Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wIWTr2HXbCyWdRt56ejxGNVbyF8.roa
File:                     wIWTr2HXbCyWdRt56ejxGNVbyF8.roa (raw, json)
Hash identifier:          R2cmmXzyNB0v86wzLo5Llyr0BndgaH5dWQvj2CoKqyU=
Subject key identifier:   C0:85:93:AF:61:D7:6C:2C:96:75:1B:79:E9:E8:F1:18:D5:5B:C8:5F
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0182F293682B2D9562ACE06C2C1143EC6821
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wIWTr2HXbCyWdRt56ejxGNVbyF8.roa
Signing time:             Wed 31 Aug 2022 06:25:22 +0000
ROA not before:           Wed 31 Aug 2022 06:25:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210906
IP address blocks:        159.148.109.0/24 maxlen: 24
                          85.254.178.0/23 maxlen: 23
                          85.254.180.0/23 maxlen: 23
                          85.254.84.0/23 maxlen: 23
                          159.148.66.0/24 maxlen: 24
                          85.254.112.0/22 maxlen: 22
                          85.254.116.0/22 maxlen: 22
                          85.254.124.0/23 maxlen: 23
                          85.254.128.0/22 maxlen: 22
                          159.148.216.0/24 maxlen: 24
                          159.148.218.0/24 maxlen: 24
                          159.148.234.0/24 maxlen: 24
                          85.254.64.0/23 maxlen: 23
                          85.254.76.0/22 maxlen: 22
                          159.148.166.0/23 maxlen: 23
                          159.148.204.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f2:93:68:2b:2d:95:62:ac:e0:6c:2c:11:43:ec:68:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug 31 06:25:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c08593af61d76c2c96751b79e9e8f118d55bc85f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3d:79:4c:08:55:a2:14:b9:67:fd:b5:b3:9d:
                    e5:4b:c8:0f:04:50:e4:66:d3:23:e6:23:3b:3e:d1:
                    c5:91:86:71:37:ae:6a:56:5a:63:14:1c:4a:8f:f0:
                    01:5c:6d:77:1b:85:e6:a0:47:c0:c1:2e:e3:3e:11:
                    1b:e8:fc:dc:6b:1e:62:8c:68:b3:f3:b1:cf:2b:c8:
                    b5:d9:2e:25:1a:26:c7:d0:63:2c:8d:1e:22:96:c4:
                    5f:24:0a:45:d2:0d:b7:72:03:d0:1f:48:1d:51:f4:
                    99:f1:4a:ef:6c:1b:23:d0:b9:94:0a:10:c5:39:2c:
                    a4:f1:2e:47:14:6f:0f:b5:39:1d:78:81:dc:fe:03:
                    30:d5:a6:0c:5f:43:ae:35:4f:c7:78:d3:13:ec:55:
                    bb:80:3c:aa:80:87:72:93:f8:e6:a6:50:ff:d7:6b:
                    68:e1:0e:0a:73:17:db:98:1d:cb:77:05:f7:09:28:
                    9d:0b:86:08:7e:ff:5c:2a:7c:9a:70:46:7a:5d:fd:
                    5a:49:76:b9:ab:ed:bc:c4:fc:85:9f:21:db:b2:23:
                    88:50:ac:dd:db:9d:68:9e:26:34:aa:0e:98:f4:a5:
                    e0:bc:27:d4:b3:c6:95:86:b4:a1:d0:17:7d:21:9c:
                    f8:5b:49:73:fb:c0:a0:ac:34:f7:bc:63:ec:97:e5:
                    13:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:85:93:AF:61:D7:6C:2C:96:75:1B:79:E9:E8:F1:18:D5:5B:C8:5F
