Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/_6yln9YRoC8Nw1OO5NJX-dNBG-U.roa
File:                     _6yln9YRoC8Nw1OO5NJX-dNBG-U.roa (raw, json)
Hash identifier:          wrX87+MlJg4UiHOBcKzTWf0RqYtfBQDMX4/72uejaOY=
Subject key identifier:   FF:AC:A5:9F:D6:11:A0:2F:0D:C3:53:8E:E4:D2:57:F9:D3:41:1B:E5
Certificate issuer:       /CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Certificate serial:       018697B76AE6123069B2E8E9E5A001927954
Authority key identifier: 1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/_6yln9YRoC8Nw1OO5NJX-dNBG-U.roa
Signing time:             Tue 28 Feb 2023 11:10:25 +0000
ROA not before:           Tue 28 Feb 2023 11:10:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1921
IP address blocks:        193.46.133.0/24 maxlen: 24
                          194.0.24.0/24 maxlen: 24
                          194.0.25.0/24 maxlen: 24
                          194.0.26.0/24 maxlen: 24
                          193.46.132.0/24 maxlen: 24
                          193.46.128.0/24 maxlen: 24
                          193.46.129.0/24 maxlen: 24
                          193.46.130.0/24 maxlen: 24
                          193.46.131.0/24 maxlen: 24
                          2001:678:20::/48 maxlen: 48
                          2a02:850:ffe5::/48 maxlen: 48
                          2a02:850:ffe0::/48 maxlen: 48
                          2001:67c:1bc::/48 maxlen: 48
                          2001:678:24::/48 maxlen: 48
                          2a02:850:ffe4::/48 maxlen: 48
                          2a02:850:ffe2::/48 maxlen: 48
                          2a02:850:ffe3::/48 maxlen: 48
                          2a02:850:ffe6::/48 maxlen: 48
                          2a02:850:ffe1::/48 maxlen: 48
                          2a02:850:ffe7::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:97:b7:6a:e6:12:30:69:b2:e8:e9:e5:a0:01:92:79:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
        Validity
            Not Before: Feb 28 11:10:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ffaca59fd611a02f0dc3538ee4d257f9d3411be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e3:91:e7:56:ff:59:22:54:e8:ef:61:36:60:
                    43:7d:b7:e8:33:6c:4e:c0:fb:ad:6a:2e:01:9d:79:
                    d0:92:14:26:37:22:48:a6:eb:0e:75:e6:3f:40:96:
                    7f:a4:6f:68:5f:8c:0f:fb:ae:63:d5:63:e3:9d:f3:
                    34:36:bf:2b:67:4c:c8:e5:18:e8:e9:a8:8c:9c:64:
                    2c:ff:03:25:d2:fb:a2:4e:cd:c8:66:ca:19:80:de:
                    82:4f:60:f6:23:93:69:09:98:74:2b:ba:15:3d:9c:
                    be:bb:c3:6a:3a:4a:3e:43:07:cf:ab:3b:49:7b:a6:
                    a6:89:7d:2d:fd:d0:9a:a2:a3:56:35:5b:3d:67:f7:
                    9e:0f:85:6e:ad:89:17:23:97:59:87:16:19:f7:16:
                    80:57:13:d8:d2:22:43:f5:15:c7:d5:53:c9:08:25:
                    b9:a4:41:1f:b2:dd:1d:60:f3:92:be:c0:7d:9b:19:
                    49:c3:37:86:33:a2:41:b8:81:28:12:b2:f5:f8:31:
                    5a:1f:18:8e:b5:a8:82:5f:c8:d7:91:48:dc:30:df:
                    fc:73:24:84:39:19:9b:21:b5:3d:23:38:ac:5d:1f:
                    33:44:00:60:9d:f4:13:fb:89:a3:5c:97:c2:0a:9f:
