Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/8hHKqK2UDFJkzrEeyc1QYz9_aao.roa
File:                     8hHKqK2UDFJkzrEeyc1QYz9_aao.roa (raw, json)
Hash identifier:          A9i8S6tFsMywaBrv/trWFKgCBhzpQg5yeR7ZbKyr7II=
Subject key identifier:   F2:11:CA:A8:AD:94:0C:52:64:CE:B1:1E:C9:CD:50:63:3F:7F:69:AA
Certificate issuer:       /CN=2c571d688aa503a2e566bbc876df0ba455c577ed
Certificate serial:       018737D146AA02518871775BD96D70E9B121
Authority key identifier: 2C:57:1D:68:8A:A5:03:A2:E5:66:BB:C8:76:DF:0B:A4:55:C5:77:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LFcdaIqlA6LlZrvIdt8LpFXFd-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/8hHKqK2UDFJkzrEeyc1QYz9_aao.roa
Signing time:             Fri 31 Mar 2023 13:17:54 +0000
ROA not before:           Fri 31 Mar 2023 13:17:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15796
IP address blocks:        213.55.206.0/24 maxlen: 24
                          213.55.147.0/24 maxlen: 24
                          213.55.192.0/24 maxlen: 24
                          213.55.193.0/24 maxlen: 24
                          213.55.194.0/24 maxlen: 24
                          213.55.195.0/24 maxlen: 24
                          213.55.128.0/17 maxlen: 24
                          213.55.131.0/24 maxlen: 24
                          213.55.132.0/24 maxlen: 24
                          51.154.0.0/16 maxlen: 16
                          213.55.128.0/24 maxlen: 24
                          213.55.141.0/24 maxlen: 24
                          2a04:ee42:53::/64 maxlen: 64
                          2a04:ee40::/29 maxlen: 29
                          2a04:ee42:2::/64 maxlen: 64
                          2a04:ee42:1::/64 maxlen: 64
                          2a04:ee41::/41 maxlen: 41
                          2a04:ee41:80::/41 maxlen: 41
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:d1:46:aa:02:51:88:71:77:5b:d9:6d:70:e9:b1:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c571d688aa503a2e566bbc876df0ba455c577ed
        Validity
            Not Before: Mar 31 13:17:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f211caa8ad940c5264ceb11ec9cd50633f7f69aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a8:6a:0f:19:b3:f9:b7:29:ea:ac:17:dc:d6:
                    bd:89:10:9e:d3:2c:cd:d3:75:09:8e:17:3a:66:be:
                    72:4a:db:f4:e0:be:3d:c4:e2:a3:97:28:e1:e0:25:
                    b2:80:c6:0f:4a:9a:ad:f2:5d:ff:44:4d:ad:c9:c7:
                    60:cc:bd:cd:45:95:d6:32:5a:fd:94:de:85:e7:03:
                    a4:94:72:66:38:8e:59:f6:a5:8a:8a:8d:41:2d:21:
                    a4:6c:5a:93:3c:60:f3:6e:9e:e4:c9:17:e7:cb:39:
                    29:62:e1:58:ed:c4:13:14:21:72:5c:51:9b:14:6f:
                    76:11:2a:f0:9f:19:c5:4a:0c:0e:19:72:b8:64:db:
                    53:b0:83:a4:46:08:8a:1a:c9:dd:8a:e1:1a:38:a1:
                    80:37:c9:80:07:bb:1f:e8:54:c1:02:fc:22:03:94:
                    16:ef:52:81:8a:e3:c4:52:dd:2b:2c:71:b1:05:93:
                    62:5f:fc:ce:1f:9b:b0:de:2c:b7:7d:5d:83:9a:8a:
                    d8:90:9a:ad:46:d3:5d:47:66:50:54:d3:0a:84:b9:
                    c7:9f:a3:ec:df:e7:00:99:96:00:81:52:02:89:61:
                    47:ae:4c:d2:48:50:f9:7f:69:9d:c2:64:67:60:f5:
                    8f:c0:07:2b:08:93:8b:b6:bb:c0:af:b0:5a:5f:c6:
