Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ahwz85v4JUg9YLPz8bHGSO-_2PI.roa
File:                     Ahwz85v4JUg9YLPz8bHGSO-_2PI.roa (raw, json)
Hash identifier:          wE+TdrLWqqZLPx5NWgyDidEgWTNkCoPWiiPRBt6vWpY=
Subject key identifier:   02:1C:33:F3:9B:F8:25:48:3D:60:B3:F3:F1:B1:C6:48:EF:BF:D8:F2
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01841409708CBD260441AF11D56A863AFE72
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ahwz85v4JUg9YLPz8bHGSO-_2PI.roa
Signing time:             Wed 26 Oct 2022 11:24:33 +0000
ROA not before:           Wed 26 Oct 2022 11:24:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400377
IP address blocks:        194.87.200.0/24 maxlen: 24
                          62.76.226.0/24 maxlen: 24
                          62.76.225.0/24 maxlen: 24
                          194.87.223.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.252.0/24 maxlen: 24
                          212.192.5.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          194.87.199.0/24 maxlen: 24
                          195.133.193.0/24 maxlen: 24
                          193.124.133.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:14:09:70:8c:bd:26:04:41:af:11:d5:6a:86:3a:fe:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 26 11:24:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=021c33f39bf825483d60b3f3f1b1c648efbfd8f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7d:17:8c:85:66:1b:3b:ad:89:72:0f:2c:f2:
                    67:d3:7f:6e:46:e3:ae:51:64:4d:e5:15:47:8f:96:
                    d5:4e:49:b2:40:ed:1a:74:fc:6f:95:f9:2d:7d:89:
                    e6:43:be:3b:43:55:95:7f:80:63:25:62:88:f2:7b:
                    e4:06:27:05:09:21:18:fe:be:3c:9b:ed:33:8c:32:
                    a8:ee:d3:44:91:5e:66:33:f9:c5:29:10:eb:89:a4:
                    ac:bb:23:22:31:08:7d:91:93:cb:90:03:89:eb:ce:
                    a9:ab:d9:92:60:85:0b:07:94:96:d9:1d:5a:f5:44:
                    b8:b6:27:1b:bc:6b:ed:c7:4f:d5:60:3a:aa:d2:c7:
                    39:11:af:fc:9a:2e:f3:c9:cc:8f:27:be:bc:c7:0a:
                    f4:65:92:c5:44:7f:25:fd:b8:96:fe:24:f7:36:82:
                    d6:b9:93:3d:d3:04:68:47:9c:87:74:aa:93:af:12:
                    64:b8:88:15:fa:39:a9:55:14:0c:7c:77:8f:d6:60:
                    95:f9:03:77:ca:75:fe:6b:ee:ba:82:ec:12:de:b0:
                    52:14:8d:e5:3e:b6:47:f0:cc:86:de:60:9c:a4:81:
                    0a:d1:01:87:56:11:1c:80:d7:f9:c6:a1:85:00:4b:
                    ec:d6:fe:22:39:72:68:a6:af:38:3c:c0:47:92:0e:
                    1f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:1C:33:F3:9B:F8:25:48:3D:60:B3:F3:F1:B1:C6:48:EF:BF:D8:F2
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ahwz85v4JUg9YLPz8bHGSO-_2PI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0-62.76.226.255
