Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-sdg7DlPdKUX2BexJ4bLrVncQGg.roa
File:                     1-sdg7DlPdKUX2BexJ4bLrVncQGg.roa (raw, json)
Hash identifier:          RBn+vnmwKiHVv6Zvdg45PJ2wdFQmKjndEKDDlkHOHt8=
Subject key identifier:   FA:C7:60:EC:39:4F:74:A5:17:D8:17:B1:27:86:CB:AD:59:DC:40:68
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       016FD8AF
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-sdg7DlPdKUX2BexJ4bLrVncQGg.roa
Signing time:             Sun 03 Jul 2022 11:43:25 +0000
ROA not before:           Sun 03 Jul 2022 11:43:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        163.5.125.0/24 maxlen: 24
                          163.5.130.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.132.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.129.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.137.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.135.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.140.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.145.0/24 maxlen: 24
                          163.5.141.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.148.0/24 maxlen: 24
                          163.5.149.0/24 maxlen: 24
                          163.5.146.0/24 maxlen: 24
                          163.5.147.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 24107183 (0x16fd8af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul  3 11:43:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fac760ec394f74a517d817b12786cbad59dc4068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3a:8b:21:02:14:4b:b5:f0:0f:f4:ce:1e:0c:
                    af:71:e9:e2:e2:cc:d9:63:ea:f4:5b:1d:78:69:9c:
                    89:cc:89:d5:8c:ae:47:5d:58:81:75:e7:af:d9:67:
                    9f:90:b2:4c:e1:b5:27:1f:11:20:b7:08:ca:70:68:
                    42:92:b9:8c:1b:8b:e6:1e:09:48:33:83:c3:32:48:
                    f6:92:c0:69:44:d6:8b:95:c8:a2:d8:c5:94:43:37:
                    97:5b:ef:e3:21:06:15:5f:81:49:d3:5a:92:33:5d:
                    af:f9:06:52:0a:5e:56:99:fa:1a:7d:2e:a8:55:34:
                    b7:71:20:dc:49:8d:4e:a0:5c:fa:7e:02:85:f9:52:
                    bd:bd:29:a5:4c:83:37:ab:18:c7:75:a5:06:2d:03:
                    ad:e8:ae:66:39:74:b8:52:4d:e8:3e:27:fe:3b:53:
                    c0:d3:49:d0:af:83:71:92:d0:80:b9:fa:43:96:65:
                    d9:3d:6f:0c:24:f3:79:f9:f2:62:92:fb:98:7b:8f:
                    e2:0d:6d:c1:54:73:f2:f2:0b:da:5e:8d:86:a3:93:
                    2f:7c:61:74:55:1e:fd:11:11:11:4f:7b:b9:9d:64:
                    1b:40:f6:fe:f6:99:0d:e0:65:b8:59:8d:9c:c9:d0:
                    0a:a6:e4:06:23:30:7d:df:7f:5b:c0:bc:9e:0e:52:
                    56:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:C7:60:EC:39:4F:74:A5:17:D8:17:B1:27:86:CB:AD:59:DC:40:68