                    81:f0:38:cb:f8:5d:12:6c:67:1a:10:df:61:4b:84:
                    71:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:AC:A5:9F:D6:11:A0:2F:0D:C3:53:8E:E4:D2:57:F9:D3:41:1B:E5
            X509v3 Authority Key Identifier:
                keyid:1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/_6yln9YRoC8Nw1OO5NJX-dNBG-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.128.0-193.46.133.255
                  194.0.24.0-194.0.26.255
                IPv6:
                  2001:678:20::/48
                  2001:678:24::/48
                  2001:67c:1bc::/48
                  2a02:850:ffe0::/45

    Signature Algorithm: sha256WithRSAEncryption
         7d:ab:04:71:0a:a4:11:7c:c9:5f:36:92:c9:92:12:13:65:15:
         59:0e:c7:da:c1:e4:95:6d:87:a9:4b:5f:f9:65:18:35:a5:db:
         fe:52:d3:37:58:3a:cd:f2:41:b2:be:9e:5a:b5:fc:1d:91:39:
         49:78:97:4a:de:e4:54:87:f4:00:a9:19:6d:6e:9e:36:d1:b4:
         e5:e4:2d:e6:8c:51:03:e8:4e:ac:f2:99:c7:8d:a4:26:32:2e:
         bf:db:f3:85:56:a8:8d:ce:11:41:d7:ac:0a:2f:77:1a:2c:2f:
         bb:c8:2a:48:c9:d2:eb:82:f8:42:08:b4:25:90:9f:57:d0:9e:
         fb:58:d9:f7:fa:97:36:1e:8a:b7:27:80:c8:bc:ba:2a:3b:72:
         b6:f5:1e:ad:cf:aa:67:da:4c:98:b9:fb:a9:aa:49:29:4e:41:
         25:7e:84:5e:38:52:83:6f:67:48:be:e6:b1:c4:c0:67:5d:7d:
         ad:e6:bd:c1:f5:01:9f:cc:c7:5b:90:53:13:64:68:8f:d2:f1:
         58:fa:e9:36:57:23:b0:f1:0a:76:93:3d:17:5e:41:17:2f:d1:
         43:60:d5:72:a5:62:38:3d:4c:2c:13:0b:3c:4d:09:3f:3b:d9:
         f1:1d:85:85:8d:60:7b:4b:e5:5c:16:fe:64:d7:02:bc:ad:93:
         da:b3:17:f0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYaXt2rmEjBpsujp5aABknlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzkwYmZmNjVkY2VkY2E4MTNkN2ExMGQ3ZWMzMjhjMmY2
ZWFjMzQwHhcNMjMwMjI4MTExMDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmFjYTU5ZmQ2MTFhMDJmMGRjMzUzOGVlNGQyNTdmOWQzNDExYmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeOR51b/WSJU6O9hNmBDfbfoM2xO
wPutai4BnXnQkhQmNyJIpusOdeY/QJZ/pG9oX4wP+65j1WPjnfM0Nr8rZ0zI5Rjo
6aiMnGQs/wMl0vuiTs3IZsoZgN6CT2D2I5NpCZh0K7oVPZy+u8NqOko+QwfPqztJ
e6amiX0t/dCaoqNWNVs9Z/eeD4VurYkXI5dZhxYZ9xaAVxPY0iJD9RXH1VPJCCW5
pEEfst0dYPOSvsB9mxlJwzeGM6JBuIEoErL1+DFaHxiOtaiCX8jXkUjcMN/8cySE
ORmbIbU9IzisXR8zRABgnfQT+4mjXJfCCp+B8DjL+F0SbGcaEN9hS4RxNQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFP+spZ/WEaAvDcNTjuTSV/nTQRvlMB8GA1UdIwQY
MBaAFBw5C/9l3O3KgT16ENfsMowvbqw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTIt
YTk3NjVlZGM3OTVjLzEvXzZ5bG45WVJvQzhOdzFPTzVOSlgtZE5CRy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTItYTk3NjVlZGM3OTVj
LzEvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAiBAIAATAcMAwDBAfBLoAD
BAHBLoQwDAMEA8IAGAMEAMIAGjAqBAIAAjAkAwcAIAEGeAAgAwcAIAEGeAAkAwcA
IAEGfAG8AwcDKgIIUP/gMA0GCSqGSIb3DQEBCwUAA4IBAQB9qwRxCqQRfMlfNpLJ
khITZRVZDsfaweSVbYepS1/5ZRg1pdv+UtM3WDrN8kGyvp5atfwdkTlJeJdK3uRU
h/QAqRltbp420bTl5C3mjFED6E6s8pnHjaQmMi6/2/OFVqiNzhFB16wKL3caLC+7
yCpIydLrgvhCCLQlkJ9X0J77WNn3+pc2Hoq3J4DIvLoqO3K29R6tz6pn2kyYufup
qkkpTkElfoReOFKDb2dIvuaxxMBnXX2t5r3B9QGfzMdbkFMTZGiP0vFY+uk2VyOw
8Qp2kz0XXkEXL9FDYNVypWI4PUwsEws8TQk/O9nxHYWFjWB7S+VcFv5k1wK8rZPa
sxfw
-----END CERTIFICATE-----