Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/qcbfw4tzEqeGGJr9WdF9xCMHVjM.roa
File:                     qcbfw4tzEqeGGJr9WdF9xCMHVjM.roa (raw, json)
Hash identifier:          ZwdVQ+SpGa2gXCHaYsog0nvMsXf/LCJhuuTCZgyV2yY=
Subject key identifier:   A9:C6:DF:C3:8B:73:12:A7:86:18:9A:FD:59:D1:7D:C4:23:07:56:33
Certificate issuer:       /CN=8d4dd2d06d920e403933fdb2cd1984893552579c
Certificate serial:       01847A0C66A63EE1FF67BDECFAB45D580805
Authority key identifier: 8D:4D:D2:D0:6D:92:0E:40:39:33:FD:B2:CD:19:84:89:35:52:57:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jU3S0G2SDkA5M_2yzRmEiTVSV5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/qcbfw4tzEqeGGJr9WdF9xCMHVjM.roa
Signing time:             Tue 15 Nov 2022 06:49:03 +0000
ROA not before:           Tue 15 Nov 2022 06:49:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39280
IP address blocks:        89.219.44.0/22 maxlen: 22
                          89.219.40.0/22 maxlen: 22
                          89.219.40.0/21 maxlen: 21
                          81.21.80.0/21 maxlen: 21
                          81.21.80.0/20 maxlen: 20
                          81.21.88.0/21 maxlen: 21
                          93.184.224.0/21 maxlen: 21
                          93.184.224.0/20 maxlen: 20
                          93.184.232.0/21 maxlen: 21
                          46.228.176.0/21 maxlen: 21
                          46.228.176.0/20 maxlen: 20
                          46.228.184.0/21 maxlen: 21
                          185.41.202.0/23 maxlen: 23
                          185.41.200.0/23 maxlen: 23
                          185.41.200.0/22 maxlen: 22
                          46.18.64.0/21 maxlen: 21
                          46.18.64.0/22 maxlen: 22
                          46.18.68.0/22 maxlen: 22
                          2a03:ba40::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7a:0c:66:a6:3e:e1:ff:67:bd:ec:fa:b4:5d:58:08:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d4dd2d06d920e403933fdb2cd1984893552579c
        Validity
            Not Before: Nov 15 06:49:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a9c6dfc38b7312a786189afd59d17dc423075633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e2:7a:8e:84:26:52:a5:c0:65:9b:dc:a4:22:
                    ca:82:b3:32:58:92:5d:48:af:18:b7:37:78:d2:76:
                    a9:55:e8:f3:1a:9b:0d:ff:2e:30:de:27:05:da:17:
                    dd:dc:4d:8e:a8:8f:7e:c6:e4:11:6e:ce:81:cc:b9:
                    41:a9:63:63:d2:00:8c:7d:4b:9c:85:34:80:f3:9e:
                    26:f9:3e:6a:f8:1a:c8:d2:26:95:70:11:49:30:ca:
                    ec:68:fc:bc:84:12:9f:ab:3d:54:97:7a:85:c0:bf:
                    f8:28:7e:b6:a7:d4:00:c7:15:39:54:1a:67:41:65:
                    af:ff:9c:7c:a5:50:4c:66:f2:fc:e5:c7:2d:ae:74:
                    5c:04:e9:bd:73:be:57:a6:80:c0:d8:b2:a9:38:bb:
                    7e:e8:31:93:41:78:7b:e2:2a:50:b0:3e:72:22:89:
                    76:c9:08:e9:39:ab:c3:af:35:10:72:e3:88:e3:f6:
                    2b:2e:c9:55:0f:ab:a0:e5:fb:6e:29:07:fd:35:b2:
                    cb:f2:8b:2a:c6:98:78:50:ca:3f:b8:6d:b5:d0:49:
                    71:7d:c6:83:23:85:69:e9:a1:c6:26:55:4f:6f:6c:
                    74:d9:21:53:fb:af:5d:72:1e:95:67:fe:88:80:97:
                    11:e4:2a:f8:20:f0:98:7f:4c:8b:f1:f8:e7:88:9b:
                    eb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C6:DF:C3:8B:73:12:A7:86:18:9A:FD:59:D1:7D:C4:23:07:56:33
            X509v3 Authority Key Identifier:
                keyid:8D:4D:D2:D0:6D:92:0E:40:39:33:FD:B2:CD:19:84:89:35:52:57:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jU3S0G2SDkA5M_2yzRmEiTVSV5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/qcbfw4tzEqeGGJr9WdF9xCMHVjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/jU3S0G2SDkA5M_2yzRmEiTVSV5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.64.0/21
                  46.228.176.0/20
                  81.21.80.0/20
                  89.219.40.0/21
                  93.184.224.0/20
                  185.41.200.0/22
                IPv6:
                  2a03:ba40::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:1b:19:82:b4:3e:3b:30:19:c3:ce:8e:2a:2d:a9:04:07:f0:
         7a:6b:ba:4e:1b:3f:89:b3:b3:53:19:cd:e2:5f:df:52:04:9e:
         14:90:65:2a:08:56:94:0f:09:fd:4b:76:97:21:a1:10:2c:10:
         6d:28:b8:8b:5a:3c:2c:5e:fb:48:00:23:69:5e:44:6b:c3:dd:
         6c:d9:69:75:f2:91:51:be:2a:2d:e5:ed:3a:0e:47:bd:52:d1:
         f5:2c:aa:31:0c:cc:a3:fb:c6:61:25:4d:00:97:4b:f1:e8:3f:
         ee:db:fb:78:94:fe:8c:6c:bc:52:a5:2e:44:7a:a0:bf:03:cd:
         01:0c:7e:4e:73:d8:b8:04:75:8c:ea:92:e3:19:1f:fb:79:0f:
         cf:1f:f8:b0:7a:c4:ae:ee:2a:51:89:88:a8:88:1e:67:ff:d5:
         da:ca:b3:21:b7:6c:e6:18:ed:81:45:72:b1:00:0e:f7:cc:82:
         61:91:25:d9:c6:2e:db:3d:ae:de:ba:59:d5:bc:0c:e6:9a:9a:
         f7:b5:57:c6:0e:c3:7f:d1:31:01:36:17:0e:a2:6a:08:fa:20:
         0b:cb:73:93:28:36:d5:dd:62:76:1a:f9:49:64:1e:3d:18:67:
         b5:15:ef:df:63:54:9b:70:68:17:3d:9a:b6:0f:76:19:26:1f:
         c0:f5:6c:0d
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYR6DGamPuH/Z73s+rRdWAgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNGRkMmQwNmQ5MjBlNDAzOTMzZmRiMmNkMTk4NDg5MzU1
MjU3OWMwHhcNMjIxMTE1MDY0OTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM2ZGZjMzhiNzMxMmE3ODYxODlhZmQ1OWQxN2RjNDIzMDc1NjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+J6joQmUqXAZZvcpCLKgrMyWJJd
SK8Ytzd40napVejzGpsN/y4w3icF2hfd3E2OqI9+xuQRbs6BzLlBqWNj0gCMfUuc
hTSA854m+T5q+BrI0iaVcBFJMMrsaPy8hBKfqz1Ul3qFwL/4KH62p9QAxxU5VBpn
QWWv/5x8pVBMZvL85cctrnRcBOm9c75XpoDA2LKpOLt+6DGTQXh74ipQsD5yIol2
yQjpOavDrzUQcuOI4/YrLslVD6ug5ftuKQf9NbLL8osqxph4UMo/uG210ElxfcaD
I4Vp6aHGJlVPb2x02SFT+69dch6VZ/6IgJcR5Cr4IPCYf0yL8fjniJvrNwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKnG38OLcxKnhhia/VnRfcQjB1YzMB8GA1UdIwQY
MBaAFI1N0tBtkg5AOTP9ss0ZhIk1UlecMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalUzUzBHMlNEa0E1TV8yeXpSbUVpVFZTVjV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mNjIxYTctZTA4MC00MjU1LTkyNmQt
MzJmZjMxY2VlYzhiLzEvcWNiZnc0dHpFcWVHR0pyOVdkRjl4Q01IVmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mNjIxYTctZTA4MC00MjU1LTkyNmQtMzJmZjMxY2VlYzhi
LzEvalUzUzBHMlNEa0E1TV8yeXpSbUVpVFZTVjV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDLhJAAwQE
LuSwAwQEURVQAwQDWdsoAwQEXbjgAwQCuSnIMA0EAgACMAcDBQAqA7pAMA0GCSqG
SIb3DQEBCwUAA4IBAQAwGxmCtD47MBnDzo4qLakEB/B6a7pOGz+Js7NTGc3iX99S
BJ4UkGUqCFaUDwn9S3aXIaEQLBBtKLiLWjwsXvtIACNpXkRrw91s2Wl18pFRviot
5e06Dke9UtH1LKoxDMyj+8ZhJU0Al0vx6D/u2/t4lP6MbLxSpS5EeqC/A80BDH5O
c9i4BHWM6pLjGR/7eQ/PH/iwesSu7ipRiYioiB5n/9XayrMht2zmGO2BRXKxAA73
zIJhkSXZxi7bPa7eulnVvAzmmpr3tVfGDsN/0TEBNhcOomoI+iALy3OTKDbV3WJ2
GvlJZB49GGe1Fe/fY1SbcGgXPZq2D3YZJh/A9WwN
-----END CERTIFICATE-----