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-sdg7DlPdKUX2BexJ4bLrVncQGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.125.0/24
                  163.5.127.0-163.5.149.255
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:51:60:25:11:5d:4a:c9:d9:0c:4a:26:67:9c:c2:51:fc:fe:
         f7:37:ff:f7:94:25:11:85:63:0d:3c:29:e9:7d:55:c1:b5:da:
         9d:dd:f6:d4:e2:22:26:a1:a3:3a:fc:5c:c5:47:0d:e3:14:a9:
         89:cb:9a:e0:e8:fd:bc:03:97:5b:b4:ae:c1:65:19:b6:df:d3:
         bf:7c:b2:4f:65:4f:2c:ab:1b:95:9d:da:e2:c4:fc:4f:d3:4a:
         01:18:68:6f:10:43:eb:f3:bb:3f:53:ee:27:e2:35:11:54:8c:
         68:19:0c:44:e6:5a:5c:40:24:b4:2f:6e:bc:b8:75:d1:ba:99:
         7a:c7:b5:63:c4:1e:ab:86:f2:a9:e7:fd:a3:ee:2e:4c:32:a8:
         fa:c4:5d:d3:9d:6f:cd:c4:4f:c3:ad:a6:f2:09:9e:23:02:d9:
         19:a7:f9:83:28:a6:79:4a:50:0a:45:5e:9d:47:2c:bb:75:a7:
         0c:e7:48:c1:e8:1e:31:a2:4a:62:78:25:e7:42:24:2b:cb:3b:
         d5:13:94:89:a1:50:57:0e:6f:23:50:47:4c:94:61:33:0a:13:
         3d:d0:20:23:ef:f2:a5:c0:0f:22:39:00:bb:3e:9e:83:b7:ad:
         e8:cb:21:e4:95:89:39:4f:79:25:2e:8c:df:8d:57:10:0d:aa:
         e6:2a:45:34
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEAW/YrzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
Y2U4NTFiNmRkNWQzNjRlZTE5ZTBiMzgyMDFiM2U4ZGYyNjI0YmNiMB4XDTIyMDcw
MzExNDMyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmFjNzYwZWMzOTRm
NzRhNTE3ZDgxN2IxMjc4NmNiYWQ1OWRjNDA2ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKE6iyECFEu18A/0zh4Mr3Hp4uLM2WPq9FsdeGmcicyJ1Yyu
R11YgXXnr9lnn5CyTOG1Jx8RILcIynBoQpK5jBuL5h4JSDODwzJI9pLAaUTWi5XI
otjFlEM3l1vv4yEGFV+BSdNakjNdr/kGUgpeVpn6Gn0uqFU0t3Eg3EmNTqBc+n4C
hflSvb0ppUyDN6sYx3WlBi0DreiuZjl0uFJN6D4n/jtTwNNJ0K+DcZLQgLn6Q5Zl
2T1vDCTzefnyYpL7mHuP4g1twVRz8vIL2l6NhqOTL3xhdFUe/REREU97uZ1kG0D2
/vaZDeBluFmNnMnQCqbkBiMwfd9/W8C8ng5SVvUCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBT6x2DsOU90pRfYF7EnhsutWdxAaDAfBgNVHSMEGDAWgBQM6FG23V02TuGe
CzggGz6N8mJLyzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RPaFJ0dDFkTms3aG5nczRJQnMtamZKaVM4cy5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTMvZDAyZGZiLTk2NzMtNDlhOC05NzFjLTlmZTk0MTA4ZmYwMS8x
LzEtc2RnN0RsUGRLVVgyQmV4SjRiTHJWbmNRR2cucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEz
L2QwMmRmYi05NjczLTQ5YTgtOTcxYy05ZmU5NDEwOGZmMDEvMS9ET2hSdHQxZE5r
N2huZ3M0SUJzLWpmSmlTOHMuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
MwYIKwYBBQUHAQcBAf8EJDAiMCAEAgABMBoDBACjBX0wDAMEAKMFfwMEAaMFlAME
ALn9NjANBgkqhkiG9w0BAQsFAAOCAQEAJ1FgJRFdSsnZDEomZ5zCUfz+9zf/95Ql
EYVjDTwp6X1VwbXand321OIiJqGjOvxcxUcN4xSpicua4Oj9vAOXW7SuwWUZtt/T
v3yyT2VPLKsblZ3a4sT8T9NKARhobxBD6/O7P1PuJ+I1EVSMaBkMROZaXEAktC9u
vLh10bqZese1Y8Qeq4byqef9o+4uTDKo+sRd051vzcRPw62m8gmeIwLZGaf5gyim
eUpQCkVenUcsu3WnDOdIwegeMaJKYngl50IkK8s71ROUiaFQVw5vI1BHTJRhMwoT
PdAgI+/ypcAPIjkAuz6eg7et6Msh5JWJOU95JS6M341XEA2q5ipFNA==
-----END CERTIFICATE-----