Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Fr3twY0CWHD7HJ0nt6c90-QJSvU.roa
File:                     Fr3twY0CWHD7HJ0nt6c90-QJSvU.roa (raw, json)
Hash identifier:          ipQE1VvluOwiA0B7mHInQyRTs2Ql7umIGeWXRm+YG/Q=
Subject key identifier:   16:BD:ED:C1:8D:02:58:70:FB:1C:9D:27:B7:A7:3D:D3:E4:09:4A:F5
Certificate issuer:       /CN=435416b2282b4533c3509c18e957ce0c836bc837
Certificate serial:       018B043240BA4A1B5F3F84E0FCA820798F8B
Authority key identifier: 43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Fr3twY0CWHD7HJ0nt6c90-QJSvU.roa
Signing time:             Fri 06 Oct 2023 08:54:44 +0000
ROA not before:           Fri 06 Oct 2023 08:54:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207990
IP address blocks:        185.23.200.0/23 maxlen: 32
                          185.251.44.0/23 maxlen: 32
                          185.251.46.0/23 maxlen: 32
                          185.247.230.0/23 maxlen: 32
                          185.247.229.0/24 maxlen: 32
                          185.247.228.0/24 maxlen: 32
                          195.66.220.0/22 maxlen: 32
                          95.175.80.0/20 maxlen: 32
                          185.251.248.0/23 maxlen: 32
                          185.251.250.0/23 maxlen: 32
                          194.156.112.0/22 maxlen: 32
                          193.8.80.0/22 maxlen: 32
                          178.239.22.0/23 maxlen: 32
                          88.218.144.0/22 maxlen: 32
                          45.133.136.0/24 maxlen: 32
                          91.193.100.0/22 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:04:32:40:ba:4a:1b:5f:3f:84:e0:fc:a8:20:79:8f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=435416b2282b4533c3509c18e957ce0c836bc837
        Validity
            Not Before: Oct  6 08:54:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=16bdedc18d025870fb1c9d27b7a73dd3e4094af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:09:a2:fc:e9:5f:2c:54:98:5a:f0:2a:a2:f5:
                    6a:d8:41:ed:55:b2:74:92:c7:b5:40:55:a1:9e:37:
                    cd:4e:dd:af:01:ce:12:85:d0:1d:c2:3c:f6:21:9c:
                    17:c4:89:71:55:fb:b5:5d:aa:b9:80:b8:61:d7:1a:
                    88:34:80:80:4e:5b:75:c2:3d:cb:e3:f0:14:cf:c4:
                    00:f6:69:2c:f4:bc:61:03:a6:0b:1c:35:ec:84:fb:
                    07:e6:87:d6:40:6b:50:ca:46:90:96:bb:f2:b2:d4:
                    f0:c4:5d:f6:87:21:f1:a5:5d:a0:99:0e:df:68:12:
                    2d:90:32:c3:35:7a:ca:4d:1b:65:46:f2:e2:ef:27:
                    21:bd:88:d1:6b:33:e8:86:08:82:e8:aa:6e:d6:cf:
                    16:ca:0c:c8:c9:79:04:44:a7:29:b5:a8:63:42:2a:
                    63:ce:ff:4d:a9:be:77:de:b8:00:95:2c:a4:b1:a2:
                    e3:72:31:3f:d2:eb:7b:33:53:b3:5b:3a:ee:2a:dd:
                    07:3d:6f:f8:83:c1:fe:35:66:80:f5:a6:a7:5b:85:
                    7b:24:a1:9f:81:52:cb:10:d7:9d:29:b1:19:8f:ec:
                    48:2b:41:40:31:c2:f5:7f:54:75:2e:4d:81:9b:68:
                    34:19:f1:d8:ef:c7:41:97:fb:d3:a6:18:ec:5d:18:
                    8c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:BD:ED:C1:8D:02:58:70:FB:1C:9D:27:B7:A7:3D:D3:E4:09:4A:F5
