Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/muD4sFppR8dkii0E2jtl86KwIwE.roa
File:                     muD4sFppR8dkii0E2jtl86KwIwE.roa (raw, json)
Hash identifier:          pIAU/+oK//rfDUfHzbWEgnhf1ZejoIXX+3o5fSEPGdc=
Subject key identifier:   9A:E0:F8:B0:5A:69:47:C7:64:8A:2D:04:DA:3B:65:F3:A2:B0:23:01
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       0CD1D29A
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/muD4sFppR8dkii0E2jtl86KwIwE.roa
Signing time:             Fri 08 Apr 2022 11:07:54 +0000
ROA not before:           Fri 08 Apr 2022 11:07:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34549
IP address blocks:        195.180.132.0/22 maxlen: 22
                          195.180.140.0/22 maxlen: 22
                          194.195.96.0/22 maxlen: 22
                          212.224.0.0/22 maxlen: 24
                          194.195.108.0/22 maxlen: 22
                          212.224.20.0/22 maxlen: 22
                          195.179.44.0/22 maxlen: 22
                          194.233.20.0/22 maxlen: 22
                          194.64.172.0/22 maxlen: 22
                          194.163.72.0/22 maxlen: 22
                          194.163.76.0/22 maxlen: 22
                          194.233.52.0/22 maxlen: 22
                          195.179.80.0/22 maxlen: 22
                          217.119.60.0/22 maxlen: 22
                          194.64.148.0/22 maxlen: 22
                          195.179.32.0/21 maxlen: 24
                          194.64.156.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 215077530 (0xcd1d29a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Apr  8 11:07:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9ae0f8b05a6947c7648a2d04da3b65f3a2b02301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3f:fb:93:f2:73:d2:d9:59:bc:65:9b:18:bd:
                    e0:48:e1:55:90:8f:af:ae:bb:d1:3a:3f:e2:d5:0d:
                    50:15:d0:59:d3:ba:80:48:b3:97:ba:bb:8e:3c:dc:
                    36:a4:8a:9f:9e:fa:0e:2d:3c:2a:9e:b6:74:ca:b9:
                    03:b1:a3:19:c9:ac:8d:24:ce:23:a3:cd:a9:d7:c2:
                    d6:4a:d8:8a:d9:ef:1d:d1:6b:e4:c6:df:c4:2c:e2:
                    19:1c:0f:d4:70:fd:24:25:bf:2c:1e:3a:e5:b0:8c:
                    ac:d3:1c:46:69:5d:3e:90:2e:2d:cc:d2:dc:2f:56:
                    45:8a:dd:ac:cf:66:ae:5a:27:cb:c5:a5:a3:d8:ba:
                    da:da:19:44:1a:d0:4e:7b:d8:5e:59:2c:4b:91:9b:
                    95:61:c1:56:78:bf:ea:dd:a7:66:4b:fb:a0:37:60:
                    c8:82:39:a3:75:62:3d:4a:d0:1e:51:88:39:a9:ef:
                    16:d8:91:ac:02:eb:16:67:1f:c7:bf:da:b4:e1:d5:
                    17:6f:3a:6b:df:8e:f5:27:84:47:ba:29:10:3c:ac:
                    ac:d9:fd:ad:fb:d9:60:1b:35:88:62:e8:5f:d6:d5:
                    dd:97:a9:15:a4:e3:6e:1c:72:a4:79:15:cd:f8:b1:
                    fc:d6:30:8e:2f:da:88:95:5d:46:9c:86:16:7d:41:
                    38:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:E0:F8:B0:5A:69:47:C7:64:8A:2D:04:DA:3B:65:F3:A2:B0:23:01
