Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/jOSS5u_rnmEP7ZZ18w4mNVtfYv8.roa
File:                     jOSS5u_rnmEP7ZZ18w4mNVtfYv8.roa (raw, json)
Hash identifier:          0U2nXGQLZj5HOuKgKPY4kMLhy2i2s1OoyzQLMktbT8M=
Subject key identifier:   8C:E4:92:E6:EF:EB:9E:61:0F:ED:96:75:F3:0E:26:35:5B:5F:62:FF
Certificate issuer:       /CN=b09fff8e8ffd8f8e7d9a7b66d1cc73dc39281ef6
Certificate serial:       0CFAA2D1
Authority key identifier: B0:9F:FF:8E:8F:FD:8F:8E:7D:9A:7B:66:D1:CC:73:DC:39:28:1E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/jOSS5u_rnmEP7ZZ18w4mNVtfYv8.roa
Signing time:             Tue 14 Jun 2022 03:05:44 +0000
ROA not before:           Tue 14 Jun 2022 03:05:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200590
IP address blocks:        77.240.44.0/22 maxlen: 24
                          87.255.200.0/23 maxlen: 24
                          89.223.2.0/24 maxlen: 24
                          194.76.124.0/22 maxlen: 24
                          89.223.0.0/24 maxlen: 24
                          79.143.20.0/22 maxlen: 24
                          5.188.152.0/22 maxlen: 24
                          178.238.78.0/23 maxlen: 24
                          84.252.156.0/22 maxlen: 24
                          5.188.64.0/22 maxlen: 24
                          94.126.201.0/24 maxlen: 24
                          185.97.112.0/22 maxlen: 24
                          87.255.196.0/22 maxlen: 24
                          87.255.194.0/23 maxlen: 24
                          93.190.240.0/22 maxlen: 24
                          2a06:580::/29 maxlen: 40

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 217752273 (0xcfaa2d1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b09fff8e8ffd8f8e7d9a7b66d1cc73dc39281ef6
        Validity
            Not Before: Jun 14 03:05:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8ce492e6efeb9e610fed9675f30e26355b5f62ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:99:27:9a:92:47:4d:d7:4c:4f:10:0f:fa:60:
                    cb:e5:60:2f:c1:e4:d8:2f:fd:aa:c8:b3:87:e6:e0:
                    3e:46:2e:46:60:41:68:2b:30:56:72:04:78:4e:a7:
                    05:4f:1e:f0:5d:4d:21:79:9d:76:4e:02:c4:86:b4:
                    c1:a8:ad:3c:80:03:4d:6f:1d:a7:57:ba:ae:7a:a0:
                    34:d8:21:74:30:03:bd:36:20:8f:21:2f:b0:23:4f:
                    91:21:3c:d4:5d:70:b2:91:b3:f5:be:5b:22:dc:d5:
                    c7:20:d7:82:3d:ab:23:e7:cb:a2:f0:38:f7:4d:39:
                    ec:b7:3a:3b:af:b0:2f:cb:cc:9f:57:5a:f3:97:7e:
                    91:dd:5b:6d:94:f8:b5:2b:32:64:a9:ad:63:c3:3a:
                    5b:cd:d7:44:2c:1d:e9:55:7c:7c:2e:ee:f9:70:ec:
                    12:49:f4:df:fb:f7:b9:8a:37:64:f6:82:80:86:27:
                    3c:88:b1:7d:33:32:28:a6:e9:02:58:c7:8b:0d:a4:
                    30:81:57:94:c2:52:ad:b7:6b:04:60:b8:bb:a0:2e:
                    32:ab:12:32:fe:dc:7a:9e:93:8d:00:cb:b7:8a:f6:
                    a5:1b:66:b0:a9:5f:c1:0c:36:18:fe:8a:22:40:67:
                    f2:1e:73:1e:98:0e:d4:38:6c:cb:bd:51:d2:3c:05:
                    64:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E4:92:E6:EF:EB:9E:61:0F:ED:96:75:F3:0E:26:35:5B:5F:62:FF
            X509v3 Authority Key Identifier:
