860f3fb0b7d03343debf76
        Validity
            Not Before: Jan  2 14:54:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afbbf53b2a5d8cb443f2346dba489fc7d2d1d928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:62:76:ad:78:ca:25:2a:89:c7:91:4f:9a:bf:
                    4e:d9:cd:bf:f8:6b:d1:19:b0:a0:7a:fc:f7:28:22:
                    57:1e:81:2f:01:b1:35:db:0e:e7:a5:c2:da:fa:d6:
                    20:11:3c:f1:9f:94:b5:ee:e3:d8:72:22:a2:75:bf:
                    71:75:69:2b:90:9d:fe:e2:47:7c:60:ec:3e:28:e4:
                    7e:0d:1e:bd:5a:42:84:3c:c9:3d:88:0f:44:6a:8f:
                    64:ea:4f:53:46:ff:51:50:d7:cb:a4:3f:72:be:f4:
                    32:a8:c1:63:9e:31:bf:7e:a9:91:1a:4c:fe:f3:d5:
                    b1:62:52:e7:af:21:23:7b:ea:46:45:2b:fa:35:88:
                    aa:e0:45:42:87:23:c5:59:b2:39:71:f1:c6:f6:df:
                    07:5a:5b:20:87:5e:67:67:fd:f4:69:93:c7:93:2a:
                    9a:e6:dc:8c:05:ca:74:e4:03:d0:35:a1:60:a6:63:
                    27:e6:44:39:4b:7e:74:00:e4:f9:9f:b7:51:46:24:
                    81:a5:38:7e:88:94:8c:03:31:70:55:a5:0b:aa:33:
                    dd:fe:1f:a0:87:92:8c:a7:dd:58:e4:6d:e1:50:6b:
                    fc:d4:3b:20:d9:83:d4:47:e7:f7:2b:cc:8e:2f:ca:
                    5d:85:d8:ea:99:43:89:38:85:1a:b7:85:b6:0e:68:
                    07:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:BB:F5:3B:2A:5D:8C:B4:43:F2:34:6D:BA:48:9F:C7:D2:D1:D9:28
            X509v3 Authority Key Identifier:
                keyid:90:54:C6:99:A8:1D:D9:62:A8:86:0F:3F:B0:B7:D0:33:43:DE:BF:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kFTGmagd2WKohg8_sLfQM0Pev3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/r7v1OypdjLRD8jRtukifx9LR2Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/kFTGmagd2WKohg8_sLfQM0Pev3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.240.0/21
                  185.160.176.0/22
                IPv6:
                  2a00:b140::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:83:87:db:a1:04:a3:0b:34:3e:23:0f:71:4f:4f:f1:f7:d5:
         70:4f:02:e4:91:d0:e1:c2:e2:3d:ab:45:51:87:e9:64:35:90:
         5e:12:5b:05:82:76:f2:5d:bd:f9:d4:81:ba:c0:6f:62:ec:09:
         db:4a:35:4e:71:0a:48:54:c0:d4:3c:3e:08:30:c0:e9:96:a5:
         11:dd:38:85:3f:84:1d:36:e6:0a:9a:9d:a0:2d:ac:56:bf:5c:
         cd:2e:fe:44:e5:02:d3:9b:08:4e:45:81:da:db:80:a9:44:86:
         de:ff:bf:31:ce:f2:d0:92:a3:ae:bb:d7:94:45:83:84:e8:8e:
         db:09:e0:b2:9c:3e:1b:5f:e3:8b:86:28:d6:ce:5d:f7:e1:45:
         d7:83:3c:85:4c:fc:f6:7d:6a:e7:79:9e:bc:bd:09:2d:19:5c:
         e4:1d:16:be:71:cd:bb:6e:3d:cc:a8:a4:98:39:92:be:d7:71:
         5b:1c:09:dc:84:30:f8:a0:18:7c:4a:75:50:9d:9e:21:8c:ca:
         4d:05:90:c7:68:47:d2:2a:93:7e:ce:86:d3:42:26:93:d6:72:
         c5:6a:d6:63:49:e9:db:3c:63:57:c4:ff:da:99:1b:8c:78:8c:
         99:94:07:a4:f2:de:30:36:6f:fb:32:d8:e2:b7:7c:4c:1c:27:
         72:0b:ec:d7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVy+mrEvITFpJskzwiIsq9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNTRjNjk5YTgxZGQ5NjJhODg2MGYzZmIwYjdkMDMzNDNk
ZWJmNzYwHhcNMjMwMTAyMTQ1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmJiZjUzYjJhNWQ4Y2I0NDNmMjM0NmRiYTQ4OWZjN2QyZDFkOTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWJ2rXjKJSqJx5FPmr9O2c2/+GvR
GbCgevz3KCJXHoEvAbE12w7npcLa+tYgETzxn5S17uPYciKidb9xdWkrkJ3+4kd8
YOw+KOR+DR69WkKEPMk9iA9Eao9k6k9TRv9RUNfLpD9yvvQyqMFjnjG/fqmRGkz+
89WxYlLnryEje+pGRSv6NYiq4EVChyPFWbI5cfHG9t8HWlsgh15nZ/30aZPHkyqa
5tyMBcp05APQNaFgpmMn5kQ5S350AOT5n7dRRiSBpTh+iJSMAzFwVaULqjPd/h+g
h5KMp91Y5G3hUGv81Dsg2YPUR+f3K8yOL8pdhdjqmUOJOIUat4W2DmgHzwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK+79TsqXYy0Q/I0bbpIn8fS0dkoMB8GA1UdIwQY
MBaAFJBUxpmoHdliqIYPP7C30DND3r92MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0ZUR21hZ2QyV0tvaGc4X3NMZlFNMFBldjNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82OWVmYTEtOGM5OS00OGY4LTk0M2Mt
MmI0YTE2NTk0MjEzLzEvcjd2MU95cGRqTFJEOGpSdHVraWZ4OUxSMlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82OWVmYTEtOGM5OS00OGY4LTk0M2MtMmI0YTE2NTk0MjEz
LzEva0ZUR21hZ2QyV0tvaGc4X3NMZlFNMFBldjNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4LwAwQC
uaCwMA0EAgACMAcDBQAqALFAMA0GCSqGSIb3DQEBCwUAA4IBAQBog4fboQSjCzQ+
Iw9xT0/x99VwTwLkkdDhwuI9q0VRh+lkNZBeElsFgnbyXb351IG6wG9i7AnbSjVO
cQpIVMDUPD4IMMDplqUR3TiFP4QdNuYKmp2gLaxWv1zNLv5E5QLTmwhORYHa24Cp
RIbe/78xzvLQkqOuu9eURYOE6I7bCeCynD4bX+OLhijWzl334UXXgzyFTPz2fWrn
eZ68vQktGVzkHRa+cc27bj3MqKSYOZK+13FbHAnchDD4oBh8SnVQnZ4hjMpNBZDH
aEfSKpN+zobTQiaT1nLFatZjSenbPGNXxP/amRuMeIyZlAek8t4wNm/7Mtjit3xM
HCdyC+zX
-----END CERTIFICATE-----