Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/Z6agdqB8lvdOUHWWVncCQ0eGMSQ.roa
File:                     Z6agdqB8lvdOUHWWVncCQ0eGMSQ.roa (raw, json)
Hash identifier:          G652JR0NEdYhDbgV8bRHeBicj5iUfrNT1exeIl7QQy8=
Subject key identifier:   67:A6:A0:76:A0:7C:96:F7:4E:50:75:96:56:77:02:43:47:86:31:24
Certificate issuer:       /CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Certificate serial:       0183EA445BA97A7F1F839F30DFD51EFF5FED
Authority key identifier: C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/Z6agdqB8lvdOUHWWVncCQ0eGMSQ.roa
Signing time:             Tue 18 Oct 2022 08:44:51 +0000
ROA not before:           Tue 18 Oct 2022 08:44:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15703
IP address blocks:        213.193.232.0/24 maxlen: 24
                          213.193.232.0/21 maxlen: 21
                          213.193.240.0/21 maxlen: 24
                          213.193.250.0/23 maxlen: 23
                          213.193.252.0/23 maxlen: 23
                          213.193.254.0/23 maxlen: 24
                          213.239.128.0/18 maxlen: 24
                          213.193.192.0/21 maxlen: 21
                          213.193.208.0/21 maxlen: 21
                          213.193.209.0/24 maxlen: 24
                          213.193.212.0/24 maxlen: 24
                          213.193.216.0/22 maxlen: 22
                          80.247.192.0/19 maxlen: 19
                          213.193.220.0/22 maxlen: 22
                          193.28.152.0/24 maxlen: 24
                          87.233.0.0/16 maxlen: 24
                          2001:990::/32 maxlen: 32
                          2001:9a8::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ea:44:5b:a9:7a:7f:1f:83:9f:30:df:d5:1e:ff:5f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
        Validity
            Not Before: Oct 18 08:44:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=67a6a076a07c96f74e5075965677024347863124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:75:0f:3b:e2:23:f4:ae:f8:9a:9c:df:de:00:
                    e8:4b:1d:9f:e1:22:ac:3d:bc:79:c6:c4:9a:cf:5f:
                    07:4a:8f:d5:0d:bd:ee:5b:ea:41:82:ec:0e:1c:6c:
                    7a:c7:87:52:1d:8b:16:2e:4b:b1:98:2b:45:43:8c:
                    60:a9:7b:92:6a:26:79:70:ce:cf:d3:c0:3e:02:ac:
                    14:e2:3a:75:50:73:da:cc:bb:50:a9:f7:64:6e:b6:
                    ee:4f:8c:8e:6c:12:b8:ad:42:5a:f6:fd:d7:30:7b:
                    bb:89:f6:41:13:ab:84:67:f1:3a:64:b2:7b:44:6d:
                    24:b5:2b:20:5d:d3:ca:0e:ed:56:63:dc:1b:e8:86:
                    80:d5:d4:0e:dd:22:8b:0e:6f:37:aa:aa:3e:87:4e:
                    a4:ff:29:f4:92:f8:4d:84:c1:99:8b:b5:bd:61:d1:
                    d9:f4:24:89:74:d3:f1:7c:33:af:9e:da:84:a0:06:
                    2a:27:1b:54:8a:42:62:06:7d:c5:ad:c0:c3:da:b1:
                    58:67:bd:c9:f3:36:83:67:44:24:f5:d9:37:a5:42:
                    52:6c:8c:b9:9e:f8:a9:4b:a2:45:a5:1d:05:25:0e:
                    42:c3:c7:02:df:bd:ac:50:2c:4c:00:48:51:b8:40:
                    32:11:1e:50:b7:02:c9:bf:00:c6:0a:ce:ac:4e:de:
                    ed:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A6:A0:76:A0:7C:96:F7:4E:50:75:96:56:77:02:43:47:86:31:24
            X509v3 Authority Key Identifier:
                keyid:C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/Z6agdqB8lvdOUHWWVncCQ0eGMSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.192.0/19
                  87.233.0.0/16
                  193.28.152.0/24
                  213.193.192.0/21
                  213.193.208.0/20
                  213.193.232.0-213.193.247.255
                  213.193.250.0-213.193.255.255
                  213.239.128.0/18
                IPv6:
                  2001:990::/32
                  2001:9a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:71:43:7e:99:49:44:24:df:fa:0a:16:33:05:87:36:30:9f:
         39:d1:c7:21:fe:5b:b8:32:a3:55:60:18:a9:e2:b6:62:ac:9a:
         80:aa:a6:4d:87:0b:6d:3c:b7:5e:2a:40:63:9c:ca:d1:cd:e4:
         88:9b:93:7d:4a:4c:3c:c0:96:bb:81:9c:7a:c2:12:db:18:d6:
         14:a8:4a:54:d0:b6:c0:63:f4:98:f9:0b:1a:b4:03:ce:e6:7d:
         b8:21:00:fc:8a:5b:a3:c5:59:ca:46:9e:a5:82:38:54:65:d0:
         f7:5e:a6:44:0a:e2:d4:ec:3f:fe:84:a5:44:7d:e5:6a:46:2e:
         4a:9f:ae:c3:c7:53:aa:9d:fb:98:5f:6f:17:43:85:f5:28:83:
         db:5c:31:d5:1a:e7:2e:35:b7:2d:7d:00:e7:31:e7:96:9c:c3:
         9c:d9:82:bf:a0:70:3f:c0:bb:1b:c6:0d:f9:33:f9:d5:75:fd:
         71:18:08:a7:c5:2a:8f:d3:7a:12:c9:c8:a0:4f:24:29:12:e9:
         3d:b3:4d:c6:71:5b:9b:37:c8:19:ad:e5:a5:31:df:63:96:54:
         5a:6b:43:9c:c5:72:89:e8:48:a0:2f:c9:e9:2d:6f:ba:3f:0c:
         dc:bb:4c:a1:d2:bc:56:d4:05:15:7f:62:e1:3f:5a:e7:16:3f:
         d9:38:ac:cf
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYPqRFupen8fg58w39Ue/1/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzM1ODY4MmRmM2RmOGJkYzcwMjQ1MDdmOTJlY2ZjNWFl
MDk3YmIwHhcNMjIxMDE4MDg0NDUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2E2YTA3NmEwN2M5NmY3NGU1MDc1OTY1Njc3MDI0MzQ3ODYzMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHUPO+Ij9K74mpzf3gDoSx2f4SKs
Pbx5xsSaz18HSo/VDb3uW+pBguwOHGx6x4dSHYsWLkuxmCtFQ4xgqXuSaiZ5cM7P
08A+AqwU4jp1UHPazLtQqfdkbrbuT4yObBK4rUJa9v3XMHu7ifZBE6uEZ/E6ZLJ7
RG0ktSsgXdPKDu1WY9wb6IaA1dQO3SKLDm83qqo+h06k/yn0kvhNhMGZi7W9YdHZ
9CSJdNPxfDOvntqEoAYqJxtUikJiBn3FrcDD2rFYZ73J8zaDZ0Qk9dk3pUJSbIy5
nvipS6JFpR0FJQ5Cw8cC372sUCxMAEhRuEAyER5QtwLJvwDGCs6sTt7tGQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFGemoHagfJb3TlB1llZ3AkNHhjEkMB8GA1UdIwQY
MBaAFMJzWGgt89+L3HAkUH+S7Pxa4Je7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDct
ZTg4NDY1YzQ2MTg2LzEvWjZhZ2RxQjhsdmRPVUhXV1ZuY0NRMGVHTVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDctZTg4NDY1YzQ2MTg2
LzEvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQFUPfAAwMA
V+kDBADBHJgDBAPVwcADBATVwdAwDAMEA9XB6AMEA9XB8DALAwQB1cH6AwMB1cAD
BAbV74AwFAQCAAIwDgMFACABCZADBQAgAQmoMA0GCSqGSIb3DQEBCwUAA4IBAQAg
cUN+mUlEJN/6ChYzBYc2MJ850cch/lu4MqNVYBip4rZirJqAqqZNhwttPLdeKkBj
nMrRzeSIm5N9Skw8wJa7gZx6whLbGNYUqEpU0LbAY/SY+QsatAPO5n24IQD8iluj
xVnKRp6lgjhUZdD3XqZECuLU7D/+hKVEfeVqRi5Kn67Dx1OqnfuYX28XQ4X1KIPb
XDHVGucuNbctfQDnMeeWnMOc2YK/oHA/wLsbxg35M/nVdf1xGAinxSqP03oSycig
TyQpEuk9s03GcVubN8gZreWlMd9jllRaa0OcxXKJ6EigL8npLW+6Pwzcu0yh0rxW
1AUVf2LhP1rnFj/ZOKzP
-----END CERTIFICATE-----