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wIWTr2HXbCyWdRt56ejxGNVbyF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.64.0/23
                  85.254.76.0/22
                  85.254.84.0/23
                  85.254.112.0/21
                  85.254.124.0/23
                  85.254.128.0/22
                  85.254.178.0-85.254.181.255
                  159.148.66.0/24
                  159.148.109.0/24
                  159.148.166.0/23
                  159.148.204.0/24
                  159.148.216.0/24
                  159.148.218.0/24
                  159.148.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:cb:d4:29:ea:f5:34:66:39:d3:a4:f6:72:c1:6d:e4:cf:20:
         07:a8:9c:58:08:fc:17:dc:eb:4d:e1:9a:ee:8c:fd:ac:2d:d8:
         b2:73:61:0b:07:ef:f0:5b:c3:4f:cd:48:a2:34:4e:ee:2a:a8:
         00:d9:d1:34:1e:95:c8:a3:6a:b0:64:ed:0b:bb:0b:67:73:ad:
         3d:3c:de:ca:ce:61:fe:70:2b:d9:50:20:74:2d:11:d2:c7:bd:
         29:ab:c6:ee:43:78:f2:eb:83:15:ed:fc:a7:2a:e6:87:65:6f:
         63:c9:2c:f5:83:b7:00:3a:a8:2f:18:41:b8:dc:dc:a1:e7:24:
         84:6f:e5:89:94:ae:50:24:0b:f4:64:47:05:91:64:d8:78:4c:
         ba:b3:12:34:28:56:d4:91:61:9f:34:fc:b2:04:db:a9:f9:23:
         38:13:21:db:91:fd:79:4c:4d:74:d7:40:51:5b:4a:65:c2:5e:
         0c:29:4a:c8:8c:dd:a6:cb:f0:75:53:74:63:aa:20:48:0e:87:
         6d:fa:d9:6a:3c:63:55:3c:d1:13:e1:76:31:6e:34:29:46:29:
         d4:49:15:4a:45:64:36:84:6e:be:16:cc:c3:14:f4:6c:9e:a8:
         c7:20:93:c4:88:d5:bf:ac:70:05:f3:f7:e6:a1:ed:cd:0f:3e:
         3d:ae:fe:1e
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYLyk2grLZVirOBsLBFD7GghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjIwODMxMDYyNTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDg1OTNhZjYxZDc2YzJjOTY3NTFiNzllOWU4ZjExOGQ1NWJjODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyT15TAhVohS5Z/21s53lS8gPBFDk
ZtMj5iM7PtHFkYZxN65qVlpjFBxKj/ABXG13G4XmoEfAwS7jPhEb6Pzcax5ijGiz
87HPK8i12S4lGibH0GMsjR4ilsRfJApF0g23cgPQH0gdUfSZ8UrvbBsj0LmUChDF
OSyk8S5HFG8PtTkdeIHc/gMw1aYMX0OuNU/HeNMT7FW7gDyqgIdyk/jmplD/12to
4Q4KcxfbmB3LdwX3CSidC4YIfv9cKnyacEZ6Xf1aSXa5q+28xPyFnyHbsiOIUKzd
251oniY0qg6Y9KXgvCfUs8aVhrSh0Bd9IZz4W0lz+8CgrDT3vGPsl+UTjQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFMCFk69h12wslnUbeeno8RjVW8hfMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvd0lXVHIySFhiQ3lXZFJ0NTZlanhHTlZieUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQBVf5AAwQC
Vf5MAwQBVf5UAwQDVf5wAwQBVf58AwQCVf6AMAwDBAFV/rIDBAFV/rQDBACflEID
BACflG0DBAGflKYDBACflMwDBACflNgDBACflNoDBACflOowDQYJKoZIhvcNAQEL
BQADggEBAK7L1Cnq9TRmOdOk9nLBbeTPIAeonFgI/Bfc603hmu6M/awt2LJzYQsH
7/Bbw0/NSKI0Tu4qqADZ0TQelcijarBk7Qu7C2dzrT083srOYf5wK9lQIHQtEdLH
vSmrxu5DePLrgxXt/Kcq5odlb2PJLPWDtwA6qC8YQbjc3KHnJIRv5YmUrlAkC/Rk
RwWRZNh4TLqzEjQoVtSRYZ80/LIE26n5IzgTIduR/XlMTXTXQFFbSmXCXgwpSsiM
3abL8HVTdGOqIEgOh2362Wo8Y1U80RPhdjFuNClGKdRJFUpFZDaEbr4WzMMU9Gye
qMcgk8SI1b+scAXz9+ah7c0PPj2u/h4=
-----END CERTIFICATE-----