Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/DmENKadg7dvVIqGOUua6YlsKeRY.roa
File:                     DmENKadg7dvVIqGOUua6YlsKeRY.roa (raw, json)
Hash identifier:          FLCrzb80U7LiGa3FgIHHHch4KUCeCkkrLWd3w9kxL6U=
Subject key identifier:   0E:61:0D:29:A7:60:ED:DB:D5:22:A1:8E:52:E6:BA:62:5B:0A:79:16
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       08DF21CE
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/DmENKadg7dvVIqGOUua6YlsKeRY.roa
Signing time:             Sat 01 Jan 2022 14:59:00 +0000
ROA not before:           Sat 01 Jan 2022 14:59:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210025
IP address blocks:        88.218.206.0/24 maxlen: 24
                          88.218.204.0/24 maxlen: 24
                          88.218.205.0/24 maxlen: 24
                          88.218.207.0/24 maxlen: 24
                          2a09:b280:ffba::/48 maxlen: 48
                          2a09:b280:ffb0::/48 maxlen: 48
                          2a09:b280:ccc0::/48 maxlen: 48
                          2a09:b280::/48 maxlen: 48
                          2a09:b280:ffbb::/48 maxlen: 48
                          2a09:b280:ffbe::/48 maxlen: 48
                          2a09:b280:ffb9::/48 maxlen: 48
                          2a09:b280:ffbf::/48 maxlen: 48
                          2a09:b280:ffb2::/48 maxlen: 48
                          2a09:b280:ffbd::/48 maxlen: 48
                          2a09:b280:ffb1::/48 maxlen: 48
                          2a09:b280:ccc1::/48 maxlen: 48
                          2a09:b280:ffbc::/48 maxlen: 48
                          2a09:b280:cccc::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 148840910 (0x8df21ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  1 14:59:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0e610d29a760eddbd522a18e52e6ba625b0a7916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f2:0b:91:28:d7:ab:17:e2:aa:67:d8:22:37:
                    eb:94:25:2a:f6:5b:89:a5:19:9f:b9:e1:9b:0d:4f:
                    65:50:17:4b:ee:35:9f:82:92:db:57:fc:c4:80:d5:
                    ad:4d:bc:21:1b:26:d3:80:f2:a5:4b:78:3a:f2:ce:
                    68:45:97:06:53:16:dc:60:7f:d1:4c:5f:63:3d:b6:
                    d3:b9:88:46:3a:1a:a9:b8:2f:27:81:52:76:4c:87:
                    11:65:84:01:69:f3:ea:ae:7e:87:23:bf:31:44:09:
                    16:87:b2:81:8a:c0:87:ee:cf:c6:c4:22:fb:ae:14:
                    28:32:5d:7e:05:e1:51:9e:e6:27:06:0d:11:30:cc:
                    b9:b9:59:2f:b4:18:6e:5c:8e:f9:f9:6e:b9:8c:7c:
                    98:5b:8e:1e:7b:5e:88:b2:8a:79:07:27:66:e1:b5:
                    42:d3:bd:f2:a2:95:57:28:5f:84:50:85:26:53:45:
                    7d:87:d4:39:56:d9:85:76:5e:54:2a:61:34:d1:52:
                    70:52:e9:bc:30:c7:6b:91:7e:64:be:e3:21:e5:c9:
                    f5:34:a8:cf:ac:14:59:f0:93:de:23:29:0c:3a:4f:
                    bd:71:f6:9e:c9:f7:fb:8d:69:b4:83:78:3e:c4:74:
                    ab:89:16:8e:9e:02:05:ce:41:29:aa:9f:3d:fe:6c:
                    33:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:61:0D:29:A7:60:ED:DB:D5:22:A1:8E:52:E6:BA:62:5B:0A:79:16
