Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/z-BnStNwBLchY9TUUbGe55RuGUI.roa
File:                     z-BnStNwBLchY9TUUbGe55RuGUI.roa (raw, json)
Hash identifier:          rn5n5/j+7dNquMPaD8khqh62WXp13qQkQQ/LDIS2pSg=
Subject key identifier:   CF:E0:67:4A:D3:70:04:B7:21:63:D4:D4:51:B1:9E:E7:94:6E:19:42
Certificate issuer:       /CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
Certificate serial:       03FA4AC6
Authority key identifier: A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/z-BnStNwBLchY9TUUbGe55RuGUI.roa
Signing time:             Sat 01 Jan 2022 14:57:01 +0000
ROA not before:           Sat 01 Jan 2022 14:57:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48158
IP address blocks:        176.58.41.0/24 maxlen: 24
                          176.58.40.0/23 maxlen: 24
                          176.58.39.0/24 maxlen: 24
                          176.58.38.0/23 maxlen: 24
                          176.58.43.0/24 maxlen: 24
                          176.58.42.0/24 maxlen: 24
                          176.58.48.0/23 maxlen: 23
                          176.58.47.0/24 maxlen: 24
                          176.58.46.0/24 maxlen: 24
                          176.58.45.0/24 maxlen: 24
                          176.58.50.0/24 maxlen: 24
                          176.58.54.0/24 maxlen: 24
                          176.58.57.0/24 maxlen: 24
                          185.190.190.0/24 maxlen: 24
                          212.124.96.0/22 maxlen: 24
                          212.124.100.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 66734790 (0x3fa4ac6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
        Validity
            Not Before: Jan  1 14:57:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cfe0674ad37004b72163d4d451b19ee7946e1942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b2:43:56:97:1f:62:b6:59:be:c8:f6:19:0d:
                    9c:37:09:30:bf:8b:f5:73:0c:a0:ca:95:ac:37:2c:
                    45:14:3b:2a:4b:b3:28:b3:2d:f1:1c:63:e3:91:d8:
                    42:4b:1f:ec:f1:92:bf:7c:54:9b:98:cf:1d:11:68:
                    4f:68:0a:ef:04:64:6b:0c:d5:25:98:3b:c7:b6:82:
                    ea:b6:09:07:ea:f1:8d:d9:07:9c:26:b6:c1:84:1c:
                    1b:31:33:89:08:3d:a8:4d:0a:78:55:5b:c5:ea:43:
                    5c:9b:13:c5:a8:b1:85:ef:5e:6f:2d:dc:08:ae:be:
                    b6:a6:35:f8:52:cb:18:5a:e8:7c:46:1d:b0:81:81:
                    f1:95:40:9a:11:b9:56:95:a6:52:33:fe:5b:2f:1e:
                    55:70:35:8e:32:69:15:82:8c:44:ee:71:1d:8f:58:
                    f3:13:03:18:f4:8f:5c:b9:44:62:d4:64:5a:f7:91:
                    fe:a5:ad:bd:90:c6:8c:f4:8b:b1:e3:1f:89:16:f2:
                    7e:df:1c:94:e5:40:44:1d:88:05:55:69:d4:48:dd:
                    1c:31:68:8a:63:15:f4:5a:53:12:0f:b6:9c:2d:e3:
                    c0:b0:a7:56:4f:6d:d5:21:84:7b:d4:20:41:af:70:
                    45:3e:fc:50:84:c1:e1:e1:66:91:e9:fc:76:2c:14:
                    97:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E0:67:4A:D3:70:04:B7:21:63:D4:D4:51:B1:9E:E7:94:6E:19:42
