Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/26e32a-35ba-443f-bc1e-6dc1f56031eb/1/zEQQEVsTAOIvTfYLBSvhq4i4YRs.roa
File:                     zEQQEVsTAOIvTfYLBSvhq4i4YRs.roa (raw, json)
Hash identifier:          AhA+HeVUHKTHzZMj2ZF99mmD8nnoMrefilIaNRB0sak=
Subject key identifier:   CC:44:10:11:5B:13:00:E2:2F:4D:F6:0B:05:2B:E1:AB:88:B8:61:1B
Certificate issuer:       /CN=7c3e585a59b523bb86d660a7168e1c1eba094da0
Certificate serial:       0184C2F06D504DB641F12A9D5D924F52D36B
Authority key identifier: 7C:3E:58:5A:59:B5:23:BB:86:D6:60:A7:16:8E:1C:1E:BA:09:4D:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD5YWlm1I7uG1mCnFo4cHroJTaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/26e32a-35ba-443f-bc1e-6dc1f56031eb/1/zEQQEVsTAOIvTfYLBSvhq4i4YRs.roa
Signing time:             Tue 29 Nov 2022 10:30:47 +0000
ROA not before:           Tue 29 Nov 2022 10:30:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210756
IP address blocks:        5.101.68.0/24 maxlen: 24
                          5.101.69.0/24 maxlen: 24
                          5.101.70.0/24 maxlen: 24
                          5.188.176.0/24 maxlen: 24
                          5.188.177.0/24 maxlen: 24
                          5.188.178.0/24 maxlen: 24
                          5.188.179.0/24 maxlen: 24
                          37.9.37.0/24 maxlen: 24
                          37.9.38.0/24 maxlen: 24
                          37.9.36.0/24 maxlen: 24
                          37.9.39.0/24 maxlen: 24
                          146.185.197.0/24 maxlen: 24
                          146.185.198.0/24 maxlen: 24
                          146.185.199.0/24 maxlen: 24
                          146.185.196.0/24 maxlen: 24
                          2a11:27c0:130::/44 maxlen: 44
                          2a11:27c0:120::/44 maxlen: 44
                          2a11:27c0:110::/44 maxlen: 44
                          2a11:27c0:140::/44 maxlen: 44

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c2:f0:6d:50:4d:b6:41:f1:2a:9d:5d:92:4f:52:d3:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3e585a59b523bb86d660a7168e1c1eba094da0
        Validity
            Not Before: Nov 29 10:30:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cc4410115b1300e22f4df60b052be1ab88b8611b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c1:f8:38:34:a5:21:94:ee:47:a5:9d:80:10:
                    4f:b3:9c:6f:03:39:4a:3e:f1:56:59:69:48:d2:c7:
                    59:57:f8:e4:1f:e8:64:f9:a5:a9:82:95:8b:db:3a:
                    28:d2:70:ed:9d:b8:5d:8b:f3:8b:de:18:49:02:8c:
                    45:f3:7b:71:e0:b6:3f:43:ad:36:17:8c:4c:56:93:
                    fc:9a:31:06:2c:d3:f3:b1:75:b4:e1:23:69:42:a9:
                    c5:b8:55:de:c0:8d:a0:80:af:4d:bf:9d:46:9c:5a:
                    e3:7b:1d:ca:93:2f:54:db:01:82:ed:b6:f1:a8:e8:
                    bb:dc:fd:d2:c1:83:b2:3b:12:c1:f9:dd:a7:2e:92:
                    30:39:e0:d1:de:da:aa:d0:ca:3c:37:a0:83:47:9c:
                    6d:7f:ad:a1:03:46:64:56:71:ea:14:e5:fb:78:26:
                    ff:b2:be:bf:71:cb:6b:bd:80:34:9a:e7:fe:26:04:
                    61:95:19:04:a4:c9:90:f0:55:95:90:d8:e9:c3:3a:
                    7f:5f:ba:75:ba:d4:6b:ad:29:c5:25:3f:69:4e:db:
                    a6:bb:f4:f9:3e:8d:bb:50:07:54:fc:27:15:ec:9c:
                    47:f0:e2:99:b2:df:04:9d:38:7a:a1:87:7b:5e:78:
                    af:2f:4b:61:fb:61:bc:29:73:fd:5e:d4:1f:42:c7:
