Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/rKdAtvhMSzWtmsCObXhryDBiU7s.roa
File:                     rKdAtvhMSzWtmsCObXhryDBiU7s.roa (raw, json)
Hash identifier:          i9w9XlD8aNd9TBbfmoqX88w5kZn/xfjvMjn4ud+xCtQ=
Subject key identifier:   AC:A7:40:B6:F8:4C:4B:35:AD:9A:C0:8E:6D:78:6B:C8:30:62:53:BB
Certificate issuer:       /CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
Certificate serial:       0183CBE1F292C42539B3A91BD88834F2A3CF
Authority key identifier: FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/rKdAtvhMSzWtmsCObXhryDBiU7s.roa
Signing time:             Wed 12 Oct 2022 11:08:46 +0000
ROA not before:           Wed 12 Oct 2022 11:08:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47692
IP address blocks:        192.166.242.0/23 maxlen: 23
                          192.166.241.0/24 maxlen: 24
                          84.242.8.0/21 maxlen: 24
                          146.255.56.0/21 maxlen: 24
                          5.183.173.0/24 maxlen: 24
                          5.183.174.0/23 maxlen: 23
                          45.155.244.0/22 maxlen: 24
                          83.137.112.0/21 maxlen: 24
                          77.244.240.0/20 maxlen: 24
                          217.74.8.0/21 maxlen: 24
                          92.42.136.0/21 maxlen: 24
                          212.232.24.0/21 maxlen: 24
                          2a02:1b9::/32 maxlen: 32
                          2a02:1b8::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:cb:e1:f2:92:c4:25:39:b3:a9:1b:d8:88:34:f2:a3:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
        Validity
            Not Before: Oct 12 11:08:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aca740b6f84c4b35ad9ac08e6d786bc8306253bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:13:36:13:bd:78:47:6b:2e:5f:2f:82:39:68:
                    18:80:04:90:f0:20:59:97:09:d9:bb:d1:2a:92:2a:
                    d8:12:b4:29:63:61:a2:f8:5a:fb:92:49:65:fd:d3:
                    54:89:6e:c1:0d:b4:37:cb:f2:63:6b:f8:f3:9a:34:
                    5f:5d:f6:6f:2e:15:7c:64:03:98:bd:ba:2b:04:94:
                    95:05:a4:5a:23:5b:73:32:f0:7f:53:5c:66:19:71:
                    e0:fe:2c:e0:c9:df:70:9d:54:0f:b5:bc:bc:95:5a:
                    18:bf:9e:3d:fd:a8:3d:84:20:60:a7:c6:f9:df:58:
                    db:58:e5:51:7f:77:af:3f:af:24:c7:5e:0d:30:8c:
                    17:65:46:fc:8f:ee:3e:b5:ed:5f:6a:18:d2:a3:aa:
                    4e:d3:4a:30:50:52:b5:18:c8:0f:e2:5a:b6:32:0e:
                    d8:ef:f5:3c:d0:56:b4:03:a6:88:b2:91:71:22:be:
                    70:22:84:9c:c0:64:39:b7:92:da:55:df:55:a6:eb:
                    f4:39:b6:34:44:3f:cc:f5:fc:79:3e:bc:e2:d8:c9:
                    2e:72:14:e8:95:4d:05:fe:61:66:15:28:7b:62:1c:
                    b1:92:74:39:62:52:9a:e2:54:cb:69:26:17:1f:ce:
                    8f:a8:33:2a:c8:33:6d:5b:90:73:d9:e9:18:01:a1:
                    51:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A7:40:B6:F8:4C:4B:35:AD:9A:C0:8E:6D:78:6B:C8:30:62:53:BB
            X509v3 Authority Key Identifier:
                keyid:FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/rKdAtvhMSzWtmsCObXhryDBiU7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.173.0-5.183.175.255
                  45.155.244.0/22
                  77.244.240.0/20
                  83.137.112.0/21
                  84.242.8.0/21
                  92.42.136.0/21
                  146.255.56.0/21
                  192.166.241.0-192.166.243.255
                  212.232.24.0/21
                  217.74.8.0/21
                IPv6:
                  2a02:1b8::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:7e:04:d8:66:19:b8:57:c3:9a:f9:c8:79:be:9b:b0:43:27:
         7a:8d:23:86:d8:61:85:5c:25:ed:61:04:5f:8c:92:45:64:ea:
         51:f4:c4:7e:f5:40:85:c8:35:f5:5f:b5:5f:f9:b7:a4:84:a0:
         fc:7e:a8:f7:7d:f3:54:90:2f:e3:84:e2:55:c9:98:01:cd:bc:
         12:5b:f2:31:58:c4:92:53:b0:3e:28:4a:29:b8:66:33:94:21:
         d4:fd:43:5c:8a:ab:3f:34:75:d0:24:f9:4d:63:36:bb:9c:a9:
         a4:58:c6:f5:81:78:c8:36:d0:f6:3b:39:33:51:7f:4a:af:cb:
         0a:be:6a:20:42:65:c5:30:d2:58:37:91:8e:dd:6b:91:0e:70:
         e6:b3:16:60:b1:9f:06:1d:4f:f6:c5:02:88:66:5e:09:20:18:
         60:ac:c1:03:c3:01:23:b6:85:3d:04:06:ec:d7:09:ac:13:7f:
         fb:d4:d1:b0:5f:00:33:54:71:f9:96:11:e1:e6:7f:ae:91:bd:
         79:4c:d0:31:85:ac:af:02:fa:89:ce:5a:b3:db:5a:e6:3d:fd:
         1a:a3:14:3d:86:76:76:52:6b:24:02:1e:5c:78:5e:12:c0:b1:
         e9:b1:f2:53:76:31:cf:16:d9:dc:c9:eb:ea:08:f4:8c:de:6a:
         70:00:cd:76
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYPL4fKSxCU5s6kb2Ig08qPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkM2ExZTg0NjViZmM0ZGY3MDA4OTQzNzJkMGI5ODA4ZThi
NjI5ZWEwHhcNMjIxMDEyMTEwODQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2E3NDBiNmY4NGM0YjM1YWQ5YWMwOGU2ZDc4NmJjODMwNjI1M2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRM2E714R2suXy+COWgYgASQ8CBZ
lwnZu9EqkirYErQpY2Gi+Fr7kkll/dNUiW7BDbQ3y/Jja/jzmjRfXfZvLhV8ZAOY
vborBJSVBaRaI1tzMvB/U1xmGXHg/izgyd9wnVQPtby8lVoYv549/ag9hCBgp8b5
31jbWOVRf3evP68kx14NMIwXZUb8j+4+te1fahjSo6pO00owUFK1GMgP4lq2Mg7Y
7/U80Fa0A6aIspFxIr5wIoScwGQ5t5LaVd9Vpuv0ObY0RD/M9fx5Przi2MkuchTo
lU0F/mFmFSh7YhyxknQ5YlKa4lTLaSYXH86PqDMqyDNtW5Bz2ekYAaFRfQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFKynQLb4TEs1rZrAjm14a8gwYlO7MB8GA1UdIwQY
MBaAFP06HoRlv8TfcAiUNy0LmAjotinqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYt
OTU1NWQzMGY2ZjhmLzEvcktkQXR2aE1Teld0bXNDT2JYaHJ5REJpVTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYtOTU1NWQzMGY2Zjhm
LzEvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMMAwDBAAFt60D
BAQFt6ADBAItm/QDBARN9PADBANTiXADBANU8ggDBANcKogDBAOS/zgwDAMEAMCm
8QMEAsCm8AMEA9ToGAMEA9lKCDANBAIAAjAHAwUDKgIBuDANBgkqhkiG9w0BAQsF
AAOCAQEAq34E2GYZuFfDmvnIeb6bsEMneo0jhthhhVwl7WEEX4ySRWTqUfTEfvVA
hcg19V+1X/m3pISg/H6o933zVJAv44TiVcmYAc28ElvyMVjEklOwPihKKbhmM5Qh
1P1DXIqrPzR10CT5TWM2u5yppFjG9YF4yDbQ9js5M1F/Sq/LCr5qIEJlxTDSWDeR
jt1rkQ5w5rMWYLGfBh1P9sUCiGZeCSAYYKzBA8MBI7aFPQQG7NcJrBN/+9TRsF8A
M1Rx+ZYR4eZ/rpG9eUzQMYWsrwL6ic5as9ta5j39GqMUPYZ2dlJrJAIeXHheEsCx
6bHyU3YxzxbZ3Mnr6gj0jN5qcADNdg==
-----END CERTIFICATE-----