Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/BCCOQF4zekLcJScXemgNyNWi9gw.roa
File:                     BCCOQF4zekLcJScXemgNyNWi9gw.roa (raw, json)
Hash identifier:          5M30RNTvLcekMKcpxedkm7R0245jNpi5vCeVKCrcTl8=
Subject key identifier:   04:20:8E:40:5E:33:7A:42:DC:25:27:17:7A:68:0D:C8:D5:A2:F6:0C
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       380E36B6
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/BCCOQF4zekLcJScXemgNyNWi9gw.roa
Signing time:             Sat 01 Jan 2022 02:57:31 +0000
ROA not before:           Sat 01 Jan 2022 02:57:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6730
IP address blocks:        195.112.64.0/19 maxlen: 19
                          62.167.0.0/16 maxlen: 16
                          84.226.0.0/15 maxlen: 16
                          195.141.0.0/16 maxlen: 16
                          193.192.224.0/19 maxlen: 19
                          194.230.0.0/16 maxlen: 16
                          178.38.0.0/15 maxlen: 16
                          212.161.128.0/17 maxlen: 17
                          194.230.144.0/20 maxlen: 20
                          31.164.0.0/15 maxlen: 16
                          188.154.0.0/15 maxlen: 16
                          212.98.32.0/19 maxlen: 19
                          194.158.224.0/19 maxlen: 19
                          89.217.0.0/16 maxlen: 16
                          212.35.32.0/19 maxlen: 19
                          2001:1700::/27 maxlen: 27

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 940455606 (0x380e36b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Jan  1 02:57:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=04208e405e337a42dc2527177a680dc8d5a2f60c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:82:e2:be:f2:4c:52:6b:62:bd:dc:ca:27:24:
                    a8:34:3f:2c:42:a4:e1:25:b8:48:2c:fb:9a:ee:19:
                    26:4d:bf:4c:c3:cc:64:70:0c:10:25:f1:7c:d8:4b:
                    13:7f:d4:d9:fe:1b:0a:92:07:c0:39:22:0f:e9:bc:
                    ff:8c:1d:2f:3b:3e:11:71:07:31:f6:a4:e1:14:90:
                    80:92:2f:41:25:ce:c6:ef:93:7c:1f:46:f9:1a:08:
                    27:c1:c6:11:10:ba:fd:c5:bc:0c:f4:63:d8:82:bf:
                    fd:8b:36:2a:b9:4d:03:35:56:1e:1d:aa:8b:96:34:
                    a5:cc:d6:10:15:27:33:e1:fa:4d:e4:7a:cc:b7:da:
                    d1:be:87:a0:90:9e:6b:05:79:8e:3d:1d:bf:4f:bb:
                    db:dd:53:6b:9a:7c:70:83:11:cc:7e:fc:82:07:26:
                    d6:94:50:78:e5:42:85:b0:72:9f:15:fb:69:3a:bf:
                    7f:e6:2a:f5:7a:40:b2:27:0d:7e:03:00:f5:9e:02:
                    77:68:5d:97:bc:8f:2c:37:59:72:0f:b9:69:79:43:
                    5d:c9:62:c4:1a:b1:c7:8d:1b:b8:f4:76:fb:4f:43:
                    9b:b2:6f:cd:48:6f:31:29:00:a6:4e:74:19:24:f5:
                    a2:eb:05:ac:16:3a:7b:8c:d8:bc:46:c8:0c:4a:41:
                    79:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:20:8E:40:5E:33:7A:42:DC:25:27:17:7A:68:0D:C8:D5:A2:F6:0C
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/BCCOQF4zekLcJScXemgNyNWi9gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.164.0.0/15
                  62.167.0.0/16
                  84.226.0.0/15