                    ae:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:11:CA:A8:AD:94:0C:52:64:CE:B1:1E:C9:CD:50:63:3F:7F:69:AA
            X509v3 Authority Key Identifier:
                keyid:2C:57:1D:68:8A:A5:03:A2:E5:66:BB:C8:76:DF:0B:A4:55:C5:77:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LFcdaIqlA6LlZrvIdt8LpFXFd-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/8hHKqK2UDFJkzrEeyc1QYz9_aao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/LFcdaIqlA6LlZrvIdt8LpFXFd-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.154.0.0/16
                  213.55.128.0/17
                IPv6:
                  2a04:ee40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:98:5e:15:1c:18:21:89:d8:10:0e:50:92:a7:d4:7a:98:c5:
         31:fc:3f:c5:cb:ef:72:a4:ee:16:bb:d5:8a:6e:9e:56:22:50:
         f8:1b:11:47:98:fa:f8:49:09:13:59:c9:c8:ba:d8:75:1d:03:
         cf:b4:27:e6:0f:8a:60:b2:29:84:ee:23:69:ab:99:3c:43:31:
         57:87:b5:b9:1b:ce:69:ef:f1:f9:f9:56:7b:eb:1f:4b:75:87:
         62:e3:e6:20:00:09:8e:4b:ea:e8:93:d7:d1:02:89:5a:f8:5a:
         6e:9f:20:8d:7b:96:74:f2:61:01:83:ab:13:4d:f9:e3:dc:d3:
         f1:d8:34:b4:8d:a4:b7:d6:46:14:84:3b:d3:18:5b:28:27:a7:
         99:86:87:90:ab:a6:d2:3c:57:f0:c7:25:20:ab:1b:7b:de:c4:
         d1:09:68:db:ab:54:56:f4:9b:9b:ff:d0:72:36:22:b8:66:e6:
         ef:54:43:4c:82:ed:4a:11:5f:7d:d6:94:85:6a:99:95:3c:44:
         c6:6e:ad:1e:aa:8c:29:dd:37:d2:33:ce:e3:dc:df:db:a4:8f:
         c6:15:ba:a8:d6:0f:be:05:1e:65:eb:e1:73:6c:1b:b2:c7:17:
         bd:61:b2:8c:b1:d1:e4:77:2e:8c:b4:f4:4f:a7:ec:9e:eb:68:
         d5:3f:76:5c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYc30UaqAlGIcXdb2W1w6bEhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNTcxZDY4OGFhNTAzYTJlNTY2YmJjODc2ZGYwYmE0NTVj
NTc3ZWQwHhcNMjMwMzMxMTMxNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjExY2FhOGFkOTQwYzUyNjRjZWIxMWVjOWNkNTA2MzNmN2Y2OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KhqDxmz+bcp6qwX3Na9iRCe0yzN
03UJjhc6Zr5yStv04L49xOKjlyjh4CWygMYPSpqt8l3/RE2tycdgzL3NRZXWMlr9
lN6F5wOklHJmOI5Z9qWKio1BLSGkbFqTPGDzbp7kyRfnyzkpYuFY7cQTFCFyXFGb
FG92ESrwnxnFSgwOGXK4ZNtTsIOkRgiKGsndiuEaOKGAN8mAB7sf6FTBAvwiA5QW
71KBiuPEUt0rLHGxBZNiX/zOH5uw3iy3fV2DmorYkJqtRtNdR2ZQVNMKhLnHn6Ps
3+cAmZYAgVICiWFHrkzSSFD5f2mdwmRnYPWPwAcrCJOLtrvAr7BaX8aunQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPIRyqitlAxSZM6xHsnNUGM/f2mqMB8GA1UdIwQY
MBaAFCxXHWiKpQOi5Wa7yHbfC6RVxXftMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEZjZGFJcWxBNkxsWnJ2SWR0OExwRlhGZC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82M2ViNDItYTBlMS00ZjFjLWJjYzkt
ODc1MjQwMTRkYmZiLzEvOGhIS3FLMlVERkprenJFZXljMVFZejlfYWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82M2ViNDItYTBlMS00ZjFjLWJjYzktODc1MjQwMTRkYmZi
LzEvTEZjZGFJcWxBNkxsWnJ2SWR0OExwRlhGZC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAM5oDBAfV
N4AwDQQCAAIwBwMFAyoE7kAwDQYJKoZIhvcNAQELBQADggEBAGuYXhUcGCGJ2BAO
UJKn1HqYxTH8P8XL73Kk7ha71YpunlYiUPgbEUeY+vhJCRNZyci62HUdA8+0J+YP
imCyKYTuI2mrmTxDMVeHtbkbzmnv8fn5VnvrH0t1h2Lj5iAACY5L6uiT19ECiVr4
Wm6fII17lnTyYQGDqxNN+ePc0/HYNLSNpLfWRhSEO9MYWygnp5mGh5CrptI8V/DH
JSCrG3vexNEJaNurVFb0m5v/0HI2Irhm5u9UQ0yC7UoRX33WlIVqmZU8RMZurR6q
jCndN9IzzuPc39ukj8YVuqjWD74FHmXr4XNsG7LHF71hsoyx0eR3Loy09E+n7J7r
aNU/dlw=
-----END CERTIFICATE-----