            X509v3 Authority Key Identifier:
                keyid:A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/z-BnStNwBLchY9TUUbGe55RuGUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.38.0-176.58.43.255
                  176.58.45.0-176.58.50.255
                  176.58.54.0/24
                  176.58.57.0/24
                  185.190.190.0/24
                  212.124.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1d:dd:91:8b:c1:35:cb:20:20:7a:26:a8:97:d7:13:eb:96:51:
         8b:5d:30:bb:eb:fe:1e:a9:6f:d0:9f:04:04:7c:16:10:f7:c0:
         12:98:9d:c9:ff:eb:11:11:dd:50:12:55:79:cb:84:6f:2f:bf:
         a3:15:75:38:dd:6e:f8:db:41:8d:09:8f:a1:9e:0d:2c:d8:78:
         eb:ac:d2:08:88:a5:e6:c2:1d:45:c9:92:e2:75:ce:04:32:b6:
         b8:23:f2:ee:50:f7:ba:4c:8e:6f:48:23:9d:d4:9a:54:54:88:
         96:b8:2c:93:0e:6d:16:29:c5:b5:3f:ae:39:53:52:54:d0:fa:
         1e:bf:25:35:ad:a9:47:73:bc:35:36:0a:d8:37:d2:c1:a4:c2:
         ea:32:5b:f6:e9:79:10:d9:93:4a:e5:32:ad:f2:2a:ec:0a:18:
         19:66:2e:9b:d9:11:57:a1:96:4f:93:fb:e0:b4:eb:17:dd:e8:
         c0:4e:a9:68:95:e1:41:5a:a5:e7:4f:63:6f:87:11:06:21:3b:
         a1:9b:99:66:99:2b:04:bc:00:09:bd:81:d8:96:a2:f8:84:40:
         d3:fc:a5:75:18:b8:94:ad:f6:dc:08:bf:b1:cf:da:8e:96:d1:
         bb:e0:9e:de:23:42:aa:70:79:75:b9:eb:d1:d5:cd:57:ad:e1:
         e7:90:f0:b8
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIEA/pKxjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MzY3NGQ1ODg0YTUwYTg0ZTA3ZGJkZjY3OThkZGNiYjljYzIwMzJlMB4XDTIyMDEw
MTE0NTcwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2ZlMDY3NGFkMzcw
MDRiNzIxNjNkNGQ0NTFiMTllZTc5NDZlMTk0MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALqyQ1aXH2K2Wb7I9hkNnDcJML+L9XMMoMqVrDcsRRQ7Kkuz
KLMt8Rxj45HYQksf7PGSv3xUm5jPHRFoT2gK7wRkawzVJZg7x7aC6rYJB+rxjdkH
nCa2wYQcGzEziQg9qE0KeFVbxepDXJsTxaixhe9eby3cCK6+tqY1+FLLGFrofEYd
sIGB8ZVAmhG5VpWmUjP+Wy8eVXA1jjJpFYKMRO5xHY9Y8xMDGPSPXLlEYtRkWveR
/qWtvZDGjPSLseMfiRbyft8clOVARB2IBVVp1EjdHDFoimMV9FpTEg+2nC3jwLCn
Vk9t1SGEe9QgQa9wRT78UITB4eFmken8diwUl+UCAwEAAaOCAjcwggIzMB0GA1Ud
DgQWBBTP4GdK03AEtyFj1NRRsZ7nlG4ZQjAfBgNVHSMEGDAWgBSjZ01YhKUKhOB9
vfZ5jdy7nMIDLjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L28yZE5XSVNsQ29UZ2ZiMzJlWTNjdTV6Q0F5NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjMvODA2NTMyLTU0ZTktNGI0OS1iOGE3LTllMjIwZjA0YTkwMS8x
L3otQm5TdE53QkxjaFk5VFVVYkdlNTVSdUdVSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMv
ODA2NTMyLTU0ZTktNGI0OS1iOGE3LTllMjIwZjA0YTkwMS8xL28yZE5XSVNsQ29U
Z2ZiMzJlWTNjdTV6Q0F5NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBN
BggrBgEFBQcBBwEB/wQ+MDwwOgQCAAEwNDAMAwQBsDomAwQCsDooMAwDBACwOi0D
BACwOjIDBACwOjYDBACwOjkDBAC5vr4DBAPUfGAwDQYJKoZIhvcNAQELBQADggEB
AB3dkYvBNcsgIHomqJfXE+uWUYtdMLvr/h6pb9CfBAR8FhD3wBKYncn/6xER3VAS
VXnLhG8vv6MVdTjdbvjbQY0Jj6GeDSzYeOus0giIpebCHUXJkuJ1zgQytrgj8u5Q
97pMjm9II53UmlRUiJa4LJMObRYpxbU/rjlTUlTQ+h6/JTWtqUdzvDU2Ctg30sGk
wuoyW/bpeRDZk0rlMq3yKuwKGBlmLpvZEVehlk+T++C06xfd6MBOqWiV4UFapedP
Y2+HEQYhO6GbmWaZKwS8AAm9gdiWoviEQNP8pXUYuJSt9twIv7HP2o6W0bvgnt4j
QqpweXW569HVzVet4eeQ8Lg=
-----END CERTIFICATE-----