Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/gsa3e9T7Z4bEdcwTQKQBOiOafHE.roa
File:                     gsa3e9T7Z4bEdcwTQKQBOiOafHE.roa (raw, json)
Hash identifier:          k2n1NB6K3gVnjcugKpL0gyRT8fkPeqbjNh2PF5oNwus=
Subject key identifier:   82:C6:B7:7B:D4:FB:67:86:C4:75:CC:13:40:A4:01:3A:23:9A:7C:71
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       0559608A
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/gsa3e9T7Z4bEdcwTQKQBOiOafHE.roa
Signing time:             Tue 31 May 2022 03:46:13 +0000
ROA not before:           Tue 31 May 2022 03:46:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21859
IP address blocks:        193.118.32.0/19 maxlen: 24
                          185.207.112.0/22 maxlen: 24
                          23.90.128.0/18 maxlen: 24
                          193.118.96.0/19 maxlen: 19
                          192.169.96.0/19 maxlen: 24
                          192.169.104.0/22 maxlen: 24
                          199.182.232.0/21 maxlen: 24
                          104.166.128.0/18 maxlen: 24
                          2a0b:21c0::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89743498 (0x559608a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: May 31 03:46:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=82c6b77bd4fb6786c475cc1340a4013a239a7c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:87:2d:d8:11:da:64:6e:93:e6:2f:30:62:60:
                    c5:5f:74:04:31:be:30:5c:0b:b8:9e:76:42:91:a8:
                    89:a4:ee:c1:b8:d7:2c:e4:c2:88:35:c8:aa:d7:f8:
                    42:e7:d6:f4:79:b2:69:b4:4c:94:cd:af:7c:af:3d:
                    5f:fb:29:e9:03:83:9f:dd:0c:7c:91:79:57:b3:96:
                    88:e2:70:0c:b9:7c:e4:2d:6d:53:f0:60:88:4a:e9:
                    52:03:60:e1:36:23:97:f8:83:8b:f5:27:6b:16:be:
                    23:f0:ec:ca:53:a0:3a:d0:01:8b:8d:6e:57:3b:66:
                    75:2d:50:3c:26:6f:19:1d:71:4c:00:f6:86:ac:8b:
                    9d:e1:e0:a3:9b:88:fe:5f:8e:23:0a:e5:2b:fd:50:
                    47:5a:6d:73:65:ae:43:54:a2:29:5b:12:d5:3a:44:
                    8c:8b:f6:b2:00:a4:b2:86:75:e8:71:5b:ee:cc:9e:
                    5b:28:d5:58:9f:ce:97:51:5d:3e:49:fe:a9:c9:db:
                    37:7e:81:8c:a6:a3:05:68:c8:9a:89:c2:ff:e2:3e:
                    70:98:51:04:bd:82:d8:21:13:ac:26:ff:da:b1:9d:
                    ef:dd:fb:2b:dd:73:b0:ad:49:4d:93:e3:3a:3f:c9:
                    2a:e9:6c:da:10:2c:8b:8d:26:24:24:3b:88:c9:b6:
                    57:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C6:B7:7B:D4:FB:67:86:C4:75:CC:13:40:A4:01:3A:23:9A:7C:71
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/gsa3e9T7Z4bEdcwTQKQBOiOafHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.90.128.0/18
                  104.166.128.0/18
                  185.207.112.0/22
                  192.169.96.0/19
                  193.118.32.0/19