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/muD4sFppR8dkii0E2jtl86KwIwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.148.0/22
                  194.64.156.0/22
                  194.64.172.0/22
                  194.163.72.0/21
                  194.195.96.0/22
                  194.195.108.0/22
                  194.233.20.0/22
                  194.233.52.0/22
                  195.179.32.0/21
                  195.179.44.0/22
                  195.179.80.0/22
                  195.180.132.0/22
                  195.180.140.0/22
                  212.224.0.0/22
                  212.224.20.0/22
                  217.119.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:12:a4:7e:95:0d:d9:68:67:b0:fa:5e:f4:e4:45:bb:84:6b:
         67:6d:36:f3:8a:a2:6a:36:df:2a:d9:50:d9:2e:99:eb:6c:30:
         bf:35:f8:36:27:48:47:8c:b9:f8:ee:e1:8c:d3:54:9d:1b:3a:
         9c:90:d4:aa:f9:02:25:e2:60:b9:94:5b:56:7c:50:96:a0:be:
         21:e6:93:b7:3f:e7:a4:f7:78:4d:b1:12:2d:96:07:54:55:31:
         53:3f:cd:23:3b:14:70:80:d9:43:b3:f5:e6:19:7e:00:46:0b:
         d5:7e:a8:75:5b:21:e4:e7:a0:aa:2b:19:22:04:d5:37:28:7e:
         99:69:af:76:00:d2:2b:c2:95:3a:81:6d:cf:8e:72:a1:a1:2b:
         ea:be:e0:eb:fd:bc:60:33:e9:36:f5:70:1d:1c:c2:05:3c:6a:
         33:49:fa:a7:29:23:1f:8b:51:b4:a7:8a:13:b2:05:d1:de:4a:
         e2:0d:20:3e:09:f4:a7:5d:6c:b8:18:18:48:24:67:ee:2f:a8:
         2a:a4:92:9a:c0:4d:bb:fa:52:e5:b7:d3:a8:30:2f:df:d9:a8:
         4d:a9:69:b1:93:d6:80:5c:33:54:5b:af:8f:a3:08:79:21:e1:
         41:24:fa:3f:d1:fe:e0:fc:3c:0b:7d:c7:b2:79:38:36:1e:80:
         17:f0:44:95
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIEDNHSmjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDQw
ODExMDc1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWFlMGY4YjA1YTY5
NDdjNzY0OGEyZDA0ZGEzYjY1ZjNhMmIwMjMwMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALk/+5Pyc9LZWbxlmxi94EjhVZCPr6670To/4tUNUBXQWdO6
gEizl7q7jjzcNqSKn576Di08Kp62dMq5A7GjGcmsjSTOI6PNqdfC1krYitnvHdFr
5MbfxCziGRwP1HD9JCW/LB465bCMrNMcRmldPpAuLczS3C9WRYrdrM9mrlony8Wl
o9i62toZRBrQTnvYXlksS5GblWHBVni/6t2nZkv7oDdgyII5o3ViPUrQHlGIOanv
FtiRrALrFmcfx7/atOHVF286a9+O9SeER7opEDysrNn9rfvZYBs1iGLoX9bV3Zep
FaTjbhxypHkVzfix/NYwji/aiJVdRpyGFn1BOD0CAwEAAaOCAmMwggJfMB0GA1Ud
DgQWBBSa4PiwWmlHx2SKLQTaO2XzorAjATAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L211RDRzRnBwUjhka2lpMEUyanRsODZLd0l3RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB5
BggrBgEFBQcBBwEB/wRqMGgwZgQCAAEwYAMEAsJAlAMEAsJAnAMEAsJArAMEA8Kj
SAMEAsLDYAMEAsLDbAMEAsLpFAMEAsLpNAMEA8OzIAMEAsOzLAMEAsOzUAMEAsO0
hAMEAsO0jAMEAtTgAAMEAtTgFAMEAtl3PDANBgkqhkiG9w0BAQsFAAOCAQEADBKk
fpUN2WhnsPpe9ORFu4RrZ20284qiajbfKtlQ2S6Z62wwvzX4NidIR4y5+O7hjNNU
nRs6nJDUqvkCJeJguZRbVnxQlqC+IeaTtz/npPd4TbESLZYHVFUxUz/NIzsUcIDZ
Q7P15hl+AEYL1X6odVsh5OegqisZIgTVNyh+mWmvdgDSK8KVOoFtz45yoaEr6r7g
6/28YDPpNvVwHRzCBTxqM0n6pykjH4tRtKeKE7IF0d5K4g0gPgn0p11suBgYSCRn
7i+oKqSSmsBNu/pS5bfTqDAv39moTalpsZPWgFwzVFuvj6MIeSHhQST6P9H+4Pw8
C33Hsnk4Nh6AF/BElQ==
-----END CERTIFICATE-----