Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0PghhMrf_srsvcmXAiX4nHf2dZ0.roa
File:                     0PghhMrf_srsvcmXAiX4nHf2dZ0.roa (raw, json)
Hash identifier:          J4m8pPXcNLT87o5sPm3amkkqEtLv1MKqasmTpPIoJGo=
Subject key identifier:   D0:F8:21:84:CA:DF:FE:CA:EC:BD:C9:97:02:25:F8:9C:77:F6:75:9D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0183C77D89ED9F13FBC8C14663172A651B9A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0PghhMrf_srsvcmXAiX4nHf2dZ0.roa
Signing time:             Tue 11 Oct 2022 14:40:36 +0000
ROA not before:           Tue 11 Oct 2022 14:40:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15731
IP address blocks:        194.87.200.0/24 maxlen: 24
                          62.76.226.0/24 maxlen: 24
                          195.133.86.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          195.133.31.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          212.192.31.0/24 maxlen: 24
                          212.193.1.0/24 maxlen: 24
                          212.193.3.0/24 maxlen: 24
                          194.87.130.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          195.133.0.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          193.124.91.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c7:7d:89:ed:9f:13:fb:c8:c1:46:63:17:2a:65:1b:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 11 14:40:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d0f82184cadffecaecbdc9970225f89c77f6759d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:49:dd:af:b5:be:1e:d8:4d:1c:8a:de:44:d0:
                    21:a3:0a:e4:ae:48:87:be:2c:d8:ab:4e:1c:59:f6:
                    43:31:3f:f6:ee:7b:f4:6b:3a:ff:f4:15:78:7f:48:
                    1d:b0:e3:07:d9:97:92:15:a5:29:c8:14:1c:26:82:
                    d9:1a:96:92:bd:cf:30:cb:2e:63:ed:12:5f:26:60:
                    10:d1:d7:d1:5c:45:9e:4c:3b:c6:df:35:91:90:7f:
                    1a:96:f1:9a:61:4b:46:2a:49:d8:e2:fe:ef:4c:b3:
                    d8:d6:19:42:08:01:59:4e:2a:31:f6:28:2b:be:3a:
                    7b:19:e4:c6:95:ab:db:fc:2c:a9:ff:bb:11:2a:80:
                    96:3d:c3:39:d1:13:03:14:18:bb:57:68:c5:a5:db:
                    93:75:2f:a4:50:56:d7:25:6e:81:f1:52:7f:41:3f:
                    37:c2:8c:6c:67:95:1d:39:30:b9:85:e7:4b:a2:e8:
                    6d:d1:cd:6d:27:b8:44:96:81:35:bd:e0:b3:5e:d9:
                    f7:00:ea:5e:a7:8f:cf:4d:e3:c8:c7:95:88:15:fc:
                    d0:df:98:75:66:c6:08:00:40:e6:bb:dc:b8:b3:7a:
                    d5:d6:4d:75:da:96:fd:ed:08:65:e5:f5:37:ed:29:
                    c3:73:d3:6d:b9:ac:da:00:48:1e:69:60:c7:3e:53:
                    d1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F8:21:84:CA:DF:FE:CA:EC:BD:C9:97:02:25:F8:9C:77:F6:75:9D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0PghhMrf_srsvcmXAiX4nHf2dZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.226.0/24
