Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/_N3UkwZbNnSKv6_DEd35iXSaJ-k.roa
File:                     _N3UkwZbNnSKv6_DEd35iXSaJ-k.roa (raw, json)
Hash identifier:          ciUxcTylpZ6RodkaG3Ko7E49HkT1CYYj2kjTuXyl28s=
Subject key identifier:   FC:DD:D4:93:06:5B:36:74:8A:BF:AF:C3:11:DD:F9:89:74:9A:27:E9
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01830D90C600FA663D2EBA2064D0B7C7196C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/_N3UkwZbNnSKv6_DEd35iXSaJ-k.roa
Signing time:             Mon 05 Sep 2022 12:12:15 +0000
ROA not before:           Mon 05 Sep 2022 12:12:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35277
IP address blocks:        5.189.219.0/24 maxlen: 24
                          5.189.218.0/24 maxlen: 24
                          5.189.217.0/24 maxlen: 24
                          5.189.216.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.101.44.0/24 maxlen: 24
                          5.101.47.0/24 maxlen: 24
                          5.101.46.0/24 maxlen: 24
                          5.101.45.0/24 maxlen: 24
                          5.188.203.0/24 maxlen: 24
                          5.188.202.0/24 maxlen: 24
                          5.188.201.0/24 maxlen: 24
                          5.188.200.0/24 maxlen: 24
                          91.243.40.0/24 maxlen: 24
                          91.243.43.0/24 maxlen: 24
                          5.189.253.0/24 maxlen: 24
                          5.189.252.0/24 maxlen: 24
                          5.189.255.0/24 maxlen: 24
                          5.8.44.0/24 maxlen: 24
                          5.8.47.0/24 maxlen: 24
                          5.8.46.0/24 maxlen: 24
                          5.8.45.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0d:90:c6:00:fa:66:3d:2e:ba:20:64:d0:b7:c7:19:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Sep  5 12:12:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fcddd493065b36748abfafc311ddf989749a27e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a5:39:a9:61:b1:8a:8e:2a:3e:21:fc:7e:ed:
                    96:4d:e3:98:e8:3d:49:da:65:e0:88:08:ed:0c:2b:
                    bb:b9:a6:44:4f:f4:bf:5d:17:eb:78:23:5d:aa:b2:
                    7a:f4:f4:d5:07:96:27:c5:49:35:ad:63:56:83:0f:
                    fe:43:a0:57:04:e6:1d:ce:28:36:c5:fc:a2:46:a0:
                    c6:b1:dc:dc:64:00:1f:2f:22:df:b7:65:76:0d:b6:
                    58:19:2d:e2:32:ca:48:8e:b7:d8:fc:34:66:54:59:
                    70:53:42:2f:6d:10:eb:15:96:ad:c2:8b:9e:19:74:
                    09:99:13:f4:f8:15:05:f6:0a:e1:44:99:ed:8e:a2:
                    0c:47:68:7b:a6:69:d3:77:31:82:96:c4:86:fc:3d:
                    44:4f:af:cd:26:fb:bb:09:90:11:d8:ce:e6:ec:89:
                    c2:d4:40:90:ce:3f:b2:47:d9:1d:0c:85:e9:7b:4e:
                    d6:56:1e:9c:13:ac:55:90:ad:f5:89:d2:45:95:0b:
                    f3:aa:97:57:bc:a2:e1:03:ba:ac:ed:9a:3b:ad:3b:
                    16:c2:f2:0e:7f:0b:d2:04:8a:24:74:3b:0d:4b:90:
