Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/oyaQn9IXEBf-UxsmGb8H6ifCUGI.roa
File:                     oyaQn9IXEBf-UxsmGb8H6ifCUGI.roa (raw, json)
Hash identifier:          FzXiVEwF6/oZuWGYDM5CnCX4E7CAG3L7fCq/x618Nt0=
Subject key identifier:   A3:26:90:9F:D2:17:10:17:FE:53:1B:26:19:BF:07:EA:27:C2:50:62
Certificate issuer:       /CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Certificate serial:       018378DC03CC314A9F245C8798B9E72FF2A6
Authority key identifier: 58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/oyaQn9IXEBf-UxsmGb8H6ifCUGI.roa
Signing time:             Mon 26 Sep 2022 08:13:48 +0000
ROA not before:           Mon 26 Sep 2022 08:13:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35228
IP address blocks:        82.132.138.0/23 maxlen: 24
                          82.132.216.0/22 maxlen: 24
                          82.132.220.0/22 maxlen: 24
                          82.132.224.0/22 maxlen: 24
                          82.132.232.0/22 maxlen: 24
                          82.132.228.0/22 maxlen: 24
                          82.132.236.0/22 maxlen: 24
                          82.132.240.0/22 maxlen: 24
                          82.132.244.0/22 maxlen: 24
                          82.132.248.0/23 maxlen: 24
                          82.132.164.0/23 maxlen: 24
                          82.132.162.0/23 maxlen: 24
                          82.132.160.0/23 maxlen: 24
                          82.132.168.0/23 maxlen: 24
                          82.132.166.0/23 maxlen: 24
                          82.132.172.0/23 maxlen: 24
                          82.132.170.0/23 maxlen: 24
                          82.132.174.0/23 maxlen: 24
                          82.132.182.0/23 maxlen: 24
                          82.132.180.0/23 maxlen: 24
                          82.132.184.0/22 maxlen: 24
                          82.132.199.0/24 maxlen: 24
                          82.132.210.0/23 maxlen: 24
                          82.132.212.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:78:dc:03:cc:31:4a:9f:24:5c:87:98:b9:e7:2f:f2:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
        Validity
            Not Before: Sep 26 08:13:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a326909fd2171017fe531b2619bf07ea27c25062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a6:d2:85:81:7a:e5:7f:3b:48:de:b0:59:21:
                    04:58:bd:a2:ab:28:cc:9d:aa:93:71:93:d9:98:51:
                    08:ef:d5:85:22:b4:10:da:bc:a5:20:b6:48:c5:82:
                    91:86:ae:fa:9b:9f:e8:cb:17:9b:1d:5b:7d:c1:44:
                    c3:c2:a4:51:b1:16:23:6b:3f:51:fe:20:3b:42:70:
                    b8:8e:ca:52:32:2a:87:a5:a0:b6:ae:8e:a4:f3:b4:
                    57:af:1a:6a:e4:1e:f6:db:c2:71:47:bf:95:71:1e:
                    7c:a3:78:8b:a4:7d:18:81:e3:70:f8:26:49:cc:55:
                    b4:ad:fb:99:97:6b:dd:24:36:42:fa:2d:2c:62:1c:
                    dd:c9:3c:d8:bb:b0:9a:23:e6:c3:13:a0:db:c7:b5:
                    4c:81:e1:bc:19:ed:4e:2a:36:e3:7c:9a:26:bf:3a:
                    88:ed:44:0e:1a:89:54:f7:dc:82:e9:f7:a0:db:26:
                    10:b1:55:30:25:fe:22:c7:b4:33:46:d2:48:9b:c2:
                    65:c0:e5:ee:59:35:39:b4:ca:4c:33:29:b2:ef:ae:
                    53:8f:45:34:88:b7:0a:dc:68:d3:fe:67:64:ef:79:
                    a0:6d:04:8b:cd:1e:a6:fa:df:6c:c5:d8:2d:75:19:
                    8a:78:93:8c:b6:09:25:f8:1b:00:3f:f0:ed:bd:1c:
                    c1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:26:90:9F:D2:17:10:17:FE:53:1B:26:19:BF:07:EA:27:C2:50:62
            X509v3 Authority Key Identifier:
                keyid:58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/oyaQn9IXEBf-UxsmGb8H6ifCUGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.132.138.0/23
                  82.132.160.0/20
                  82.132.180.0-82.132.187.255
                  82.132.199.0/24
                  82.132.210.0-82.132.249.255

    Signature Algorithm: sha256WithRSAEncryption
         35:cf:1d:31:14:8f:dc:97:a9:59:ed:ca:94:60:6c:6a:eb:23:
         69:47:5f:71:8a:0c:13:a5:e3:bf:9c:df:49:ad:b6:63:67:c5:
         a1:2f:31:24:43:2f:2d:96:87:66:7e:2c:7d:3d:dc:f1:23:43:
         89:a7:be:ad:44:c0:51:3b:7f:bc:8d:d3:51:7f:34:e0:cc:08:
         62:37:d0:7a:1a:39:9b:b3:76:2f:46:fd:d4:f1:c4:76:2c:45:
         d8:4d:94:1d:89:7e:97:26:86:c9:82:76:9b:eb:b4:2b:85:24:
         60:8e:77:2e:70:df:ec:64:32:c3:24:d3:2d:ff:60:f2:f1:64:
         95:f1:8d:6e:91:60:f2:76:4d:f0:4b:8e:ec:33:72:aa:db:08:
         09:d8:9f:38:d0:2d:87:87:39:e4:f1:52:92:45:77:a8:46:a0:
         24:c4:23:02:45:b2:4a:23:ae:0d:9c:ea:da:68:1b:27:13:a6:
         2b:45:2c:96:1e:27:36:aa:95:f4:01:cf:01:dd:6a:af:c6:a5:
         6d:80:57:4d:e8:60:00:d8:d2:35:30:58:02:85:c2:7f:d4:22:
         32:11:2c:f4:e7:0c:12:de:3b:5c:5a:e5:8b:45:a9:db:22:1d:
         04:d4:54:11:25:ef:e9:2f:2b:11:46:e3:21:d7:df:0f:4b:72:
         30:84:fe:e2
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYN43APMMUqfJFyHmLnnL/KmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjI5ZTdiOGEwZGRiOWMzNmM2ZTBlM2Y0OTU3NzgxN2Iw
ZWEzYTYwHhcNMjIwOTI2MDgxMzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzI2OTA5ZmQyMTcxMDE3ZmU1MzFiMjYxOWJmMDdlYTI3YzI1MDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKbShYF65X87SN6wWSEEWL2iqyjM
naqTcZPZmFEI79WFIrQQ2rylILZIxYKRhq76m5/oyxebHVt9wUTDwqRRsRYjaz9R
/iA7QnC4jspSMiqHpaC2ro6k87RXrxpq5B7228JxR7+VcR58o3iLpH0YgeNw+CZJ
zFW0rfuZl2vdJDZC+i0sYhzdyTzYu7CaI+bDE6Dbx7VMgeG8Ge1OKjbjfJomvzqI
7UQOGolU99yC6feg2yYQsVUwJf4ix7QzRtJIm8JlwOXuWTU5tMpMMymy765Tj0U0
iLcK3GjT/mdk73mgbQSLzR6m+t9sxdgtdRmKeJOMtgkl+BsAP/DtvRzBiwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKMmkJ/SFxAX/lMbJhm/B+onwlBiMB8GA1UdIwQY
MBaAFFiynnuKDducNsbg4/SVd4F7DqOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUt
ZWU3M2ZlMjFlZDIzLzEvb3lhUW45SVhFQmYtVXhzbUdiOEg2aWZDVUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUtZWU3M2ZlMjFlZDIz
LzEvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBUoSKAwQE
UoSgMAwDBAJShLQDBAJShLgDBABShMcwDAMEAVKE0gMEAVKE+DANBgkqhkiG9w0B
AQsFAAOCAQEANc8dMRSP3JepWe3KlGBsausjaUdfcYoME6Xjv5zfSa22Y2fFoS8x
JEMvLZaHZn4sfT3c8SNDiae+rUTAUTt/vI3TUX804MwIYjfQeho5m7N2L0b91PHE
dixF2E2UHYl+lyaGyYJ2m+u0K4UkYI53LnDf7GQywyTTLf9g8vFklfGNbpFg8nZN
8EuO7DNyqtsICdifONAth4c55PFSkkV3qEagJMQjAkWySiOuDZzq2mgbJxOmK0Us
lh4nNqqV9AHPAd1qr8albYBXTehgANjSNTBYAoXCf9QiMhEs9OcMEt47XFrli0Wp
2yIdBNRUESXv6S8rEUbjIdffD0tyMIT+4g==
-----END CERTIFICATE-----