                keyid:B0:9F:FF:8E:8F:FD:8F:8E:7D:9A:7B:66:D1:CC:73:DC:39:28:1E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/jOSS5u_rnmEP7ZZ18w4mNVtfYv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/sJ__jo_9j459mntm0cxz3DkoHvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.64.0/22
                  5.188.152.0/22
                  77.240.44.0/22
                  79.143.20.0/22
                  84.252.156.0/22
                  87.255.194.0-87.255.201.255
                  89.223.0.0/24
                  89.223.2.0/24
                  93.190.240.0/22
                  94.126.201.0/24
                  178.238.78.0/23
                  185.97.112.0/22
                  194.76.124.0/22
                IPv6:
                  2a06:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:c9:49:16:22:48:3a:bf:a5:18:7e:52:67:01:8b:92:b8:4b:
         52:94:7f:71:4a:f9:2b:70:82:ec:d1:42:9f:a7:1e:b7:6f:f5:
         be:34:03:54:0d:6e:70:f6:c4:6a:7c:d2:75:10:c2:ba:99:dc:
         28:88:f7:60:d6:12:c3:92:9f:52:fa:da:c9:51:2e:50:9f:43:
         6c:e3:13:db:99:e7:31:38:cd:b6:eb:63:65:1e:cc:ec:c1:54:
         49:62:06:f8:53:49:4d:36:4a:2a:3b:25:e0:c2:9d:c4:7a:91:
         35:b7:e8:59:ff:39:e9:c9:47:c5:70:6e:a0:c0:f6:2c:f5:a0:
         ef:57:43:24:13:86:c9:89:a8:09:9f:1e:c4:97:49:71:1d:65:
         9f:d4:fd:d1:d6:e9:40:32:9c:95:71:71:0c:52:6a:50:5f:79:
         f5:92:ec:74:6a:e4:11:cb:a5:81:74:4e:3e:be:d3:49:6b:64:
         ba:c5:ef:b3:00:b5:4b:bb:0e:04:a8:1e:34:3f:c7:9c:c7:b9:
         13:6f:30:73:02:d7:13:50:a4:65:61:bc:75:65:27:5b:3d:79:
         05:10:70:de:73:c9:15:cf:58:0c:f7:d7:56:da:1f:19:7b:19:
         fc:1c:2f:2c:b1:8b:33:76:08:78:6e:f1:a3:10:a0:c7:32:1c:
         48:56:56:d4
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgIEDPqi0TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MDlmZmY4ZThmZmQ4ZjhlN2Q5YTdiNjZkMWNjNzNkYzM5MjgxZWY2MB4XDTIyMDYx
NDAzMDU0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGNlNDkyZTZlZmVi
OWU2MTBmZWQ5Njc1ZjMwZTI2MzU1YjVmNjJmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM+ZJ5qSR03XTE8QD/pgy+VgL8Hk2C/9qsizh+bgPkYuRmBB
aCswVnIEeE6nBU8e8F1NIXmddk4CxIa0waitPIADTW8dp1e6rnqgNNghdDADvTYg
jyEvsCNPkSE81F1wspGz9b5bItzVxyDXgj2rI+fLovA490057Lc6O6+wL8vMn1da
85d+kd1bbZT4tSsyZKmtY8M6W83XRCwd6VV8fC7u+XDsEkn03/v3uYo3ZPaCgIYn
PIixfTMyKKbpAljHiw2kMIFXlMJSrbdrBGC4u6AuMqsSMv7cep6TjQDLt4r2pRtm
sKlfwQw2GP6KIkBn8h5zHpgO1Dhsy71R0jwFZCsCAwEAAaOCAmgwggJkMB0GA1Ud
DgQWBBSM5JLm7+ueYQ/tlnXzDiY1W19i/zAfBgNVHSMEGDAWgBSwn/+Oj/2Pjn2a
e2bRzHPcOSge9jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NKX19qb185ajQ1OW1udG0wY3h6M0Rrb0h2WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTMvOGZiYzdlLTFmNDctNDg3Yy04MjkyLWU1YTc3ZjdhN2FhMi8x
L2pPU1M1dV9ybm1FUDdaWjE4dzRtTlZ0Zll2OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMv
OGZiYzdlLTFmNDctNDg3Yy04MjkyLWU1YTc3ZjdhN2FhMi8xL3NKX19qb185ajQ1
OW1udG0wY3h6M0Rrb0h2WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB+
BggrBgEFBQcBBwEB/wRvMG0wXAQCAAEwVgMEAgW8QAMEAgW8mAMEAk3wLAMEAk+P
FAMEAlT8nDAMAwQBV//CAwQBV//IAwQAWd8AAwQAWd8CAwQCXb7wAwQAXn7JAwQB
su5OAwQCuWFwAwQCwkx8MA0EAgACMAcDBQMqBgWAMA0GCSqGSIb3DQEBCwUAA4IB
AQDIyUkWIkg6v6UYflJnAYuSuEtSlH9xSvkrcILs0UKfpx63b/W+NANUDW5w9sRq
fNJ1EMK6mdwoiPdg1hLDkp9S+trJUS5Qn0Ns4xPbmecxOM2262NlHszswVRJYgb4
U0lNNkoqOyXgwp3EepE1t+hZ/znpyUfFcG6gwPYs9aDvV0MkE4bJiagJnx7El0lx
HWWf1P3R1ulAMpyVcXEMUmpQX3n1kux0auQRy6WBdE4+vtNJa2S6xe+zALVLuw4E
qB40P8ecx7kTbzBzAtcTUKRlYbx1ZSdbPXkFEHDec8kVz1gM99dW2h8Zexn8HC8s
sYszdgh4bvGjEKDHMhxIVlbU
-----END CERTIFICATE-----