Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/6O_DlIefWmex10srScsvkVYe3lA.roa
File:                     6O_DlIefWmex10srScsvkVYe3lA.roa (raw, json)
Hash identifier:          /c2IkDTV+b0w4HQXlTIqkQRAp9nr/PX1eSvaglmDIAo=
Subject key identifier:   E8:EF:C3:94:87:9F:5A:67:B1:D7:4B:2B:49:CB:2F:91:56:1E:DE:50
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       018705EE5C20346AFC1F71EAA2AC7E88BF96
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/6O_DlIefWmex10srScsvkVYe3lA.roa
Signing time:             Tue 21 Mar 2023 20:48:39 +0000
ROA not before:           Tue 21 Mar 2023 20:48:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        195.149.87.0/24 maxlen: 24
                          80.92.205.0/24 maxlen: 24
                          80.92.206.0/24 maxlen: 24
                          74.119.195.0/24 maxlen: 24
                          74.119.194.0/24 maxlen: 24
                          185.242.84.0/24 maxlen: 24
                          185.242.85.0/24 maxlen: 24
                          185.242.87.0/24 maxlen: 24
                          185.242.86.0/24 maxlen: 24
                          185.250.149.0/24 maxlen: 24
                          185.250.148.0/24 maxlen: 24
                          185.250.151.0/24 maxlen: 24
                          45.67.231.0/24 maxlen: 24
                          45.67.230.0/24 maxlen: 24
                          45.67.229.0/24 maxlen: 24
                          45.67.228.0/24 maxlen: 24
                          2a09:7c44::/32 maxlen: 32
                          2a09:7c47::/32 maxlen: 32
                          2a09:7c40::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:05:ee:5c:20:34:6a:fc:1f:71:ea:a2:ac:7e:88:bf:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Mar 21 20:48:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e8efc394879f5a67b1d74b2b49cb2f91561ede50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:37:b1:bd:32:49:d1:04:3f:cf:e3:ab:3f:a2:
                    f2:ff:43:2f:2b:e4:05:c3:64:e2:05:be:cd:00:b9:
                    3d:5c:e4:ab:84:c4:18:1b:3c:a5:c9:62:31:ee:43:
                    2b:b8:73:d1:49:3a:87:54:b5:8c:48:8f:f9:8c:a4:
                    1f:71:8c:fc:0e:2e:36:2a:e6:4c:76:9d:17:d3:b5:
                    2e:1a:1e:d4:a0:48:0b:c2:db:d6:03:bd:20:43:05:
                    3e:5a:0f:90:fa:f6:65:1d:b5:3f:9b:87:5b:48:52:
                    d4:4f:cb:2b:d0:d2:b4:76:b1:56:db:39:ab:33:09:
                    67:72:a1:1c:14:bf:09:8e:aa:7d:5f:68:8a:ed:86:
                    92:3b:84:85:41:5a:27:4b:8e:95:8c:a9:e7:98:b7:
                    c8:0a:bb:d8:0f:2d:27:65:70:81:a4:25:00:88:d6:
                    02:43:79:41:9f:4c:07:c7:cd:af:d2:04:d3:7e:82:
                    6e:cb:f5:28:3f:f8:dc:d7:84:06:63:8c:b9:37:d7:
                    08:ce:23:06:bb:ee:38:1f:44:49:d5:d7:70:44:c9:
                    14:22:3d:c3:b1:f7:76:10:41:65:fa:fa:5d:d8:e6:
                    34:da:21:a4:07:30:ae:d2:82:51:eb:29:d5:f7:3a:
