Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/1c9dbb-052c-4eea-ade6-ec5b88d0138a/1/yKbopRuUB_KZSD-Rwtf5MwEmoaA.roa
File:                     yKbopRuUB_KZSD-Rwtf5MwEmoaA.roa (raw, json)
Hash identifier:          E9pFaspIH/RLDVDtqul3w3YqiR15OuEmxp+DOMSfsS4=
Subject key identifier:   C8:A6:E8:A5:1B:94:07:F2:99:48:3F:91:C2:D7:F9:33:01:26:A1:A0
Certificate issuer:       /CN=e4a9308742e7eb66506219d829d86185899a1e34
Certificate serial:       01822F578768A401FADBF9E569C59D69C183
Authority key identifier: E4:A9:30:87:42:E7:EB:66:50:62:19:D8:29:D8:61:85:89:9A:1E:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Kkwh0Ln62ZQYhnYKdhhhYmaHjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/1c9dbb-052c-4eea-ade6-ec5b88d0138a/1/yKbopRuUB_KZSD-Rwtf5MwEmoaA.roa
Signing time:             Sun 24 Jul 2022 08:34:01 +0000
ROA not before:           Sun 24 Jul 2022 08:34:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211559
IP address blocks:        31.11.48.0/21 maxlen: 21
                          80.76.166.0/24 maxlen: 24
                          80.76.165.0/24 maxlen: 24
                          80.76.168.0/23 maxlen: 23
                          80.76.167.0/24 maxlen: 24
                          80.76.166.0/23 maxlen: 23
                          37.186.60.0/22 maxlen: 22
                          37.186.60.0/24 maxlen: 24
                          212.70.104.0/24 maxlen: 24
                          212.70.105.0/24 maxlen: 24
                          212.70.101.0/24 maxlen: 24
                          212.70.100.0/24 maxlen: 24
                          212.70.103.0/24 maxlen: 24
                          212.70.102.0/24 maxlen: 24
                          103.14.208.0/22 maxlen: 22
                          212.70.123.0/24 maxlen: 24
                          212.70.120.0/24 maxlen: 24
                          185.247.88.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:2f:57:87:68:a4:01:fa:db:f9:e5:69:c5:9d:69:c1:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a9308742e7eb66506219d829d86185899a1e34
        Validity
            Not Before: Jul 24 08:34:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c8a6e8a51b9407f299483f91c2d7f9330126a1a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4b:dd:96:61:d5:72:8f:13:a5:20:15:fc:17:
                    c3:c8:fd:00:1b:37:b1:8e:9f:51:73:df:a9:cd:9c:
                    42:8f:96:fa:e8:2e:8b:0a:e1:81:89:4b:38:f5:7d:
                    6a:03:70:b0:9f:96:d4:20:00:d8:2e:55:5f:94:51:
                    ad:0b:ec:65:98:a2:3d:e4:eb:a6:05:f3:2a:1f:ed:
                    29:d4:08:a7:6d:36:30:39:87:e9:7f:8d:53:2d:70:
                    5b:bd:47:f5:53:3f:3f:26:ea:61:e3:7e:5c:f0:f8:
                    7c:6a:82:c4:55:33:72:35:64:c7:61:fb:98:1d:f7:
                    28:51:2a:2c:2b:69:6b:e2:f8:bd:eb:5f:74:cc:bd:
                    48:0a:fc:e5:44:4c:56:94:ec:1d:53:fe:a3:fd:d0:
                    f7:70:5d:2d:8e:7e:0e:1e:a1:05:61:48:c8:ea:ba:
                    4b:27:cc:a6:15:00:42:f7:7e:3f:1d:f3:91:94:30:
                    d4:39:d5:79:ce:74:61:67:28:a7:58:a1:8c:f1:98:
                    0f:6e:af:f6:78:af:5c:c1:e7:c7:66:a5:a8:11:7d:
                    dd:60:dc:35:6f:bb:19:96:01:bf:6e:17:60:17:bd:
                    f8:eb:a5:09:a0:9b:b0:c4:cf:e8:6c:29:53:c3:e8:
                    30:33:d1:18:83:a5:af:0c:6e:75:83:13:a3:fb:2e:
                    c4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A6:E8:A5:1B:94:07:F2:99:48:3F:91:C2:D7:F9:33:01:26:A1:A0
