Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/GW_f-s8nKk3_NJVfvHIBV5qYELU.roa
File:                     GW_f-s8nKk3_NJVfvHIBV5qYELU.roa (raw, json)
Hash identifier:          tfNq6eA5tK7iYTh4ksqxaouahxD83cFozW884BFG2Gc=
Subject key identifier:   19:6F:DF:FA:CF:27:2A:4D:FF:34:95:5F:BC:72:01:57:9A:98:10:B5
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       0182ECD3E63023A8B160EEF403389091A0CD
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/GW_f-s8nKk3_NJVfvHIBV5qYELU.roa
Signing time:             Tue 30 Aug 2022 03:38:05 +0000
ROA not before:           Tue 30 Aug 2022 03:38:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6134
IP address blocks:        45.131.179.0/24 maxlen: 24
                          91.217.160.0/24 maxlen: 24
                          193.227.103.0/24 maxlen: 24
                          193.227.109.0/24 maxlen: 24
                          193.227.114.0/24 maxlen: 24
                          193.200.149.0/24 maxlen: 24
                          193.200.152.0/24 maxlen: 24
                          45.132.238.0/24 maxlen: 24
                          45.132.239.0/24 maxlen: 24
                          91.238.207.0/24 maxlen: 24
                          45.128.146.0/24 maxlen: 24
                          45.128.147.0/24 maxlen: 24
                          45.137.11.0/24 maxlen: 24
                          45.137.10.0/24 maxlen: 24
                          2a12:a380::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ec:d3:e6:30:23:a8:b1:60:ee:f4:03:38:90:91:a0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Aug 30 03:38:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=196fdffacf272a4dff34955fbc7201579a9810b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:32:ae:89:f4:63:25:de:8a:56:dd:b2:79:f6:
                    13:c3:76:3e:16:1d:a4:84:df:d3:e5:5f:b9:3c:3b:
                    9e:3d:a2:96:9b:52:de:39:89:47:9e:c7:ae:f7:3c:
                    20:f1:6d:4d:f3:65:87:a4:ce:9c:fc:8f:73:93:c1:
                    a4:9a:f4:b5:b9:d8:39:84:82:84:47:00:61:5c:1c:
                    61:6f:af:72:65:a9:11:75:19:14:73:9a:1a:2e:bf:
                    ca:3f:55:a1:10:71:ce:97:fd:fb:3f:ca:f1:b9:09:
                    4a:71:0e:a3:18:17:d2:30:80:cd:3e:0f:82:e3:aa:
                    fa:c8:55:7d:b6:66:60:89:5c:b3:cb:9f:c2:83:16:
                    57:92:bd:17:62:97:e2:12:b3:da:b0:28:c2:8e:5a:
                    ca:fe:a1:dd:75:99:63:4b:11:20:18:81:fe:45:81:
                    09:f8:5f:4e:a8:5c:88:92:a9:51:56:bd:e2:d6:68:
                    60:c4:1b:5b:80:d6:5d:2d:24:cd:7b:af:c2:3a:e6:
                    aa:8b:49:89:9d:d4:33:bc:95:24:34:e9:ca:eb:e7:
                    1f:1b:73:6e:56:be:02:00:63:83:26:8b:42:3d:bb:
                    8c:45:30:77:1f:7e:77:94:17:91:fd:78:d5:f5:3c:
                    1e:b5:46:34:49:09:90:c4:04:3b:8b:cb:57:f8:05:
                    57:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:6F:DF:FA:CF:27:2A:4D:FF:34:95:5F:BC:72:01:57:9A:98:10:B5
