Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/8b2tmRTIh7wdpzkx_EtvYmFcSFQ.roa
File:                     8b2tmRTIh7wdpzkx_EtvYmFcSFQ.roa (raw, json)
Hash identifier:          Sc+xKkm8VQ6b623DSYzjt+rlfiO1fDnK9WB1A+H7tTo=
Subject key identifier:   F1:BD:AD:99:14:C8:87:BC:1D:A7:39:31:FC:4B:6F:62:61:5C:48:54
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       0182DBC61A634E9D72D30203F7F58B1B3FF2
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/8b2tmRTIh7wdpzkx_EtvYmFcSFQ.roa
Signing time:             Fri 26 Aug 2022 20:09:29 +0000
ROA not before:           Fri 26 Aug 2022 20:09:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57758
IP address blocks:        185.167.204.0/24 maxlen: 24
                          185.167.207.0/24 maxlen: 24
                          2a0b:b600:3804::/48 maxlen: 48
                          2a0b:b600:3802::/48 maxlen: 48
                          2a0b:b602::/32 maxlen: 48
                          2a0b:b600:3803::/48 maxlen: 48
                          2a0b:b600:400::/38 maxlen: 48
                          2a0b:b600:3400::/38 maxlen: 48
                          2a0b:b600:2000::/38 maxlen: 48
                          2a0b:b600::/36 maxlen: 36
                          2a0b:b600:3800::/38 maxlen: 38
                          2a0b:b600:800::/38 maxlen: 38
                          2a0b:b600:1400::/38 maxlen: 38
                          2a0b:b600:1800::/38 maxlen: 38
                          2a0b:b600:3400::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:db:c6:1a:63:4e:9d:72:d3:02:03:f7:f5:8b:1b:3f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Aug 26 20:09:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f1bdad9914c887bc1da73931fc4b6f62615c4854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d4:69:3d:24:0f:32:cd:6f:5c:5d:3e:fc:8d:
                    03:7e:a1:2c:71:88:cc:c4:7d:59:af:92:6c:f2:04:
                    74:4e:8a:2c:74:b9:52:0b:8b:d6:3e:3f:4b:ea:de:
                    ff:d5:af:08:06:72:5b:ea:2f:79:af:53:8c:8d:b7:
                    ca:c6:04:00:ab:e5:b1:79:bb:91:ef:5a:7a:81:93:
                    6f:cb:d1:50:b9:f9:77:13:97:d7:59:4d:78:b2:45:
                    d9:9b:9b:7a:b5:ab:47:27:03:83:c1:4e:ba:43:cc:
                    34:75:90:07:0c:3e:a7:f8:ce:b6:db:df:1c:76:9f:
                    4b:54:e5:39:b9:7f:e0:0d:7c:25:76:21:c0:e0:a7:
                    13:04:73:66:99:a1:7f:0f:4b:92:c5:7b:50:05:9a:
                    68:09:87:87:7d:c2:e2:f4:f9:dd:1d:3f:30:e6:9e:
                    3b:1d:45:98:44:e9:18:af:59:00:1c:0d:08:c6:18:
                    3c:c6:c8:cf:dd:dc:a0:b3:8b:b2:d3:7c:1e:b6:72:
                    4c:2e:c2:81:ae:4b:29:3d:c6:f6:ee:1d:c5:0a:14:
                    f7:2b:f4:86:09:97:c6:4a:9a:a7:1e:87:3b:d1:7b:
                    4a:55:71:91:3a:cf:8c:e2:2d:cf:73:8a:14:b4:a5:
                    fb:9a:98:ec:ff:1e:69:13:d0:3e:f8:e9:4e:24:2c:
                    c6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:BD:AD:99:14:C8:87:BC:1D:A7:39:31:FC:4B:6F:62:61:5C:48:54
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/8b2tmRTIh7wdpzkx_EtvYmFcSFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.204.0/24
                  185.167.207.0/24
                IPv6:
                  2a0b:b600::/36
                  2a0b:b600:1400::-2a0b:b600:1bff:ffff:ffff:ffff:ffff:ffff
                  2a0b:b600:2000::/38
                  2a0b:b600:3400::-2a0b:b600:3bff:ffff:ffff:ffff:ffff:ffff
                  2a0b:b602::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:71:33:a3:47:0e:5f:84:ab:8b:e8:c4:a5:2f:1a:db:c9:74:
         47:fb:25:c6:7b:dd:3e:a9:76:31:b4:4b:4e:b3:a0:49:ae:1a:
         84:b3:36:fb:b5:88:b0:9b:8b:3b:8e:c3:89:fe:9c:11:db:7b:
         2a:ea:d6:6e:7c:f5:8a:e7:e0:95:35:b7:ee:4d:01:eb:1f:21:
         f8:15:5c:ae:8e:88:a7:c8:0c:e4:81:92:b8:b9:06:c0:e1:76:
         be:be:a0:dd:e6:6e:02:b2:0b:9b:29:03:91:46:35:34:eb:df:
         42:43:a8:09:be:22:be:3a:88:38:c7:b2:ec:fe:33:24:92:db:
         96:f7:2a:e7:fb:41:64:34:d2:c6:92:fd:d0:7b:ea:27:27:e2:
         a8:d4:a1:f5:6c:3d:00:2c:87:9e:6c:0e:be:27:3c:a8:2e:80:
         95:5e:6c:5f:2c:a2:a7:07:5f:ba:5f:23:28:55:74:4c:6a:77:
         6f:79:04:6f:95:e4:81:c2:29:15:66:10:6b:d0:ab:84:92:26:
         41:4d:9f:ee:55:a3:ef:bb:65:59:e6:55:96:66:a5:26:1c:d3:
         8e:6b:df:de:e1:41:e6:9c:d6:85:9c:99:6b:57:fb:62:3c:ff:
         13:a4:52:4a:8f:bd:76:4f:a3:e2:f7:24:93:23:86:ce:1a:3f:
         37:0e:32:c1
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYLbxhpjTp1y0wID9/WLGz/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjIwODI2MjAwOTI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWJkYWQ5OTE0Yzg4N2JjMWRhNzM5MzFmYzRiNmY2MjYxNWM0ODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNRpPSQPMs1vXF0+/I0DfqEscYjM
xH1Zr5Js8gR0ToosdLlSC4vWPj9L6t7/1a8IBnJb6i95r1OMjbfKxgQAq+WxebuR
71p6gZNvy9FQufl3E5fXWU14skXZm5t6tatHJwODwU66Q8w0dZAHDD6n+M62298c
dp9LVOU5uX/gDXwldiHA4KcTBHNmmaF/D0uSxXtQBZpoCYeHfcLi9PndHT8w5p47
HUWYROkYr1kAHA0Ixhg8xsjP3dygs4uy03wetnJMLsKBrkspPcb27h3FChT3K/SG
CZfGSpqnHoc70XtKVXGROs+M4i3Pc4oUtKX7mpjs/x5pE9A++OlOJCzG+wIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFPG9rZkUyIe8Hac5MfxLb2JhXEhUMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvOGIydG1SVEloN3dkcHpreF9FdHZZbUZjU0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzASBAIAATAMAwQAuafMAwQA
uafPMEEEAgACMDsDBgQqC7YAADAQAwYCKgu2ABQDBgIqC7YAGAMGAioLtgAgMBAD
BgIqC7YANAMGAioLtgA4AwUAKgu2AjANBgkqhkiG9w0BAQsFAAOCAQEANXEzo0cO
X4Sri+jEpS8a28l0R/slxnvdPql2MbRLTrOgSa4ahLM2+7WIsJuLO47Dif6cEdt7
KurWbnz1iufglTW37k0B6x8h+BVcro6Ip8gM5IGSuLkGwOF2vr6g3eZuArILmykD
kUY1NOvfQkOoCb4ivjqIOMey7P4zJJLblvcq5/tBZDTSxpL90HvqJyfiqNSh9Ww9
ACyHnmwOvic8qC6AlV5sXyyipwdful8jKFV0TGp3b3kEb5XkgcIpFWYQa9CrhJIm
QU2f7lWj77tlWeZVlmalJhzTjmvf3uFB5pzWhZyZa1f7Yjz/E6RSSo+9dk+j4vck
kyOGzho/Nw4ywQ==
-----END CERTIFICATE-----