Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Hrz4RquwEb4OpoIJ7JdsZEbfko8.roa
File:                     Hrz4RquwEb4OpoIJ7JdsZEbfko8.roa (raw, json)
Hash identifier:          NamAEGCWNXNpNf8xscP2qTI8P0IFG345qGRAa7m4fDw=
Subject key identifier:   1E:BC:F8:46:AB:B0:11:BE:0E:A6:82:09:EC:97:6C:64:46:DF:92:8F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01852E32E657335001BBDF9CBBAB4D522369
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Hrz4RquwEb4OpoIJ7JdsZEbfko8.roa
Signing time:             Tue 20 Dec 2022 06:22:45 +0000
ROA not before:           Tue 20 Dec 2022 06:22:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.208.0/22 maxlen: 24
                          62.60.128.0/21 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.143.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.152.0/22 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2e:32:e6:57:33:50:01:bb:df:9c:bb:ab:4d:52:23:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Dec 20 06:22:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1ebcf846abb011be0ea68209ec976c6446df928f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a2:bf:dc:37:5a:ab:00:ae:e2:ba:f4:6a:58:
                    83:0b:ab:15:a2:01:b9:62:6a:b7:54:16:9e:28:c5:
                    1b:33:02:61:33:82:4a:d9:f9:c1:d5:93:73:26:e3:
                    fe:cc:d3:f0:56:7d:f2:77:5d:28:0c:95:6f:09:d4:
                    56:1d:b8:51:2a:16:65:d0:ac:ed:0c:b1:31:56:c5:
                    18:07:9c:0e:1c:e6:84:ba:df:28:ce:83:f4:61:45:
                    55:ca:6f:fb:17:77:06:9a:dd:a8:71:fb:cb:1c:4e:
                    bb:62:45:97:95:0d:ec:36:1e:2c:88:c6:3d:fb:b0:
                    18:df:0a:88:ec:d2:59:4c:2b:53:ce:85:46:c6:f1:
                    b0:42:79:ea:8c:9b:9e:00:37:8a:61:cb:b7:f3:77:
                    9b:46:5a:de:2f:19:2c:ff:d6:6a:11:2f:66:33:f0:
                    72:a6:a9:4b:77:b6:2f:20:f5:45:25:9a:b3:90:61:
                    6a:58:8b:58:21:3f:9a:eb:98:86:42:12:80:f9:dd:
                    c2:f4:65:c6:45:3a:a7:f8:ab:b5:8b:09:ba:55:56:
                    77:62:72:a3:ca:ef:c4:c6:23:6d:e8:40:64:6a:17:
                    a5:e7:b1:a0:80:2e:64:c5:75:c8:f4:8d:7a:94:a1:
                    f7:51:7c:70:b4:93:eb:e4:db:b1:f2:d9:a4:14:af:
                    2b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:BC:F8:46:AB:B0:11:BE:0E:A6:82:09:EC:97:6C:64:46:DF:92:8F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Hrz4RquwEb4OpoIJ7JdsZEbfko8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.128.0-62.60.137.255
                  62.60.139.0-62.60.143.255
                  62.60.145.0/24
                  62.60.152.0/22
                  62.60.208.0/22
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:a3:5f:3d:c2:b8:1f:7e:20:c4:ab:a0:fa:62:67:28:7e:7c:
         c9:fe:f7:6b:8d:e0:fb:f0:20:43:15:7f:f2:56:29:3d:f4:12:
         0a:3f:96:3f:3b:6d:bf:b8:64:6e:38:06:fd:d5:a6:01:90:27:
         cb:96:de:be:98:65:d7:2c:56:25:d3:76:0d:0d:73:e2:e5:89:
         a5:92:f3:fd:b1:13:de:25:34:e0:d3:d8:9b:30:22:77:29:da:
         c8:2c:ba:cc:16:02:a4:a6:63:77:fe:62:99:7e:33:ba:bf:7c:
         60:a3:c7:b5:6f:1b:7c:7d:f3:5a:a8:25:00:ef:6b:22:9d:d9:
         94:9d:88:7b:cf:f7:c1:d4:85:10:8b:ad:06:0b:9b:01:a7:bd:
         5a:2d:c7:5a:ed:21:fa:1e:0b:44:d1:0b:b3:3e:82:26:78:0d:
         b7:7c:c1:e7:7a:a1:ee:fe:a9:9c:12:c1:cd:0c:ef:f0:c0:d5:
         b3:30:6e:30:ad:d7:db:d2:31:d2:24:66:3c:d1:68:4b:fb:11:
         48:ca:7c:73:a2:7d:31:68:5f:08:31:5c:03:9e:21:29:f6:3c:
         7a:9a:8f:a6:be:e5:45:c9:c8:95:0c:e4:21:11:e6:09:b2:8a:
         94:83:4c:6d:bd:ed:9e:f6:45:c1:62:e4:a2:85:00:e8:69:1c:
         8f:3b:d6:38
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYUuMuZXM1ABu9+cu6tNUiNpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjIxMjIwMDYyMjQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWJjZjg0NmFiYjAxMWJlMGVhNjgyMDllYzk3NmM2NDQ2ZGY5MjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaK/3DdaqwCu4rr0aliDC6sVogG5
Ymq3VBaeKMUbMwJhM4JK2fnB1ZNzJuP+zNPwVn3yd10oDJVvCdRWHbhRKhZl0Kzt
DLExVsUYB5wOHOaEut8ozoP0YUVVym/7F3cGmt2ocfvLHE67YkWXlQ3sNh4siMY9
+7AY3wqI7NJZTCtTzoVGxvGwQnnqjJueADeKYcu383ebRlreLxks/9ZqES9mM/By
pqlLd7YvIPVFJZqzkGFqWItYIT+a65iGQhKA+d3C9GXGRTqn+Ku1iwm6VVZ3YnKj
yu/ExiNt6EBkahel57GggC5kxXXI9I16lKH3UXxwtJPr5Nux8tmkFK8rrQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFB68+EarsBG+DqaCCeyXbGRG35KPMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSHJ6NFJxdXdFYjRPcG9JSjdKZHNaRWJma284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBAc+PIAD
BAE+PIgwDAMEAD48iwMEBD48gAMEAD48kQMEAj48mAMEAj480AMEAdWwBAMEANWw
YDAMAwQB1bB6AwQB1bB8MA0GCSqGSIb3DQEBCwUAA4IBAQB/o189wrgffiDEq6D6
YmcofnzJ/vdrjeD78CBDFX/yVik99BIKP5Y/O22/uGRuOAb91aYBkCfLlt6+mGXX
LFYl03YNDXPi5YmlkvP9sRPeJTTg09ibMCJ3KdrILLrMFgKkpmN3/mKZfjO6v3xg
o8e1bxt8ffNaqCUA72sindmUnYh7z/fB1IUQi60GC5sBp71aLcda7SH6HgtE0Quz
PoImeA23fMHneqHu/qmcEsHNDO/wwNWzMG4wrdfb0jHSJGY80WhL+xFIynxzon0x
aF8IMVwDniEp9jx6mo+mvuVFyciVDOQhEeYJsoqUg0xtve2e9kXBYuSihQDoaRyP
O9Y4
-----END CERTIFICATE-----