Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/2lRf6SYqmhaJ4zul0FRzGBhXNhk.roa
File:                     2lRf6SYqmhaJ4zul0FRzGBhXNhk.roa (raw, json)
Hash identifier:          4fnN6jfZvhJG9ikjruGt/e+cacCL8QtujHuZht3o7Qk=
Subject key identifier:   DA:54:5F:E9:26:2A:9A:16:89:E3:3B:A5:D0:54:73:18:18:57:36:19
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       0183C5FED92A4323D410CC26D031D74A94B0
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/2lRf6SYqmhaJ4zul0FRzGBhXNhk.roa
Signing time:             Tue 11 Oct 2022 07:42:36 +0000
ROA not before:           Tue 11 Oct 2022 07:42:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     328126
IP address blocks:        90.84.148.0/24 maxlen: 24
                          90.84.153.0/24 maxlen: 28
                          80.15.255.0/24 maxlen: 24
                          80.15.254.0/24 maxlen: 24
                          80.15.251.0/24 maxlen: 24
                          80.15.252.0/24 maxlen: 24
                          80.15.253.0/24 maxlen: 24
                          80.15.250.0/24 maxlen: 24
                          2a01:c9c0:c008::/48 maxlen: 64
                          2a01:c9c0:c00c::/48 maxlen: 64
                          2a01:c9c0:c002::/48 maxlen: 64
                          2a01:c9c0:c000::/48 maxlen: 64
                          2a01:c9c0:c006::/48 maxlen: 64
                          2a01:c9c0:c004::/48 maxlen: 64
                          2a01:c9c0:c00a::/48 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c5:fe:d9:2a:43:23:d4:10:cc:26:d0:31:d7:4a:94:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Oct 11 07:42:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=da545fe9262a9a1689e33ba5d054731818573619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0f:44:8e:2c:22:38:ab:d3:af:85:20:56:5a:
                    e7:95:53:c4:f5:54:1e:43:2d:18:5e:95:50:cf:ed:
                    f6:eb:4d:9f:22:85:22:96:97:15:1f:56:ef:38:a3:
                    10:0b:37:21:38:d7:8d:cc:1d:67:4f:fe:1d:6c:40:
                    8a:e5:ad:3c:cd:2e:e0:0c:ec:a6:b6:b2:19:26:86:
                    e5:b0:5d:c2:c1:b2:04:ae:98:fb:e0:b6:ae:4d:32:
                    55:72:01:88:2f:19:39:be:d5:81:24:09:f4:06:49:
                    bc:05:d7:d6:3b:bc:fb:da:50:94:12:30:5e:a8:9b:
                    f3:38:fd:77:66:e3:2b:a2:e8:0f:09:2f:ac:74:c7:
                    fa:31:d8:fc:d2:f6:f6:6c:db:2d:b2:2f:39:9a:d7:
                    1e:87:fc:82:d1:9c:bc:1e:c7:cb:c3:c9:63:eb:5e:
                    85:a5:48:8f:1f:16:da:17:8c:97:9e:81:cf:3a:ea:
                    8d:85:71:81:34:00:ba:61:33:56:6d:b7:0d:d9:b0:
                    8a:53:19:5e:f8:f2:63:b9:ff:d0:96:46:b4:8f:a5:
                    70:83:62:8b:c3:8f:2c:af:bb:23:28:d2:ec:fd:52:
                    87:d6:8a:61:ee:e2:cf:43:f8:73:39:59:98:4a:1d:
                    1a:d7:7b:4c:4b:2c:46:a4:d5:70:99:4d:1a:00:88:
                    fe:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:54:5F:E9:26:2A:9A:16:89:E3:3B:A5:D0:54:73:18:18:57:36:19
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/2lRf6SYqmhaJ4zul0FRzGBhXNhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.15.250.0-80.15.255.255
                  90.84.148.0/24
                  90.84.153.0/24
                IPv6:
                  2a01:c9c0:c000::/48
                  2a01:c9c0:c002::/48
                  2a01:c9c0:c004::/48
                  2a01:c9c0:c006::/48
                  2a01:c9c0:c008::/48
                  2a01:c9c0:c00a::/48
                  2a01:c9c0:c00c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:48:14:3f:2d:98:61:cf:07:ea:a3:b2:be:a9:3a:12:ad:31:
         b1:4a:c8:96:35:59:bc:ab:28:61:8c:d4:b7:f2:88:70:4f:4b:
         53:25:44:e9:e8:6d:c6:83:ea:5f:23:fa:89:f1:8b:91:53:c4:
         61:2e:21:ff:97:5f:93:c6:f7:4a:b3:c6:6c:56:a6:43:e2:dc:
         ff:44:cf:24:fb:56:05:a3:63:e9:a8:0a:b6:c4:91:3e:37:fc:
         af:85:e7:6b:0c:38:5c:fe:96:36:9d:95:37:91:2e:ab:f3:95:
         0a:da:4b:44:73:92:e9:74:66:0a:45:00:eb:8d:22:de:2a:65:
         b7:15:a3:d7:a0:68:fd:c0:be:8b:d6:8b:69:ec:ed:9b:a9:12:
         46:a3:73:64:83:0b:ce:31:6b:5d:08:3c:a6:2b:d7:0e:8b:5f:
         e3:01:db:23:d9:0e:28:4f:0a:d4:a7:bf:6e:57:66:b6:51:87:
         5f:ac:e8:d1:e0:db:02:3d:4a:b4:d0:de:42:d8:de:1a:eb:94:
         e4:af:c1:b7:02:cf:6f:46:94:e8:6f:22:2f:ce:5e:83:a9:34:
         52:1e:3f:b5:83:98:01:31:ce:f2:e3:e9:f6:9b:a0:ac:0f:6e:
         e9:ef:a7:1c:a7:cf:1b:45:f4:9d:28:87:ef:bf:0c:95:fa:2c:
         4c:43:4e:04
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYPF/tkqQyPUEMwm0DHXSpSwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjIxMDExMDc0MjM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTU0NWZlOTI2MmE5YTE2ODllMzNiYTVkMDU0NzMxODE4NTczNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgA9EjiwiOKvTr4UgVlrnlVPE9VQe
Qy0YXpVQz+32602fIoUilpcVH1bvOKMQCzchONeNzB1nT/4dbECK5a08zS7gDOym
trIZJoblsF3CwbIErpj74LauTTJVcgGILxk5vtWBJAn0Bkm8BdfWO7z72lCUEjBe
qJvzOP13ZuMrougPCS+sdMf6Mdj80vb2bNstsi85mtceh/yC0Zy8HsfLw8lj616F
pUiPHxbaF4yXnoHPOuqNhXGBNAC6YTNWbbcN2bCKUxle+PJjuf/Qlka0j6Vwg2KL
w48sr7sjKNLs/VKH1oph7uLPQ/hzOVmYSh0a13tMSyxGpNVwmU0aAIj+WQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFNpUX+kmKpoWieM7pdBUcxgYVzYZMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvMmxSZjZTWXFtaGFKNHp1bDBGUnpHQmhYTmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDAfBAIAATAZMAsDBAFQD/oD
AwRQAAMEAFpUlAMEAFpUmTBFBAIAAjA/AwcAKgHJwMAAAwcAKgHJwMACAwcAKgHJ
wMAEAwcAKgHJwMAGAwcAKgHJwMAIAwcAKgHJwMAKAwcAKgHJwMAMMA0GCSqGSIb3
DQEBCwUAA4IBAQBqSBQ/LZhhzwfqo7K+qToSrTGxSsiWNVm8qyhhjNS38ohwT0tT
JUTp6G3Gg+pfI/qJ8YuRU8RhLiH/l1+TxvdKs8ZsVqZD4tz/RM8k+1YFo2PpqAq2
xJE+N/yvhedrDDhc/pY2nZU3kS6r85UK2ktEc5LpdGYKRQDrjSLeKmW3FaPXoGj9
wL6L1otp7O2bqRJGo3NkgwvOMWtdCDymK9cOi1/jAdsj2Q4oTwrUp79uV2a2UYdf
rOjR4NsCPUq00N5C2N4a65Tkr8G3As9vRpTobyIvzl6DqTRSHj+1g5gBMc7y4+n2
m6CsD27p76ccp88bRfSdKIfvvwyV+ixMQ04E
-----END CERTIFICATE-----