                  192.124.180.0/24
                  192.124.183.0/24
                  193.124.90.0/24
                  193.124.133.0/24
                  194.87.199.0-194.87.200.255
                  194.87.223.0/24
                  194.87.226.0/24
                  194.87.252.0/24
                  195.58.54.0/24
                  195.133.193.0/24
                  212.192.5.0/24
                  212.192.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:a8:2d:7c:1f:ea:1b:69:72:e6:3d:e3:95:ff:cd:05:e8:86:
         36:ce:d5:30:65:44:68:4c:76:37:8f:c8:0e:b5:7f:db:27:d3:
         10:60:da:7d:68:64:49:8c:b9:cb:59:47:9b:41:ff:ec:bd:80:
         7d:35:ed:0b:a2:0a:ac:65:c3:b3:a6:1a:08:c6:fd:e6:45:e1:
         f7:70:47:05:71:e0:02:cb:64:da:c5:6d:93:9b:8f:8c:58:72:
         15:69:08:39:6f:c2:a1:cb:ea:9c:78:5f:a6:96:48:48:e3:a9:
         0c:35:66:64:21:3f:79:98:f0:8d:70:60:cb:80:a6:b8:59:7d:
         29:e7:68:d2:b4:25:39:20:be:32:30:cf:bc:7a:65:2d:ce:d6:
         a1:8b:55:0a:3f:bb:1a:2a:72:43:97:69:4e:3b:d6:26:1d:e8:
         5f:54:aa:3a:04:ec:3e:33:02:99:9d:76:82:a6:3c:6d:5d:84:
         23:fd:73:6e:d7:84:65:7d:b5:23:d3:dd:c5:6e:8c:43:fa:a3:
         e0:85:cd:06:f8:9e:95:15:57:e5:3c:e3:5e:37:57:1f:71:0f:
         a2:39:c4:46:18:8d:87:84:4e:13:ed:fd:e7:41:ba:b6:88:cf:
         54:06:48:64:72:53:a3:94:05:56:58:19:9f:09:e1:62:c4:15:
         6b:43:e2:87
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYQUCXCMvSYEQa8R1WqGOv5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDI2MTEyNDMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjFjMzNmMzliZjgyNTQ4M2Q2MGIzZjNmMWIxYzY0OGVmYmZkOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgX0XjIVmGzutiXIPLPJn039uRuOu
UWRN5RVHj5bVTkmyQO0adPxvlfktfYnmQ747Q1WVf4BjJWKI8nvkBicFCSEY/r48
m+0zjDKo7tNEkV5mM/nFKRDriaSsuyMiMQh9kZPLkAOJ686pq9mSYIULB5SW2R1a
9US4ticbvGvtx0/VYDqq0sc5Ea/8mi7zycyPJ768xwr0ZZLFRH8l/biW/iT3NoLW
uZM90wRoR5yHdKqTrxJkuIgV+jmpVRQMfHeP1mCV+QN3ynX+a+66guwS3rBSFI3l
PrZH8MyG3mCcpIEK0QGHVhEcgNf5xqGFAEvs1v4iOXJopq84PMBHkg4f0wIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFAIcM/Ob+CVIPWCz8/Gxxkjvv9jyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQWh3ejg1djRKVWc5WUxQejhiSEdTTy1fMlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeMAwDBAA+TOED
BAA+TOIDBADAfLQDBADAfLcDBADBfFoDBADBfIUwDAMEAMJXxwMEAMJXyAMEAMJX
3wMEAMJX4gMEAMJX/AMEAMM6NgMEAMOFwQMEANTABQMEANTACTANBgkqhkiG9w0B
AQsFAAOCAQEAbagtfB/qG2ly5j3jlf/NBeiGNs7VMGVEaEx2N4/IDrV/2yfTEGDa
fWhkSYy5y1lHm0H/7L2AfTXtC6IKrGXDs6YaCMb95kXh93BHBXHgAstk2sVtk5uP
jFhyFWkIOW/CocvqnHhfppZISOOpDDVmZCE/eZjwjXBgy4CmuFl9Kedo0rQlOSC+
MjDPvHplLc7WoYtVCj+7GipyQ5dpTjvWJh3oX1SqOgTsPjMCmZ12gqY8bV2EI/1z
bteEZX21I9PdxW6MQ/qj4IXNBvielRVX5TzjXjdXH3EPojnERhiNh4ROE+3950G6
tojPVAZIZHJTo5QFVlgZnwnhYsQVa0Pihw==
-----END CERTIFICATE-----