Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/_8rRwDunkd2XKN_b9_bzXdqjkkU.roa
File:                     _8rRwDunkd2XKN_b9_bzXdqjkkU.roa (raw, json)
Hash identifier:          mkmWaBDzDWFzasy+Ot0cOn2kg4zwha0OO+T76qAdsWs=
Subject key identifier:   FF:CA:D1:C0:3B:A7:91:DD:97:28:DF:DB:F7:F6:F3:5D:DA:A3:92:45
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01840E304C4215106CF480FDAC41904BE947
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/_8rRwDunkd2XKN_b9_bzXdqjkkU.roa
Signing time:             Tue 25 Oct 2022 08:09:17 +0000
ROA not before:           Tue 25 Oct 2022 08:09:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7029
IP address blocks:        45.13.191.0/24 maxlen: 24
                          45.151.0.0/23 maxlen: 23
                          45.151.2.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          2.56.108.0/22 maxlen: 22
                          45.88.136.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          45.138.180.0/22 maxlen: 24
                          77.83.37.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:0e:30:4c:42:15:10:6c:f4:80:fd:ac:41:90:4b:e9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct 25 08:09:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ffcad1c03ba791dd9728dfdbf7f6f35ddaa39245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ed:51:e1:72:db:2b:8d:02:1f:2a:4e:4d:37:
                    74:89:0f:a1:c5:76:97:c0:a7:33:a1:6b:0b:50:27:
                    11:ad:69:66:be:8b:c3:ed:71:90:bf:3b:fb:51:04:
                    c3:ec:90:82:99:cf:e5:31:63:c6:d2:35:2b:44:b6:
                    1a:dd:98:83:7a:46:63:46:d5:2a:d0:e9:f3:e4:87:
                    fe:3c:55:32:6d:1b:a3:4d:83:ee:a8:12:47:38:aa:
                    2e:c8:d4:e5:e2:9f:39:c0:aa:5e:e6:91:35:25:4c:
                    70:87:13:6b:8e:b5:c1:c7:96:b6:d8:1c:ac:c7:f0:
                    bd:20:b8:a2:fa:07:05:3c:96:de:4b:8b:41:b9:a2:
                    13:15:5e:83:89:8d:72:70:66:40:34:fd:27:90:7c:
                    f8:11:21:8d:88:62:19:44:63:70:59:22:54:b0:43:
                    8e:94:ac:ae:fa:22:01:63:7e:e9:fc:1a:96:f0:bd:
                    eb:50:46:65:b1:34:b9:b1:3b:eb:93:b2:0f:29:af:
                    33:21:8f:34:c4:81:e9:bb:c3:53:fd:e0:0a:94:24:
                    4f:75:88:5e:2b:2b:9c:68:d1:4c:ec:ed:be:4c:a9:
                    e5:7e:38:82:b3:22:43:32:3d:f3:dd:52:d6:f6:b6:
                    50:ab:f2:89:10:38:b0:41:03:1c:c8:d2:54:28:4c:
                    0b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:CA:D1:C0:3B:A7:91:DD:97:28:DF:DB:F7:F6:F3:5D:DA:A3:92:45
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/_8rRwDunkd2XKN_b9_bzXdqjkkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/22
                  45.13.191.0/24
                  45.88.136.0/24
                  45.88.139.0/24
                  45.132.182.0/23
                  45.138.180.0/22
                  45.151.0.0-45.151.2.255
                  77.83.37.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  195.177.94.0/24
                  195.211.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:46:07:cc:75:3a:3a:fd:c5:14:ca:0d:23:35:ca:ec:8d:d8:
         b3:92:8e:f7:1f:b5:0a:7e:20:5d:d3:d7:9e:bb:af:07:b3:2c:
         44:fd:2a:39:d5:15:52:6e:54:b3:9c:91:c8:b8:1e:1b:63:ae:
         b3:45:69:94:55:80:3b:02:4f:6d:76:7d:13:f1:aa:8f:de:fd:
         e3:3a:cb:26:a8:33:43:cd:e8:94:3a:f5:46:50:e7:ee:8c:81:
         01:53:8e:ac:df:c6:70:af:6c:dc:7e:c4:04:75:e8:f5:c7:29:
         2e:69:8c:1c:07:87:25:80:1b:ad:db:ef:e6:23:87:35:2a:35:
         b9:3b:4e:5d:d0:9d:25:80:d6:74:bb:e1:b9:65:48:44:2f:8e:
         d9:88:22:28:54:af:bb:18:7e:dc:fd:45:18:bd:27:ae:50:54:
         0a:3a:ed:34:56:6d:fc:8e:30:b1:ae:5e:e6:2f:a3:b8:7a:03:
         a0:65:5d:24:c1:c8:db:54:9e:5f:a2:6e:3c:6b:8a:01:ca:b2:
         72:c4:71:80:d1:40:3f:61:99:e3:02:90:bf:d9:06:2c:96:40:
         6a:fe:d3:51:75:12:0e:94:bd:41:ff:d7:16:1b:df:98:8a:28:
         0a:d4:32:60:d3:72:29:0b:11:ae:2b:59:9e:79:22:5f:c5:50:
         f7:73:4a:07
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYQOMExCFRBs9ID9rEGQS+lHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjIxMDI1MDgwOTE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmNhZDFjMDNiYTc5MWRkOTcyOGRmZGJmN2Y2ZjM1ZGRhYTM5MjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1u1R4XLbK40CHypOTTd0iQ+hxXaX
wKczoWsLUCcRrWlmvovD7XGQvzv7UQTD7JCCmc/lMWPG0jUrRLYa3ZiDekZjRtUq
0Onz5If+PFUybRujTYPuqBJHOKouyNTl4p85wKpe5pE1JUxwhxNrjrXBx5a22Bys
x/C9ILii+gcFPJbeS4tBuaITFV6DiY1ycGZANP0nkHz4ESGNiGIZRGNwWSJUsEOO
lKyu+iIBY37p/BqW8L3rUEZlsTS5sTvrk7IPKa8zIY80xIHpu8NT/eAKlCRPdYhe
KyucaNFM7O2+TKnlfjiCsyJDMj3z3VLW9rZQq/KJEDiwQQMcyNJUKEwLLQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFP/K0cA7p5Hdlyjf2/f2813ao5JFMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvXzhyUndEdW5rZDJYS05fYjlfYnpYZHFqa2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBVBAIAATBPAwQCAjhsAwQA
LQ2/AwQALViIAwQALViLAwQBLYS2AwQCLYq0MAsDAwAtlwMEAC2XAgMEAE1TJQME
AVXReAMEAMEe8QMEAMOxXgMEAsPTvDANBgkqhkiG9w0BAQsFAAOCAQEAckYHzHU6
Ov3FFMoNIzXK7I3Ys5KO9x+1Cn4gXdPXnruvB7MsRP0qOdUVUm5Us5yRyLgeG2Ou
s0VplFWAOwJPbXZ9E/Gqj9794zrLJqgzQ83olDr1RlDn7oyBAVOOrN/GcK9s3H7E
BHXo9ccpLmmMHAeHJYAbrdvv5iOHNSo1uTtOXdCdJYDWdLvhuWVIRC+O2YgiKFSv
uxh+3P1FGL0nrlBUCjrtNFZt/I4wsa5e5i+juHoDoGVdJMHI21SeX6JuPGuKAcqy
csRxgNFAP2GZ4wKQv9kGLJZAav7TUXUSDpS9Qf/XFhvfmIooCtQyYNNyKQsRritZ
nnkiX8VQ93NKBw==
-----END CERTIFICATE-----