                  89.217.0.0/16
                  178.38.0.0/15
                  188.154.0.0/15
                  193.192.224.0/19
                  194.158.224.0/19
                  194.230.0.0/16
                  195.112.64.0/19
                  195.141.0.0/16
                  212.35.32.0/19
                  212.98.32.0/19
                  212.161.128.0/17
                IPv6:
                  2001:1700::/27

    Signature Algorithm: sha256WithRSAEncryption
         65:69:9c:6b:7c:d1:63:68:27:8e:6b:e2:eb:3f:6f:d4:d2:a8:
         cc:f7:03:fa:3d:d0:d2:cf:47:99:94:99:fd:74:7d:de:a1:6f:
         37:17:50:b7:fa:83:eb:5c:de:c1:7b:65:75:fa:de:64:b7:4f:
         f5:e4:83:f5:17:27:fa:6e:ee:25:32:4e:33:f6:b7:e1:b3:26:
         62:b7:0d:a2:54:41:91:03:c6:88:01:54:88:46:95:69:b6:cc:
         0b:9b:c8:a9:cb:d2:6f:31:48:29:04:0f:59:da:62:bf:e9:a6:
         ea:6f:d5:31:e8:14:78:2a:df:2b:c1:bd:30:10:3b:27:ea:df:
         f4:a7:c4:30:26:3c:f1:87:61:e5:25:ae:ec:7b:d7:9a:1b:79:
         d3:46:f5:94:55:f8:e8:d9:6a:5d:2c:39:1f:9b:00:ef:3c:6f:
         bd:27:ba:5c:8d:03:58:6c:2c:63:ce:c2:71:be:02:1a:89:f2:
         9f:d2:c8:26:ee:5a:72:ca:bb:68:c7:75:99:98:2e:c8:63:6a:
         de:a7:03:55:ac:2a:b0:63:86:9c:16:ac:57:58:f3:25:ea:ce:
         fd:86:b6:41:b9:e7:4a:5b:87:15:00:67:37:7e:a6:06:9a:29:
         54:3a:8f:ed:e0:03:ce:a5:65:92:4d:37:b8:50:29:35:43:b7:
         40:3b:03:be
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgIEOA42tjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MTVkYmMwMDQzM2UyOWYyYWRlYjAzOGZlYTJmYmQ3MDQ4ZmI2MzJmMB4XDTIyMDEw
MTAyNTczMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDQyMDhlNDA1ZTMz
N2E0MmRjMjUyNzE3N2E2ODBkYzhkNWEyZjYwYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMiC4r7yTFJrYr3cyickqDQ/LEKk4SW4SCz7mu4ZJk2/TMPM
ZHAMECXxfNhLE3/U2f4bCpIHwDkiD+m8/4wdLzs+EXEHMfak4RSQgJIvQSXOxu+T
fB9G+RoIJ8HGERC6/cW8DPRj2IK//Ys2KrlNAzVWHh2qi5Y0pczWEBUnM+H6TeR6
zLfa0b6HoJCeawV5jj0dv0+7291Ta5p8cIMRzH78ggcm1pRQeOVChbBynxX7aTq/
f+Yq9XpAsicNfgMA9Z4Cd2hdl7yPLDdZcg+5aXlDXclixBqxx40buPR2+09Dm7Jv
zUhvMSkApk50GST1ousFrBY6e4zYvEbIDEpBeZUCAwEAAaOCAl4wggJaMB0GA1Ud
DgQWBBQEII5AXjN6QtwlJxd6aA3I1aL2DDAfBgNVHSMEGDAWgBQRXbwAQz4p8q3r
A4/qL71wSPtjLzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VWMjhBRU0tS2ZLdDZ3T1A2aS05Y0VqN1l5OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvNjVhNzFkLTAyMzYtNDRkNS04Y2U5LTIyOWI0YWU3NDJkZS8x
L0JDQ09RRjR6ZWtMY0pTY1hlbWdOeU5XaTlndy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
NjVhNzFkLTAyMzYtNDRkNS04Y2U5LTIyOWI0YWU3NDJkZS8xL0VWMjhBRU0tS2ZL
dDZ3T1A2aS05Y0VqN1l5OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB0
BggrBgEFBQcBBwEB/wRlMGMwUgQCAAEwTAMDAR+kAwMAPqcDAwFU4gMDAFnZAwMB
siYDAwG8mgMEBcHA4AMEBcKe4AMDAMLmAwQFw3BAAwMAw40DBAXUIyADBAXUYiAD
BAfUoYAwDQQCAAIwBwMFBSABFwAwDQYJKoZIhvcNAQELBQADggEBAGVpnGt80WNo
J45r4us/b9TSqMz3A/o90NLPR5mUmf10fd6hbzcXULf6g+tc3sF7ZXX63mS3T/Xk
g/UXJ/pu7iUyTjP2t+GzJmK3DaJUQZEDxogBVIhGlWm2zAubyKnL0m8xSCkED1na
Yr/ppupv1THoFHgq3yvBvTAQOyfq3/SnxDAmPPGHYeUlrux715obedNG9ZRV+OjZ
al0sOR+bAO88b70nulyNA1hsLGPOwnG+AhqJ8p/SyCbuWnLKu2jHdZmYLshjat6n
A1WsKrBjhpwWrFdY8yXqzv2GtkG550pbhxUAZzd+pgaaKVQ6j+3gA86lZZJNN7hQ
KTVDt0A7A74=
-----END CERTIFICATE-----