Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/yOF1FXdO3Pt-M-Lzzzh-aT6VVLQ.roa
File:                     yOF1FXdO3Pt-M-Lzzzh-aT6VVLQ.roa (raw, json)
Hash identifier:          5alKrKf2cZDRL38ytHgaDGyDksv4yVmQ6b7sJyOoNAQ=
Subject key identifier:   C8:E1:75:15:77:4E:DC:FB:7E:33:E2:F3:CF:38:7E:69:3E:95:54:B4
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       07E9A351
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/yOF1FXdO3Pt-M-Lzzzh-aT6VVLQ.roa
Signing time:             Tue 15 Mar 2022 19:58:45 +0000
ROA not before:           Tue 15 Mar 2022 19:58:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7029
IP address blocks:        45.151.0.0/23 maxlen: 24
                          45.151.2.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          45.144.215.0/24 maxlen: 24
                          2.56.108.0/22 maxlen: 24
                          194.15.52.0/23 maxlen: 24
                          45.88.138.0/24 maxlen: 24
                          45.88.137.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          85.209.120.0/24 maxlen: 24
                          85.209.122.0/24 maxlen: 24
                          85.209.121.0/24 maxlen: 24
                          85.209.123.0/24 maxlen: 24
                          45.144.213.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          77.83.38.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 132752209 (0x7e9a351)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 15 19:58:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c8e17515774edcfb7e33e2f3cf387e693e9554b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d4:5b:91:35:37:3a:c8:49:d4:23:f0:43:41:
                    98:0a:b0:04:3a:b5:47:05:e2:fa:f7:78:9d:10:a5:
                    b9:0c:1b:76:c8:b3:94:38:9f:aa:ad:b1:a5:46:91:
                    8b:55:f3:c1:86:de:fc:32:5f:e7:d8:46:35:b0:4f:
                    84:2d:d5:19:87:86:c2:1d:57:72:5a:8a:82:08:d0:
                    28:dd:1c:91:2b:1b:f7:72:58:37:0d:e6:66:f3:c0:
                    83:c0:59:36:66:21:43:0b:1b:f7:ac:c0:8a:31:3e:
                    09:99:24:0a:54:29:e4:a0:c9:9f:ba:ed:2a:9a:d3:
                    5e:7d:72:64:e9:4d:1d:59:81:2c:da:65:bb:1e:8c:
                    77:4f:02:30:ba:fc:88:19:56:ae:e7:ee:e6:1b:eb:
                    86:3b:b8:b6:1d:24:03:ed:0f:14:e1:03:3c:78:3f:
                    26:b7:c9:30:1b:a2:23:53:a2:07:8c:b9:db:ac:01:
                    eb:30:9f:8b:8e:c7:16:99:b0:78:2f:cf:86:cb:7c:
                    c9:c4:ec:c9:be:c8:74:da:43:f5:ca:51:35:72:47:
                    38:d5:41:eb:ba:85:3b:6e:5f:b6:8b:1c:ce:06:c8:
                    14:aa:b4:60:a2:a2:56:b3:09:85:e3:6f:a6:e1:b6:
                    8d:dc:40:ea:b6:47:87:1d:73:2a:a0:84:f9:e9:a3:
                    cd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E1:75:15:77:4E:DC:FB:7E:33:E2:F3:CF:38:7E:69:3E:95:54:B4
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/yOF1FXdO3Pt-M-Lzzzh-aT6VVLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/22
                  45.88.137.0-45.88.139.255
