Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/5Pa-UxZWqSKt1t1esrpU5TtA2G8.roa
File:                     5Pa-UxZWqSKt1t1esrpU5TtA2G8.roa (raw, json)
Hash identifier:          jq6R1O1WfqXf9DxagIJus17oXHMXcdoi29RKhYj1hpk=
Subject key identifier:   E4:F6:BE:53:16:56:A9:22:AD:D6:DD:5E:B2:BA:54:E5:3B:40:D8:6F
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       0181F92B3F3567A15472648E82874044F462
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/5Pa-UxZWqSKt1t1esrpU5TtA2G8.roa
Signing time:             Wed 13 Jul 2022 20:06:09 +0000
ROA not before:           Wed 13 Jul 2022 20:06:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212271
IP address blocks:        2a05:4143::/32 maxlen: 48
                          2a05:4140:187::/48 maxlen: 48
                          2a05:4140:100::/40 maxlen: 48
                          2a05:4140:400::/40 maxlen: 48
                          2a05:4140:600::/40 maxlen: 40
                          2a05:4140:300::/40 maxlen: 40
                          2a05:4140:190::/48 maxlen: 48
                          2a05:4140:10::/48 maxlen: 48
                          2a05:4140:16::/48 maxlen: 48
                          2a05:4140:4::/48 maxlen: 48
                          2a05:4144::/32 maxlen: 32
                          2a05:4140:5::/48 maxlen: 48
                          2a05:4140:8::/48 maxlen: 48
                          2a05:4140:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f9:2b:3f:35:67:a1:54:72:64:8e:82:87:40:44:f4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jul 13 20:06:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e4f6be531656a922add6dd5eb2ba54e53b40d86f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:db:f9:fc:a0:ba:32:82:9a:78:63:82:7a:31:
                    88:ec:dd:db:37:7b:99:64:d6:a0:95:df:b6:5c:54:
                    5f:fe:6d:b7:cd:0a:0c:f1:07:17:be:3d:b8:ff:c7:
                    3c:f5:19:30:97:83:ec:2c:b1:5b:f3:bd:1f:02:c5:
                    c7:d2:35:64:85:2a:f5:63:2d:6e:bd:c2:38:db:63:
                    ba:8a:4b:10:d3:69:d9:d3:79:3c:ce:5c:db:d6:95:
                    48:64:0d:92:42:c9:fe:9e:8b:8d:fb:cc:d7:2b:49:
                    9d:ce:0f:48:85:64:89:6b:63:20:57:19:7a:af:06:
                    f4:02:5d:9e:47:88:9f:9a:9f:6a:18:bd:a5:58:03:
                    1e:f8:6d:fa:ea:9c:f7:6c:60:8c:1e:28:45:7c:9d:
                    74:88:f2:46:e6:1b:a1:5f:8b:9c:3d:ef:1b:7a:fb:
                    73:55:f5:94:76:a9:e5:83:16:16:68:2d:1e:2d:4e:
                    02:45:2a:79:ac:1d:bd:cd:71:4b:04:e3:da:c5:4e:
                    cb:e6:f9:4b:5b:fe:bd:67:96:38:ab:fa:9d:71:19:
                    d2:53:3b:db:0f:3c:05:8b:3c:f3:a1:ce:10:07:db:
                    c0:31:12:f4:6a:28:cf:ac:82:2e:4d:48:55:99:91:
                    6b:ba:27:8e:98:0c:14:b5:68:ac:3a:7a:71:de:57:
                    fb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F6:BE:53:16:56:A9:22:AD:D6:DD:5E:B2:BA:54:E5:3B:40:D8:6F
