Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j89WEfkrBmSu2TFN0uw5P7dT930.roa
File:                     j89WEfkrBmSu2TFN0uw5P7dT930.roa (raw, json)
Hash identifier:          frfUit8733F+BJnYyHrqjwOEJF32PC5Fr/gak8c9jNU=
Subject key identifier:   8F:CF:56:11:F9:2B:06:64:AE:D9:31:4D:D2:EC:39:3F:B7:53:F7:7D
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       0182A17C0B0591E46BD870D95AEAB1776B01
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j89WEfkrBmSu2TFN0uw5P7dT930.roa
Signing time:             Mon 15 Aug 2022 12:30:37 +0000
ROA not before:           Mon 15 Aug 2022 12:30:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212271
IP address blocks:        2a05:4143::/32 maxlen: 48
                          2a05:4140:187::/48 maxlen: 48
                          2a05:4140:100::/40 maxlen: 48
                          2a05:4140:400::/40 maxlen: 48
                          2a05:4140:600::/40 maxlen: 40
                          2a05:4140:300::/40 maxlen: 40
                          2a05:4140:190::/48 maxlen: 48
                          2a05:4140:10::/48 maxlen: 48
                          2a05:4140:16::/48 maxlen: 48
                          2a05:4140:4::/48 maxlen: 48
                          2a05:4144::/32 maxlen: 32
                          2a05:4140:5::/48 maxlen: 48
                          2a05:4140:8::/48 maxlen: 48
                          2a05:4140:3::/48 maxlen: 48
                          2a05:4140:9::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:a1:7c:0b:05:91:e4:6b:d8:70:d9:5a:ea:b1:77:6b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Aug 15 12:30:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8fcf5611f92b0664aed9314dd2ec393fb753f77d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:82:5c:8c:58:01:cd:8d:80:ae:f7:f5:5a:a2:
                    42:6e:fa:d0:a6:32:48:51:0b:6a:a7:d6:5d:e1:19:
                    82:b0:6f:9e:38:3a:89:8b:9f:fa:e0:66:cf:30:45:
                    1d:63:38:66:ad:33:ff:f4:52:4b:50:20:a7:df:51:
                    f7:a4:70:75:7b:aa:ff:6c:0b:88:af:e7:c5:3a:44:
                    c2:af:21:0d:5f:bc:67:05:40:e1:32:05:ed:ab:59:
                    93:84:6f:98:d3:4d:95:ec:99:8b:ab:9b:d1:d0:6c:
                    2a:e8:09:33:76:30:6d:1e:9a:71:fc:49:48:17:c9:
                    6f:fe:c8:9f:48:0b:ad:74:14:83:91:c5:25:60:c9:
                    22:d7:7e:91:c2:c5:22:3f:c4:d1:be:93:92:ea:5c:
                    3c:c9:23:8f:ab:9b:ad:43:94:b3:7d:ce:53:a5:be:
                    68:f6:41:8a:b3:58:28:61:f9:05:3f:62:4d:0e:99:
                    4f:a4:4c:3b:35:fe:80:f0:d4:14:29:b0:08:50:bb:
                    ca:87:d9:e1:c8:09:1b:bf:94:6e:c7:f2:79:b6:fb:
                    e9:c7:82:3f:a7:11:6c:4d:d5:8d:70:2d:ab:16:3f:
                    23:5a:ee:b5:4f:f3:89:68:7f:de:46:95:aa:92:81:
                    bb:b5:77:71:7a:de:44:04:96:3a:2a:75:c4:68:fb:
                    8b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:CF:56:11:F9:2B:06:64:AE:D9:31:4D:D2:EC:39:3F:B7:53:F7:7D
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j89WEfkrBmSu2TFN0uw5P7dT930.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:3::-2a05:4140:5:ffff:ffff:ffff:ffff:ffff
                  2a05:4140:8::/47
                  2a05:4140:10::/48
                  2a05:4140:16::/48
                  2a05:4140:100::/40
                  2a05:4140:300::-2a05:4140:4ff:ffff:ffff:ffff:ffff:ffff
                  2a05:4140:600::/40
                  2a05:4143::-2a05:4144:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         86:1d:56:56:35:d8:1e:7e:23:94:50:06:7d:e0:9b:f2:58:e6:
         8d:d5:d4:d1:63:1f:99:0b:b9:b8:17:28:f5:b6:d5:96:02:53:
         6c:23:35:19:bd:b6:de:20:e1:8b:af:f1:60:2e:00:09:c5:41:
         6c:d6:82:d7:9d:fd:c3:d2:d3:ec:05:7c:03:d3:1b:ff:16:16:
         90:6b:87:36:bd:6b:c9:0c:f8:75:55:64:3f:64:ec:49:2e:38:
         29:61:ae:01:b4:63:a7:89:22:35:c8:84:79:47:e8:b9:84:97:
         ed:8d:f0:61:56:ce:8c:6b:41:99:65:3e:e6:eb:1f:46:88:fc:
         71:4f:75:5e:3d:55:06:2d:e1:09:cd:36:aa:16:70:fe:22:98:
         88:ff:9f:dc:70:96:d9:64:33:6e:a7:24:70:25:e8:cf:fc:57:
         d1:96:e6:d6:c5:03:34:a8:3a:e8:4d:32:78:dd:7b:a0:6c:90:
         76:c8:e4:a3:f4:fa:c1:ff:e2:24:2d:70:a8:af:4d:b6:11:aa:
         b4:11:a6:08:4a:2d:ac:dd:29:ef:42:5d:6d:99:27:3d:8d:28:
         1d:b7:cd:0a:28:31:68:4c:65:a4:1d:59:73:68:47:0f:62:fa:
         25:70:7d:ab:42:d2:28:d7:d6:6d:25:b3:28:92:56:08:73:ea:
         81:67:01:cc
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYKhfAsFkeRr2HDZWuqxd2sBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjIwODE1MTIzMDM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmNmNTYxMWY5MmIwNjY0YWVkOTMxNGRkMmVjMzkzZmI3NTNmNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4JcjFgBzY2Arvf1WqJCbvrQpjJI
UQtqp9Zd4RmCsG+eODqJi5/64GbPMEUdYzhmrTP/9FJLUCCn31H3pHB1e6r/bAuI
r+fFOkTCryENX7xnBUDhMgXtq1mThG+Y002V7JmLq5vR0Gwq6AkzdjBtHppx/ElI
F8lv/sifSAutdBSDkcUlYMki136RwsUiP8TRvpOS6lw8ySOPq5utQ5Szfc5Tpb5o
9kGKs1goYfkFP2JNDplPpEw7Nf6A8NQUKbAIULvKh9nhyAkbv5Rux/J5tvvpx4I/
pxFsTdWNcC2rFj8jWu61T/OJaH/eRpWqkoG7tXdxet5EBJY6KnXEaPuLPQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFI/PVhH5KwZkrtkxTdLsOT+3U/d9MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvajg5V0Vma3JCbVN1MlRGTjB1dzVQN2RUOTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBnBAIAAjBhMBIDBwAqBUFA
AAMDBwEqBUFAAAQDBwEqBUFAAAgDBwAqBUFAABADBwAqBUFAABYDBgAqBUFAATAQ
AwYAKgVBQAMDBgAqBUFABAMGACoFQUAGMA4DBQAqBUFDAwUAKgVBRDANBgkqhkiG
9w0BAQsFAAOCAQEAhh1WVjXYHn4jlFAGfeCb8ljmjdXU0WMfmQu5uBco9bbVlgJT
bCM1Gb223iDhi6/xYC4ACcVBbNaC1539w9LT7AV8A9Mb/xYWkGuHNr1ryQz4dVVk
P2TsSS44KWGuAbRjp4kiNciEeUfouYSX7Y3wYVbOjGtBmWU+5usfRoj8cU91Xj1V
Bi3hCc02qhZw/iKYiP+f3HCW2WQzbqckcCXoz/xX0Zbm1sUDNKg66E0yeN17oGyQ
dsjko/T6wf/iJC1wqK9NthGqtBGmCEotrN0p70JdbZknPY0oHbfNCigxaExlpB1Z
c2hHD2L6JXB9q0LSKNfWbSWzKJJWCHPqgWcBzA==
-----END CERTIFICATE-----