Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gOWp2d-TIP5zn6Jckmn2jt5GS3U.roa
File:                     gOWp2d-TIP5zn6Jckmn2jt5GS3U.roa (raw, json)
Hash identifier:          aGegOs7o02yydfYlKiQ+KHsYf1wEpcLCN4vjuMGqbwE=
Subject key identifier:   80:E5:A9:D9:DF:93:20:FE:73:9F:A2:5C:92:69:F6:8E:DE:46:4B:75
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       3BF150DB
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gOWp2d-TIP5zn6Jckmn2jt5GS3U.roa
Signing time:             Wed 01 Jun 2022 12:24:20 +0000
ROA not before:           Wed 01 Jun 2022 12:24:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204650
IP address blocks:        5.160.77.0/24 maxlen: 24
                          46.209.57.0/24 maxlen: 24
                          46.209.56.0/23 maxlen: 24
                          5.160.215.0/24 maxlen: 24
                          46.209.214.0/24 maxlen: 24
                          77.237.66.0/23 maxlen: 23
                          46.209.134.0/24 maxlen: 24
                          46.209.134.0/23 maxlen: 23
                          46.209.133.0/24 maxlen: 24
                          5.160.208.0/23 maxlen: 23
                          5.160.111.0/24 maxlen: 24
                          5.160.110.0/24 maxlen: 24
                          5.160.110.0/23 maxlen: 23
                          5.160.131.0/24 maxlen: 24
                          5.160.130.0/23 maxlen: 23
                          5.160.130.0/24 maxlen: 24
                          46.209.108.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1005670619 (0x3bf150db)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jun  1 12:24:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=80e5a9d9df9320fe739fa25c9269f68ede464b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ea:8a:1c:df:67:ff:b5:69:ff:55:dc:8e:32:
                    73:d8:f4:d1:d6:1a:d4:a4:78:b7:66:1a:dd:9c:ec:
                    37:f0:91:57:0e:66:6d:f4:82:c2:13:33:a0:51:71:
                    68:3f:65:eb:6e:73:18:ef:0f:b5:6b:e1:4c:14:5e:
                    35:a5:a6:97:eb:a1:a9:19:f7:c3:84:14:1a:ca:61:
                    76:de:07:9c:05:4a:c2:79:76:a3:8c:fe:5b:f0:3a:
                    41:1c:9c:5a:a6:57:45:e5:a3:8b:cc:75:fa:ba:15:
                    e9:64:db:24:07:e1:b5:10:b7:4d:e2:13:42:c4:f7:
                    fb:1e:f3:ed:8c:f4:74:4d:e9:91:63:bc:79:76:9f:
                    da:36:cc:c6:79:f8:7b:6d:e1:e5:00:b6:8f:b0:f6:
                    d7:b3:ef:5c:b1:d2:2a:a9:1b:8b:6d:c7:68:65:0a:
                    6e:8f:f4:6f:8c:fb:cd:cb:1b:49:5e:5c:bf:8a:98:
                    8f:d7:4e:7b:b2:d8:c8:d8:43:85:8a:38:b6:f7:a8:
                    35:ce:17:96:85:02:f4:9c:d5:a3:7b:a0:0a:de:ab:
                    dc:a8:4d:89:6b:8f:fe:eb:0e:24:b4:48:53:6c:cc:
                    40:f8:7a:cd:28:f5:16:c9:1d:05:a1:2b:6e:14:7f:
                    66:9f:68:4e:de:32:c5:79:29:30:9f:dc:88:32:54:
                    ca:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:E5:A9:D9:DF:93:20:FE:73:9F:A2:5C:92:69:F6:8E:DE:46:4B:75