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/DmENKadg7dvVIqGOUua6YlsKeRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.204.0/22
                IPv6:
                  2a09:b280::/48
                  2a09:b280:ccc0::/47
                  2a09:b280:cccc::/48
                  2a09:b280:ffb0::-2a09:b280:ffb2:ffff:ffff:ffff:ffff:ffff
                  2a09:b280:ffb9::-2a09:b280:ffbf:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2f:b8:8f:0b:b1:a0:a3:d2:82:4c:8d:dc:90:b1:25:38:0f:f3:
         4e:ac:e8:50:22:86:85:1f:53:40:c5:61:06:e3:ea:eb:07:2e:
         14:d5:af:b2:b6:43:3a:36:1c:0e:a8:c8:ad:46:f4:ef:1f:70:
         99:c2:f7:ed:79:0c:99:be:52:f9:2d:c9:84:d5:0d:e4:79:b2:
         d0:9f:e8:f9:9a:b3:b2:2c:29:83:cd:8d:24:3f:43:30:41:37:
         3b:a5:dc:a7:68:d5:cb:81:e6:ac:33:e3:8a:e5:f7:88:c8:3f:
         c8:ef:25:20:3d:bc:4d:a2:87:de:e3:ed:dc:5c:ae:b8:9f:b8:
         c0:d4:85:67:00:81:b6:77:1a:63:0e:e7:5d:8e:3b:ec:21:54:
         e9:4b:d3:8a:79:c7:f5:51:42:a5:1c:7e:c4:72:67:0f:c6:4c:
         b4:5d:4b:81:f3:80:3f:aa:f6:6d:1e:b3:07:00:74:42:29:3e:
         78:25:59:ce:65:be:f1:74:7d:39:83:50:ae:4d:8e:a6:a9:2d:
         ac:0d:90:37:7b:24:64:65:4d:b2:bc:f2:34:39:5c:ee:83:76:
         ff:0a:f6:54:7d:a0:9d:0f:ec:6a:fe:48:6c:67:0e:7c:31:53:
         fa:25:80:c3:91:01:01:66:90:ef:6b:56:56:66:1e:24:36:fa:
         e6:d2:fd:5e
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIECN8hzjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MjUwOGZiNzgxY2E2ZGJkODIyMWYyYzJmOTU0YTNhNzQ0NmIyYjQyMB4XDTIyMDEw
MTE0NTkwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGU2MTBkMjlhNzYw
ZWRkYmQ1MjJhMThlNTJlNmJhNjI1YjBhNzkxNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKjyC5Eo16sX4qpn2CI365QlKvZbiaUZn7nhmw1PZVAXS+41
n4KS21f8xIDVrU28IRsm04DypUt4OvLOaEWXBlMW3GB/0UxfYz2207mIRjoaqbgv
J4FSdkyHEWWEAWnz6q5+hyO/MUQJFoeygYrAh+7PxsQi+64UKDJdfgXhUZ7mJwYN
ETDMublZL7QYblyO+fluuYx8mFuOHnteiLKKeQcnZuG1QtO98qKVVyhfhFCFJlNF
fYfUOVbZhXZeVCphNNFScFLpvDDHa5F+ZL7jIeXJ9TSoz6wUWfCT3iMpDDpPvXH2
nsn3+41ptIN4PsR0q4kWjp4CBc5BKaqfPf5sMwcCAwEAAaOCAlQwggJQMB0GA1Ud
DgQWBBQOYQ0pp2Dt29UioY5S5rpiWwp5FjAfBgNVHSMEGDAWgBQyUI+3gcptvYIh
8sL5VKOnRGsrQjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01sQ1B0NEhLYmIyQ0lmTEMtVlNqcDBSckswSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjIvNmMyMDNkLTYyMjEtNDYwYS1hZjQ5LWMxMjIxODc2NTE1NC8x
L0RtRU5LYWRnN2R2VklxR09VdWE2WWxzS2VSWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIv
NmMyMDNkLTYyMjEtNDYwYS1hZjQ5LWMxMjIxODc2NTE1NC8xL01sQ1B0NEhLYmIy
Q0lmTEMtVlNqcDBSckswSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBq
BggrBgEFBQcBBwEB/wRbMFkwDAQCAAEwBgMEAljazDBJBAIAAjBDAwcAKgmygAAA
AwcBKgmygMzAAwcAKgmygMzMMBIDBwQqCbKA/7ADBwAqCbKA/7IwEgMHACoJsoD/
uQMHBioJsoD/gDANBgkqhkiG9w0BAQsFAAOCAQEAL7iPC7Ggo9KCTI3ckLElOA/z
TqzoUCKGhR9TQMVhBuPq6wcuFNWvsrZDOjYcDqjIrUb07x9wmcL37XkMmb5S+S3J
hNUN5Hmy0J/o+Zqzsiwpg82NJD9DMEE3O6Xcp2jVy4HmrDPjiuX3iMg/yO8lID28
TaKH3uPt3FyuuJ+4wNSFZwCBtncaYw7nXY477CFU6UvTinnH9VFCpRx+xHJnD8ZM
tF1LgfOAP6r2bR6zBwB0Qik+eCVZzmW+8XR9OYNQrk2OpqktrA2QN3skZGVNsrzy
NDlc7oN2/wr2VH2gnQ/sav5IbGcOfDFT+iWAw5EBAWaQ72tWVmYeJDb65tL9Xg==
-----END CERTIFICATE-----