Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/fNjbXZBuBIw_TqK0xv-mCHwOZCw.roa
File:                     fNjbXZBuBIw_TqK0xv-mCHwOZCw.roa (raw, json)
Hash identifier:          M647O/hHtbv2aakko9HCbDqOLDB+D4kWAPIUUgq4sDY=
Subject key identifier:   7C:D8:DB:5D:90:6E:04:8C:3F:4E:A2:B4:C6:FF:A6:08:7C:0E:64:2C
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01854E2F4FFCE67172A80FFF2C642AAE6C28
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/fNjbXZBuBIw_TqK0xv-mCHwOZCw.roa
Signing time:             Mon 26 Dec 2022 11:26:41 +0000
ROA not before:           Mon 26 Dec 2022 11:26:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.21.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          46.16.12.0/24 maxlen: 24
                          46.16.15.0/24 maxlen: 24
                          46.16.14.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24
                          85.92.111.0/24 maxlen: 24
                          45.8.99.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:4e:2f:4f:fc:e6:71:72:a8:0f:ff:2c:64:2a:ae:6c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Dec 26 11:26:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7cd8db5d906e048c3f4ea2b4c6ffa6087c0e642c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dd:1f:9f:92:1c:66:87:d3:03:b3:27:32:9a:
                    16:31:f7:3e:74:ec:94:5b:0f:03:ab:b4:d3:3b:37:
                    a2:ea:7b:d7:79:99:3f:64:da:7c:2b:6a:db:a1:15:
                    ba:a0:64:30:91:1e:c3:e0:18:d6:69:11:67:09:a9:
                    e4:2d:9d:9a:ed:c4:9a:2f:55:c0:f7:7e:c8:18:c8:
                    4a:d4:63:d1:db:72:56:ae:e9:f5:62:9e:8e:c8:1c:
                    fc:53:89:48:0c:d3:62:ec:1e:be:0b:83:df:1c:86:
                    2b:d2:64:f6:6e:1c:9f:88:bb:10:d8:d7:0e:c3:6e:
                    93:56:72:7e:4c:a5:0c:be:ad:bf:ff:6f:9c:83:c2:
                    ca:92:0a:85:11:41:13:42:9b:f4:32:1a:7e:06:50:
                    48:ac:0b:39:44:1c:70:8e:ce:2e:84:11:4b:18:5b:
                    01:33:fb:d0:e3:cb:40:04:e8:8a:fb:6d:e3:37:d0:
                    e9:ee:2e:db:0f:62:6b:04:1a:9c:cd:8d:3a:33:bc:
                    ee:f9:56:e6:da:95:e8:41:98:04:6e:dd:b0:fd:59:
                    4a:4d:76:f8:7c:ea:b8:2b:ed:f5:03:96:4d:83:e7:
                    c6:81:70:18:9a:aa:76:ce:4a:f0:34:05:16:77:d6:
                    40:12:e3:49:a8:38:36:f9:92:5b:b7:9c:8e:8c:64:
                    a2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D8:DB:5D:90:6E:04:8C:3F:4E:A2:B4:C6:FF:A6:08:7C:0E:64:2C
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/fNjbXZBuBIw_TqK0xv-mCHwOZCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.21.255
                  31.129.23.0-31.129.29.255
                  31.129.31.0/24
                  45.8.99.0/24
                  46.16.12.0/24
                  46.16.14.0/23
                  85.92.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e7:db:66:9d:04:eb:e1:24:d0:77:0d:52:82:c4:93:4a:72:
         9e:3e:0a:e8:45:5d:a6:d5:89:05:56:f0:7a:e9:e1:cc:6d:01:
         c3:af:09:3a:f7:13:f9:4d:d3:77:c3:eb:4e:35:3b:e2:e4:0b:
         9d:12:81:e3:65:54:23:88:09:ef:00:bc:21:24:c8:59:49:26:
         45:0c:24:cf:54:8f:d4:d6:18:a2:d8:45:4d:31:17:94:8b:64:
         bc:f3:4c:8d:22:dc:61:4c:bf:1f:aa:0b:bf:f3:82:fa:a4:8d:
         af:71:35:88:e1:89:41:8c:75:8d:5c:b4:bb:ef:05:af:39:6f:
         24:8a:74:b6:64:70:86:fe:89:68:85:99:38:50:7b:5d:47:90:
         1d:0a:37:59:9f:ca:37:f1:bb:32:86:e0:ca:e8:cf:65:f5:f8:
         5b:15:e2:f1:5a:e3:51:8b:38:a2:12:5e:95:b7:9a:4e:69:73:
         14:f2:e4:52:8a:92:6c:99:e0:3b:6f:7e:13:9b:b3:b5:32:d7:
         09:89:25:44:41:8d:24:04:6f:fb:ab:4e:8b:a7:b7:e2:50:8b:
         77:36:1c:bd:2d:8a:98:cf:63:c7:6f:e2:b9:f2:71:f5:13:93:
         7d:bb:b2:93:28:aa:a5:b7:98:c1:96:d8:db:52:c6:d4:ba:6f:
         f0:87:a9:84
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVOL0/85nFyqA//LGQqrmwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMjI2MTEyNjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q4ZGI1ZDkwNmUwNDhjM2Y0ZWEyYjRjNmZmYTYwODdjMGU2NDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd0fn5IcZofTA7MnMpoWMfc+dOyU
Ww8Dq7TTOzei6nvXeZk/ZNp8K2rboRW6oGQwkR7D4BjWaRFnCankLZ2a7cSaL1XA
937IGMhK1GPR23JWrun1Yp6OyBz8U4lIDNNi7B6+C4PfHIYr0mT2bhyfiLsQ2NcO
w26TVnJ+TKUMvq2//2+cg8LKkgqFEUETQpv0Mhp+BlBIrAs5RBxwjs4uhBFLGFsB
M/vQ48tABOiK+23jN9Dp7i7bD2JrBBqczY06M7zu+Vbm2pXoQZgEbt2w/VlKTXb4
fOq4K+31A5ZNg+fGgXAYmqp2zkrwNAUWd9ZAEuNJqDg2+ZJbt5yOjGSi9QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFHzY212QbgSMP06itMb/pgh8DmQsMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvZk5qYlhaQnVCSXdfVHFLMHh2LW1DSHdPWkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAATA5MAsDAwAfgQME
AR+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQALQhjAwQALhAMAwQBLhAOAwQAVVxv
MA0GCSqGSIb3DQEBCwUAA4IBAQBW59tmnQTr4STQdw1SgsSTSnKePgroRV2m1YkF
VvB66eHMbQHDrwk69xP5TdN3w+tONTvi5AudEoHjZVQjiAnvALwhJMhZSSZFDCTP
VI/U1hii2EVNMReUi2S880yNItxhTL8fqgu/84L6pI2vcTWI4YlBjHWNXLS77wWv
OW8kinS2ZHCG/olohZk4UHtdR5AdCjdZn8o38bsyhuDK6M9l9fhbFeLxWuNRizii
El6Vt5pOaXMU8uRSipJsmeA7b34Tm7O1MtcJiSVEQY0kBG/7q06Lp7fiUIt3Nhy9
LYqYz2PHb+K58nH1E5N9u7KTKKqlt5jBltjbUsbUum/wh6mE
-----END CERTIFICATE-----