                  193.124.91.0/24
                  194.87.73.0/24
                  194.87.130.0/23
                  194.87.168.0/24
                  194.87.200.0/24
                  195.58.35.0/24
                  195.133.0.0/24
                  195.133.31.0/24
                  195.133.86.0/24
                  212.192.9.0/24
                  212.192.31.0/24
                  212.193.1.0/24
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:a2:0b:ad:8b:3a:66:25:dd:f5:22:b0:93:65:2f:10:88:0d:
         43:f3:38:78:00:b9:b1:03:c8:34:a6:93:3f:07:32:9b:63:d2:
         7b:61:47:e7:4d:14:21:e7:24:db:e7:d5:d7:6a:5e:99:4f:89:
         33:60:37:ff:e3:8f:64:26:c8:72:72:be:48:67:d8:36:e1:43:
         12:55:dc:cb:a3:60:b2:4e:a4:de:92:dc:54:e2:9a:da:8b:75:
         ef:08:d6:78:1a:29:4c:c0:82:4a:f8:4d:8c:38:aa:63:19:97:
         23:63:df:0f:af:d6:fa:6c:cf:c2:73:ee:93:92:67:88:b2:3e:
         45:ec:f5:db:83:83:2c:ca:ea:2d:6d:97:f9:a2:3e:f9:2d:7b:
         8b:a3:c4:8f:fd:f6:44:db:c9:2b:04:da:0b:72:89:27:cd:48:
         65:23:a8:52:3a:3a:61:4f:69:52:93:93:1d:5e:d2:0b:59:6e:
         84:29:ca:1a:b9:fe:43:ad:71:fc:e3:27:45:72:b3:98:fe:b6:
         40:30:eb:34:01:46:63:e7:28:61:6d:16:9b:01:6c:94:d2:c0:
         28:95:82:76:c7:5e:2d:04:55:8f:d1:cc:ba:15:8b:57:94:36:
         45:4b:fe:5b:33:ed:51:27:4f:e8:8e:8b:04:30:6f:f8:6e:a4:
         8c:39:d2:d6
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYPHfYntnxP7yMFGYxcqZRuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDExMTQ0MDM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGY4MjE4NGNhZGZmZWNhZWNiZGM5OTcwMjI1Zjg5Yzc3ZjY3NTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEndr7W+HthNHIreRNAhowrkrkiH
vizYq04cWfZDMT/27nv0azr/9BV4f0gdsOMH2ZeSFaUpyBQcJoLZGpaSvc8wyy5j
7RJfJmAQ0dfRXEWeTDvG3zWRkH8alvGaYUtGKknY4v7vTLPY1hlCCAFZTiox9igr
vjp7GeTGlavb/Cyp/7sRKoCWPcM50RMDFBi7V2jFpduTdS+kUFbXJW6B8VJ/QT83
woxsZ5UdOTC5hedLouht0c1tJ7hEloE1veCzXtn3AOpep4/PTePIx5WIFfzQ35h1
ZsYIAEDmu9y4s3rV1k112pb97Qhl5fU37SnDc9NtuazaAEgeaWDHPlPRCwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFND4IYTK3/7K7L3JlwIl+Jx39nWdMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMFBnaGhNcmZfc3JzdmNtWEFpWDRuSGYyZFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAPkziAwQA
wXxbAwQAwldJAwQBwleCAwQAwleoAwQAwlfIAwQAwzojAwQAw4UAAwQAw4UfAwQA
w4VWAwQA1MAJAwQA1MAfAwQA1MEBAwQA1MEDMA0GCSqGSIb3DQEBCwUAA4IBAQBP
ogutizpmJd31IrCTZS8QiA1D8zh4ALmxA8g0ppM/BzKbY9J7YUfnTRQh5yTb59XX
al6ZT4kzYDf/449kJshycr5IZ9g24UMSVdzLo2CyTqTektxU4prai3XvCNZ4GilM
wIJK+E2MOKpjGZcjY98Pr9b6bM/Cc+6TkmeIsj5F7PXbg4MsyuotbZf5oj75LXuL
o8SP/fZE28krBNoLcoknzUhlI6hSOjphT2lSk5MdXtILWW6EKcoauf5DrXH84ydF
crOY/rZAMOs0AUZj5yhhbRabAWyU0sAolYJ2x14tBFWP0cy6FYtXlDZFS/5bM+1R
J0/ojosEMG/4bqSMOdLW
-----END CERTIFICATE-----