Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DpRTw_637zIuGGeGfmN6W6kvJgs.roa
File:                     DpRTw_637zIuGGeGfmN6W6kvJgs.roa (raw, json)
Hash identifier:          2S+7QMFyZMwFqOVRz4Phn72oWj8qYzSmGF9VGSxNPAM=
Subject key identifier:   0E:94:53:C3:FE:B7:EF:32:2E:18:67:86:7E:63:7A:5B:A9:2F:26:0B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0184E26B8A5B5A548AA6B2BF2E78EC363636
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DpRTw_637zIuGGeGfmN6W6kvJgs.roa
Signing time:             Mon 05 Dec 2022 13:13:29 +0000
ROA not before:           Mon 05 Dec 2022 13:13:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        163.5.95.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.173.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.196.0/24 maxlen: 24
                          163.5.197.0/24 maxlen: 24
                          163.5.195.0/24 maxlen: 24
                          163.5.132.0/24 maxlen: 24
                          163.5.135.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e2:6b:8a:5b:5a:54:8a:a6:b2:bf:2e:78:ec:36:36:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Dec  5 13:13:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0e9453c3feb7ef322e1867867e637a5ba92f260b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:81:37:5b:82:0e:75:de:83:3e:b3:36:31:4f:
                    7c:be:1e:65:97:97:7a:fc:6b:9b:e9:cc:55:16:ef:
                    4d:1b:bd:66:e1:00:df:42:70:2a:e3:90:01:fb:54:
                    81:ac:5a:a8:e3:db:6b:b4:62:9f:db:09:be:2e:6d:
                    1e:24:dc:a4:46:c7:42:35:0c:42:1e:db:0b:67:40:
                    db:1f:50:8e:6f:78:92:1b:69:9f:21:1a:e0:a0:c7:
                    b2:f6:98:b3:9f:91:61:13:f6:9b:bf:e7:05:9a:4f:
                    7d:df:9a:93:79:76:fd:d8:51:63:c9:37:e4:9d:17:
                    b2:b9:92:9e:53:98:0c:db:29:33:49:d4:b1:3e:db:
                    df:3c:7b:ac:08:d0:41:d7:cc:f8:53:70:38:da:31:
                    a9:c4:f1:5a:ea:70:c2:94:b2:1a:95:28:54:d4:81:
                    99:69:7e:a2:9a:38:d4:dd:03:8f:d6:0d:6a:e2:78:
                    c0:9c:ba:a5:e8:4b:8c:16:a9:7f:58:ad:da:3a:a5:
                    3d:dc:8e:63:ac:c1:50:14:e5:32:c8:0e:1f:8f:23:
                    83:bd:a5:8f:5f:cc:c1:5c:81:30:8d:b6:25:93:7b:
                    64:6c:23:32:a6:e8:e1:e9:07:31:2e:e3:8f:ea:72:
                    47:22:a6:45:bd:2b:22:3a:14:23:ad:61:ed:16:bd:
                    da:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:94:53:C3:FE:B7:EF:32:2E:18:67:86:7E:63:7A:5B:A9:2F:26:0B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DpRTw_637zIuGGeGfmN6W6kvJgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.94.0/23
                  163.5.113.0/24
                  163.5.116.0/24
                  163.5.132.0/23
                  163.5.135.0-163.5.136.255
                  163.5.142.0/24
                  163.5.173.0/24
                  163.5.186.0/24
                  163.5.195.0-163.5.197.255
                  163.5.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:b8:9a:56:5c:6d:00:eb:8e:f4:e9:d5:ff:05:67:6a:3d:6b:
         8a:f9:59:77:6b:93:e1:16:22:e7:aa:de:02:ec:18:af:1c:32:
         e7:fa:06:ec:f4:5d:bb:85:e3:f4:e2:c3:61:5e:5f:10:c1:16:
         df:70:8a:8a:59:a1:82:25:e2:20:de:05:c5:cb:da:c5:3c:fb:
         36:10:b4:fa:34:69:c3:3c:7f:3c:4d:d9:10:06:49:60:d2:3c:
         f1:6c:87:e1:f4:76:c4:83:b6:2e:14:48:e0:02:3c:63:79:75:
         73:ee:13:53:fb:0a:2a:e6:e4:5a:94:80:8a:d6:a4:0c:e8:c9:
         50:36:b8:dc:33:89:70:b6:f9:4a:57:14:b5:26:64:b5:82:9f:
         98:f0:f3:33:99:6d:ab:30:d3:b7:e0:0c:b6:1e:bc:39:d5:ed:
         8e:b1:49:a9:55:3c:70:96:de:84:f2:d0:51:cc:d1:eb:eb:e7:
         c3:ff:75:7d:31:1e:43:60:43:f8:eb:f6:63:1c:85:1c:fc:64:
         5e:6d:07:96:59:6c:2d:27:cf:2c:aa:8e:7d:e0:dc:2c:90:e4:
         e1:12:50:6b:07:7d:0a:9f:88:ef:ed:de:eb:bc:97:44:40:c1:
         26:98:e1:3d:cb:85:fc:1d:78:fc:49:44:5e:10:ea:e3:bd:e2:
         92:5d:67:f2
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYTia4pbWlSKprK/LnjsNjY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMjA1MTMxMzI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTk0NTNjM2ZlYjdlZjMyMmUxODY3ODY3ZTYzN2E1YmE5MmYyNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYE3W4IOdd6DPrM2MU98vh5ll5d6
/Gub6cxVFu9NG71m4QDfQnAq45AB+1SBrFqo49trtGKf2wm+Lm0eJNykRsdCNQxC
HtsLZ0DbH1COb3iSG2mfIRrgoMey9pizn5FhE/abv+cFmk9935qTeXb92FFjyTfk
nReyuZKeU5gM2ykzSdSxPtvfPHusCNBB18z4U3A42jGpxPFa6nDClLIalShU1IGZ
aX6imjjU3QOP1g1q4njAnLql6EuMFql/WK3aOqU93I5jrMFQFOUyyA4fjyODvaWP
X8zBXIEwjbYlk3tkbCMypujh6QcxLuOP6nJHIqZFvSsiOhQjrWHtFr3azwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFA6UU8P+t+8yLhhnhn5jelupLyYLMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRHBSVHdfNjM3ekl1R0dlR2ZtTjZXNmt2SmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAowUgAwQB
owVeAwQAowVxAwQAowV0AwQBowWEMAwDBACjBYcDBACjBYgDBACjBY4DBACjBa0D
BACjBbowDAMEAKMFwwMEAaMFxAMEAKMF8TANBgkqhkiG9w0BAQsFAAOCAQEAQbia
VlxtAOuO9OnV/wVnaj1rivlZd2uT4RYi56reAuwYrxwy5/oG7PRdu4Xj9OLDYV5f
EMEW33CKilmhgiXiIN4FxcvaxTz7NhC0+jRpwzx/PE3ZEAZJYNI88WyH4fR2xIO2
LhRI4AI8Y3l1c+4TU/sKKubkWpSAitakDOjJUDa43DOJcLb5SlcUtSZktYKfmPDz
M5ltqzDTt+AMth68OdXtjrFJqVU8cJbehPLQUczR6+vnw/91fTEeQ2BD+Ov2YxyF
HPxkXm0HlllsLSfPLKqOfeDcLJDk4RJQawd9Cp+I7+3e67yXREDBJpjhPcuF/B14
/ElEXhDq473ikl1n8g==
-----END CERTIFICATE-----