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gOWp2d-TIP5zn6Jckmn2jt5GS3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.77.0/24
                  5.160.110.0/23
                  5.160.130.0/23
                  5.160.208.0/23
                  5.160.215.0/24
                  46.209.56.0/23
                  46.209.108.0/22
                  46.209.133.0-46.209.135.255
                  46.209.214.0/24
                  77.237.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:54:01:58:fa:b6:80:04:ae:7f:1e:f1:74:ad:7b:b2:7d:70:
         99:e8:9a:c3:7c:04:6a:70:62:00:ca:81:e8:ad:ec:69:7a:ed:
         00:fa:d5:88:65:ad:2f:77:96:1a:9d:c5:b4:0f:71:e3:3b:70:
         6a:ed:44:bd:1f:18:63:3e:4c:fb:71:b1:99:8f:60:07:24:c7:
         06:0c:63:e5:11:60:67:7c:9b:06:36:4f:c7:d7:d3:f3:14:28:
         67:08:f6:26:21:fc:af:db:d0:94:b0:07:3e:36:a1:f7:c7:91:
         e5:3c:52:91:6d:2a:58:35:0e:97:73:56:bf:b6:16:0a:17:f3:
         d3:63:e2:3b:ad:f3:4e:a3:63:1c:87:52:11:9a:37:be:80:05:
         db:b3:03:22:88:10:50:be:e9:9a:e1:f4:a5:31:60:ba:ec:24:
         38:7b:fe:e2:51:22:6c:43:c0:3a:48:03:91:87:17:46:15:89:
         8f:28:a5:02:bf:6f:d8:88:35:1a:3c:96:3b:f3:f8:06:eb:7c:
         ef:72:64:f3:c6:0d:83:7e:68:2e:e9:0d:6d:5d:d4:3b:da:23:
         7f:f4:4e:a5:1f:11:34:37:78:1d:2c:d6:e4:66:fa:6e:79:e6:
         3f:f8:59:67:e3:aa:81:c1:51:7d:d8:80:e0:ad:a5:cb:85:87:
         65:56:55:68
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEO/FQ2zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MWNjYTlmMTVlMTkyMTk1M2E2MjhjOGFkMmFjNGJlOTc3YjZjMzAzMB4XDTIyMDYw
MTEyMjQyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODBlNWE5ZDlkZjkz
MjBmZTczOWZhMjVjOTI2OWY2OGVkZTQ2NGI3NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKjqihzfZ/+1af9V3I4yc9j00dYa1KR4t2Ya3ZzsN/CRVw5m
bfSCwhMzoFFxaD9l625zGO8PtWvhTBReNaWml+uhqRn3w4QUGsphdt4HnAVKwnl2
o4z+W/A6QRycWqZXReWji8x1+roV6WTbJAfhtRC3TeITQsT3+x7z7Yz0dE3pkWO8
eXaf2jbMxnn4e23h5QC2j7D217PvXLHSKqkbi23HaGUKbo/0b4z7zcsbSV5cv4qY
j9dOe7LYyNhDhYo4tveoNc4XloUC9JzVo3ugCt6r3KhNiWuP/usOJLRIU2zMQPh6
zSj1FskdBaErbhR/Zp9oTt4yxXkpMJ/ciDJUynECAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBSA5anZ35Mg/nOfolySafaO3kZLdTAfBgNVHSMEGDAWgBSBzKnxXhkhlTpi
jIrSrEvpd7bDAzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2djeXA4VjRaSVpVNllveUswcXhMNlhlMnd3TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvMWVhMmIwLTZiOWEtNDRkNy1hMmU1LTIyMDZjYzJlNjkxYy8x
L2dPV3AyZC1USVA1em42SmNrbW4yanQ1R1MzVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
MWVhMmIwLTZiOWEtNDRkNy1hMmU1LTIyMDZjYzJlNjkxYy8xL2djeXA4VjRaSVpV
NllveUswcXhMNlhlMnd3TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEAAWgTQMEAQWgbgMEAQWgggMEAQWg
0AMEAAWg1wMEAS7ROAMEAi7RbDAMAwQALtGFAwQDLtGAAwQALtHWAwQBTe1CMA0G
CSqGSIb3DQEBCwUAA4IBAQBeVAFY+raABK5/HvF0rXuyfXCZ6JrDfARqcGIAyoHo
rexpeu0A+tWIZa0vd5YancW0D3HjO3Bq7US9HxhjPkz7cbGZj2AHJMcGDGPlEWBn
fJsGNk/H19PzFChnCPYmIfyv29CUsAc+NqH3x5HlPFKRbSpYNQ6Xc1a/thYKF/PT
Y+I7rfNOo2Mch1IRmje+gAXbswMiiBBQvuma4fSlMWC67CQ4e/7iUSJsQ8A6SAOR
hxdGFYmPKKUCv2/YiDUaPJY78/gG63zvcmTzxg2Dfmgu6Q1tXdQ72iN/9E6lHxE0
N3gdLNbkZvpueeY/+Fln46qBwVF92IDgraXLhYdlVlVo
-----END CERTIFICATE-----