                    d5:4a:ab:fd:34:0f:93:00:29:32:66:76:40:07:41:
                    85:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:EF:C3:94:87:9F:5A:67:B1:D7:4B:2B:49:CB:2F:91:56:1E:DE:50
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/6O_DlIefWmex10srScsvkVYe3lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.228.0/22
                  74.119.194.0/23
                  80.92.205.0-80.92.206.255
                  185.242.84.0/22
                  185.250.148.0/23
                  185.250.151.0/24
                  195.149.87.0/24
                IPv6:
                  2a09:7c40::/32
                  2a09:7c44::/32
                  2a09:7c47::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:7b:23:51:8c:83:b2:64:bc:30:dc:9a:0a:46:32:43:8c:7a:
         01:93:bb:91:fe:6e:c7:ad:9b:bc:87:c5:00:5a:7e:11:41:24:
         2e:b3:46:bf:19:de:1b:cb:cf:ae:7a:ff:0b:8a:8c:b4:b3:b0:
         21:29:1f:ba:d9:21:af:6b:9a:93:a4:f3:21:df:c5:a7:9f:fa:
         a8:9f:13:74:1a:33:96:fb:9a:2c:d1:6c:0a:1c:4a:ea:6b:b6:
         da:0e:63:c2:db:85:b9:96:2c:a1:c6:4a:65:64:24:7f:75:ee:
         dd:dc:0e:9c:fa:69:b6:8f:14:79:18:13:45:fa:d9:ab:4d:d1:
         a1:5a:22:3c:95:13:5b:3a:20:e1:e2:0b:ef:39:39:b9:57:65:
         0a:f3:66:95:ce:30:05:61:9b:5b:af:c1:5a:c8:9b:3a:6b:88:
         76:3e:22:b5:9c:61:6b:13:1c:34:84:75:6a:1e:a5:4e:f5:12:
         43:65:75:49:3f:70:a0:c5:70:f8:8e:84:e5:86:88:c7:e1:59:
         80:91:5e:66:91:7b:80:5d:80:9e:87:13:14:51:1d:de:a3:d9:
         91:dc:cb:29:97:8d:ba:af:59:88:e9:e7:15:8a:80:ed:02:0a:
         81:d9:98:01:4f:3c:4b:8b:a9:0a:ae:90:5e:16:63:84:82:b4:
         be:7d:ef:f2
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYcF7lwgNGr8H3Hqoqx+iL+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjMwMzIxMjA0ODM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGVmYzM5NDg3OWY1YTY3YjFkNzRiMmI0OWNiMmY5MTU2MWVkZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTexvTJJ0QQ/z+OrP6Ly/0MvK+QF
w2TiBb7NALk9XOSrhMQYGzylyWIx7kMruHPRSTqHVLWMSI/5jKQfcYz8Di42KuZM
dp0X07UuGh7UoEgLwtvWA70gQwU+Wg+Q+vZlHbU/m4dbSFLUT8sr0NK0drFW2zmr
MwlncqEcFL8Jjqp9X2iK7YaSO4SFQVonS46VjKnnmLfICrvYDy0nZXCBpCUAiNYC
Q3lBn0wHx82v0gTTfoJuy/UoP/jc14QGY4y5N9cIziMGu+44H0RJ1ddwRMkUIj3D
sfd2EEFl+vpd2OY02iGkBzCu0oJR6ynV9zrVSqv9NA+TACkyZnZAB0GFJwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFOjvw5SHn1pnsddLK0nLL5FWHt5QMB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvNk9fRGxJZWZXbWV4MTBzclNjc3ZrVlllM2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzA4BAIAATAyAwQCLUPkAwQB
SnfCMAwDBABQXM0DBABQXM4DBAK58lQDBAG5+pQDBAC5+pcDBADDlVcwGwQCAAIw
FQMFACoJfEADBQAqCXxEAwUAKgl8RzANBgkqhkiG9w0BAQsFAAOCAQEAdnsjUYyD
smS8MNyaCkYyQ4x6AZO7kf5ux62bvIfFAFp+EUEkLrNGvxneG8vPrnr/C4qMtLOw
ISkfutkhr2uak6TzId/Fp5/6qJ8TdBozlvuaLNFsChxK6mu22g5jwtuFuZYsocZK
ZWQkf3Xu3dwOnPppto8UeRgTRfrZq03RoVoiPJUTWzog4eIL7zk5uVdlCvNmlc4w
BWGbW6/BWsibOmuIdj4itZxhaxMcNIR1ah6lTvUSQ2V1ST9woMVw+I6E5YaIx+FZ
gJFeZpF7gF2AnocTFFEd3qPZkdzLKZeNuq9ZiOnnFYqA7QIKgdmYAU88S4upCq6Q
XhZjhIK0vn3v8g==
-----END CERTIFICATE-----