                    57:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:44:10:11:5B:13:00:E2:2F:4D:F6:0B:05:2B:E1:AB:88:B8:61:1B
            X509v3 Authority Key Identifier:
                keyid:7C:3E:58:5A:59:B5:23:BB:86:D6:60:A7:16:8E:1C:1E:BA:09:4D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD5YWlm1I7uG1mCnFo4cHroJTaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/26e32a-35ba-443f-bc1e-6dc1f56031eb/1/zEQQEVsTAOIvTfYLBSvhq4i4YRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/26e32a-35ba-443f-bc1e-6dc1f56031eb/1/fD5YWlm1I7uG1mCnFo4cHroJTaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.68.0-5.101.70.255
                  5.188.176.0/22
                  37.9.36.0/22
                  146.185.196.0/22
                IPv6:
                  2a11:27c0:110::-2a11:27c0:14f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         65:45:12:91:b6:82:54:1d:5b:ee:3f:b6:91:df:2d:fc:46:28:
         c1:ce:83:f5:e5:0a:95:66:cc:79:85:6f:54:da:20:4e:8f:61:
         5b:5b:47:99:aa:ae:a0:c9:5f:22:cb:18:56:da:08:16:61:67:
         29:60:dd:57:13:b6:29:ec:01:4c:e8:72:a7:6f:59:34:c6:37:
         cc:70:d9:d2:6d:0d:79:eb:2c:b9:10:58:c8:c4:a6:81:c8:26:
         75:90:76:b9:72:b4:16:fc:63:52:94:c5:e7:c9:25:95:53:ec:
         1a:f7:42:0a:4d:81:15:89:c8:cd:5d:61:9a:10:b6:83:d1:7a:
         34:eb:8a:46:dd:39:a0:4d:6b:60:90:cb:3d:3a:de:ef:b4:cc:
         08:8e:3f:92:e6:6d:fe:1c:b8:67:cc:e0:cd:0f:bf:c6:a0:67:
         3b:e4:24:bf:9a:bf:de:d8:d2:66:f6:e9:5d:d4:29:d5:ad:bd:
         c3:60:14:7b:b1:53:96:3c:a4:3b:68:2a:d8:7c:e6:9c:5e:c2:
         76:ee:22:77:2f:33:a0:80:0f:1e:7b:99:51:8b:0b:53:f3:17:
         96:8a:7e:c7:a1:3d:7d:81:56:62:b4:f1:65:70:20:c5:cd:8a:
         0a:53:d4:d6:3b:3d:33:0b:a0:0c:51:dd:59:76:3c:a2:14:79:
         b2:15:a5:a2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYTC8G1QTbZB8SqdXZJPUtNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2U1ODVhNTliNTIzYmI4NmQ2NjBhNzE2OGUxYzFlYmEw
OTRkYTAwHhcNMjIxMTI5MTAzMDQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzQ0MTAxMTViMTMwMGUyMmY0ZGY2MGIwNTJiZTFhYjg4Yjg2MTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcH4ODSlIZTuR6WdgBBPs5xvAzlK
PvFWWWlI0sdZV/jkH+hk+aWpgpWL2zoo0nDtnbhdi/OL3hhJAoxF83tx4LY/Q602
F4xMVpP8mjEGLNPzsXW04SNpQqnFuFXewI2ggK9Nv51GnFrjex3Kky9U2wGC7bbx
qOi73P3SwYOyOxLB+d2nLpIwOeDR3tqq0Mo8N6CDR5xtf62hA0ZkVnHqFOX7eCb/
sr6/cctrvYA0muf+JgRhlRkEpMmQ8FWVkNjpwzp/X7p1utRrrSnFJT9pTtumu/T5
Po27UAdU/CcV7JxH8OKZst8EnTh6oYd7XnivL0th+2G8KXP9XtQfQsdXuQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMxEEBFbEwDiL032CwUr4auIuGEbMB8GA1UdIwQY
MBaAFHw+WFpZtSO7htZgpxaOHB66CU2gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQ1WVdsbTFJN3VHMW1DbkZvNGNIcm9KVGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8yNmUzMmEtMzViYS00NDNmLWJjMWUt
NmRjMWY1NjAzMWViLzEvekVRUUVWc1RBT0l2VGZZTEJTdmhxNGk0WVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8yNmUzMmEtMzViYS00NDNmLWJjMWUtNmRjMWY1NjAzMWVi
LzEvZkQ1WVdsbTFJN3VHMW1DbkZvNGNIcm9KVGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAmBAIAATAgMAwDBAIFZUQD
BAAFZUYDBAIFvLADBAIlCSQDBAKSucQwGgQCAAIwFDASAwcEKhEnwAEQAwcEKhEn
wAFAMA0GCSqGSIb3DQEBCwUAA4IBAQBlRRKRtoJUHVvuP7aR3y38RijBzoP15QqV
Zsx5hW9U2iBOj2FbW0eZqq6gyV8iyxhW2ggWYWcpYN1XE7Yp7AFM6HKnb1k0xjfM
cNnSbQ156yy5EFjIxKaByCZ1kHa5crQW/GNSlMXnySWVU+wa90IKTYEVicjNXWGa
ELaD0Xo064pG3TmgTWtgkMs9Ot7vtMwIjj+S5m3+HLhnzODND7/GoGc75CS/mr/e
2NJm9uld1CnVrb3DYBR7sVOWPKQ7aCrYfOacXsJ27iJ3LzOggA8ee5lRiwtT8xeW
in7HoT19gVZitPFlcCDFzYoKU9TWOz0zC6AMUd1ZdjyiFHmyFaWi
-----END CERTIFICATE-----