Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Jn_XGwY6b-zU2bWuZv7SmdH1dG8.roa
File:                     Jn_XGwY6b-zU2bWuZv7SmdH1dG8.roa (raw, json)
Hash identifier:          KRc8RaU3a1/KlyWDYTNPX7fSFJGajNRvj7eLPKlK2Rg=
Subject key identifier:   26:7F:D7:1B:06:3A:6F:EC:D4:D9:B5:AE:66:FE:D2:99:D1:F5:74:6F
Certificate issuer:       /CN=06da1c6b1a65f7a3d97f9bd75e7cac3135246fa5
Certificate serial:       1CD1C2BD
Authority key identifier: 06:DA:1C:6B:1A:65:F7:A3:D9:7F:9B:D7:5E:7C:AC:31:35:24:6F:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Btocaxpl96PZf5vXXnysMTUkb6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Jn_XGwY6b-zU2bWuZv7SmdH1dG8.roa
Signing time:             Mon 07 Feb 2022 08:30:49 +0000
ROA not before:           Mon 07 Feb 2022 08:30:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51395
IP address blocks:        176.10.96.0/19 maxlen: 19
                          185.85.108.0/22 maxlen: 22
                          91.192.100.0/22 maxlen: 22
                          185.32.220.0/22 maxlen: 22
                          185.32.221.0/24 maxlen: 24
                          185.32.223.0/24 maxlen: 24
                          185.189.148.0/22 maxlen: 22
                          185.195.68.0/23 maxlen: 23
                          91.201.56.0/22 maxlen: 22
                          176.10.104.240/32 maxlen: 32
                          195.225.117.0/24 maxlen: 24
                          195.225.118.0/23 maxlen: 23
                          2a00:bd80::/32 maxlen: 32
                          2a0b:ee80::/29 maxlen: 29
                          2a0a:5dc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 483508925 (0x1cd1c2bd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06da1c6b1a65f7a3d97f9bd75e7cac3135246fa5
        Validity
            Not Before: Feb  7 08:30:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=267fd71b063a6fecd4d9b5ae66fed299d1f5746f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e7:2c:aa:35:0b:ea:33:70:a5:f3:aa:88:6a:
                    fd:9a:40:d4:1a:f5:c5:5f:bd:d7:58:5a:fc:31:82:
                    b8:f4:fc:34:27:b1:2e:71:8f:97:64:af:09:5f:d5:
                    bb:62:e7:e3:59:6c:a5:40:69:f4:ba:9f:d0:56:ba:
                    cc:bf:13:2f:0e:e1:0c:b2:76:32:50:7f:55:81:62:
                    62:d7:4f:3f:1b:f7:81:18:da:f2:0d:3a:83:8d:94:
                    cb:ff:de:be:e1:de:f8:13:fb:50:96:27:08:8a:09:
                    2c:01:f5:96:16:8d:ce:26:ff:b7:96:12:e0:1c:e3:
                    42:64:30:5e:97:78:84:e1:73:9b:7d:53:26:1a:8d:
                    d7:6c:f0:50:5c:20:8e:ad:e1:b7:53:9f:09:f9:07:
                    de:ad:ff:4d:9d:c1:fb:2b:15:4c:e0:b7:5b:12:d9:
                    31:12:0f:db:1b:ba:51:41:26:87:56:ec:4f:77:0d:
                    04:1d:10:f7:25:a0:c8:63:96:6c:40:65:88:c4:f2:
                    9b:0c:50:38:ac:1a:fd:f4:75:0b:f2:43:a1:5c:f5:
                    6a:85:51:7e:05:00:7c:2d:b2:64:50:7d:bb:cf:29:
                    6d:9e:b9:93:87:4c:c6:d9:e5:dd:8a:ad:0a:38:2b:
                    38:7a:29:12:9e:74:25:8f:84:f8:f2:99:a4:19:e3:
                    1a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7F:D7:1B:06:3A:6F:EC:D4:D9:B5:AE:66:FE:D2:99:D1:F5:74:6F
            X509v3 Authority Key Identifier:
                keyid:06:DA:1C:6B:1A:65:F7:A3:D9:7F:9B:D7:5E:7C:AC:31:35:24:6F:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Btocaxpl96PZf5vXXnysMTUkb6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Jn_XGwY6b-zU2bWuZv7SmdH1dG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Btocaxpl96PZf5vXXnysMTUkb6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.100.0/22
                  91.201.56.0/22
                  176.10.96.0/19
                  185.32.220.0/22
                  185.85.108.0/22
                  185.189.148.0/22
                  185.195.68.0/23
                  195.225.117.0-195.225.119.255
                IPv6:
                  2a00:bd80::/32
                  2a0a:5dc0::/29
                  2a0b:ee80::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:b4:28:37:e6:e6:92:d1:00:dd:42:f7:b6:06:59:54:32:63:
         d0:49:72:f1:1f:db:cc:d1:9a:ad:cb:b6:67:ce:4d:ee:2a:b2:
         50:ea:4c:5b:5a:a6:5a:67:11:14:a6:f9:49:6e:72:63:fd:c7:
         ad:2f:19:f3:db:40:e1:64:84:24:14:38:31:3e:e6:4d:94:2e:
         09:9c:c9:6c:88:35:fa:ea:80:94:08:b5:bb:cd:bd:f0:16:e8:
         e4:4e:cd:cd:b8:86:99:a6:39:e3:8e:df:7e:d9:a0:06:b0:f6:
         10:ff:f5:32:31:6b:71:d4:ed:02:d8:8f:6c:0d:33:cc:ae:4e:
         9a:ee:05:3d:fb:10:8b:77:e0:78:c3:a5:90:8a:83:49:ab:e2:
         fa:d2:f3:f9:62:8a:b0:f7:17:0c:8e:4a:0c:27:28:7f:65:5a:
         ed:9f:11:ce:63:98:42:34:c4:dd:46:b1:28:40:08:8e:24:dc:
         c0:50:5f:ee:5c:c0:f2:db:d9:82:80:0d:0a:f9:44:f2:b9:18:
         17:1f:4a:2a:90:a9:07:7a:88:55:f3:88:91:b7:c5:18:f3:99:
         06:9c:a4:f4:18:9f:10:7a:86:64:40:e3:b1:b9:ea:2a:d5:91:
         80:27:ee:01:91:03:bc:cf:34:93:e6:b9:f4:cd:d0:03:34:bd:
         54:d4:79:ba
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIEHNHCvTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NmRhMWM2YjFhNjVmN2EzZDk3ZjliZDc1ZTdjYWMzMTM1MjQ2ZmE1MB4XDTIyMDIw
NzA4MzA0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjY3ZmQ3MWIwNjNh
NmZlY2Q0ZDliNWFlNjZmZWQyOTlkMWY1NzQ2ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALvnLKo1C+ozcKXzqohq/ZpA1Br1xV+911ha/DGCuPT8NCex
LnGPl2SvCV/Vu2Ln41lspUBp9Lqf0Fa6zL8TLw7hDLJ2MlB/VYFiYtdPPxv3gRja
8g06g42Uy//evuHe+BP7UJYnCIoJLAH1lhaNzib/t5YS4BzjQmQwXpd4hOFzm31T
JhqN12zwUFwgjq3ht1OfCfkH3q3/TZ3B+ysVTOC3WxLZMRIP2xu6UUEmh1bsT3cN
BB0Q9yWgyGOWbEBliMTymwxQOKwa/fR1C/JDoVz1aoVRfgUAfC2yZFB9u88pbZ65
k4dMxtnl3YqtCjgrOHopEp50JY+E+PKZpBnjGo8CAwEAAaOCAlgwggJUMB0GA1Ud
DgQWBBQmf9cbBjpv7NTZta5m/tKZ0fV0bzAfBgNVHSMEGDAWgBQG2hxrGmX3o9l/
m9defKwxNSRvpTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0J0b2NheHBsOTZQWmY1dlhYbnlzTVRVa2I2VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGUvNjJhM2IxLTExN2QtNGIxNy05NjYyLTQ1ZWI3MzhjYjljOC8x
L0puX1hHd1k2Yi16VTJiV3VadjdTbWRIMWRHOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGUv
NjJhM2IxLTExN2QtNGIxNy05NjYyLTQ1ZWI3MzhjYjljOC8xL0J0b2NheHBsOTZQ
WmY1dlhYbnlzTVRVa2I2VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBu
BggrBgEFBQcBBwEB/wRfMF0wPgQCAAEwOAMEAlvAZAMEAlvJOAMEBbAKYAMEArkg
3AMEArlVbAMEArm9lAMEAbnDRDAMAwQAw+F1AwQDw+FwMBsEAgACMBUDBQAqAL2A
AwUDKgpdwAMFAyoL7oAwDQYJKoZIhvcNAQELBQADggEBAFC0KDfm5pLRAN1C97YG
WVQyY9BJcvEf28zRmq3LtmfOTe4qslDqTFtaplpnERSm+UlucmP9x60vGfPbQOFk
hCQUODE+5k2ULgmcyWyINfrqgJQItbvNvfAW6OROzc24hpmmOeOO337ZoAaw9hD/
9TIxa3HU7QLYj2wNM8yuTpruBT37EIt34HjDpZCKg0mr4vrS8/liirD3FwyOSgwn
KH9lWu2fEc5jmEI0xN1GsShACI4k3MBQX+5cwPLb2YKADQr5RPK5GBcfSiqQqQd6
iFXziJG3xRjzmQacpPQYnxB6hmRA47G56irVkYAn7gGRA7zPNJPmufTN0AM0vVTU
ebo=
-----END CERTIFICATE-----