            X509v3 Authority Key Identifier:
                keyid:43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Fr3twY0CWHD7HJ0nt6c90-QJSvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.136.0/24
                  88.218.144.0/22
                  91.193.100.0/22
                  95.175.80.0/20
                  178.239.22.0/23
                  185.23.200.0/23
                  185.247.228.0/22
                  185.251.44.0/22
                  185.251.248.0/22
                  193.8.80.0/22
                  194.156.112.0/22
                  195.66.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:f7:c9:48:ee:25:3f:8a:07:30:ff:ca:b3:06:91:0b:90:6b:
         3d:de:f6:9d:35:49:ad:b4:01:c0:0f:63:dd:ec:a9:ed:44:b5:
         8f:52:84:ac:e8:7a:0b:91:68:fa:50:b8:29:e8:b0:45:1b:1c:
         1c:10:79:d0:6a:74:c2:d7:1f:77:16:50:e1:14:01:64:a5:26:
         eb:d0:eb:5b:25:64:ff:ec:5b:57:36:a8:ee:11:34:f8:25:00:
         21:80:1e:19:6c:9f:12:23:d1:0d:93:e2:7e:c3:37:1e:83:c3:
         11:7d:23:69:13:be:58:91:54:da:7f:51:4f:92:d0:b6:a6:fa:
         a7:77:64:09:59:54:54:62:73:0f:3d:da:d1:c4:f6:87:50:06:
         13:bd:56:70:6a:87:f1:a1:98:8f:42:8d:99:29:d6:8a:ba:e8:
         26:4a:c0:6c:66:b8:a9:8a:92:16:0d:a1:1c:ec:a4:33:53:84:
         28:92:8b:97:26:1a:b6:8f:26:f2:46:e0:ed:a5:34:62:8b:eb:
         d1:cf:a1:3f:8d:e1:9d:9a:0c:04:af:c2:e9:fc:d3:7f:86:fc:
         49:4d:ad:a8:4a:3a:7a:c3:61:16:05:14:6d:26:a4:67:70:36:
         24:b4:56:b1:b2:5c:b2:d5:b8:2f:2e:c5:22:2c:29:65:fa:5d:
         b0:ca:d6:dc
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYsEMkC6ShtfP4Tg/KggeY+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTQxNmIyMjgyYjQ1MzNjMzUwOWMxOGU5NTdjZTBjODM2
YmM4MzcwHhcNMjMxMDA2MDg1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmJkZWRjMThkMDI1ODcwZmIxYzlkMjdiN2E3M2RkM2U0MDk0YWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQmi/OlfLFSYWvAqovVq2EHtVbJ0
kse1QFWhnjfNTt2vAc4ShdAdwjz2IZwXxIlxVfu1Xaq5gLhh1xqINICATlt1wj3L
4/AUz8QA9mks9LxhA6YLHDXshPsH5ofWQGtQykaQlrvystTwxF32hyHxpV2gmQ7f
aBItkDLDNXrKTRtlRvLi7ychvYjRazPohgiC6Kpu1s8WygzIyXkERKcptahjQipj
zv9Nqb533rgAlSyksaLjcjE/0ut7M1OzWzruKt0HPW/4g8H+NWaA9aanW4V7JKGf
gVLLENedKbEZj+xIK0FAMcL1f1R1Lk2Bm2g0GfHY78dBl/vTphjsXRiMnwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBa97cGNAlhw+xydJ7enPdPkCUr1MB8GA1UdIwQY
MBaAFENUFrIoK0Uzw1CcGOlXzgyDa8g3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQt
MjYyZWIzOWJiZTc2LzEvRnIzdHdZMENXSEQ3SEowbnQ2YzkwLVFKU3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQtMjYyZWIzOWJiZTc2
LzEvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALYWIAwQC
WNqQAwQCW8FkAwQEX69QAwQBsu8WAwQBuRfIAwQCuffkAwQCufssAwQCufv4AwQC
wQhQAwQCwpxwAwQCw0LcMA0GCSqGSIb3DQEBCwUAA4IBAQCb98lI7iU/igcw/8qz
BpELkGs93vadNUmttAHAD2Pd7KntRLWPUoSs6HoLkWj6ULgp6LBFGxwcEHnQanTC
1x93FlDhFAFkpSbr0OtbJWT/7FtXNqjuETT4JQAhgB4ZbJ8SI9ENk+J+wzceg8MR
fSNpE75YkVTaf1FPktC2pvqnd2QJWVRUYnMPPdrRxPaHUAYTvVZwaofxoZiPQo2Z
KdaKuugmSsBsZripipIWDaEc7KQzU4QokouXJhq2jybyRuDtpTRii+vRz6E/jeGd
mgwEr8Lp/NN/hvxJTa2oSjp6w2EWBRRtJqRncDYktFaxslyy1bgvLsUiLCll+l2w
ytbc
-----END CERTIFICATE-----