Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FIC9w3goy7TxJ9J0nF8LHeA-epM.roa
File:                     FIC9w3goy7TxJ9J0nF8LHeA-epM.roa (raw, json)
Hash identifier:          K8FrIxbH1KmGF3oEXa4TXu6OOweXkukfb3vLCdZMN4Q=
Subject key identifier:   14:80:BD:C3:78:28:CB:B4:F1:27:D2:74:9C:5F:0B:1D:E0:3E:7A:93
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018452CA734C8654CE4D88BE07799885B7B5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FIC9w3goy7TxJ9J0nF8LHeA-epM.roa
Signing time:             Mon 07 Nov 2022 15:51:50 +0000
ROA not before:           Mon 07 Nov 2022 15:51:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15731
IP address blocks:        193.124.3.0/24 maxlen: 24
                          194.135.23.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          195.133.35.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          212.192.31.0/24 maxlen: 24
                          212.193.1.0/24 maxlen: 24
                          212.193.3.0/24 maxlen: 24
                          194.87.130.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          195.133.0.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:52:ca:73:4c:86:54:ce:4d:88:be:07:79:98:85:b7:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov  7 15:51:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1480bdc37828cbb4f127d2749c5f0b1de03e7a93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:74:7b:31:43:b6:e9:62:6e:ed:a0:0b:84:a0:
                    79:d0:67:4b:2f:54:c0:0f:bc:40:4e:2b:06:17:a9:
                    7a:43:87:88:87:ac:d1:1e:29:2a:04:43:c5:95:5e:
                    bb:b7:38:e7:52:1b:66:79:9e:e5:ab:c3:f6:a7:b6:
                    08:9b:c6:9b:4f:9b:ec:5c:26:ca:6d:c5:fe:5f:d9:
                    6e:69:5a:67:3e:b2:c7:b1:bc:be:75:2b:94:02:cf:
                    85:12:19:7d:19:63:be:25:69:8e:87:1f:32:46:07:
                    bd:8f:d7:f5:73:08:08:c4:3e:88:c3:e7:08:bc:77:
                    65:64:7e:d9:8a:a7:ac:4d:c2:ef:37:03:75:77:21:
                    60:f8:cb:c4:01:6b:97:e7:74:d6:2c:47:a9:73:d0:
                    c5:4c:8e:da:19:c4:f5:65:fb:ab:8f:8c:ae:ec:1d:
                    b6:8a:ec:22:22:f4:d1:18:b1:dc:dc:2f:94:c7:5b:
                    19:55:9e:ec:78:21:05:71:e5:9c:d7:50:f3:90:f4:
                    96:b5:04:d6:7c:3c:e6:50:c4:ca:f7:ac:ab:d9:62:
                    1a:d4:17:76:7e:7a:e1:9a:6a:5c:b0:6f:aa:47:19:
                    ab:ab:64:16:aa:db:40:60:4d:fa:db:a7:91:a4:f9:
                    af:2c:ac:96:55:b4:87:0c:42:55:4b:6e:3a:3d:43:
                    88:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:80:BD:C3:78:28:CB:B4:F1:27:D2:74:9C:5F:0B:1D:E0:3E:7A:93
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FIC9w3goy7TxJ9J0nF8LHeA-epM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.3.0/24
                  194.87.73.0/24
                  194.87.130.0/23
                  194.87.168.0/24
                  194.87.178.0/24
                  194.135.23.0/24
                  195.58.35.0/24
                  195.133.0.0/24
                  195.133.35.0/24
                  212.192.31.0/24
                  212.193.1.0/24
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:6a:51:36:0c:c2:36:a4:b0:1a:c4:1e:71:bf:4f:9e:2b:6e:
         55:91:72:31:90:a6:5f:c9:1b:31:e0:e8:05:ed:35:07:e7:12:
         99:7e:3a:31:f0:69:ba:45:aa:f8:53:80:ac:5e:6f:63:f2:89:
         f2:b6:33:9f:4d:49:10:29:3f:af:2b:90:85:34:15:61:bc:de:
         4d:6b:a9:1a:8f:95:67:bc:42:34:60:02:54:92:7d:5f:7b:c5:
         7a:c0:90:71:a7:dd:cd:39:5f:ff:bd:f7:af:f5:98:1e:87:08:
         5b:d6:8f:2f:09:ab:91:9c:5b:ee:34:90:cb:e7:dd:43:15:d4:
         a2:05:de:5a:65:f8:a3:5e:67:24:91:82:77:d2:6e:50:7c:5a:
         8e:59:73:4c:aa:82:bf:30:00:52:be:38:64:55:e6:7f:fb:2d:
         e3:62:a1:06:13:79:df:a0:33:fa:7f:4c:6c:a7:b9:39:28:8d:
         c0:cf:f9:6d:e8:4f:78:e5:dd:f1:5c:02:2b:6e:d2:e4:4b:bd:
         5b:3b:1e:c4:78:18:8e:73:b4:07:83:e1:31:86:61:56:cf:71:
         96:6e:05:17:d2:f9:62:ec:0e:80:91:64:41:f6:ec:47:31:aa:
         5f:e0:1a:33:45:d1:98:34:00:61:5c:57:39:2b:87:08:0e:80:
         73:da:e9:9c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYRSynNMhlTOTYi+B3mYhbe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTA3MTU1MTUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDgwYmRjMzc4MjhjYmI0ZjEyN2QyNzQ5YzVmMGIxZGUwM2U3YTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknR7MUO26WJu7aALhKB50GdLL1TA
D7xATisGF6l6Q4eIh6zRHikqBEPFlV67tzjnUhtmeZ7lq8P2p7YIm8abT5vsXCbK
bcX+X9luaVpnPrLHsby+dSuUAs+FEhl9GWO+JWmOhx8yRge9j9f1cwgIxD6Iw+cI
vHdlZH7ZiqesTcLvNwN1dyFg+MvEAWuX53TWLEepc9DFTI7aGcT1Zfurj4yu7B22
iuwiIvTRGLHc3C+Ux1sZVZ7seCEFceWc11DzkPSWtQTWfDzmUMTK96yr2WIa1Bd2
fnrhmmpcsG+qRxmrq2QWqttAYE3626eRpPmvLKyWVbSHDEJVS246PUOILwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBSAvcN4KMu08SfSdJxfCx3gPnqTMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRklDOXczZ295N1R4SjlKMG5GOExIZUEtZXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAwXwDAwQA
wldJAwQBwleCAwQAwleoAwQAwleyAwQAwocXAwQAwzojAwQAw4UAAwQAw4UjAwQA
1MAfAwQA1MEBAwQA1MEDMA0GCSqGSIb3DQEBCwUAA4IBAQBJalE2DMI2pLAaxB5x
v0+eK25VkXIxkKZfyRsx4OgF7TUH5xKZfjox8Gm6Rar4U4CsXm9j8onytjOfTUkQ
KT+vK5CFNBVhvN5Na6kaj5VnvEI0YAJUkn1fe8V6wJBxp93NOV//vfev9Zgehwhb
1o8vCauRnFvuNJDL591DFdSiBd5aZfijXmckkYJ30m5QfFqOWXNMqoK/MABSvjhk
VeZ/+y3jYqEGE3nfoDP6f0xsp7k5KI3Az/lt6E945d3xXAIrbtLkS71bOx7EeBiO
c7QHg+ExhmFWz3GWbgUX0vli7A6AkWRB9uxHMapf4BozRdGYNABhXFc5K4cIDoBz
2umc
-----END CERTIFICATE-----