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/GW_f-s8nKk3_NJVfvHIBV5qYELU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.146.0/23
                  45.131.179.0/24
                  45.132.238.0/23
                  45.137.10.0/23
                  91.217.160.0/24
                  91.238.207.0/24
                  193.200.149.0/24
                  193.200.152.0/24
                  193.227.103.0/24
                  193.227.109.0/24
                  193.227.114.0/24
                IPv6:
                  2a12:a380::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:a7:a7:17:bf:ca:24:50:17:9c:bc:a5:df:b4:3b:cb:74:9f:
         4e:c1:bf:07:dd:2b:09:65:cd:50:78:44:f2:2b:50:9a:5c:d6:
         e8:5f:78:8b:a6:8d:d1:f4:58:2a:22:44:66:11:33:6c:fc:3e:
         62:b6:12:e7:bb:1f:17:93:6c:96:e7:c2:72:45:b6:b4:13:17:
         b2:34:ee:15:0a:b1:6a:89:09:15:94:75:f6:dc:74:65:aa:ca:
         a8:6e:c4:7a:43:6b:8a:3c:e9:91:11:f8:ab:57:44:ff:14:bd:
         95:11:92:d6:56:f8:37:58:45:99:0e:a2:5e:46:84:93:88:40:
         32:79:f4:4f:48:d8:6d:81:ea:25:60:ae:fa:7a:95:18:eb:d6:
         80:ce:d0:8c:6f:19:4f:7e:4e:28:8b:89:25:e2:39:34:98:6a:
         9d:f9:33:30:d4:0a:c1:a1:af:f2:5c:e1:b9:0d:08:e2:74:78:
         d2:f7:30:19:ca:47:6f:02:e2:a4:a3:60:01:fd:97:2c:f6:00:
         4f:23:1f:30:07:2d:61:6d:31:a9:d2:0e:82:fe:78:30:d6:a3:
         5d:65:3a:45:da:47:16:a5:83:d7:88:9c:ae:27:6a:fb:92:1f:
         35:cf:db:70:08:50:ae:8c:0a:5d:2c:66:e5:91:08:68:de:bd:
         db:ce:40:15
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYLs0+YwI6ixYO70AziQkaDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjIwODMwMDMzODA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTZmZGZmYWNmMjcyYTRkZmYzNDk1NWZiYzcyMDE1NzlhOTgxMGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDKuifRjJd6KVt2yefYTw3Y+Fh2k
hN/T5V+5PDuePaKWm1LeOYlHnseu9zwg8W1N82WHpM6c/I9zk8GkmvS1udg5hIKE
RwBhXBxhb69yZakRdRkUc5oaLr/KP1WhEHHOl/37P8rxuQlKcQ6jGBfSMIDNPg+C
46r6yFV9tmZgiVyzy5/CgxZXkr0XYpfiErPasCjCjlrK/qHddZljSxEgGIH+RYEJ
+F9OqFyIkqlRVr3i1mhgxBtbgNZdLSTNe6/COuaqi0mJndQzvJUkNOnK6+cfG3Nu
Vr4CAGODJotCPbuMRTB3H353lBeR/XjV9TwetUY0SQmQxAQ7i8tX+AVXPwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFBlv3/rPJypN/zSVX7xyAVeamBC1MB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvR1dfZi1zOG5LazNfTkpWZnZISUJWNXFZRUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQBLYCSAwQA
LYOzAwQBLYTuAwQBLYkKAwQAW9mgAwQAW+7PAwQAwciVAwQAwciYAwQAweNnAwQA
weNtAwQAweNyMA0EAgACMAcDBQMqEqOAMA0GCSqGSIb3DQEBCwUAA4IBAQBKp6cX
v8okUBecvKXftDvLdJ9Owb8H3SsJZc1QeETyK1CaXNboX3iLpo3R9FgqIkRmETNs
/D5ithLnux8Xk2yW58JyRba0ExeyNO4VCrFqiQkVlHX23HRlqsqobsR6Q2uKPOmR
EfirV0T/FL2VEZLWVvg3WEWZDqJeRoSTiEAyefRPSNhtgeolYK76epUY69aAztCM
bxlPfk4oi4kl4jk0mGqd+TMw1ArBoa/yXOG5DQjidHjS9zAZykdvAuKko2AB/Zcs
9gBPIx8wBy1hbTGp0g6C/ngw1qNdZTpF2kcWpYPXiJyuJ2r7kh81z9twCFCujApd
LGblkQho3r3bzkAV
-----END CERTIFICATE-----