Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/zr_K9AYf3lo7Q3gE--frgSbo-FU.roa
File:                     zr_K9AYf3lo7Q3gE--frgSbo-FU.roa (raw, json)
Hash identifier:          /uqcYAbP4/uzJgWMQuOJst+M/8cp6ns0j5kk0FGcLMw=
Subject key identifier:   CE:BF:CA:F4:06:1F:DE:5A:3B:43:78:04:FB:E7:EB:81:26:E8:F8:55
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01844E662F48BAD32432A280532EA1C0E3DE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/zr_K9AYf3lo7Q3gE--frgSbo-FU.roa
Signing time:             Sun 06 Nov 2022 19:23:50 +0000
ROA not before:           Sun 06 Nov 2022 19:23:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        163.5.95.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.173.0/24 maxlen: 24
                          163.5.184.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.196.0/24 maxlen: 24
                          163.5.197.0/24 maxlen: 24
                          163.5.195.0/24 maxlen: 24
                          163.5.132.0/24 maxlen: 24
                          163.5.135.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:4e:66:2f:48:ba:d3:24:32:a2:80:53:2e:a1:c0:e3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov  6 19:23:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cebfcaf4061fde5a3b437804fbe7eb8126e8f855
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b2:0c:f4:13:0a:57:be:2e:f9:10:00:a2:30:
                    1e:31:69:ee:11:dc:66:7d:c0:b2:a3:aa:b9:ff:e2:
                    0f:c7:ee:d7:8e:c8:4f:3b:f8:ec:c7:79:6f:c9:c1:
                    1d:92:c2:6c:02:37:9c:23:0b:51:6f:4e:c0:a7:57:
                    06:5f:2f:1f:82:26:e6:5b:a2:65:e7:a7:fd:f8:54:
                    4b:87:34:1f:2c:4d:78:b7:0c:97:f6:df:9a:f5:60:
                    b4:96:b8:bd:7a:03:ff:7f:6e:89:ee:1b:1f:1d:bc:
                    34:98:72:2a:89:d9:e8:a6:cc:e9:6c:b8:91:c8:04:
                    06:bf:27:b6:45:da:b1:37:ae:aa:08:70:ed:13:a3:
                    79:11:9f:49:cb:5f:eb:94:c6:47:39:09:76:cf:d3:
                    7a:7c:63:a8:56:dd:f1:67:50:19:9b:70:bc:9a:00:
                    e5:e5:87:e5:14:bd:c5:18:f0:a7:af:ee:32:fe:fc:
                    92:1b:17:7b:2b:18:32:90:60:74:7f:72:e0:ab:74:
                    fe:8b:48:27:87:57:97:a2:ef:f3:f1:91:01:e4:08:
                    08:2c:57:bc:44:26:5b:47:3a:1e:2f:4e:70:1e:88:
                    a7:99:b2:b2:ec:46:58:6d:88:e5:6a:61:6e:91:15:
                    63:14:2b:06:60:67:d0:9d:da:bd:f6:76:56:79:fd:
                    d6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:BF:CA:F4:06:1F:DE:5A:3B:43:78:04:FB:E7:EB:81:26:E8:F8:55
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/zr_K9AYf3lo7Q3gE--frgSbo-FU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.94.0/23
                  163.5.113.0/24
                  163.5.116.0/24
                  163.5.132.0/23
                  163.5.135.0-163.5.136.255
                  163.5.173.0/24
                  163.5.184.0/24
                  163.5.186.0/24
                  163.5.195.0-163.5.197.255
                  163.5.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:fb:3c:18:f9:ed:4b:05:96:e4:63:be:2b:eb:2e:b2:aa:48:
         c2:de:2a:18:d0:4e:74:0f:8c:0c:fe:4b:47:fb:e1:77:6e:0c:
         15:7a:80:4a:42:b1:47:89:72:6a:59:f6:3d:42:80:ba:d5:2f:
         4d:85:36:96:ba:db:a4:03:8b:82:93:65:f2:4f:e4:ba:d4:85:
         52:e4:f0:c2:b9:e9:8f:05:19:cd:3f:b1:8e:30:82:5e:2b:57:
         be:7a:d1:4d:f1:a0:a7:e5:4f:40:92:2a:15:ed:3c:30:53:49:
         57:05:2e:53:09:54:a6:eb:ee:60:48:ad:6a:73:e5:be:70:d9:
         b6:88:c3:e4:f3:e8:02:1e:f6:db:b4:a6:33:c0:0f:ac:ce:96:
         91:35:a3:67:88:f1:53:84:73:fc:e7:e0:23:5d:42:62:f3:79:
         14:61:73:78:f1:9e:42:7e:fb:82:40:c0:da:64:95:f9:0f:04:
         31:58:5d:8e:13:bf:9b:50:1d:1c:36:65:c5:1c:b3:e9:03:a6:
         dc:80:33:bb:11:15:f9:31:af:bd:d5:db:eb:13:39:1d:1a:70:
         8b:3a:58:06:7f:80:df:a1:36:d6:c8:f4:71:c1:00:d0:90:b8:
         a3:ec:9e:c5:6e:e4:52:5f:5a:51:0c:38:94:d8:e6:0b:76:66:
         10:a3:09:39
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYROZi9IutMkMqKAUy6hwOPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMTA2MTkyMzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWJmY2FmNDA2MWZkZTVhM2I0Mzc4MDRmYmU3ZWI4MTI2ZThmODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLIM9BMKV74u+RAAojAeMWnuEdxm
fcCyo6q5/+IPx+7XjshPO/jsx3lvycEdksJsAjecIwtRb07Ap1cGXy8fgibmW6Jl
56f9+FRLhzQfLE14twyX9t+a9WC0lri9egP/f26J7hsfHbw0mHIqidnopszpbLiR
yAQGvye2RdqxN66qCHDtE6N5EZ9Jy1/rlMZHOQl2z9N6fGOoVt3xZ1AZm3C8mgDl
5YflFL3FGPCnr+4y/vySGxd7KxgykGB0f3Lgq3T+i0gnh1eXou/z8ZEB5AgILFe8
RCZbRzoeL05wHoinmbKy7EZYbYjlamFukRVjFCsGYGfQndq99nZWef3WBQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFM6/yvQGH95aO0N4BPvn64Em6PhVMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvenJfSzlBWWYzbG83UTNnRS0tZnJnU2JvLUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAowUgAwQB
owVeAwQAowVxAwQAowV0AwQBowWEMAwDBACjBYcDBACjBYgDBACjBa0DBACjBbgD
BACjBbowDAMEAKMFwwMEAaMFxAMEAKMF8TANBgkqhkiG9w0BAQsFAAOCAQEAOPs8
GPntSwWW5GO+K+susqpIwt4qGNBOdA+MDP5LR/vhd24MFXqASkKxR4lyaln2PUKA
utUvTYU2lrrbpAOLgpNl8k/kutSFUuTwwrnpjwUZzT+xjjCCXitXvnrRTfGgp+VP
QJIqFe08MFNJVwUuUwlUpuvuYEitanPlvnDZtojD5PPoAh7227SmM8APrM6WkTWj
Z4jxU4Rz/OfgI11CYvN5FGFzePGeQn77gkDA2mSV+Q8EMVhdjhO/m1AdHDZlxRyz
6QOm3IAzuxEV+TGvvdXb6xM5HRpwizpYBn+A36E21sj0ccEA0JC4o+yexW7kUl9a
UQw4lNjmC3ZmEKMJOQ==
-----END CERTIFICATE-----