Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nj9l9XZ0ELx8uulzGE0Xb238O0Y.roa
File:                     nj9l9XZ0ELx8uulzGE0Xb238O0Y.roa (raw, json)
Hash identifier:          KIl6kS1BUWiKEaDj5/Ni6Lq7tKzR6wIkLjBHkCVl8IE=
Subject key identifier:   9E:3F:65:F5:76:74:10:BC:7C:BA:E9:73:18:4D:17:6F:6D:FC:3B:46
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018289433F46A2310D683862BEAAE4D2859E
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nj9l9XZ0ELx8uulzGE0Xb238O0Y.roa
Signing time:             Wed 10 Aug 2022 19:37:41 +0000
ROA not before:           Wed 10 Aug 2022 19:37:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51659
IP address blocks:        193.233.84.0/22 maxlen: 22
                          193.233.92.0/22 maxlen: 22
                          193.233.16.0/24 maxlen: 24
                          193.233.22.0/24 maxlen: 24
                          193.233.23.0/24 maxlen: 24
                          193.233.21.0/24 maxlen: 24
                          193.233.19.0/24 maxlen: 24
                          193.233.20.0/24 maxlen: 24
                          193.233.240.0/22 maxlen: 22
                          193.233.18.0/24 maxlen: 24
                          193.233.252.0/22 maxlen: 22
                          193.233.61.0/24 maxlen: 24
                          193.233.192.0/22 maxlen: 22
                          193.233.224.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:89:43:3f:46:a2:31:0d:68:38:62:be:aa:e4:d2:85:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Aug 10 19:37:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9e3f65f5767410bc7cbae973184d176f6dfc3b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:55:ee:e5:52:14:33:b7:d9:38:9f:7a:05:d6:
                    7b:7a:42:df:2c:cf:55:f2:ec:ed:e8:03:1d:67:ba:
                    bb:76:94:ef:ab:be:62:41:be:b0:e2:37:ea:ad:5b:
                    3f:d2:83:93:19:80:e2:a6:e8:3d:7e:0b:33:2e:75:
                    8b:96:6d:97:0b:10:d2:ac:dc:ab:dc:60:6b:91:12:
                    a6:f9:85:74:58:52:4f:67:b1:2e:b1:bb:79:40:27:
                    e0:da:0f:bb:a6:bd:fb:5c:8e:59:22:3b:47:2a:59:
                    a4:dc:c2:ed:ce:0a:76:a2:3a:51:25:f2:77:0d:1a:
                    34:95:22:7e:d6:80:e9:72:01:06:70:60:e0:f0:e4:
                    43:8e:8a:3c:5f:1b:7f:d2:61:f9:9b:bc:1c:86:8a:
                    eb:8e:dc:1f:b0:5c:66:c0:8b:bc:93:b8:7d:05:b4:
                    fb:83:33:19:0a:00:1d:90:39:44:71:b2:a4:16:a9:
                    52:a5:86:9c:30:a6:c8:cf:bd:e7:75:c7:40:fb:14:
                    55:35:23:21:30:d7:61:96:f6:7e:84:74:61:06:03:
                    42:a1:f7:1a:6b:2b:dd:80:60:e1:17:c2:6b:a0:79:
                    69:6f:1b:85:df:a8:fc:00:99:4a:24:0b:fc:de:df:
                    ae:95:d7:fc:b2:82:5e:bf:d1:f6:41:73:9c:85:bf:
