Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/U8k9C8YDLJaPafETWUvLaehCBAI.roa
File:                     U8k9C8YDLJaPafETWUvLaehCBAI.roa (raw, json)
Hash identifier:          mCJD/BdJkqH/CTgOqU9WPHp4tn8r9rzcxmQgCNItM5I=
Subject key identifier:   53:C9:3D:0B:C6:03:2C:96:8F:69:F1:13:59:4B:CB:69:E8:42:04:02
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01839DA521A91CC64442AD66F3FCC9E97D00
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/U8k9C8YDLJaPafETWUvLaehCBAI.roa
Signing time:             Mon 03 Oct 2022 11:39:48 +0000
ROA not before:           Mon 03 Oct 2022 11:39:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        2a0f:a203::/32 maxlen: 32
                          2a0f:3d86::/32 maxlen: 32
                          2a0e:2240:5::/48 maxlen: 48
                          2a0f:a207::/32 maxlen: 32
                          2a0f:3d87::/32 maxlen: 32
                          2a0e:2240:3::/48 maxlen: 48
                          2a0f:a200::/32 maxlen: 32
                          2a0f:3d81::/32 maxlen: 32
                          2a0e:2240:4::/48 maxlen: 48
                          2a0f:a206::/32 maxlen: 32
                          2a0f:3d84::/32 maxlen: 32
                          2a0f:a205::/32 maxlen: 32
                          2a0f:a201::/32 maxlen: 32
                          2a0f:a204::/32 maxlen: 32
                          2a0f:3d85::/32 maxlen: 32
                          2a0f:a202::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:9d:a5:21:a9:1c:c6:44:42:ad:66:f3:fc:c9:e9:7d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct  3 11:39:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=53c93d0bc6032c968f69f113594bcb69e8420402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:65:40:60:50:3b:ba:cb:88:8c:a8:5c:ed:2d:
                    7f:43:aa:56:c9:dc:85:19:15:41:c0:06:86:c3:a1:
                    b1:36:9a:7a:3c:88:e4:82:5c:67:7e:b6:37:71:dc:
                    bc:11:67:20:32:69:2e:ea:42:93:c3:80:cf:db:80:
                    a2:20:64:69:37:e5:0b:1b:3f:c3:b8:d2:ed:ba:74:
                    ee:6d:7e:83:8d:23:04:fb:57:ef:93:de:76:0a:c0:
                    26:47:b6:dd:fd:e2:98:70:cf:ad:20:b2:c2:2a:a1:
                    98:f0:02:d2:9d:7c:f3:78:ae:cf:7c:f8:73:50:85:
                    1d:d7:94:8b:76:06:da:f7:10:fc:6e:e4:13:72:d2:
                    62:63:f1:c7:03:76:0a:16:17:70:d9:77:20:2a:59:
                    02:06:72:07:94:a5:15:26:c5:f4:2d:94:5e:31:ac:
                    8b:f9:82:de:38:5c:4f:48:1c:5d:f5:84:96:9a:3f:
                    cc:84:00:ba:4e:0c:d0:71:68:ca:83:8e:33:03:af:
                    dd:38:70:f9:43:0b:ad:3d:53:ba:3d:0f:c8:fc:a2:
                    db:6f:41:c2:be:4b:f4:36:68:d8:b6:f7:e8:9b:98:
                    8d:9d:af:8a:ba:39:9c:ab:ca:7e:6d:79:b1:4c:e2:
                    18:4c:ef:91:a3:e9:bf:6a:84:03:6c:1e:68:d5:70:
                    4e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C9:3D:0B:C6:03:2C:96:8F:69:F1:13:59:4B:CB:69:E8:42:04:02
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/U8k9C8YDLJaPafETWUvLaehCBAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:2240:3::-2a0e:2240:5:ffff:ffff:ffff:ffff:ffff
                  2a0f:3d81::/32
                  2a0f:3d84::/30
                  2a0f:a200::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:3d:99:08:cd:f7:56:fc:96:5b:3b:fc:ab:7a:d9:eb:33:a6:
         6e:8e:00:e3:ea:0e:a7:57:07:82:62:b7:14:d8:c0:7c:7f:55:
         cf:95:d7:87:b0:c1:dc:ba:a4:36:66:96:fe:3a:87:5e:e2:4e:
         58:ea:0e:08:d8:3d:cc:b2:eb:98:e2:92:d2:cb:21:ca:2c:cf:
         24:e3:7a:1e:2c:ef:d6:63:94:f4:51:ae:54:5c:5a:3a:38:e6:
         3f:af:6a:5f:6d:f6:7f:91:7a:62:9d:be:15:90:41:d5:23:ab:
         cd:d6:ca:10:7f:03:9a:f6:7c:22:8a:fc:61:8d:59:65:7a:7c:
         70:52:74:d3:b6:55:3f:75:87:4d:16:72:99:be:d1:71:83:76:
         ec:e6:86:a2:e1:8b:38:49:83:00:04:0a:99:a1:b0:01:f2:d5:
         d5:a6:30:19:3b:ab:98:28:41:6a:ce:b9:4d:4c:84:8f:e6:d5:
         2c:d2:30:57:a5:83:02:31:ac:ab:d0:99:60:f9:09:10:25:1d:
         23:7a:fa:e2:cd:b8:d4:24:fa:aa:7e:e5:2d:fc:f3:bf:f8:37:
         1b:35:c0:d5:58:82:4a:a8:1e:de:ef:fc:5d:a8:66:d7:06:b8:
         4b:4a:fb:4d:79:fb:f8:cd:56:6f:32:ad:fc:91:81:82:27:f2:
         54:53:84:03
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYOdpSGpHMZEQq1m8/zJ6X0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjIxMDAzMTEzOTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2M5M2QwYmM2MDMyYzk2OGY2OWYxMTM1OTRiY2I2OWU4NDIwNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWVAYFA7usuIjKhc7S1/Q6pWydyF
GRVBwAaGw6GxNpp6PIjkglxnfrY3cdy8EWcgMmku6kKTw4DP24CiIGRpN+ULGz/D
uNLtunTubX6DjSME+1fvk952CsAmR7bd/eKYcM+tILLCKqGY8ALSnXzzeK7PfPhz
UIUd15SLdgba9xD8buQTctJiY/HHA3YKFhdw2XcgKlkCBnIHlKUVJsX0LZReMayL
+YLeOFxPSBxd9YSWmj/MhAC6TgzQcWjKg44zA6/dOHD5QwutPVO6PQ/I/KLbb0HC
vkv0NmjYtvfom5iNna+Kujmcq8p+bXmxTOIYTO+Ro+m/aoQDbB5o1XBOvwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFFPJPQvGAyyWj2nxE1lLy2noQgQCMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvVThrOUM4WURMSmFQYWZFVFdVdkxhZWhDQkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAvBAIAAjApMBIDBwAqDiJA
AAMDBwEqDiJAAAQDBQAqDz2BAwUCKg89hAMFAyoPogAwDQYJKoZIhvcNAQELBQAD
ggEBAF09mQjN91b8lls7/Kt62eszpm6OAOPqDqdXB4JitxTYwHx/Vc+V14ewwdy6
pDZmlv46h17iTljqDgjYPcyy65jiktLLIcoszyTjeh4s79ZjlPRRrlRcWjo45j+v
al9t9n+RemKdvhWQQdUjq83WyhB/A5r2fCKK/GGNWWV6fHBSdNO2VT91h00Wcpm+
0XGDduzmhqLhizhJgwAECpmhsAHy1dWmMBk7q5goQWrOuU1MhI/m1SzSMFelgwIx
rKvQmWD5CRAlHSN6+uLNuNQk+qp+5S3887/4Nxs1wNVYgkqoHt7v/F2oZtcGuEtK
+015+/jNVm8yrfyRgYIn8lRThAM=
-----END CERTIFICATE-----