Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/dYlQBS0QBdnA95WCCNqMpEELZH4.roa
File:                     dYlQBS0QBdnA95WCCNqMpEELZH4.roa (raw, json)
Hash identifier:          gEzj9dxNjHCzvD1ZW9blcxvZPtgct8ceegPYi4CAtAo=
Subject key identifier:   75:89:50:05:2D:10:05:D9:C0:F7:95:82:08:DA:8C:A4:41:0B:64:7E
Certificate issuer:       /CN=5e29c02d261f913ea5bf83c2bc7c33414a42bcca
Certificate serial:       EEFC
Authority key identifier: 5E:29:C0:2D:26:1F:91:3E:A5:BF:83:C2:BC:7C:33:41:4A:42:BC:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XinALSYfkT6lv4PCvHwzQUpCvMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/dYlQBS0QBdnA95WCCNqMpEELZH4.roa
Signing time:             Tue 26 Apr 2022 14:48:21 +0000
ROA not before:           Tue 26 Apr 2022 14:48:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56571
IP address blocks:        176.10.79.0/24 maxlen: 24
                          185.191.41.0/24 maxlen: 24
                          185.191.40.0/24 maxlen: 24
                          185.191.40.0/22 maxlen: 22
                          185.191.42.0/24 maxlen: 24
                          185.191.43.0/24 maxlen: 24
                          176.10.64.0/20 maxlen: 20
                          176.10.64.0/24 maxlen: 24
                          176.10.69.0/24 maxlen: 24
                          176.10.70.0/24 maxlen: 24
                          176.10.67.0/24 maxlen: 24
                          176.10.68.0/24 maxlen: 24
                          176.10.65.0/24 maxlen: 24
                          176.10.66.0/24 maxlen: 24
                          176.10.71.0/24 maxlen: 24
                          176.10.76.0/24 maxlen: 24
                          176.10.77.0/24 maxlen: 24
                          176.10.74.0/24 maxlen: 24
                          176.10.75.0/24 maxlen: 24
                          176.10.72.0/24 maxlen: 24
                          176.10.73.0/24 maxlen: 24
                          176.10.78.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 61180 (0xeefc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e29c02d261f913ea5bf83c2bc7c33414a42bcca
        Validity
            Not Before: Apr 26 14:48:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=758950052d1005d9c0f7958208da8ca4410b647e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d1:02:6d:96:65:f8:73:05:b1:61:8e:7c:1a:
                    54:ae:b2:4d:d6:03:c1:0d:2b:13:53:45:1d:73:1d:
                    aa:b6:c8:e4:c6:8f:69:e3:46:55:88:de:ad:29:bb:
                    b6:bb:ee:ea:c9:b3:73:7b:98:73:82:5b:26:f0:e9:
                    52:99:b1:5a:66:59:26:57:40:52:67:12:26:9e:47:
                    6f:f5:7e:b7:47:64:34:1e:3d:9d:5a:71:26:49:fd:
                    2c:d9:f3:32:51:68:3c:c1:0d:14:7f:0a:9c:5b:fe:
                    77:08:d9:54:6b:1f:ce:30:2f:64:56:54:c1:9e:22:
                    fe:f0:53:c3:69:cf:e7:9a:41:b8:15:3a:0c:0c:e9:
                    99:17:dd:17:7e:63:68:18:e0:5f:00:c1:6b:bc:95:
                    81:f9:67:af:7b:58:3f:2f:94:08:ef:5f:70:da:0f:
                    20:10:d3:d0:9f:a3:0d:68:3a:eb:13:21:e5:fd:d8:
                    53:d5:a2:47:36:ff:e5:fe:a7:fc:99:54:d1:74:6a:
                    9a:38:37:7c:7f:1b:f8:41:eb:69:fb:c8:2b:0c:ea:
                    70:05:06:e4:62:56:68:8a:65:41:57:2b:4a:40:db:
                    77:73:f7:9f:c4:02:2f:67:45:c6:7f:eb:7b:c9:93:
                    66:a6:1f:88:59:55:94:f4:ca:83:94:42:b8:06:a3:
                    2d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:89:50:05:2D:10:05:D9:C0:F7:95:82:08:DA:8C:A4:41:0B:64:7E
            X509v3 Authority Key Identifier:
                keyid:5E:29:C0:2D:26:1F:91:3E:A5:BF:83:C2:BC:7C:33:41:4A:42:BC:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XinALSYfkT6lv4PCvHwzQUpCvMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/dYlQBS0QBdnA95WCCNqMpEELZH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/XinALSYfkT6lv4PCvHwzQUpCvMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.10.64.0/20
                  185.191.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:c4:92:fe:8d:b7:08:7a:fe:41:17:3b:4d:68:30:41:20:d9:
         8b:1e:36:b5:47:b9:5a:0f:d6:79:03:85:61:dc:8d:fa:51:fe:
         79:d0:9d:98:76:96:b8:08:14:3c:a0:5d:e4:82:9b:f1:df:08:
         80:fc:8f:66:86:4d:2a:c7:35:3b:92:99:ce:8f:8b:3f:12:47:
         4a:8c:98:92:74:58:b1:cc:ee:ae:4c:43:9b:d5:99:33:57:0e:
         16:b5:36:87:dd:5a:46:e8:82:d4:1a:86:3f:a4:ee:3d:f3:3e:
         0d:7f:e0:6a:61:1b:a9:b2:df:24:6a:13:06:2d:78:ae:94:99:
         bd:b0:05:21:fa:63:50:c5:ed:d5:c7:b7:4f:db:43:a1:15:59:
         a7:cb:0b:45:86:34:39:69:9c:84:85:26:68:0c:11:33:21:f8:
         36:4d:9e:02:dd:da:91:39:38:c8:69:53:8a:27:72:af:a3:50:
         0f:33:40:08:47:e0:5b:bd:60:a5:de:c5:48:e0:47:6f:27:73:
         79:25:c3:c4:d7:1e:e6:75:cc:67:20:2a:c9:95:62:e7:99:4d:
         2e:f0:71:2e:af:0a:09:42:94:af:07:61:18:a6:4d:f4:00:ca:
         c2:35:e9:bf:50:30:5d:bd:1a:48:e1:b3:bb:20:e7:43:01:13:
         ae:52:37:ba
-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgIDAO78MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDVl
MjljMDJkMjYxZjkxM2VhNWJmODNjMmJjN2MzMzQxNGE0MmJjY2EwHhcNMjIwNDI2
MTQ0ODIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3NTg5NTAwNTJkMTAw
NWQ5YzBmNzk1ODIwOGRhOGNhNDQxMGI2NDdlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAw9ECbZZl+HMFsWGOfBpUrrJN1gPBDSsTU0Udcx2qtsjkxo9p
40ZViN6tKbu2u+7qybNze5hzglsm8OlSmbFaZlkmV0BSZxImnkdv9X63R2Q0Hj2d
WnEmSf0s2fMyUWg8wQ0UfwqcW/53CNlUax/OMC9kVlTBniL+8FPDac/nmkG4FToM
DOmZF90XfmNoGOBfAMFrvJWB+Weve1g/L5QI719w2g8gENPQn6MNaDrrEyHl/dhT
1aJHNv/l/qf8mVTRdGqaODd8fxv4Qetp+8grDOpwBQbkYlZoimVBVytKQNt3c/ef
xAIvZ0XGf+t7yZNmph+IWVWU9MqDlEK4BqMtywIDAQABo4ICDzCCAgswHQYDVR0O
BBYEFHWJUAUtEAXZwPeVggjajKRBC2R+MB8GA1UdIwQYMBaAFF4pwC0mH5E+pb+D
wrx8M0FKQrzKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
WGluQUxTWWZrVDZsdjRQQ3ZId3pRVXBDdk1vLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9iNS9hYzEyNTMtMDQ1OS00NmNmLWIxYjktOWFjMWE3ZTRjNDA2LzEv
ZFlsUUJTMFFCZG5BOTVXQ0NOcU1wRUVMWkg0LnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9h
YzEyNTMtMDQ1OS00NmNmLWIxYjktOWFjMWE3ZTRjNDA2LzEvWGluQUxTWWZrVDZs
djRQQ3ZId3pRVXBDdk1vLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUG
CCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEsApAAwQCub8oMA0GCSqGSIb3DQEB
CwUAA4IBAQB+xJL+jbcIev5BFztNaDBBINmLHja1R7laD9Z5A4Vh3I36Uf550J2Y
dpa4CBQ8oF3kgpvx3wiA/I9mhk0qxzU7kpnOj4s/EkdKjJiSdFixzO6uTEOb1Zkz
Vw4WtTaH3VpG6ILUGoY/pO498z4Nf+BqYRupst8kahMGLXiulJm9sAUh+mNQxe3V
x7dP20OhFVmnywtFhjQ5aZyEhSZoDBEzIfg2TZ4C3dqROTjIaVOKJ3Kvo1APM0AI
R+BbvWCl3sVI4EdvJ3N5JcPE1x7mdcxnICrJlWLnmU0u8HEurwoJQpSvB2EYpk30
AMrCNem/UDBdvRpI4bO7IOdDAROuUje6
-----END CERTIFICATE-----