Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/haOkspzA5y9rhNiKdLVkX_zYymA.roa
File:                     haOkspzA5y9rhNiKdLVkX_zYymA.roa (raw, json)
Hash identifier:          BFCVuaX4nWTo2T3AxB5ZCMAB+8CrIMmJpYhP6In5O/w=
Subject key identifier:   85:A3:A4:B2:9C:C0:E7:2F:6B:84:D8:8A:74:B5:64:5F:FC:D8:CA:60
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018BD22899201970F353EFBEDC5F96731C95
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/haOkspzA5y9rhNiKdLVkX_zYymA.roa
Signing time:             Wed 15 Nov 2023 08:45:57 +0000
ROA not before:           Wed 15 Nov 2023 08:45:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205544
IP address blocks:        2a0f:e6c6:1::/48 maxlen: 48
                          2a13:e101:1::/48 maxlen: 48
                          2a0f:e1c0:1::/48 maxlen: 48
                          2a12:ecc0:1::/48 maxlen: 48
                          2a13:3380:1::/48 maxlen: 48
                          2a0f:e6c7:1::/48 maxlen: 48
                          2a0f:e6c5:1::/48 maxlen: 48
                          2a13:e100:1::/48 maxlen: 48
                          2a12:ecc0:f::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d2:28:99:20:19:70:f3:53:ef:be:dc:5f:96:73:1c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov 15 08:45:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=85a3a4b29cc0e72f6b84d88a74b5645ffcd8ca60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fd:35:db:17:b9:e5:77:2a:30:ea:97:47:ad:
                    23:a7:3b:0a:7c:26:e0:fc:35:10:2f:cd:82:33:28:
                    2b:e6:bb:20:6f:32:7f:81:0d:e4:bf:24:02:67:95:
                    24:99:c6:e8:a3:6e:cc:88:1e:aa:47:e3:f9:c9:10:
                    61:48:7d:55:c6:55:e5:31:c6:81:71:f0:fe:45:d3:
                    3c:9f:dc:90:f9:21:5c:45:31:a8:4f:29:19:21:32:
                    24:31:75:ac:98:c3:9c:49:b0:8b:b0:63:9e:7f:86:
                    92:4f:0e:21:de:65:63:98:6c:ec:98:41:1d:05:f5:
                    4e:19:3e:63:a6:26:ee:09:9d:d3:b6:35:ad:83:83:
                    61:cc:b4:6e:b3:31:75:df:a6:4a:8d:99:a1:4b:d4:
                    52:97:2d:2c:61:38:ba:17:64:3a:4c:49:da:c4:02:
                    61:1e:b4:08:1b:07:48:eb:99:9c:ae:f3:22:1f:56:
                    9a:1c:4f:c8:b6:42:06:5c:76:0f:b0:71:de:23:66:
                    75:77:92:3e:68:a9:0b:e8:ee:df:95:99:c6:b6:16:
                    62:f4:6b:b3:d0:77:ac:8b:cc:dd:b0:34:cc:92:8a:
                    6b:7e:7a:02:a2:a2:29:db:c3:70:b9:53:13:c7:d4:
                    2f:1f:bd:16:e6:72:be:45:56:76:c2:4d:6c:02:9a:
                    a0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A3:A4:B2:9C:C0:E7:2F:6B:84:D8:8A:74:B5:64:5F:FC:D8:CA:60