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/5Pa-UxZWqSKt1t1esrpU5TtA2G8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:3::-2a05:4140:5:ffff:ffff:ffff:ffff:ffff
                  2a05:4140:8::/48
                  2a05:4140:10::/48
                  2a05:4140:16::/48
                  2a05:4140:100::/40
                  2a05:4140:300::-2a05:4140:4ff:ffff:ffff:ffff:ffff:ffff
                  2a05:4140:600::/40
                  2a05:4143::-2a05:4144:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5d:4c:4e:bd:74:7e:e2:da:b4:25:8b:87:b4:8f:13:41:a6:ef:
         82:0a:ae:6c:65:c0:5e:85:7a:cb:f1:e7:4e:ac:ce:ed:ed:35:
         16:11:bf:d5:26:86:4b:51:61:59:48:f5:9f:75:87:39:95:93:
         60:cf:af:20:96:e8:18:3c:8e:ae:8e:74:e9:9b:ab:af:d3:d6:
         e0:df:5f:d2:69:22:e6:6b:df:78:9a:7f:f2:ef:cf:e1:1a:f2:
         0d:0e:76:8d:10:88:fc:43:55:45:ea:1f:31:0d:f9:e1:06:1a:
         bd:02:5a:69:60:c0:47:b6:9f:ac:74:04:65:2f:5a:1e:e9:56:
         92:a9:5a:e9:8d:cd:0c:63:02:4e:1e:21:8e:13:86:bc:ce:25:
         b7:93:ec:35:2c:c8:e5:c6:26:62:31:e7:b4:b2:2f:b2:5c:d3:
         82:c8:de:d3:bc:bd:63:29:6a:70:ee:48:ec:c5:18:77:0c:9c:
         fd:3c:47:8b:04:ac:ca:24:9a:0d:dd:6e:a7:c5:58:ca:e4:6b:
         28:2c:66:3d:cf:c3:96:65:80:25:67:02:62:1e:c2:45:8f:4d:
         b1:5e:58:1e:ec:25:fa:c6:ba:a7:31:26:be:b1:2b:65:65:e6:
         18:5c:b8:92:3f:1d:2f:ac:80:35:ee:be:c2:f4:fd:07:bb:ee:
         7c:5c:d0:4d
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYH5Kz81Z6FUcmSOgodARPRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjIwNzEzMjAwNjA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGY2YmU1MzE2NTZhOTIyYWRkNmRkNWViMmJhNTRlNTNiNDBkODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tv5/KC6MoKaeGOCejGI7N3bN3uZ
ZNagld+2XFRf/m23zQoM8QcXvj24/8c89Rkwl4PsLLFb870fAsXH0jVkhSr1Yy1u
vcI422O6iksQ02nZ03k8zlzb1pVIZA2SQsn+nouN+8zXK0mdzg9IhWSJa2MgVxl6
rwb0Al2eR4ifmp9qGL2lWAMe+G366pz3bGCMHihFfJ10iPJG5huhX4ucPe8bevtz
VfWUdqnlgxYWaC0eLU4CRSp5rB29zXFLBOPaxU7L5vlLW/69Z5Y4q/qdcRnSUzvb
DzwFizzzoc4QB9vAMRL0aijPrIIuTUhVmZFruieOmAwUtWisOnpx3lf7yQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFOT2vlMWVqkirdbdXrK6VOU7QNhvMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvNVBhLVV4WldxU0t0MXQxZXNycFU1VHRBMkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBnBAIAAjBhMBIDBwAqBUFA
AAMDBwEqBUFAAAQDBwAqBUFAAAgDBwAqBUFAABADBwAqBUFAABYDBgAqBUFAATAQ
AwYAKgVBQAMDBgAqBUFABAMGACoFQUAGMA4DBQAqBUFDAwUAKgVBRDANBgkqhkiG
9w0BAQsFAAOCAQEAXUxOvXR+4tq0JYuHtI8TQabvggqubGXAXoV6y/HnTqzO7e01
FhG/1SaGS1FhWUj1n3WHOZWTYM+vIJboGDyOro506Zurr9PW4N9f0mki5mvfeJp/
8u/P4RryDQ52jRCI/ENVReofMQ354QYavQJaaWDAR7afrHQEZS9aHulWkqla6Y3N
DGMCTh4hjhOGvM4lt5PsNSzI5cYmYjHntLIvslzTgsje07y9YylqcO5I7MUYdwyc
/TxHiwSsyiSaDd1up8VYyuRrKCxmPc/DlmWAJWcCYh7CRY9NsV5YHuwl+sa6pzEm
vrErZWXmGFy4kj8dL6yANe6+wvT9B7vufFzQTQ==
-----END CERTIFICATE-----