                  45.132.182.0/23
                  45.144.213.0/24
                  45.144.215.0/24
                  45.151.0.0-45.151.2.255
                  77.83.38.0/24
                  85.209.120.0/22
                  194.15.52.0/23
                  195.62.24.0/24
                  195.177.95.0/24
                  195.211.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:cc:ca:ba:6a:b2:a8:e0:d0:2d:1a:90:7d:1c:35:2e:ef:8f:
         6a:b8:22:4d:be:80:48:0a:44:8d:76:da:8e:40:e1:e2:f2:05:
         43:a9:6d:79:b5:4e:b1:7c:80:d2:c5:a2:d6:c1:5b:0b:93:f0:
         1e:b2:e5:0f:c4:d0:a1:ef:61:17:c2:42:ba:87:f1:c3:60:cd:
         3a:b2:1a:61:cb:6f:30:27:19:3b:fe:48:fe:47:cd:06:4e:07:
         d2:93:b4:f1:d8:23:48:62:21:25:6f:49:58:7e:de:98:9f:16:
         73:5a:ca:ab:96:22:87:91:3b:c9:46:d9:15:ef:74:cc:de:d3:
         64:7c:de:ee:14:8d:9c:2b:f7:97:da:26:8e:f0:46:6d:ce:d4:
         43:7a:54:7c:be:3e:17:54:52:28:81:96:4b:ab:fe:9f:af:c1:
         25:1c:59:bd:b9:34:fb:c6:da:60:00:84:01:68:a8:9b:ee:7c:
         d4:d8:59:6d:1e:98:b1:42:01:f5:6e:84:44:ca:fb:67:7b:ad:
         05:da:aa:d7:1d:51:e5:5f:46:ef:c8:f3:ee:3c:a8:af:68:ca:
         a9:2d:e7:a3:54:b2:2a:dd:28:63:c4:d3:9b:63:9a:91:a0:7f:
         fe:97:55:e2:a7:1e:94:f6:d9:93:54:d8:ab:7d:ab:f3:fa:2c:
         13:f4:ea:1e
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIEB+mjUTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZDJhNDc4YmIwYjA4ZTY2MWIwYjJmOWZiZTg5MzViYzljMmEyOGExMB4XDTIyMDMx
NTE5NTg0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzhlMTc1MTU3NzRl
ZGNmYjdlMzNlMmYzY2YzODdlNjkzZTk1NTRiNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMrUW5E1NzrISdQj8ENBmAqwBDq1RwXi+vd4nRCluQwbdsiz
lDifqq2xpUaRi1XzwYbe/DJf59hGNbBPhC3VGYeGwh1XclqKggjQKN0ckSsb93JY
Nw3mZvPAg8BZNmYhQwsb96zAijE+CZkkClQp5KDJn7rtKprTXn1yZOlNHVmBLNpl
ux6Md08CMLr8iBlWrufu5hvrhju4th0kA+0PFOEDPHg/JrfJMBuiI1OiB4y526wB
6zCfi47HFpmweC/Phst8ycTsyb7IdNpD9cpRNXJHONVB67qFO25ftosczgbIFKq0
YKKiVrMJheNvpuG2jdxA6rZHhx1zKqCE+emjzeMCAwEAAaOCAlowggJWMB0GA1Ud
DgQWBBTI4XUVd07c+34z4vPPOH5pPpVUtDAfBgNVHSMEGDAWgBSdKkeLsLCOZhsL
L5++iTW8nCoooTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25TcEhpN0N3am1ZYkN5LWZ2b2sxdkp3cUtLRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTYvNjYzZGY1LTU4MGMtNGYyYy1hNjZjLWVlZjM1MTFmNmM2MC8x
L3lPRjFGWGRPM1B0LU0tTHp6emgtYVQ2VlZMUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYv
NjYzZGY1LTU4MGMtNGYyYy1hNjZjLWVlZjM1MTFmNmM2MC8xL25TcEhpN0N3am1Z
YkN5LWZ2b2sxdkp3cUtLRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBw
BggrBgEFBQcBBwEB/wRhMF8wXQQCAAEwVwMEAgI4bDAMAwQALViJAwQCLViIAwQB
LYS2AwQALZDVAwQALZDXMAsDAwAtlwMEAC2XAgMEAE1TJgMEAlXReAMEAcIPNAME
AMM+GAMEAMOxXwMEAsPTvDANBgkqhkiG9w0BAQsFAAOCAQEATczKumqyqODQLRqQ
fRw1Lu+PargiTb6ASApEjXbajkDh4vIFQ6ltebVOsXyA0sWi1sFbC5PwHrLlD8TQ
oe9hF8JCuofxw2DNOrIaYctvMCcZO/5I/kfNBk4H0pO08dgjSGIhJW9JWH7emJ8W
c1rKq5Yih5E7yUbZFe90zN7TZHze7hSNnCv3l9omjvBGbc7UQ3pUfL4+F1RSKIGW
S6v+n6/BJRxZvbk0+8baYACEAWiom+581NhZbR6YsUIB9W6ERMr7Z3utBdqq1x1R
5V9G78jz7jyor2jKqS3no1SyKt0oY8TTm2OakaB//pdV4qcelPbZk1TYq32r8/os
E/TqHg==
-----END CERTIFICATE-----