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/haOkspzA5y9rhNiKdLVkX_zYymA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e1c0:1::/48
                  2a0f:e440::/29
                  2a0f:e6c5:1::/48
                  2a0f:e6c6:1::/48
                  2a0f:e6c7:1::/48
                  2a12:ecc0:1::/48
                  2a12:ecc0:f::/48
                  2a13:3380:1::/48
                  2a13:e100:1::/48
                  2a13:e101:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:16:a8:ca:d6:eb:62:2e:8e:a9:02:3f:9a:9e:b4:c7:67:02:
         f7:df:75:b3:be:ef:de:34:0a:80:f1:c6:da:56:7f:2d:6d:8a:
         1d:26:32:09:29:00:16:ec:3e:27:83:9b:88:ef:ea:b2:17:1a:
         2e:bc:b1:e7:9b:22:07:a8:26:60:4a:b1:da:34:72:83:22:d3:
         7d:f0:03:53:05:11:a2:bc:36:51:31:dc:79:a3:57:71:2c:37:
         45:68:09:69:e5:ad:93:3a:fd:ee:e5:10:37:95:cb:03:f2:35:
         77:bb:f7:b1:99:b1:66:dc:87:a7:dd:aa:66:69:d0:d8:0c:9e:
         dd:7d:17:56:21:d2:ea:1e:30:ab:7c:0d:a9:44:c3:1e:a2:8d:
         a4:cc:64:c8:ca:81:23:ae:ee:d0:21:e5:d2:63:d8:0d:1b:07:
         89:94:2d:75:33:a8:70:71:2e:5d:cd:0c:70:26:bb:74:6c:32:
         4a:7f:f4:fe:82:a0:9c:46:54:77:bc:0b:a0:bf:59:b5:d0:26:
         d6:79:31:b8:ca:4d:b5:c9:d0:ca:71:8c:68:50:e0:22:08:c2:
         1f:9e:36:5b:32:4a:f9:55:02:27:ab:5c:4d:8b:59:ee:a1:91:
         26:95:c1:a1:4c:00:1f:f8:ab:14:51:22:e8:bd:de:90:b1:f8:
         92:28:38:46
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYvSKJkgGXDzU+++3F+WcxyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMTE1MDg0NTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWEzYTRiMjljYzBlNzJmNmI4NGQ4OGE3NGI1NjQ1ZmZjZDhjYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxf012xe55XcqMOqXR60jpzsKfCbg
/DUQL82CMygr5rsgbzJ/gQ3kvyQCZ5Ukmcboo27MiB6qR+P5yRBhSH1VxlXlMcaB
cfD+RdM8n9yQ+SFcRTGoTykZITIkMXWsmMOcSbCLsGOef4aSTw4h3mVjmGzsmEEd
BfVOGT5jpibuCZ3TtjWtg4NhzLRuszF136ZKjZmhS9RSly0sYTi6F2Q6TEnaxAJh
HrQIGwdI65mcrvMiH1aaHE/ItkIGXHYPsHHeI2Z1d5I+aKkL6O7flZnGthZi9Guz
0Hesi8zdsDTMkoprfnoCoqIp28NwuVMTx9QvH70W5nK+RVZ2wk1sApqgpwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFIWjpLKcwOcva4TYinS1ZF/82MpgMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaGFPa3NwekE1eTlyaE5pS2RMVmtYX3pZeW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAAjBYAwcAKg/hwAAB
AwUDKg/kQAMHACoP5sUAAQMHACoP5sYAAQMHACoP5scAAQMHACoS7MAAAQMHACoS
7MAADwMHACoTM4AAAQMHACoT4QAAAQMHACoT4QEAATANBgkqhkiG9w0BAQsFAAOC
AQEAUBaoytbrYi6OqQI/mp60x2cC9991s77v3jQKgPHG2lZ/LW2KHSYyCSkAFuw+
J4ObiO/qshcaLryx55siB6gmYEqx2jRygyLTffADUwURorw2UTHceaNXcSw3RWgJ
aeWtkzr97uUQN5XLA/I1d7v3sZmxZtyHp92qZmnQ2Aye3X0XViHS6h4wq3wNqUTD
HqKNpMxkyMqBI67u0CHl0mPYDRsHiZQtdTOocHEuXc0McCa7dGwySn/0/oKgnEZU
d7wLoL9ZtdAm1nkxuMpNtcnQynGMaFDgIgjCH542WzJK+VUCJ6tcTYtZ7qGRJpXB
oUwAH/irFFEi6L3ekLH4kig4Rg==
-----END CERTIFICATE-----