Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/l5tWcz_Rgwjv5zACIVivYKFGvVM.roa
File:                     l5tWcz_Rgwjv5zACIVivYKFGvVM.roa (raw, json)
Hash identifier:          a4QPfX9ViZrNaqqHxiFeeC5HgGX2hcYBG5Q5i8AkfD8=
Subject key identifier:   97:9B:56:73:3F:D1:83:08:EF:E7:30:02:21:58:AF:60:A1:46:BD:53
Certificate issuer:       /CN=52056867e4d2885e99b549ed6fb786330adf8f44
Certificate serial:       06BCB12F
Authority key identifier: 52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/l5tWcz_Rgwjv5zACIVivYKFGvVM.roa
Signing time:             Sat 01 Jan 2022 12:02:28 +0000
ROA not before:           Sat 01 Jan 2022 12:02:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12990
IP address blocks:        213.180.128.0/21 maxlen: 21
                          195.88.186.0/24 maxlen: 24
                          213.180.138.0/23 maxlen: 23
                          213.180.137.0/24 maxlen: 24
                          213.180.136.0/24 maxlen: 24
                          195.88.187.0/24 maxlen: 24
                          213.180.142.0/23 maxlen: 23
                          213.180.141.0/24 maxlen: 24
                          213.180.140.0/24 maxlen: 24
                          213.180.144.0/23 maxlen: 23
                          213.180.152.0/24 maxlen: 24
                          213.180.151.0/24 maxlen: 24
                          213.180.150.0/24 maxlen: 24
                          213.180.148.0/23 maxlen: 23
                          213.180.146.0/23 maxlen: 23
                          213.180.154.0/24 maxlen: 24
                          213.180.153.0/24 maxlen: 24
                          141.105.16.0/21 maxlen: 21
                          185.104.64.0/24 maxlen: 24
                          37.26.160.0/21 maxlen: 21
                          2a02:c10::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 113029423 (0x6bcb12f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52056867e4d2885e99b549ed6fb786330adf8f44
        Validity
            Not Before: Jan  1 12:02:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=979b56733fd18308efe730022158af60a146bd53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4e:8d:02:a2:af:d3:99:eb:04:b6:45:74:c6:
                    4c:1b:ae:f0:40:bc:8f:ef:db:55:3c:ef:64:53:f2:
                    df:f1:4a:2a:83:c6:49:91:dd:60:7c:ce:ae:a6:c8:
                    aa:ee:a4:1d:e5:3e:3f:76:71:d4:26:b1:b5:c2:df:
                    03:40:46:36:b2:8e:28:a8:ec:e4:60:02:9b:64:b1:
                    79:67:03:e7:ca:b9:01:1a:77:8a:8a:d4:d5:42:ef:
                    73:09:83:a1:75:9c:bd:95:27:0a:f7:2c:bb:c2:ca:
                    72:3e:38:1f:b0:b5:10:56:49:64:b4:46:82:8d:13:
                    4d:1a:d4:42:bf:29:61:89:cd:06:9b:3d:7a:4b:16:
                    d9:58:c3:bc:9a:89:94:4e:e0:09:34:aa:d1:78:8e:
                    eb:54:43:1f:28:cc:e6:07:00:d5:89:10:15:07:5b:
                    83:b6:bb:8b:7b:d1:9b:86:90:fc:68:b0:a8:e7:e4:
                    c6:84:12:11:80:d6:b9:b8:7d:8d:53:f1:c1:46:d9:
                    a5:47:b8:d4:5b:7c:74:ee:53:5e:fd:d7:35:da:38:
                    8f:41:13:1f:43:67:40:6e:0d:9b:49:3d:71:f2:3a:
                    31:21:ed:ac:67:28:99:e2:3e:a8:c5:c9:65:7b:75:
                    09:2f:91:ea:05:60:b8:02:42:ed:e9:4e:63:14:10:
                    ba:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:9B:56:73:3F:D1:83:08:EF:E7:30:02:21:58:AF:60:A1:46:BD:53
            X509v3 Authority Key Identifier:
                keyid:52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/l5tWcz_Rgwjv5zACIVivYKFGvVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.160.0/21
                  141.105.16.0/21
                  185.104.64.0/24
                  195.88.186.0/23
                  213.180.128.0-213.180.154.255
                IPv6:
                  2a02:c10::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:c0:a9:d2:71:1b:a5:59:c1:6a:46:02:b2:36:88:15:94:b6:
         d9:ac:7e:6b:c6:96:d5:a3:09:1f:c8:60:50:96:28:dd:7d:75:
         8b:d7:b3:99:ab:f6:95:e6:9c:5a:34:64:fb:21:f1:f9:3e:22:
         55:ce:a4:d6:c0:b0:82:73:ec:8a:66:23:8b:f0:ff:07:aa:c7:
         cd:93:4a:a8:71:f8:e5:d5:68:9b:d8:3b:05:1a:ad:69:84:c1:
         fb:c7:f0:1b:b7:17:48:36:e5:dd:72:c6:66:8c:60:2e:25:94:
         3a:fe:2c:07:46:03:8f:27:8e:5d:f1:c8:d6:03:6d:a3:9b:91:
         f9:21:97:18:ef:ba:46:25:f2:2c:24:5f:3c:33:c2:ab:11:48:
         49:e4:35:08:90:d3:71:e1:bf:82:53:c5:63:e7:04:b5:07:2a:
         ed:a4:f4:ee:36:41:df:cb:2a:7a:da:e7:16:60:87:e8:dd:3e:
         5a:bc:8f:15:f4:dc:2f:51:ff:61:72:dc:cd:85:ff:15:39:a1:
         2d:4b:d0:cc:1b:1f:03:68:4b:ae:f3:59:a3:85:13:93:bf:1b:
         8f:f5:95:73:28:a7:a8:7f:62:04:18:ce:07:d6:28:e8:cd:87:
         2e:b9:41:91:06:62:ad:a4:1e:eb:27:cd:3e:15:2f:a6:a0:9c:
         4f:97:af:97
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIEBryxLzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
MjA1Njg2N2U0ZDI4ODVlOTliNTQ5ZWQ2ZmI3ODYzMzBhZGY4ZjQ0MB4XDTIyMDEw
MTEyMDIyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTc5YjU2NzMzZmQx
ODMwOGVmZTczMDAyMjE1OGFmNjBhMTQ2YmQ1MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANhOjQKir9OZ6wS2RXTGTBuu8EC8j+/bVTzvZFPy3/FKKoPG
SZHdYHzOrqbIqu6kHeU+P3Zx1CaxtcLfA0BGNrKOKKjs5GACm2SxeWcD58q5ARp3
iorU1ULvcwmDoXWcvZUnCvcsu8LKcj44H7C1EFZJZLRGgo0TTRrUQr8pYYnNBps9
eksW2VjDvJqJlE7gCTSq0XiO61RDHyjM5gcA1YkQFQdbg7a7i3vRm4aQ/GiwqOfk
xoQSEYDWubh9jVPxwUbZpUe41Ft8dO5TXv3XNdo4j0ETH0NnQG4Nm0k9cfI6MSHt
rGcomeI+qMXJZXt1CS+R6gVguAJC7elOYxQQuokCAwEAAaOCAjgwggI0MB0GA1Ud
DgQWBBSXm1ZzP9GDCO/nMAIhWK9goUa9UzAfBgNVHSMEGDAWgBRSBWhn5NKIXpm1
Se1vt4YzCt+PRDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1VnVm9aLVRTaUY2WnRVbnRiN2VHTXdyZmowUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjMvYjI3ZDQ1LTA4Y2MtNDdhMS1hYzVhLTVmNDgzNjA4M2EzMC8x
L2w1dFdjel9SZ3dqdjV6QUNJVml2WUtGR3ZWTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMv
YjI3ZDQ1LTA4Y2MtNDdhMS1hYzVhLTVmNDgzNjA4M2EzMC8xL1VnVm9aLVRTaUY2
WnRVbnRiN2VHTXdyZmowUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBO
BggrBgEFBQcBBwEB/wQ/MD0wLAQCAAEwJgMEAyUaoAMEA41pEAMEALloQAMEAcNY
ujAMAwQH1bSAAwQA1bSaMA0EAgACMAcDBQAqAgwQMA0GCSqGSIb3DQEBCwUAA4IB
AQCIwKnScRulWcFqRgKyNogVlLbZrH5rxpbVowkfyGBQlijdfXWL17OZq/aV5pxa
NGT7IfH5PiJVzqTWwLCCc+yKZiOL8P8HqsfNk0qocfjl1Wib2DsFGq1phMH7x/Ab
txdINuXdcsZmjGAuJZQ6/iwHRgOPJ45d8cjWA22jm5H5IZcY77pGJfIsJF88M8Kr
EUhJ5DUIkNNx4b+CU8Vj5wS1ByrtpPTuNkHfyyp62ucWYIfo3T5avI8V9NwvUf9h
ctzNhf8VOaEtS9DMGx8DaEuu81mjhROTvxuP9ZVzKKeof2IEGM4H1ijozYcuuUGR
BmKtpB7rJ80+FS+moJxPl6+X
-----END CERTIFICATE-----