                    f7:3a:5d:00:d5:28:96:60:ad:bc:0f:36:e8:8a:d9:
                    01:93:42:ef:cb:c6:82:5f:e2:20:76:b7:78:b6:68:
                    e1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DD:D4:93:06:5B:36:74:8A:BF:AF:C3:11:DD:F9:89:74:9A:27:E9
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/_N3UkwZbNnSKv6_DEd35iXSaJ-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.44.0/22
                  5.101.44.0/22
                  5.188.50.0/24
                  5.188.200.0/22
                  5.189.216.0/22
                  5.189.252.0/23
                  5.189.255.0/24
                  91.243.40.0/24
                  91.243.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:53:e3:48:5e:ac:1b:56:77:8f:f0:29:60:a0:61:7a:84:6a:
         48:ee:63:a6:7a:94:3d:d6:85:4b:08:bd:fe:92:58:05:1e:6b:
         5c:3f:12:8a:77:05:00:9f:cb:a1:cc:f6:7e:85:b6:6e:44:e0:
         5a:d9:82:a4:aa:5d:c9:0c:0a:f8:50:18:67:e7:2b:b7:aa:91:
         db:ba:0c:dc:da:90:e8:7e:8d:41:bf:f7:74:f8:bf:8d:8c:56:
         3b:22:77:b8:f9:58:34:90:d0:e6:5b:ce:31:dd:92:fe:75:d7:
         ed:eb:32:9e:a0:6c:42:63:9d:5b:44:3f:6c:06:c1:64:65:bc:
         27:a3:9f:38:96:ad:4b:4c:b0:30:01:8e:ed:e7:be:bf:18:38:
         6e:6d:bb:12:92:93:96:cd:ce:99:28:d8:ae:8a:f7:fc:1b:69:
         b6:cd:aa:72:f4:99:dc:da:dd:84:42:c6:f3:87:44:02:dd:72:
         32:06:bc:9b:e9:8d:a9:d4:50:eb:af:8c:63:91:a0:fd:f4:0b:
         e3:7c:d6:f6:15:7f:c4:64:0c:5b:04:66:50:6c:26:b2:14:50:
         7d:f8:4f:68:e1:c3:91:5c:a5:21:fe:94:83:1e:be:cc:b0:f9:
         6b:80:ba:92:12:1e:5f:99:26:4e:af:7b:bc:cd:f4:f4:ee:d5:
         94:b5:eb:44
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYMNkMYA+mY9LrogZNC3xxlsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIwOTA1MTIxMjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RkZDQ5MzA2NWIzNjc0OGFiZmFmYzMxMWRkZjk4OTc0OWEyN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaU5qWGxio4qPiH8fu2WTeOY6D1J
2mXgiAjtDCu7uaZET/S/XRfreCNdqrJ69PTVB5YnxUk1rWNWgw/+Q6BXBOYdzig2
xfyiRqDGsdzcZAAfLyLft2V2DbZYGS3iMspIjrfY/DRmVFlwU0IvbRDrFZatwoue
GXQJmRP0+BUF9grhRJntjqIMR2h7pmnTdzGClsSG/D1ET6/NJvu7CZAR2M7m7InC
1ECQzj+yR9kdDIXpe07WVh6cE6xVkK31idJFlQvzqpdXvKLhA7qs7Zo7rTsWwvIO
fwvSBIokdDsNS5D3Ol0A1SiWYK28DzboitkBk0Lvy8aCX+Igdrd4tmjhXQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPzd1JMGWzZ0ir+vwxHd+Yl0mifpMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvX04zVWt3WmJOblNLdjZfREVkMzVpWFNhSi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCBQgsAwQC
BWUsAwQABbwyAwQCBbzIAwQCBb3YAwQBBb38AwQABb3/AwQAW/MoAwQAW/MrMA0G
CSqGSIb3DQEBCwUAA4IBAQChU+NIXqwbVneP8ClgoGF6hGpI7mOmepQ91oVLCL3+
klgFHmtcPxKKdwUAn8uhzPZ+hbZuROBa2YKkql3JDAr4UBhn5yu3qpHbugzc2pDo
fo1Bv/d0+L+NjFY7Ine4+Vg0kNDmW84x3ZL+ddft6zKeoGxCY51bRD9sBsFkZbwn
o584lq1LTLAwAY7t576/GDhubbsSkpOWzc6ZKNiuivf8G2m2zapy9Jnc2t2EQsbz
h0QC3XIyBryb6Y2p1FDrr4xjkaD99AvjfNb2FX/EZAxbBGZQbCayFFB9+E9o4cOR
XKUh/pSDHr7MsPlrgLqSEh5fmSZOr3u8zfT07tWUtetE
-----END CERTIFICATE-----