Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/P3ejJX0xZCPP_GAEXiFEOjHKxKg.roa
File:                     P3ejJX0xZCPP_GAEXiFEOjHKxKg.roa (raw, json)
Hash identifier:          SjyuM9cLjos2Bq4CpOeWwM+hhs26KRRrmlblqSxA4is=
Subject key identifier:   3F:77:A3:25:7D:31:64:23:CF:FC:60:04:5E:21:44:3A:31:CA:C4:A8
Certificate issuer:       /CN=cff374657f57078f3ca2c71109d35927c2248681
Certificate serial:       D616AF
Authority key identifier: CF:F3:74:65:7F:57:07:8F:3C:A2:C7:11:09:D3:59:27:C2:24:86:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/P3ejJX0xZCPP_GAEXiFEOjHKxKg.roa
Signing time:             Sat 01 Jan 2022 12:57:00 +0000
ROA not before:           Sat 01 Jan 2022 12:57:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12963
IP address blocks:        176.100.0.0/24 maxlen: 24
                          176.100.1.0/24 maxlen: 24
                          176.100.2.0/23 maxlen: 23
                          176.100.8.0/24 maxlen: 24
                          176.100.9.0/24 maxlen: 24
                          176.100.10.0/23 maxlen: 23
                          176.100.6.0/24 maxlen: 24
                          176.100.14.0/24 maxlen: 24
                          176.100.15.0/24 maxlen: 24
                          176.100.16.0/24 maxlen: 24
                          176.100.17.0/24 maxlen: 24
                          176.100.12.0/24 maxlen: 24
                          176.100.13.0/24 maxlen: 24
                          176.100.24.0/24 maxlen: 24
                          176.100.21.0/24 maxlen: 24
                          176.100.22.0/24 maxlen: 24
                          176.100.23.0/24 maxlen: 24
                          176.100.18.0/24 maxlen: 24
                          176.100.19.0/24 maxlen: 24
                          176.100.20.0/24 maxlen: 24
                          176.100.29.0/24 maxlen: 24
                          176.100.30.0/24 maxlen: 24
                          176.100.27.0/24 maxlen: 24
                          176.100.31.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14030511 (0xd616af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cff374657f57078f3ca2c71109d35927c2248681
        Validity
            Not Before: Jan  1 12:57:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3f77a3257d316423cffc60045e21443a31cac4a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:08:59:98:e1:72:78:89:6b:31:49:63:8a:17:
                    38:33:c1:6c:f5:60:c5:8c:06:81:be:93:10:8f:e6:
                    74:3d:59:a7:d3:8b:9a:02:6d:b3:c6:0a:ae:27:b0:
                    f8:e7:b9:5a:5d:c4:5f:ca:d3:0e:00:4c:c3:9e:7d:
                    e5:be:db:e9:56:36:0f:26:fa:aa:fb:86:89:fa:4e:
                    d7:cc:22:cc:1b:1b:01:13:e1:64:3f:9f:c0:00:78:
                    a3:6a:36:c9:ce:e6:47:20:c3:08:27:28:3d:d7:3f:
                    5a:ff:0e:66:71:3a:33:33:b4:51:a9:ed:d8:28:56:
                    e4:92:6c:3f:8e:5f:a6:fa:ea:e0:57:d3:93:6e:40:
                    bd:af:c5:af:42:14:c9:b2:28:5d:3d:db:70:07:07:
                    6e:5d:eb:bd:81:e6:d5:5d:d5:d6:af:3e:c2:45:8a:
                    87:ea:1a:01:78:dd:b4:8c:b5:50:6a:bd:5b:a6:19:
                    3f:14:18:6e:21:6f:4f:da:bf:37:21:96:3d:9a:f3:
                    ac:71:6a:e7:30:21:11:f2:ff:eb:0c:9a:1f:d8:41:
                    01:47:fe:0f:d3:1c:6a:c0:95:d4:66:29:3a:c4:88:
                    9a:8f:2f:6d:07:23:7c:d0:72:b2:06:99:98:5c:97:
                    09:48:2f:03:4a:38:58:e2:16:51:74:10:b2:0c:bc:
                    55:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:77:A3:25:7D:31:64:23:CF:FC:60:04:5E:21:44:3A:31:CA:C4:A8
            X509v3 Authority Key Identifier:
                keyid:CF:F3:74:65:7F:57:07:8F:3C:A2:C7:11:09:D3:59:27:C2:24:86:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/P3ejJX0xZCPP_GAEXiFEOjHKxKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/z_N0ZX9XB488oscRCdNZJ8IkhoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.0.0/22
                  176.100.6.0/24
                  176.100.8.0-176.100.24.255
                  176.100.27.0/24
                  176.100.29.0-176.100.31.255

    Signature Algorithm: sha256WithRSAEncryption
         96:e8:41:1e:1d:e0:02:47:6e:bd:72:eb:4e:1e:ff:dd:6e:b9:
         2a:a7:c2:69:c4:b6:3b:ca:bf:c0:93:7f:f7:b3:a8:fc:a7:f5:
         dd:f7:66:09:2c:52:00:2d:dc:9f:c1:9c:72:e3:1b:86:28:78:
         6c:5d:d0:c3:a5:09:6c:7d:1b:a1:38:24:d5:7e:8d:f8:78:63:
         91:b5:0f:7f:dd:2e:c2:b7:79:a5:fc:a0:08:bc:f8:8b:56:97:
         70:9e:5f:32:0e:d4:b5:a5:78:11:a0:74:6f:83:3d:8c:e6:57:
         07:78:48:00:56:2d:d9:e6:7a:14:7f:5a:18:e5:19:5a:0f:d7:
         44:cb:b4:57:72:c0:d9:aa:85:ee:19:68:ea:c8:8d:ab:0b:ee:
         5b:81:e7:8d:b4:50:81:e2:86:c7:7d:18:7c:c5:59:85:51:eb:
         42:b5:4d:8c:29:b9:fc:4c:31:32:c5:b7:b4:6a:f1:59:18:64:
         8b:3c:34:29:99:dc:ac:0c:b4:ed:fa:55:c6:4a:c1:fc:2a:fd:
         8d:fa:a0:f7:5e:18:6a:40:84:cf:c7:e0:e5:f0:95:07:1e:f3:
         81:5c:77:78:d0:75:3d:76:dc:c3:ec:63:32:b0:6f:77:db:7b:
         04:e3:78:2c:5a:48:df:41:69:c5:d6:ab:2a:c2:ae:2c:34:65:
         59:b0:f6:c8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIEANYWrzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZmYzNzQ2NTdmNTcwNzhmM2NhMmM3MTEwOWQzNTkyN2MyMjQ4NjgxMB4XDTIyMDEw
MTEyNTcwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2Y3N2EzMjU3ZDMx
NjQyM2NmZmM2MDA0NWUyMTQ0M2EzMWNhYzRhODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM8IWZjhcniJazFJY4oXODPBbPVgxYwGgb6TEI/mdD1Zp9OL
mgJts8YKriew+Oe5Wl3EX8rTDgBMw5595b7b6VY2Dyb6qvuGifpO18wizBsbARPh
ZD+fwAB4o2o2yc7mRyDDCCcoPdc/Wv8OZnE6MzO0Uant2ChW5JJsP45fpvrq4FfT
k25Ava/Fr0IUybIoXT3bcAcHbl3rvYHm1V3V1q8+wkWKh+oaAXjdtIy1UGq9W6YZ
PxQYbiFvT9q/NyGWPZrzrHFq5zAhEfL/6wyaH9hBAUf+D9McasCV1GYpOsSImo8v
bQcjfNBysgaZmFyXCUgvA0o4WOIWUXQQsgy8VU0CAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBQ/d6MlfTFkI8/8YAReIUQ6McrEqDAfBgNVHSMEGDAWgBTP83Rlf1cHjzyi
xxEJ01knwiSGgTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pfTjBaWDlYQjQ4OG9zY1JDZE5aSjhJa2hvRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvY2QyMTQ2LTdmYmUtNGU1ZC05M2JhLTNlYTJlYmZlODcwNy8x
L1AzZWpKWDB4WkNQUF9HQUVYaUZFT2pIS3hLZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
Y2QyMTQ2LTdmYmUtNGU1ZC05M2JhLTNlYTJlYmZlODcwNy8xL3pfTjBaWDlYQjQ4
OG9zY1JDZE5aSjhJa2hvRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwNAQCAAEwLgMEArBkAAMEALBkBjAMAwQDsGQIAwQA
sGQYAwQAsGQbMAwDBACwZB0DBAWwZAAwDQYJKoZIhvcNAQELBQADggEBAJboQR4d
4AJHbr1y604e/91uuSqnwmnEtjvKv8CTf/ezqPyn9d33ZgksUgAt3J/BnHLjG4Yo
eGxd0MOlCWx9G6E4JNV+jfh4Y5G1D3/dLsK3eaX8oAi8+ItWl3CeXzIO1LWleBGg
dG+DPYzmVwd4SABWLdnmehR/WhjlGVoP10TLtFdywNmqhe4ZaOrIjasL7luB5420
UIHihsd9GHzFWYVR60K1TYwpufxMMTLFt7Rq8VkYZIs8NCmZ3KwMtO36VcZKwfwq
/Y36oPdeGGpAhM/H4OXwlQce84Fcd3jQdT123MPsYzKwb3fbewTjeCxaSN9BacXW
qyrCriw0ZVmw9sg=
-----END CERTIFICATE-----