Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/1886d8-d874-4c24-92b9-d41ac81d1cc4/1/DRs3vYoXewpIW3P5FpjF9VJunuM.roa
File:                     DRs3vYoXewpIW3P5FpjF9VJunuM.roa (raw, json)
Hash identifier:          VnT3r4rGf58FDM8acwKjMejUA/8Yx2YEJYfFFpgy1ys=
Subject key identifier:   0D:1B:37:BD:8A:17:7B:0A:48:5B:73:F9:16:98:C5:F5:52:6E:9E:E3
Certificate issuer:       /CN=05f08b74f5117ed380723d9e429ecb4aa538525a
Certificate serial:       0181DD24388AB625F7851D18F37CFCD1EF99
Authority key identifier: 05:F0:8B:74:F5:11:7E:D3:80:72:3D:9E:42:9E:CB:4A:A5:38:52:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfCLdPURftOAcj2eQp7LSqU4Ulo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/1886d8-d874-4c24-92b9-d41ac81d1cc4/1/DRs3vYoXewpIW3P5FpjF9VJunuM.roa
Signing time:             Fri 08 Jul 2022 09:29:07 +0000
ROA not before:           Fri 08 Jul 2022 09:29:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35197
IP address blocks:        109.110.98.0/24 maxlen: 24
                          109.110.101.0/24 maxlen: 24
                          109.110.100.0/24 maxlen: 24
                          109.110.99.0/24 maxlen: 24
                          109.110.103.0/24 maxlen: 24
                          109.110.102.0/24 maxlen: 24
                          80.83.16.0/20 maxlen: 20
                          80.83.17.0/24 maxlen: 24
                          80.83.16.0/24 maxlen: 24
                          80.83.16.0/22 maxlen: 22
                          80.83.20.0/22 maxlen: 22
                          80.83.21.0/24 maxlen: 24
                          80.83.20.0/24 maxlen: 24
                          80.83.19.0/24 maxlen: 24
                          80.83.18.0/24 maxlen: 24
                          80.83.24.0/24 maxlen: 24
                          80.83.23.0/24 maxlen: 24
                          80.83.22.0/24 maxlen: 24
                          80.83.31.0/24 maxlen: 24
                          80.83.30.0/24 maxlen: 24
                          80.83.29.0/24 maxlen: 24
                          80.83.28.0/24 maxlen: 24
                          80.83.27.0/24 maxlen: 24
                          80.83.26.0/24 maxlen: 24
                          80.83.25.0/24 maxlen: 24
                          2a0d:6340::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:dd:24:38:8a:b6:25:f7:85:1d:18:f3:7c:fc:d1:ef:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f08b74f5117ed380723d9e429ecb4aa538525a
        Validity
            Not Before: Jul  8 09:29:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0d1b37bd8a177b0a485b73f91698c5f5526e9ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0a:12:ca:5e:87:80:27:00:cf:b3:a2:62:ca:
                    40:ce:e0:37:54:00:a6:cc:af:46:7a:17:74:7f:c3:
                    5d:af:21:1b:7b:5a:1f:6b:6c:01:0d:b2:15:fb:8a:
                    b4:87:47:b5:7a:3c:a9:0b:ec:d7:91:dc:98:ed:0d:
                    78:57:fb:47:67:3d:17:d2:17:cc:22:8d:73:3e:f6:
                    2c:97:6c:b5:e6:a0:79:0e:70:d5:15:37:83:d1:ef:
                    cf:88:54:17:e3:2f:21:3c:32:c4:38:47:40:08:a1:
                    90:f5:e4:e9:31:8f:7d:bf:87:78:d3:8d:19:a7:f3:
                    0a:e8:4b:7a:10:b9:c1:10:94:61:93:5e:0d:ee:4a:
                    25:7c:73:7f:17:90:1e:03:e6:46:4b:08:88:73:84:
                    25:62:85:d9:bf:07:33:d3:74:b1:6a:0e:d2:1d:30:
                    90:2d:bb:99:3c:ec:6b:5a:0e:98:e5:d2:3a:f8:2d:
                    d8:8e:2e:f4:69:c9:56:4c:30:a3:9e:f7:5c:bb:03:
                    15:c9:80:5b:41:7f:a0:4d:29:28:9f:e6:f1:4a:39:
                    9f:08:63:0c:c2:e6:70:46:72:5d:b8:e4:35:84:eb:
                    7d:cb:6a:2a:9f:3e:e2:4a:bf:ba:be:7b:5f:1c:53:
                    4f:b5:07:b8:87:1e:a6:42:ae:75:eb:47:5a:31:a3:
                    70:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1B:37:BD:8A:17:7B:0A:48:5B:73:F9:16:98:C5:F5:52:6E:9E:E3
            X509v3 Authority Key Identifier:
                keyid:05:F0:8B:74:F5:11:7E:D3:80:72:3D:9E:42:9E:CB:4A:A5:38:52:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfCLdPURftOAcj2eQp7LSqU4Ulo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1886d8-d874-4c24-92b9-d41ac81d1cc4/1/DRs3vYoXewpIW3P5FpjF9VJunuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1886d8-d874-4c24-92b9-d41ac81d1cc4/1/BfCLdPURftOAcj2eQp7LSqU4Ulo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.16.0/20
                  109.110.98.0-109.110.103.255
                IPv6:
                  2a0d:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:6a:d5:25:09:80:7f:ec:07:b4:1a:53:c8:4b:01:b6:50:cc:
         b7:af:f2:5b:e5:56:4d:3f:87:17:49:50:3f:4b:fa:0c:92:c2:
         13:37:81:a7:c0:6b:95:77:8c:86:d7:c6:0f:7e:39:ed:f7:95:
         26:0c:ca:c8:fe:d0:dd:95:61:39:1a:62:70:47:ce:40:2d:65:
         3e:8e:2d:c4:18:6b:98:f5:b8:c0:5f:df:d9:d8:0e:e9:ce:b8:
         90:05:2e:c4:84:3a:cd:ad:44:a5:bf:cb:10:2b:db:a5:2a:b2:
         b2:00:c5:c2:5c:86:33:9c:13:cd:d4:c6:36:1d:59:5e:2a:0a:
         7f:d4:80:98:06:12:d0:79:f4:36:c7:4d:a1:21:45:6b:70:fc:
         f2:20:15:4b:bd:9b:85:3e:1f:31:c2:87:1c:26:68:fc:7d:8a:
         d7:de:f8:01:93:f3:24:b9:ca:1e:67:bd:cc:b9:af:16:23:49:
         0e:af:a3:35:ce:99:84:90:ba:18:c9:23:6b:61:7f:88:d4:d3:
         d2:0f:d9:7e:98:8e:5a:63:a0:e9:e3:46:7b:01:59:57:f2:2c:
         a7:d4:3b:88:65:72:3f:a7:77:db:39:77:45:a3:11:12:1f:32:
         e5:5f:30:9c:5b:da:29:5e:f8:83:ef:1a:af:17:09:ce:98:a2:
         ca:bf:3b:8b
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYHdJDiKtiX3hR0Y83z80e+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjA4Yjc0ZjUxMTdlZDM4MDcyM2Q5ZTQyOWVjYjRhYTUz
ODUyNWEwHhcNMjIwNzA4MDkyOTA3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFiMzdiZDhhMTc3YjBhNDg1YjczZjkxNjk4YzVmNTUyNmU5ZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogoSyl6HgCcAz7OiYspAzuA3VACm
zK9Gehd0f8NdryEbe1ofa2wBDbIV+4q0h0e1ejypC+zXkdyY7Q14V/tHZz0X0hfM
Io1zPvYsl2y15qB5DnDVFTeD0e/PiFQX4y8hPDLEOEdACKGQ9eTpMY99v4d4040Z
p/MK6Et6ELnBEJRhk14N7kolfHN/F5AeA+ZGSwiIc4QlYoXZvwcz03Sxag7SHTCQ
LbuZPOxrWg6Y5dI6+C3Yji70aclWTDCjnvdcuwMVyYBbQX+gTSkon+bxSjmfCGMM
wuZwRnJduOQ1hOt9y2oqnz7iSr+6vntfHFNPtQe4hx6mQq5160daMaNwzwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFA0bN72KF3sKSFtz+RaYxfVSbp7jMB8GA1UdIwQY
MBaAFAXwi3T1EX7TgHI9nkKey0qlOFJaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZDTGRQVVJmdE9BY2oyZVFwN0xTcVU0VWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xODg2ZDgtZDg3NC00YzI0LTkyYjkt
ZDQxYWM4MWQxY2M0LzEvRFJzM3ZZb1hld3BJVzNQNUZwakY5Vkp1bnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xODg2ZDgtZDg3NC00YzI0LTkyYjktZDQxYWM4MWQxY2M0
LzEvQmZDTGRQVVJmdE9BY2oyZVFwN0xTcVU0VWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQEUFMQMAwD
BAFtbmIDBANtbmAwDQQCAAIwBwMFAyoNY0AwDQYJKoZIhvcNAQELBQADggEBAGtq
1SUJgH/sB7QaU8hLAbZQzLev8lvlVk0/hxdJUD9L+gySwhM3gafAa5V3jIbXxg9+
Oe33lSYMysj+0N2VYTkaYnBHzkAtZT6OLcQYa5j1uMBf39nYDunOuJAFLsSEOs2t
RKW/yxAr26UqsrIAxcJchjOcE83UxjYdWV4qCn/UgJgGEtB59DbHTaEhRWtw/PIg
FUu9m4U+HzHChxwmaPx9itfe+AGT8yS5yh5nvcy5rxYjSQ6vozXOmYSQuhjJI2th
f4jU09IP2X6YjlpjoOnjRnsBWVfyLKfUO4hlcj+nd9s5d0WjERIfMuVfMJxb2ile
+IPvGq8XCc6Yosq/O4s=
-----END CERTIFICATE-----