                    03:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:3F:65:F5:76:74:10:BC:7C:BA:E9:73:18:4D:17:6F:6D:FC:3B:46
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nj9l9XZ0ELx8uulzGE0Xb238O0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.16.0/24
                  193.233.18.0-193.233.23.255
                  193.233.61.0/24
                  193.233.84.0/22
                  193.233.92.0/22
                  193.233.192.0/22
                  193.233.224.0/22
                  193.233.240.0/22
                  193.233.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:2f:7d:78:2b:06:cc:ff:c5:30:98:e8:0a:ca:fc:5c:05:4d:
         69:a0:60:7e:52:48:10:7d:43:76:be:d8:14:b8:1e:92:5a:8f:
         55:9e:d4:98:93:f3:aa:7b:b4:8c:f4:50:e7:e7:27:01:4a:69:
         11:45:fe:c2:5f:29:43:f4:51:9a:9c:99:53:b2:35:86:2c:1d:
         8a:55:87:85:80:bc:de:bd:b9:64:d5:c2:5b:77:0e:ff:7e:45:
         de:2e:d9:57:63:b3:37:75:9f:84:cf:88:35:3a:f7:c2:14:16:
         e4:b2:f0:a1:85:11:d1:12:a5:4c:ff:87:32:00:59:27:ab:1b:
         e3:b7:a5:5d:c3:b6:31:bd:f9:58:dc:ec:41:9c:56:fb:59:3e:
         bc:56:86:dd:3a:91:ee:97:88:c3:a3:73:be:0b:3b:74:30:b2:
         58:b4:03:7c:2e:99:8d:77:cd:75:2e:50:7d:95:60:63:4b:92:
         da:2e:69:68:3a:2f:5a:33:5e:48:ed:a1:c5:e9:a5:6c:17:4b:
         09:b5:f7:f2:0b:3b:e0:3d:e6:cd:76:8b:b8:6c:9c:61:c3:68:
         e0:2e:f9:f1:8d:99:f4:57:88:f7:94:7b:47:3b:6f:06:c7:1a:
         3e:68:ef:86:ed:1d:fb:7a:f4:6e:3f:1f:cc:68:9d:88:85:cf:
         a2:57:6d:a8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYKJQz9GojENaDhivqrk0oWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjIwODEwMTkzNzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTNmNjVmNTc2NzQxMGJjN2NiYWU5NzMxODRkMTc2ZjZkZmMzYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVXu5VIUM7fZOJ96BdZ7ekLfLM9V
8uzt6AMdZ7q7dpTvq75iQb6w4jfqrVs/0oOTGYDipug9fgszLnWLlm2XCxDSrNyr
3GBrkRKm+YV0WFJPZ7Eusbt5QCfg2g+7pr37XI5ZIjtHKlmk3MLtzgp2ojpRJfJ3
DRo0lSJ+1oDpcgEGcGDg8ORDjoo8Xxt/0mH5m7wchorrjtwfsFxmwIu8k7h9BbT7
gzMZCgAdkDlEcbKkFqlSpYacMKbIz73ndcdA+xRVNSMhMNdhlvZ+hHRhBgNCofca
ayvdgGDhF8JroHlpbxuF36j8AJlKJAv83t+uldf8soJev9H2QXOchb8D1wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJ4/ZfV2dBC8fLrpcxhNF29t/DtGMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbmo5bDlYWjBFTHg4dXVsekdFMFhiMjM4TzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAwekQMAwD
BAHB6RIDBAPB6RADBADB6T0DBALB6VQDBALB6VwDBALB6cADBALB6eADBALB6fAD
BALB6fwwDQYJKoZIhvcNAQELBQADggEBABkvfXgrBsz/xTCY6ArK/FwFTWmgYH5S
SBB9Q3a+2BS4HpJaj1We1JiT86p7tIz0UOfnJwFKaRFF/sJfKUP0UZqcmVOyNYYs
HYpVh4WAvN69uWTVwlt3Dv9+Rd4u2Vdjszd1n4TPiDU698IUFuSy8KGFEdESpUz/
hzIAWSerG+O3pV3DtjG9+Vjc7EGcVvtZPrxWht06ke6XiMOjc74LO3Qwsli0A3wu
mY13zXUuUH2VYGNLktouaWg6L1ozXkjtocXppWwXSwm19/ILO+A95s12i7hsnGHD
aOAu+fGNmfRXiPeUe0c7bwbHGj5o74btHft69G4/H8xonYiFz6JXbag=
-----END CERTIFICATE-----