Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/rZ5YrIZEpS1NVvk_5-qlRAJpvbw.roa
File:                     rZ5YrIZEpS1NVvk_5-qlRAJpvbw.roa (raw, json)
Hash identifier:          uFyMm7T7Igkz5c2mBct95EJjYyt66awtqFEZdkL7Gns=
Subject key identifier:   AD:9E:58:AC:86:44:A5:2D:4D:56:F9:3F:E7:EA:A5:44:02:69:BD:BC
Certificate issuer:       /CN=13f3ad40f96ed5e7f39d8d9e196abf0fa2381e8c
Certificate serial:       018460FDE866F34F3020A81DE62074F4D0B9
Authority key identifier: 13:F3:AD:40:F9:6E:D5:E7:F3:9D:8D:9E:19:6A:BF:0F:A2:38:1E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_OtQPlu1efznY2eGWq_D6I4How.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/rZ5YrIZEpS1NVvk_5-qlRAJpvbw.roa
Signing time:             Thu 10 Nov 2022 10:02:43 +0000
ROA not before:           Thu 10 Nov 2022 10:02:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28757
IP address blocks:        217.16.216.0/22 maxlen: 22
                          217.16.216.0/21 maxlen: 21
                          217.16.220.0/23 maxlen: 23
                          217.16.222.0/24 maxlen: 24
                          217.16.223.0/24 maxlen: 24
                          80.80.178.0/24 maxlen: 24
                          80.80.179.0/24 maxlen: 24
                          80.80.176.0/23 maxlen: 23
                          185.71.108.0/22 maxlen: 22
                          80.80.176.0/21 maxlen: 21
                          80.80.176.0/20 maxlen: 20
                          80.80.184.0/21 maxlen: 21
                          80.80.180.0/23 maxlen: 23
                          80.80.182.0/24 maxlen: 24
                          80.80.183.0/24 maxlen: 24
                          80.80.191.0/24 maxlen: 24
                          217.16.208.0/21 maxlen: 21
                          217.16.208.0/20 maxlen: 20
                          2a02:6b00::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:60:fd:e8:66:f3:4f:30:20:a8:1d:e6:20:74:f4:d0:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13f3ad40f96ed5e7f39d8d9e196abf0fa2381e8c
        Validity
            Not Before: Nov 10 10:02:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ad9e58ac8644a52d4d56f93fe7eaa5440269bdbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:43:4c:b0:20:a4:3a:90:41:ef:a6:61:c0:c6:
                    72:97:a1:cf:17:61:96:e1:02:7a:49:4e:e2:ed:0e:
                    34:f8:84:89:15:c9:f8:af:60:47:79:32:40:55:23:
                    4a:d6:0f:cb:2e:00:b6:0e:65:f9:b1:64:c8:b4:a0:
                    47:c1:f5:d6:36:ad:b0:df:5c:8d:e1:98:5e:93:c2:
                    87:e5:9c:2c:41:78:50:e1:76:d0:74:29:bf:48:6d:
                    19:bc:08:78:20:85:b7:9d:d6:ae:fc:38:76:40:7f:
                    7a:5d:d6:2a:58:39:3d:76:86:f4:d1:04:e1:d7:a3:
                    31:92:5a:91:e1:3b:08:74:9e:cc:f9:a7:e9:b6:27:
                    b8:0f:ed:27:6b:c4:56:1b:c6:19:85:2a:c5:bf:8c:
                    5d:57:df:4e:14:c7:52:90:71:7d:94:6e:ce:37:b1:
                    76:3b:67:ef:ea:97:2c:66:a6:70:35:63:c8:b8:e9:
                    82:7a:93:76:77:07:70:ba:19:fc:f5:0e:95:da:39:
                    7a:c1:2f:da:a1:52:6f:98:7d:a7:d9:76:87:78:58:
                    5c:dc:23:ab:1b:3b:c5:90:9a:2b:57:8a:b0:09:be:
                    c0:78:b6:cd:6c:d8:f5:2c:ef:60:23:05:a1:99:e4:
                    21:ec:7f:87:40:04:20:bf:5f:1f:a7:a9:53:4b:8c:
                    04:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9E:58:AC:86:44:A5:2D:4D:56:F9:3F:E7:EA:A5:44:02:69:BD:BC
            X509v3 Authority Key Identifier:
                keyid:13:F3:AD:40:F9:6E:D5:E7:F3:9D:8D:9E:19:6A:BF:0F:A2:38:1E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_OtQPlu1efznY2eGWq_D6I4How.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/rZ5YrIZEpS1NVvk_5-qlRAJpvbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/E_OtQPlu1efznY2eGWq_D6I4How.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.80.176.0/20
                  185.71.108.0/22
                  217.16.208.0/20
                IPv6:
                  2a02:6b00::/36

    Signature Algorithm: sha256WithRSAEncryption
         43:0c:57:ee:60:d7:f2:0c:8a:dc:3d:8d:fb:d1:98:a8:50:84:
         34:78:0d:e7:ec:22:cb:17:01:38:3d:7e:c4:43:01:61:59:94:
         f4:89:e1:ce:3d:79:0d:79:51:49:66:6d:7b:05:de:81:24:8e:
         c6:40:7d:b5:13:24:2a:75:25:d6:c8:10:bf:de:51:db:a7:e1:
         10:5f:a2:4c:50:bb:23:54:d5:cb:12:ca:8f:c9:a1:e9:50:c6:
         d7:0a:ab:2f:cc:99:35:8f:0d:d2:c8:6a:1a:1e:6f:c6:1c:de:
         5f:fd:29:96:5f:3f:90:8c:8e:79:ec:cc:a5:bb:ee:11:62:2d:
         92:6c:b4:76:a7:4d:d9:fb:db:b4:8e:0f:7b:9d:c3:bf:2f:c7:
         52:21:48:df:30:cf:fc:71:cb:6b:5d:63:b0:25:30:63:49:f1:
         60:e3:29:62:d2:70:22:d5:30:3d:01:82:87:57:72:9b:67:05:
         17:74:e6:0e:42:30:58:2c:72:53:0b:3d:ec:25:1b:5d:fa:f8:
         74:ec:05:09:ef:d3:b8:4b:5b:6f:10:d2:5b:74:69:1c:22:48:
         54:5e:7e:c2:e5:9f:67:8b:1d:f6:48:45:c6:5d:4e:bb:b9:c4:
         41:a4:c2:1b:d1:de:d5:b8:a2:44:72:24:06:a5:e5:9c:6c:d5:
         47:77:ee:88
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYRg/ehm808wIKgd5iB09NC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZjNhZDQwZjk2ZWQ1ZTdmMzlkOGQ5ZTE5NmFiZjBmYTIz
ODFlOGMwHhcNMjIxMTEwMTAwMjQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDllNThhYzg2NDRhNTJkNGQ1NmY5M2ZlN2VhYTU0NDAyNjliZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskNMsCCkOpBB76ZhwMZyl6HPF2GW
4QJ6SU7i7Q40+ISJFcn4r2BHeTJAVSNK1g/LLgC2DmX5sWTItKBHwfXWNq2w31yN
4Zhek8KH5ZwsQXhQ4XbQdCm/SG0ZvAh4IIW3ndau/Dh2QH96XdYqWDk9dob00QTh
16MxklqR4TsIdJ7M+afptie4D+0na8RWG8YZhSrFv4xdV99OFMdSkHF9lG7ON7F2
O2fv6pcsZqZwNWPIuOmCepN2dwdwuhn89Q6V2jl6wS/aoVJvmH2n2XaHeFhc3COr
GzvFkJorV4qwCb7AeLbNbNj1LO9gIwWhmeQh7H+HQAQgv18fp6lTS4wE2wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFK2eWKyGRKUtTVb5P+fqpUQCab28MB8GA1UdIwQY
MBaAFBPzrUD5btXn852Nnhlqvw+iOB6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRV9PdFFQbHUxZWZ6blkyZUdXcV9ENkk0SG93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi83NzJlN2UtZjBmMC00ZmUwLWE2MzQt
ZjRmYmUwY2I5NDQ0LzEvclo1WXJJWkVwUzFOVnZrXzUtcWxSQUpwdmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi83NzJlN2UtZjBmMC00ZmUwLWE2MzQtZjRmYmUwY2I5NDQ0
LzEvRV9PdFFQbHUxZWZ6blkyZUdXcV9ENkk0SG93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQEUFCwAwQC
uUdsAwQE2RDQMA4EAgACMAgDBgQqAmsAADANBgkqhkiG9w0BAQsFAAOCAQEAQwxX
7mDX8gyK3D2N+9GYqFCENHgN5+wiyxcBOD1+xEMBYVmU9Inhzj15DXlRSWZtewXe
gSSOxkB9tRMkKnUl1sgQv95R26fhEF+iTFC7I1TVyxLKj8mh6VDG1wqrL8yZNY8N
0shqGh5vxhzeX/0pll8/kIyOeezMpbvuEWItkmy0dqdN2fvbtI4Pe53Dvy/HUiFI
3zDP/HHLa11jsCUwY0nxYOMpYtJwItUwPQGCh1dym2cFF3TmDkIwWCxyUws97CUb
Xfr4dOwFCe/TuEtbbxDSW3RpHCJIVF5+wuWfZ4sd9khFxl1Ou7nEQaTCG9He1bii
RHIkBqXlnGzVR3fuiA==
-----END CERTIFICATE-----