                  193.118.96.0/19
                  199.182.232.0/21
                IPv6:
                  2a0b:21c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:81:d1:f3:26:4b:47:60:07:6a:50:0e:3c:e4:52:26:da:64:
         7f:3f:4b:c4:4e:2d:7b:c2:32:d8:2c:5f:a9:a1:30:b4:a1:f3:
         a2:f5:3f:37:6c:43:fa:16:68:fd:b6:e7:1f:d9:2f:95:5f:2a:
         f9:00:59:7b:51:c3:b5:8d:4c:95:49:d9:e3:cb:20:3f:6a:d0:
         48:02:16:7a:f6:a8:2c:9c:16:e5:37:24:b7:30:d6:d1:52:4e:
         86:44:44:0e:29:e8:a9:14:16:90:79:00:1f:40:99:98:18:22:
         42:4b:34:0f:2c:e4:09:61:90:57:94:20:29:62:1d:a3:3f:c1:
         18:f4:fd:e9:1d:d3:23:6d:ed:1d:b1:56:9a:9e:d8:78:6f:08:
         e5:fe:f0:80:cd:13:8a:2a:25:e8:95:81:af:9d:7b:90:e3:73:
         b2:33:2e:e6:18:14:ff:fd:48:23:56:65:b3:bf:25:02:25:21:
         8c:5a:9b:ac:46:89:1a:1d:d3:5b:54:f1:fa:d4:91:9a:df:d2:
         84:ca:6f:72:ca:33:8f:69:18:54:20:db:9d:2b:ae:4b:9a:05:
         5a:54:f0:f3:de:b3:20:31:be:70:f9:5f:ea:ae:b5:ea:a5:16:
         b5:c3:5b:0a:5a:6e:9d:7b:e9:14:3e:e0:31:d0:25:e5:c7:c2:
         99:44:17:1d
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIEBVlgijANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NTc3NmM3N2Y4ZWJlNzA5NGNhMDA3YWNlMWE5YzBiZmRjMmIzYWVjMB4XDTIyMDUz
MTAzNDYxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODJjNmI3N2JkNGZi
Njc4NmM0NzVjYzEzNDBhNDAxM2EyMzlhN2M3MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJuHLdgR2mRuk+YvMGJgxV90BDG+MFwLuJ52QpGoiaTuwbjX
LOTCiDXIqtf4QufW9HmyabRMlM2vfK89X/sp6QODn90MfJF5V7OWiOJwDLl85C1t
U/BgiErpUgNg4TYjl/iDi/Unaxa+I/DsylOgOtABi41uVztmdS1QPCZvGR1xTAD2
hqyLneHgo5uI/l+OIwrlK/1QR1ptc2WuQ1SiKVsS1TpEjIv2sgCksoZ16HFb7sye
WyjVWJ/Ol1FdPkn+qcnbN36BjKajBWjImonC/+I+cJhRBL2C2CETrCb/2rGd7937
K91zsK1JTZPjOj/JKuls2hAsi40mJCQ7iMm2V10CAwEAAaOCAjwwggI4MB0GA1Ud
DgQWBBSCxrd71PtnhsR1zBNApAE6I5p8cTAfBgNVHSMEGDAWgBQld2x3+OvnCUyg
B6zhqcC/3Cs67DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pYZHNkX2pyNXdsTW9BZXM0YW5Bdjl3ck91dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmEvNTdlMDhjLWNhM2EtNDA5OS1hZTc0LWU3ZGFlYzE5NGE2OS8x
L2dzYTNlOVQ3WjRiRWRjd1RRS1FCT2lPYWZIRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEv
NTdlMDhjLWNhM2EtNDA5OS1hZTc0LWU3ZGFlYzE5NGE2OS8xL0pYZHNkX2pyNXds
TW9BZXM0YW5Bdjl3ck91dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBS
BggrBgEFBQcBBwEB/wRDMEEwMAQCAAEwKgMEBhdagAMEBmimgAMEArnPcAMEBcCp
YAMEBcF2IAMEBcF2YAMEA8e26DANBAIAAjAHAwUDKgshwDANBgkqhkiG9w0BAQsF
AAOCAQEAE4HR8yZLR2AHalAOPORSJtpkfz9LxE4te8Iy2CxfqaEwtKHzovU/N2xD
+hZo/bbnH9kvlV8q+QBZe1HDtY1MlUnZ48sgP2rQSAIWevaoLJwW5TcktzDW0VJO
hkREDinoqRQWkHkAH0CZmBgiQks0DyzkCWGQV5QgKWIdoz/BGPT96R3TI23tHbFW
mp7YeG8I5f7wgM0Tiiol6JWBr517kONzsjMu5hgU//1II1Zls78lAiUhjFqbrEaJ
Gh3TW1Tx+tSRmt/ShMpvcsozj2kYVCDbnSuuS5oFWlTw896zIDG+cPlf6q616qUW
tcNbClpunXvpFD7gMdAl5cfCmUQXHQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:46 2023 by rpki-client on console-fra.rpki-client.org