            X509v3 Authority Key Identifier:
                keyid:E4:A9:30:87:42:E7:EB:66:50:62:19:D8:29:D8:61:85:89:9A:1E:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Kkwh0Ln62ZQYhnYKdhhhYmaHjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1c9dbb-052c-4eea-ade6-ec5b88d0138a/1/yKbopRuUB_KZSD-Rwtf5MwEmoaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1c9dbb-052c-4eea-ade6-ec5b88d0138a/1/5Kkwh0Ln62ZQYhnYKdhhhYmaHjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.11.48.0/21
                  37.186.60.0/22
                  80.76.165.0-80.76.169.255
                  103.14.208.0/22
                  185.247.88.0/22
                  212.70.100.0-212.70.105.255
                  212.70.120.0/24
                  212.70.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:20:8e:f4:92:d5:00:fb:d4:a0:c2:2b:76:49:b4:f7:da:ca:
         ad:ad:fd:94:3b:f0:d1:96:dc:18:16:b4:bb:5b:c5:5d:95:7e:
         ba:c9:f2:68:19:c8:27:31:ef:35:1a:d2:08:c6:31:33:a2:8b:
         e6:f0:f4:9c:96:ab:44:d8:19:7c:db:d0:b8:22:6d:15:98:2f:
         2a:a6:1f:75:cf:a5:53:37:6e:f8:6e:67:18:6f:1b:29:6d:d7:
         2a:85:b8:8a:5a:70:e7:b8:7f:fc:d3:de:02:67:8d:1c:50:20:
         f5:34:b9:34:67:02:7a:24:b9:39:5d:2e:e0:f3:63:62:57:b9:
         3e:14:88:17:41:70:c7:92:8e:95:7d:d4:ad:d1:b3:fd:9b:3d:
         51:33:f5:ea:bb:96:c1:89:dd:97:0a:9c:04:32:6f:61:3a:bf:
         51:59:fc:dd:26:ef:f1:b4:c0:40:b5:27:7c:b5:37:c8:1b:c5:
         88:11:05:d7:15:cf:34:7f:dd:0e:e9:d9:2f:22:87:4a:05:49:
         7d:7c:90:5c:5a:ff:13:c8:b3:fc:0e:2e:ad:ac:78:7d:f1:20:
         71:eb:57:8f:59:fe:03:ac:cf:11:bb:36:4b:95:2a:39:85:f5:
         1a:6a:41:5f:d2:a3:99:f4:f7:80:dd:66:56:92:3f:bb:12:43:
         1a:ea:67:72
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYIvV4dopAH62/nlacWdacGDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTkzMDg3NDJlN2ViNjY1MDYyMTlkODI5ZDg2MTg1ODk5
YTFlMzQwHhcNMjIwNzI0MDgzNDAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGE2ZThhNTFiOTQwN2YyOTk0ODNmOTFjMmQ3ZjkzMzAxMjZhMWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0vdlmHVco8TpSAV/BfDyP0AGzex
jp9Rc9+pzZxCj5b66C6LCuGBiUs49X1qA3Cwn5bUIADYLlVflFGtC+xlmKI95Oum
BfMqH+0p1AinbTYwOYfpf41TLXBbvUf1Uz8/Juph435c8Ph8aoLEVTNyNWTHYfuY
HfcoUSosK2lr4vi96190zL1ICvzlRExWlOwdU/6j/dD3cF0tjn4OHqEFYUjI6rpL
J8ymFQBC934/HfORlDDUOdV5znRhZyinWKGM8ZgPbq/2eK9cwefHZqWoEX3dYNw1
b7sZlgG/bhdgF73466UJoJuwxM/obClTw+gwM9EYg6WvDG51gxOj+y7E1QIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFMim6KUblAfymUg/kcLX+TMBJqGgMB8GA1UdIwQY
MBaAFOSpMIdC5+tmUGIZ2CnYYYWJmh40MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtrd2gwTG42MlpRWWhuWUtkaGhoWW1hSGpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8xYzlkYmItMDUyYy00ZWVhLWFkZTYt
ZWM1Yjg4ZDAxMzhhLzEveUtib3BSdVVCX0taU0QtUnd0ZjVNd0Vtb2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8xYzlkYmItMDUyYy00ZWVhLWFkZTYtZWM1Yjg4ZDAxMzhh
LzEvNUtrd2gwTG42MlpRWWhuWUtkaGhoWW1hSGpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQDHwswAwQC
Jbo8MAwDBABQTKUDBAFQTKgDBAJnDtADBAK591gwDAMEAtRGZAMEAdRGaAMEANRG
eAMEANRGezANBgkqhkiG9w0BAQsFAAOCAQEAmCCO9JLVAPvUoMIrdkm099rKra39
lDvw0ZbcGBa0u1vFXZV+usnyaBnIJzHvNRrSCMYxM6KL5vD0nJarRNgZfNvQuCJt
FZgvKqYfdc+lUzdu+G5nGG8bKW3XKoW4ilpw57h//NPeAmeNHFAg9TS5NGcCeiS5
OV0u4PNjYle5PhSIF0Fwx5KOlX3UrdGz/Zs9UTP16ruWwYndlwqcBDJvYTq/UVn8
3Sbv8bTAQLUnfLU3yBvFiBEF1xXPNH/dDunZLyKHSgVJfXyQXFr/E8iz/A4urax4
ffEgcetXj1n+A6zPEbs2S5UqOYX1GmpBX9KjmfT3gN1mVpI/uxJDGupncg==
-----END CERTIFICATE-----