Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/JXfcm-oGmHjdr0K3KsEZy1TNcmE.roa
File:                     JXfcm-oGmHjdr0K3KsEZy1TNcmE.roa (raw, json)
Hash identifier:          J0GK8waEJxNGyLgS0rSsSwiXiBbDc4Q16g6tJq8Fu5c=
Subject key identifier:   25:77:DC:9B:EA:06:98:78:DD:AF:42:B7:2A:C1:19:CB:54:CD:72:61
Certificate issuer:       /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial:       0A32A2B2
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/JXfcm-oGmHjdr0K3KsEZy1TNcmE.roa
Signing time:             Sat 01 Jan 2022 13:04:47 +0000
ROA not before:           Sat 01 Jan 2022 13:04:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3188
IP address blocks:        185.8.130.0/24 maxlen: 24
                          185.8.131.0/24 maxlen: 24
                          185.8.128.0/24 maxlen: 24
                          185.8.129.0/24 maxlen: 24
                          5.2.81.0/24 maxlen: 24
                          5.2.82.0/24 maxlen: 24
                          5.2.83.0/24 maxlen: 24
                          5.2.84.0/24 maxlen: 24
                          5.2.85.0/24 maxlen: 24
                          5.2.80.0/24 maxlen: 24
                          5.2.86.0/24 maxlen: 24
                          5.2.87.0/24 maxlen: 24
                          185.8.33.0/24 maxlen: 24
                          185.8.34.0/24 maxlen: 24
                          185.8.35.0/24 maxlen: 24
                          185.8.32.0/24 maxlen: 24
                          185.150.128.0/24 maxlen: 24
                          185.150.129.0/24 maxlen: 24
                          185.150.130.0/24 maxlen: 24
                          185.150.131.0/24 maxlen: 24
                          2a04:b600::/29 maxlen: 29
                          2a02:d9c0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 171090610 (0xa32a2b2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
        Validity
            Not Before: Jan  1 13:04:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2577dc9bea069878ddaf42b72ac119cb54cd7261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ad:76:67:76:4d:5d:b2:b8:fb:77:39:59:1c:
                    ba:de:6a:65:08:e8:bd:2b:f4:44:5c:f2:81:a2:2e:
                    7a:ac:98:68:c4:d5:9b:45:06:45:bc:1f:be:eb:a8:
                    c5:3e:c2:c0:67:1b:ed:8b:95:55:92:e9:c2:d4:f9:
                    06:64:a8:54:a3:f9:03:23:3d:0e:29:87:d8:6c:ed:
                    df:36:60:2a:cf:ac:d8:03:df:3f:d8:e7:e8:4b:a1:
                    6a:b9:ec:da:a6:86:f3:fd:20:5b:6a:b6:1c:ae:06:
                    23:c0:3d:46:c1:04:b8:0f:43:6f:83:c7:74:58:3b:
                    45:ce:ba:e3:f5:e4:3c:38:17:89:2c:ab:f3:c6:ac:
                    e1:3f:05:2f:8c:26:ef:1d:2f:0e:b2:fa:69:e5:52:
                    84:12:53:a8:eb:82:03:0d:14:17:1c:8c:80:f6:25:
                    f1:38:a2:30:aa:a8:bf:83:23:fb:0f:14:61:ee:02:
                    b4:7f:8f:52:ed:7d:a1:a3:2a:6d:ff:2c:d3:5e:68:
                    a3:02:4f:8b:93:c3:f0:0e:22:ca:67:0e:cf:ec:75:
                    ff:4d:22:de:7d:ef:74:2c:f3:4b:81:8c:3f:41:f5:
                    00:ed:d9:69:ec:59:2f:60:8f:6e:a9:45:b6:67:e8:
                    5b:25:77:6a:f9:32:36:54:26:cd:6f:37:a0:f7:a9:
                    79:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:77:DC:9B:EA:06:98:78:DD:AF:42:B7:2A:C1:19:CB:54:CD:72:61
            X509v3 Authority Key Identifier:
                keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/JXfcm-oGmHjdr0K3KsEZy1TNcmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.2.80.0/21
                  185.8.32.0/22
                  185.8.128.0/22
                  185.150.128.0/22
                IPv6:
                  2a02:d9c0::/29
                  2a04:b600::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:41:7f:a9:3a:1d:f8:66:a6:06:6e:16:3e:f2:37:7e:e5:51:
         e6:4e:84:fc:30:4b:57:fa:49:59:f6:1c:dc:3f:3b:61:17:13:
         7e:34:8e:fe:51:a0:2e:14:3e:c7:3b:bc:33:19:9d:de:53:88:
         25:5b:c9:b5:0c:06:d0:26:f9:c6:c5:e0:ed:0e:c0:ee:bd:8d:
         b8:d4:d0:4c:ca:04:f2:6a:d4:cd:fd:ca:cd:f1:c5:07:05:4f:
         25:61:93:53:f2:d1:e6:d2:13:98:46:fc:51:db:d1:c1:d1:c7:
         ee:a3:57:61:b8:18:a0:df:a6:09:3c:8f:98:aa:c4:8f:7a:73:
         fa:49:92:0f:97:ba:ae:6d:0a:e0:46:c0:04:b9:9a:f1:0f:04:
         15:31:17:67:3a:58:5d:50:92:8e:41:4b:0d:47:e1:35:21:05:
         45:0b:c3:71:7a:01:62:d0:7e:4e:be:50:9b:53:2a:05:32:fe:
         b7:50:65:8c:7a:7d:5f:c5:c3:b4:95:e9:df:27:7e:f8:36:7d:
         c8:5d:f2:ed:a4:13:88:2a:6d:ae:7b:88:70:7c:41:6c:b4:63:
         f5:84:c8:84:88:63:9a:c5:dd:fd:fa:a0:69:fe:a4:d4:11:c4:
         a4:11:9d:4c:81:4a:dd:6e:df:e4:ce:bb:d1:48:45:02:c9:18:
         7d:5f:ab:56
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIECjKisjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
Y2JmZDNlNzJkNGEwMzk2Zjk1MzQ3MzM2YjQyNjc4ZjY4YzI2NDMwMB4XDTIyMDEw
MTEzMDQ0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjU3N2RjOWJlYTA2
OTg3OGRkYWY0MmI3MmFjMTE5Y2I1NGNkNzI2MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANStdmd2TV2yuPt3OVkcut5qZQjovSv0RFzygaIueqyYaMTV
m0UGRbwfvuuoxT7CwGcb7YuVVZLpwtT5BmSoVKP5AyM9DimH2Gzt3zZgKs+s2APf
P9jn6Euharns2qaG8/0gW2q2HK4GI8A9RsEEuA9Db4PHdFg7Rc664/XkPDgXiSyr
88as4T8FL4wm7x0vDrL6aeVShBJTqOuCAw0UFxyMgPYl8TiiMKqov4Mj+w8UYe4C
tH+PUu19oaMqbf8s015oowJPi5PD8A4iymcOz+x1/00i3n3vdCzzS4GMP0H1AO3Z
aexZL2CPbqlFtmfoWyV3avkyNlQmzW83oPepeQkCAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBQld9yb6gaYeN2vQrcqwRnLVM1yYTAfBgNVHSMEGDAWgBRMv9PnLUoDlvlT
RzNrQmePaMJkMDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RMX1Q1eTFLQTViNVUwY3phMEpuajJqQ1pEQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDIvYjU3MzNiLTM4OTEtNDQ5Yi05OTUwLWZmNjBlMjE4ZWQ0MS8x
L0pYZmNtLW9HbUhqZHIwSzNLc0VaeTFUTmNtRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDIv
YjU3MzNiLTM4OTEtNDQ5Yi05OTUwLWZmNjBlMjE4ZWQ0MS8xL1RMX1Q1eTFLQTVi
NVUwY3phMEpuajJqQ1pEQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwHgQCAAEwGAMEAwUCUAMEArkIIAMEArkIgAMEArmW
gDAUBAIAAjAOAwUDKgLZwAMFAyoEtgAwDQYJKoZIhvcNAQELBQADggEBABFBf6k6
HfhmpgZuFj7yN37lUeZOhPwwS1f6SVn2HNw/O2EXE340jv5RoC4UPsc7vDMZnd5T
iCVbybUMBtAm+cbF4O0OwO69jbjU0EzKBPJq1M39ys3xxQcFTyVhk1Py0ebSE5hG
/FHb0cHRx+6jV2G4GKDfpgk8j5iqxI96c/pJkg+Xuq5tCuBGwAS5mvEPBBUxF2c6
WF1Qko5BSw1H4TUhBUULw3F6AWLQfk6+UJtTKgUy/rdQZYx6fV/Fw7SV6d8nfvg2
fchd8u2kE4gqba57iHB8QWy0Y/WEyISIY5rF3f36oGn+pNQRxKQRnUyBSt1u3+TO
u9FIRQLJGH1fq1Y=
-----END CERTIFICATE-----