Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5o3L1fZhWSCeLJPuzLuyb7f9g94.roa
File:                     5o3L1fZhWSCeLJPuzLuyb7f9g94.roa (raw, json)
Hash identifier:          DMp8nrYKGPC2RVKD9yWOof6jF7TVRwl5WAJez44kpM4=
Subject key identifier:   E6:8D:CB:D5:F6:61:59:20:9E:2C:93:EE:CC:BB:B2:6F:B7:FD:83:DE
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018C7C5619EBD009B6DB2EC6B7A72FE431BA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5o3L1fZhWSCeLJPuzLuyb7f9g94.roa
Signing time:             Mon 18 Dec 2023 09:51:06 +0000
ROA not before:           Mon 18 Dec 2023 09:51:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201364
IP address blocks:        2a0f:2705::/32 maxlen: 32
                          2a0f:e9c0::/32 maxlen: 32
                          2a0f:db41::/32 maxlen: 32
                          2a0f:db44::/32 maxlen: 32
                          2a0f:2701::/32 maxlen: 32
                          2a0f:2704::/32 maxlen: 32
                          2a0f:e9c3::/32 maxlen: 32
                          2a0f:2702::/32 maxlen: 32
                          2a0f:db45::/32 maxlen: 32
                          2a0f:db42::/32 maxlen: 32
                          2a0f:db46::/32 maxlen: 32
                          2a0f:2707::/32 maxlen: 32
                          2a0f:e9c5::/32 maxlen: 32
                          2a0f:e9c6::/32 maxlen: 32
                          2a0f:db43::/32 maxlen: 32
                          2a0f:db47::/32 maxlen: 32
                          2a0f:e9c2::/32 maxlen: 32
                          2a0f:db40::/32 maxlen: 32
                          2a0f:e9c1::/32 maxlen: 32
                          2a0f:2700::/32 maxlen: 32
                          2a0f:e9c4::/32 maxlen: 32
                          2a0f:2703::/32 maxlen: 32
                          2a0f:2706::/32 maxlen: 32
                          2a0f:e9c7::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7c:56:19:eb:d0:09:b6:db:2e:c6:b7:a7:2f:e4:31:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Dec 18 09:51:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e68dcbd5f66159209e2c93eeccbbb26fb7fd83de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b6:a6:01:42:a5:2b:a5:e0:e9:25:1a:d0:28:
                    cb:8b:2b:3e:7f:52:b8:41:9a:bd:48:cc:09:99:0c:
                    b2:0e:b4:33:80:3b:e8:31:50:6b:f2:b7:54:a0:f1:
                    71:09:27:24:6f:34:0e:72:d0:03:ea:af:bd:7b:f9:
                    ec:7c:9e:18:1d:fb:71:45:5d:8c:fd:d5:43:a3:97:
                    9a:b8:ab:29:9f:03:9c:d3:7e:74:cb:b6:7f:0f:59:
                    e7:b3:f9:74:4c:aa:94:6b:e5:cb:23:f0:c0:63:0c:
                    22:74:02:60:29:2e:b7:7e:e4:42:ba:9a:54:09:91:
                    95:94:a1:74:e8:9c:e8:d1:66:39:5d:db:39:e1:ad:
                    4a:eb:ff:58:39:95:2d:2e:fb:e3:c3:d2:25:b2:76:
                    d7:5e:bb:32:53:0d:06:9e:0f:fb:8f:1b:61:4c:1f:
                    8a:d9:f4:34:50:63:b1:cc:7f:87:a3:c3:1e:00:5e:
                    55:0b:07:72:3b:f4:73:5a:9e:f6:9a:fd:05:51:ee:
                    ad:ab:f5:83:ab:12:de:59:69:20:21:61:3a:04:49:
                    6a:e4:40:01:50:c3:f5:ea:3e:ca:fa:72:41:27:25:
                    74:4f:4f:f0:da:83:d0:9c:fb:b5:59:af:7e:b4:ef:
                    fb:8a:bd:05:7d:28:fa:e3:41:66:25:35:17:c0:c3:
                    0f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:8D:CB:D5:F6:61:59:20:9E:2C:93:EE:CC:BB:B2:6F:B7:FD:83:DE
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5o3L1fZhWSCeLJPuzLuyb7f9g94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2700::/29
                  2a0f:db40::/29
                  2a0f:e9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         bf:69:2e:83:bc:ca:09:5c:60:7f:ff:c7:67:4d:71:b0:8b:fc:
         ff:2a:05:61:4e:33:98:29:cc:ab:bf:19:5d:c5:4d:a3:fa:6f:
         ed:c8:6b:b6:53:a6:bb:72:75:80:0a:7b:5a:fc:4c:a4:32:a3:
         b8:00:a1:28:e5:3e:95:ac:5d:0e:94:2b:13:39:3f:0d:e4:59:
         c5:a9:81:f6:90:ca:81:e3:14:d3:d8:9d:89:cb:3a:64:bd:ca:
         3d:0f:48:bf:de:32:1d:f2:79:38:58:93:7d:46:67:12:80:ba:
         a2:72:d3:3e:03:99:bc:13:77:76:7f:10:f5:a2:59:1f:f0:c3:
         75:03:db:a4:d7:70:c2:4e:c9:ae:44:0d:6b:bc:fb:df:4f:23:
         f9:a7:17:51:e1:77:25:7f:15:9c:fa:a4:9e:ef:a5:8c:5e:eb:
         c3:66:4e:89:ef:57:b7:0c:4b:83:04:2d:02:bf:71:2a:fe:13:
         01:30:09:44:ba:bd:90:7f:f0:56:05:10:fe:c1:b2:88:34:4d:
         bb:2f:fc:77:84:54:3f:0b:ed:96:02:9b:6c:f6:b4:a6:3a:76:
         e7:c7:22:17:ac:6b:db:ed:9e:72:78:37:6f:94:4c:fb:b0:33:
         d6:dc:54:de:81:e2:c4:57:dd:50:e1:78:68:97:8f:19:6c:43:
         3e:8d:d1:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYx8Vhnr0Am22y7Gt6cv5DG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMjE4MDk1MTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjhkY2JkNWY2NjE1OTIwOWUyYzkzZWVjY2JiYjI2ZmI3ZmQ4M2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LamAUKlK6Xg6SUa0CjLiys+f1K4
QZq9SMwJmQyyDrQzgDvoMVBr8rdUoPFxCSckbzQOctAD6q+9e/nsfJ4YHftxRV2M
/dVDo5eauKspnwOc0350y7Z/D1nns/l0TKqUa+XLI/DAYwwidAJgKS63fuRCuppU
CZGVlKF06Jzo0WY5Xds54a1K6/9YOZUtLvvjw9IlsnbXXrsyUw0Gng/7jxthTB+K
2fQ0UGOxzH+Ho8MeAF5VCwdyO/RzWp72mv0FUe6tq/WDqxLeWWkgIWE6BElq5EAB
UMP16j7K+nJBJyV0T0/w2oPQnPu1Wa9+tO/7ir0FfSj640FmJTUXwMMPEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOaNy9X2YVkgniyT7sy7sm+3/YPeMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNW8zTDFmWmhXU0NlTEpQdXpMdXliN2Y5Zzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg8nAAMF
AyoP20ADBQMqD+nAMA0GCSqGSIb3DQEBCwUAA4IBAQC/aS6DvMoJXGB//8dnTXGw
i/z/KgVhTjOYKcyrvxldxU2j+m/tyGu2U6a7cnWACnta/EykMqO4AKEo5T6VrF0O
lCsTOT8N5FnFqYH2kMqB4xTT2J2Jyzpkvco9D0i/3jId8nk4WJN9RmcSgLqictM+
A5m8E3d2fxD1olkf8MN1A9uk13DCTsmuRA1rvPvfTyP5pxdR4XclfxWc+qSe76WM
XuvDZk6J71e3DEuDBC0Cv3Eq/hMBMAlEur2Qf/BWBRD+wbKINE27L/x3hFQ/C+2W
Apts9rSmOnbnxyIXrGvb7Z5yeDdvlEz7sDPW3FTegeLEV91Q4Xhol48ZbEM+jdHD
-----END CERTIFICATE-----