Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/031818-0463-4bab-bb56-51485fe222db/1/qLBvEd1PNiWLvUbheb03glxW5_8.roa
File:                     qLBvEd1PNiWLvUbheb03glxW5_8.roa (raw, json)
Hash identifier:          pYVh8aBposvuK0jdkDUJFhqgrEY/Swut9jJ8OsIawIk=
Subject key identifier:   A8:B0:6F:11:DD:4F:36:25:8B:BD:46:E1:79:BD:37:82:5C:56:E7:FF
Certificate issuer:       /CN=07d08df8bc7a383e976dbb03d2a0eb9fe0d786e7
Certificate serial:       0DA8C036
Authority key identifier: 07:D0:8D:F8:BC:7A:38:3E:97:6D:BB:03:D2:A0:EB:9F:E0:D7:86:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9CN-Lx6OD6XbbsD0qDrn-DXhuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/031818-0463-4bab-bb56-51485fe222db/1/qLBvEd1PNiWLvUbheb03glxW5_8.roa
Signing time:             Tue 26 Apr 2022 06:39:04 +0000
ROA not before:           Tue 26 Apr 2022 06:39:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8856
IP address blocks:        212.42.81.0/24 maxlen: 24
                          212.42.80.0/24 maxlen: 24
                          212.42.82.0/23 maxlen: 23
                          212.42.84.0/24 maxlen: 24
                          212.42.85.0/24 maxlen: 24
                          212.42.89.0/24 maxlen: 24
                          212.42.95.0/24 maxlen: 24
                          212.42.94.0/24 maxlen: 24
                          212.42.93.0/24 maxlen: 24
                          212.42.92.0/24 maxlen: 24
                          195.214.192.0/24 maxlen: 24
                          195.214.194.0/24 maxlen: 24
                          195.214.193.0/24 maxlen: 24
                          195.214.195.0/24 maxlen: 24
                          212.42.64.0/22 maxlen: 22
                          212.42.64.0/23 maxlen: 23
                          212.42.66.0/23 maxlen: 23
                          212.42.74.0/23 maxlen: 23
                          212.42.73.0/24 maxlen: 24
                          212.42.76.0/24 maxlen: 24
                          212.42.76.0/23 maxlen: 23
                          212.42.77.0/24 maxlen: 24
                          212.42.72.0/24 maxlen: 24
                          212.42.78.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 229163062 (0xda8c036)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d08df8bc7a383e976dbb03d2a0eb9fe0d786e7
        Validity
            Not Before: Apr 26 06:39:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a8b06f11dd4f36258bbd46e179bd37825c56e7ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b2:0d:18:d7:23:25:3d:7b:e2:18:3f:24:a3:
                    08:4c:c8:fb:02:01:be:9b:8b:80:6d:82:81:3f:24:
                    16:19:51:52:03:37:e7:e1:48:32:af:99:46:7f:7d:
                    76:02:f0:98:e5:f8:3c:22:26:4e:32:99:db:41:b2:
                    90:1f:2f:4b:88:e9:89:ed:a3:34:fe:08:81:dd:65:
                    a6:6b:4f:e3:0d:62:36:e5:76:a5:ef:f7:b3:ca:1c:
                    b7:ab:78:8d:4a:1e:4e:4b:c9:78:28:f5:08:0f:e2:
                    e7:95:80:48:ab:2e:cc:2b:77:63:ae:ce:13:ec:61:
                    49:c8:ce:6f:ca:b4:47:be:ff:ee:68:c5:96:67:cd:
                    b4:85:92:73:0d:69:9e:bb:aa:b6:3a:4e:ba:e6:85:
                    58:27:4a:eb:cb:55:38:a8:56:bb:10:80:e1:95:ca:
                    d8:97:c1:6e:19:5f:99:7d:21:73:db:4d:b8:75:f0:
                    9d:82:c7:be:4d:2b:dc:6a:f7:19:ec:7c:f7:20:cd:
                    f6:30:3c:af:08:fc:d4:10:c8:4a:b7:f2:c0:d4:46:
                    c6:24:b0:9c:ca:c6:b2:75:36:d5:6f:42:57:af:4a:
                    3b:27:55:80:4b:dd:69:c4:71:8e:7a:a8:da:d3:66:
                    64:15:38:5a:e8:0d:39:ed:4b:28:48:43:90:f0:d8:
                    aa:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B0:6F:11:DD:4F:36:25:8B:BD:46:E1:79:BD:37:82:5C:56:E7:FF
            X509v3 Authority Key Identifier:
                keyid:07:D0:8D:F8:BC:7A:38:3E:97:6D:BB:03:D2:A0:EB:9F:E0:D7:86:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9CN-Lx6OD6XbbsD0qDrn-DXhuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/031818-0463-4bab-bb56-51485fe222db/1/qLBvEd1PNiWLvUbheb03glxW5_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/031818-0463-4bab-bb56-51485fe222db/1/B9CN-Lx6OD6XbbsD0qDrn-DXhuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.192.0/22
                  212.42.64.0/22
                  212.42.72.0-212.42.85.255
                  212.42.89.0/24
                  212.42.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:e8:17:31:63:ac:8e:60:90:eb:52:c2:5b:a5:e5:87:db:17:
         fd:b7:20:86:a9:b6:1a:e9:a3:40:49:5e:53:10:6b:a6:de:5c:
         77:a6:7c:ff:1d:93:98:cd:27:6c:58:cf:7c:4e:f9:9c:7a:c2:
         db:c7:94:7c:0c:a3:68:13:4e:eb:d6:a4:97:e1:a7:62:18:07:
         98:90:0d:18:31:1c:f7:f3:5e:29:7d:e0:12:cc:32:95:6d:6f:
         b9:a5:64:4a:4a:96:58:b6:f4:d4:a0:12:c6:ce:99:b0:96:e3:
         c9:43:11:17:b1:e0:b6:68:c1:30:d8:9a:79:ea:e7:43:4e:a6:
         1e:26:b0:4c:b3:df:29:4a:df:88:a3:9c:78:d0:05:ff:79:2b:
         b2:85:5a:4b:89:d2:3c:67:e5:9c:5f:ff:99:d6:ae:4c:32:c1:
         57:cc:49:36:df:07:98:63:1b:40:25:88:53:de:f4:d4:21:fe:
         16:1d:70:ec:2c:eb:6a:c3:0f:4a:5e:a5:7d:d4:03:e6:b0:da:
         e3:d5:b3:47:9c:a0:b8:a5:84:1f:09:a3:0d:49:fe:a0:12:15:
         13:6b:a4:86:37:4f:9c:05:ee:19:3a:bf:9c:f7:29:7b:e8:60:
         62:21:ca:8a:16:9e:05:ec:b4:42:ac:8d:2b:7b:78:12:8d:64:
         6a:db:2e:46
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEDajANjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
N2QwOGRmOGJjN2EzODNlOTc2ZGJiMDNkMmEwZWI5ZmUwZDc4NmU3MB4XDTIyMDQy
NjA2MzkwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYThiMDZmMTFkZDRm
MzYyNThiYmQ0NmUxNzliZDM3ODI1YzU2ZTdmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKuyDRjXIyU9e+IYPySjCEzI+wIBvpuLgG2CgT8kFhlRUgM3
5+FIMq+ZRn99dgLwmOX4PCImTjKZ20GykB8vS4jpie2jNP4Igd1lpmtP4w1iNuV2
pe/3s8oct6t4jUoeTkvJeCj1CA/i55WASKsuzCt3Y67OE+xhScjOb8q0R77/7mjF
lmfNtIWScw1pnruqtjpOuuaFWCdK68tVOKhWuxCA4ZXK2JfBbhlfmX0hc9tNuHXw
nYLHvk0r3Gr3Gex89yDN9jA8rwj81BDISrfywNRGxiSwnMrGsnU21W9CV69KOydV
gEvdacRxjnqo2tNmZBU4WugNOe1LKEhDkPDYqscCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBSosG8R3U82JYu9RuF5vTeCXFbn/zAfBgNVHSMEGDAWgBQH0I34vHo4Ppdt
uwPSoOuf4NeG5zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0I5Q04tTHg2T0Q2WGJic0QwcURybi1EWGh1Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvMDMxODE4LTA0NjMtNGJhYi1iYjU2LTUxNDg1ZmUyMjJkYi8x
L3FMQnZFZDFQTmlXTHZVYmhlYjAzZ2x4VzVfOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
MDMxODE4LTA0NjMtNGJhYi1iYjU2LTUxNDg1ZmUyMjJkYi8xL0I5Q04tTHg2T0Q2
WGJic0QwcURybi1EWGh1Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJgMEAsPWwAMEAtQqQDAMAwQD1CpIAwQB
1CpUAwQA1CpZAwQC1CpcMA0GCSqGSIb3DQEBCwUAA4IBAQAD6BcxY6yOYJDrUsJb
peWH2xf9tyCGqbYa6aNASV5TEGum3lx3pnz/HZOYzSdsWM98TvmcesLbx5R8DKNo
E07r1qSX4adiGAeYkA0YMRz3814pfeASzDKVbW+5pWRKSpZYtvTUoBLGzpmwluPJ
QxEXseC2aMEw2Jp56udDTqYeJrBMs98pSt+Io5x40AX/eSuyhVpLidI8Z+WcX/+Z
1q5MMsFXzEk23weYYxtAJYhT3vTUIf4WHXDsLOtqww9KXqV91APmsNrj1bNHnKC4
pYQfCaMNSf6gEhUTa6SGN0+cBe4ZOr+c9yl76GBiIcqKFp4F7LRCrI0re3gSjWRq
2y5G
-----END CERTIFICATE-----