Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FvejRioHviQpT6Ymd6uz_bCtmS0.roa
File:                     FvejRioHviQpT6Ymd6uz_bCtmS0.roa (raw, json)
Hash identifier:          uJhtac+wUFhTnGNaoIvS43UIMuGbN3Jvhc2AQ7xOmSo=
Subject key identifier:   16:F7:A3:46:2A:07:BE:24:29:4F:A6:26:77:AB:B3:FD:B0:AD:99:2D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01820DA35FF8A9D409C95248158BF885152E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FvejRioHviQpT6Ymd6uz_bCtmS0.roa
Signing time:             Sun 17 Jul 2022 19:29:46 +0000
ROA not before:           Sun 17 Jul 2022 19:29:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400377
IP address blocks:        212.87.204.0/24 maxlen: 24
                          80.76.51.0/24 maxlen: 24
                          85.31.44.0/24 maxlen: 24
                          85.31.46.0/24 maxlen: 24
                          194.55.186.0/24 maxlen: 24
                          185.246.222.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          194.48.250.0/24 maxlen: 24
                          109.206.241.0/24 maxlen: 24
                          109.206.242.0/24 maxlen: 24
                          94.103.124.0/24 maxlen: 24
                          79.110.62.0/24 maxlen: 24
                          185.218.138.0/24 maxlen: 24
                          185.225.74.0/24 maxlen: 24
                          94.154.160.0/24 maxlen: 24
                          94.154.173.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:0d:a3:5f:f8:a9:d4:09:c9:52:48:15:8b:f8:85:15:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 17 19:29:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=16f7a3462a07be24294fa62677abb3fdb0ad992d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b0:22:f7:49:a0:f6:6a:c2:c9:94:4c:d9:3e:
                    60:41:39:de:21:e7:f9:12:12:f0:9d:e9:21:dd:a7:
                    62:88:c0:a7:01:7c:9e:c6:db:7e:3e:d3:f2:5d:77:
                    03:7b:3c:78:17:a1:df:6f:13:25:92:74:4b:77:59:
                    74:6c:74:b8:17:db:20:77:c8:c6:2e:a9:8f:b4:27:
                    07:91:62:bc:d7:19:d8:fa:c0:1a:18:45:3a:eb:84:
                    ff:f0:76:9a:89:f1:c1:2e:9b:73:54:5a:c2:5b:e0:
                    00:be:f3:02:38:41:53:f9:a3:63:2a:fb:fe:e4:51:
                    04:7d:62:be:39:88:c6:5b:15:e3:25:17:b8:08:ec:
                    4c:96:fb:42:a5:af:8b:20:a4:2e:11:ec:80:a9:00:
                    eb:c1:4b:7c:54:ef:55:69:98:da:4b:02:81:a2:c3:
                    f4:ca:f4:6c:d3:7a:2c:7b:e9:b2:5b:23:fc:b7:67:
                    20:8e:69:6a:24:97:62:2e:d7:f1:80:5a:a1:f3:76:
                    90:ac:65:f0:0e:14:6e:b4:aa:19:5e:11:0c:27:79:
                    70:38:bc:72:16:c1:54:4c:5c:07:76:00:39:b6:15:
                    1f:2e:99:96:60:1a:6c:e3:8f:49:d6:65:a5:89:23:
                    d1:48:39:d3:c3:8d:cc:1f:4c:2f:a0:cb:f4:ab:0a:
                    c0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F7:A3:46:2A:07:BE:24:29:4F:A6:26:77:AB:B3:FD:B0:AD:99:2D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FvejRioHviQpT6Ymd6uz_bCtmS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.62.0/24
                  80.76.51.0/24
                  85.31.44.0/24
                  85.31.46.0/24
                  94.103.124.0/24
                  94.154.160.0/24
                  94.154.173.0/24
                  109.206.241.0-109.206.242.255
                  185.218.138.0/24
                  185.225.74.0/24
                  185.246.222.0/23
                  194.48.250.0/24
                  194.55.186.0/24
                  212.87.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:68:57:ec:5d:b2:34:5c:c3:cc:ca:34:d7:17:df:04:bd:1e:
         f0:69:9a:6f:1a:24:c5:e4:09:93:a7:71:0d:1a:45:45:98:89:
         9e:cc:ce:c8:b6:8b:c7:32:9e:6c:79:fd:87:43:64:4f:4f:f8:
         66:96:41:67:95:30:e1:3a:16:c9:42:5e:77:a5:f8:51:6f:22:
         de:ba:74:17:0c:2b:5d:a6:b0:ba:4a:2d:5c:73:d1:c1:4f:4b:
         2c:99:88:24:bd:c4:6a:f5:39:58:79:74:48:e7:56:40:dc:14:
         d1:82:17:d1:c7:75:a4:84:64:5d:28:8a:d7:bb:fd:71:07:fa:
         a6:5c:29:94:a1:c2:65:90:66:f9:00:1d:31:c1:1e:30:6b:55:
         ef:48:dd:50:c0:70:3a:af:8a:0f:e1:bd:79:8a:00:10:ec:47:
         52:9b:3c:59:28:fe:9e:9e:4f:f9:27:42:32:6a:e4:23:83:db:
         1b:90:7b:57:de:c4:8c:51:38:a8:fe:5b:99:e2:44:23:13:f1:
         27:f7:b6:92:89:d3:98:13:6f:02:24:ed:7f:89:8b:44:7e:1f:
         b7:d0:bc:9e:77:ff:fb:0c:01:a4:40:f8:65:b6:9a:44:39:b1:
         15:43:80:23:10:9d:66:ba:b3:60:3e:a2:d5:94:49:e2:50:5e:
         1d:ec:50:cd
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYINo1/4qdQJyVJIFYv4hRUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwNzE3MTkyOTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmY3YTM0NjJhMDdiZTI0Mjk0ZmE2MjY3N2FiYjNmZGIwYWQ5OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLAi90mg9mrCyZRM2T5gQTneIef5
EhLwnekh3adiiMCnAXyextt+PtPyXXcDezx4F6HfbxMlknRLd1l0bHS4F9sgd8jG
LqmPtCcHkWK81xnY+sAaGEU664T/8HaaifHBLptzVFrCW+AAvvMCOEFT+aNjKvv+
5FEEfWK+OYjGWxXjJRe4COxMlvtCpa+LIKQuEeyAqQDrwUt8VO9VaZjaSwKBosP0
yvRs03ose+myWyP8t2cgjmlqJJdiLtfxgFqh83aQrGXwDhRutKoZXhEMJ3lwOLxy
FsFUTFwHdgA5thUfLpmWYBps449J1mWliSPRSDnTw43MH0wvoMv0qwrAyQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFBb3o0YqB74kKU+mJners/2wrZktMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRnZlalJpb0h2aVFwVDZZbWQ2dXpfYkN0bVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAT24+AwQA
UEwzAwQAVR8sAwQAVR8uAwQAXmd8AwQAXpqgAwQAXpqtMAwDBABtzvEDBABtzvID
BAC52ooDBAC54UoDBAG59t4DBADCMPoDBADCN7oDBADUV8wwDQYJKoZIhvcNAQEL
BQADggEBADxoV+xdsjRcw8zKNNcX3wS9HvBpmm8aJMXkCZOncQ0aRUWYiZ7Mzsi2
i8cynmx5/YdDZE9P+GaWQWeVMOE6FslCXnel+FFvIt66dBcMK12msLpKLVxz0cFP
SyyZiCS9xGr1OVh5dEjnVkDcFNGCF9HHdaSEZF0oite7/XEH+qZcKZShwmWQZvkA
HTHBHjBrVe9I3VDAcDqvig/hvXmKABDsR1KbPFko/p6eT/knQjJq5COD2xuQe1fe
xIxROKj+W5niRCMT8Sf3tpKJ05gTbwIk7X+Ji0R+H7fQvJ53//sMAaRA+GW2mkQ5
sRVDgCMQnWa6s2A+otWUSeJQXh3sUM0=
-----END CERTIFICATE-----