Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/nnKE8Q0UJ9dIKVrsAXjkBRjJTJM.roa
File:                     nnKE8Q0UJ9dIKVrsAXjkBRjJTJM.roa (raw, json)
Hash identifier:          bgmAbwsP64CoWw+B56I3xylP8w4iohr3Fy/lvkYMI/8=
Subject key identifier:   9E:72:84:F1:0D:14:27:D7:48:29:5A:EC:01:78:E4:05:18:C9:4C:93
Certificate issuer:       /CN=63d9d1d95c1eb716ee8195045a77cba2181d79ec
Certificate serial:       0184B412687689DEDF6B32E5CFF76BDCE994
Authority key identifier: 63:D9:D1:D9:5C:1E:B7:16:EE:81:95:04:5A:77:CB:A2:18:1D:79:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y9nR2VwetxbugZUEWnfLohgdeew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/nnKE8Q0UJ9dIKVrsAXjkBRjJTJM.roa
Signing time:             Sat 26 Nov 2022 13:13:35 +0000
ROA not before:           Sat 26 Nov 2022 13:13:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29405
IP address blocks:        185.176.72.0/22 maxlen: 22
                          46.229.230.0/24 maxlen: 24
                          217.73.16.0/24 maxlen: 24
                          217.73.16.0/20 maxlen: 20
                          93.184.64.0/20 maxlen: 20
                          81.89.48.0/20 maxlen: 20
                          46.229.224.0/20 maxlen: 20
                          109.74.144.0/20 maxlen: 20
                          86.110.224.0/19 maxlen: 19
                          176.109.56.0/21 maxlen: 21
                          86.110.229.0/24 maxlen: 24
                          2a01:390::/32 maxlen: 32
                          2a00:10d8::/32 maxlen: 32
                          2a00:10d8:10::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:b4:12:68:76:89:de:df:6b:32:e5:cf:f7:6b:dc:e9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63d9d1d95c1eb716ee8195045a77cba2181d79ec
        Validity
            Not Before: Nov 26 13:13:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9e7284f10d1427d748295aec0178e40518c94c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ed:1e:77:8f:5f:72:f6:b2:41:05:9f:0b:f7:
                    84:75:92:3b:ac:8e:3c:c0:7c:78:bb:47:29:07:19:
                    d1:b0:49:0b:3c:1a:f3:74:b5:33:17:f4:d1:04:59:
                    03:aa:37:d7:f4:f6:de:51:59:e3:e4:9e:2c:3c:55:
                    af:32:04:61:f0:a8:f5:f2:fa:d0:d6:5d:27:bc:7a:
                    c2:02:47:76:ea:73:c8:05:ee:2b:1c:80:8d:ec:af:
                    dc:5e:45:7d:0b:4b:bc:4e:be:cc:99:29:ba:20:c8:
                    c5:57:7b:73:16:fa:3d:6e:af:f3:01:30:44:a7:38:
                    8b:6e:57:01:66:42:d5:02:1d:8c:b4:c8:5a:8c:59:
                    bd:96:1c:f2:ef:fb:a3:71:f2:96:8c:2c:8d:05:6b:
                    fa:d2:53:18:2f:18:aa:35:54:e6:c6:5d:f5:09:37:
                    60:b1:fa:80:b7:54:ac:71:a5:05:bd:9b:a1:1e:18:
                    b7:16:88:fb:ed:6c:2a:63:f9:47:43:47:76:02:6c:
                    79:2a:7e:61:12:a9:9e:1d:e0:13:95:1c:63:b6:ce:
                    4f:8e:f2:43:fc:02:c4:81:b1:40:ca:f8:e8:62:b4:
                    b6:09:05:0f:1f:b2:72:aa:74:d3:9d:fc:64:95:88:
                    4d:24:ae:fc:70:0f:24:ea:48:c2:7f:70:10:dc:3c:
                    57:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:72:84:F1:0D:14:27:D7:48:29:5A:EC:01:78:E4:05:18:C9:4C:93
            X509v3 Authority Key Identifier:
                keyid:63:D9:D1:D9:5C:1E:B7:16:EE:81:95:04:5A:77:CB:A2:18:1D:79:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y9nR2VwetxbugZUEWnfLohgdeew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/nnKE8Q0UJ9dIKVrsAXjkBRjJTJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3ed8dd-d36e-440c-8142-d80c6b85cda4/1/Y9nR2VwetxbugZUEWnfLohgdeew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.224.0/20
                  81.89.48.0/20
                  86.110.224.0/19
                  93.184.64.0/20
                  109.74.144.0/20
                  176.109.56.0/21
                  185.176.72.0/22
                  217.73.16.0/20
                IPv6:
                  2a00:10d8::/32
                  2a01:390::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:23:0e:89:91:d3:c6:4d:b2:67:8c:2e:53:74:b0:2c:a7:3f:
         b9:0d:aa:8f:c0:15:d8:17:fa:47:0d:91:2d:9d:8e:e3:cb:b2:
         ff:1e:f7:48:aa:29:e3:eb:63:da:a5:00:e5:78:52:37:86:df:
         ec:1a:a7:f1:fe:69:c9:8d:b6:bd:41:87:b6:2b:5c:81:6d:ed:
         72:16:b7:cb:6d:70:26:4e:c1:ed:ca:61:7e:3d:97:41:ec:44:
         70:11:98:21:fd:f6:ae:98:d0:b6:20:aa:4d:b0:61:3a:67:90:
         8e:60:dd:ad:4d:84:82:10:f9:29:f0:6a:98:ca:d9:d0:23:e7:
         a7:27:e1:f4:fa:77:a7:81:5e:4e:d3:a2:c8:c9:b4:25:17:8c:
         69:d4:97:0c:83:70:67:f0:96:60:1b:3c:2a:bf:38:ab:5e:0e:
         31:04:d1:91:30:31:2b:96:ae:6e:49:5b:49:f3:84:d8:83:6c:
         0c:83:7b:f4:c7:f5:57:e9:3a:09:21:c7:5e:d3:b8:3f:2f:f8:
         6f:9a:f8:db:c6:19:1d:43:40:18:73:f0:31:b3:9b:cd:23:95:
         41:14:88:aa:47:e0:9c:8f:65:91:95:53:3c:1e:47:8c:67:9e:
         79:55:45:75:d1:0a:9a:83:df:5f:21:ce:00:9f:cf:4f:e8:2c:
         b6:24:e6:fa
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYS0Emh2id7fazLlz/dr3OmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZDlkMWQ5NWMxZWI3MTZlZTgxOTUwNDVhNzdjYmEyMTgx
ZDc5ZWMwHhcNMjIxMTI2MTMxMzM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTcyODRmMTBkMTQyN2Q3NDgyOTVhZWMwMTc4ZTQwNTE4Yzk0YzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju0ed49fcvayQQWfC/eEdZI7rI48
wHx4u0cpBxnRsEkLPBrzdLUzF/TRBFkDqjfX9PbeUVnj5J4sPFWvMgRh8Kj18vrQ
1l0nvHrCAkd26nPIBe4rHICN7K/cXkV9C0u8Tr7MmSm6IMjFV3tzFvo9bq/zATBE
pziLblcBZkLVAh2MtMhajFm9lhzy7/ujcfKWjCyNBWv60lMYLxiqNVTmxl31CTdg
sfqAt1SscaUFvZuhHhi3Foj77WwqY/lHQ0d2Amx5Kn5hEqmeHeATlRxjts5PjvJD
/ALEgbFAyvjoYrS2CQUPH7JyqnTTnfxklYhNJK78cA8k6kjCf3AQ3DxX7QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFJ5yhPENFCfXSCla7AF45AUYyUyTMB8GA1UdIwQY
MBaAFGPZ0dlcHrcW7oGVBFp3y6IYHXnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTluUjJWd2V0eGJ1Z1pVRVduZkxvaGdkZWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZWQ4ZGQtZDM2ZS00NDBjLTgxNDIt
ZDgwYzZiODVjZGE0LzEvbm5LRThRMFVKOWRJS1Zyc0FYamtCUmpKVEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZWQ4ZGQtZDM2ZS00NDBjLTgxNDItZDgwYzZiODVjZGE0
LzEvWTluUjJWd2V0eGJ1Z1pVRVduZkxvaGdkZWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQELuXgAwQE
UVkwAwQFVm7gAwQEXbhAAwQEbUqQAwQDsG04AwQCubBIAwQE2UkQMBQEAgACMA4D
BQAqABDYAwUAKgEDkDANBgkqhkiG9w0BAQsFAAOCAQEANyMOiZHTxk2yZ4wuU3Sw
LKc/uQ2qj8AV2Bf6Rw2RLZ2O48uy/x73SKop4+tj2qUA5XhSN4bf7Bqn8f5pyY22
vUGHtitcgW3tcha3y21wJk7B7cphfj2XQexEcBGYIf32rpjQtiCqTbBhOmeQjmDd
rU2EghD5KfBqmMrZ0CPnpyfh9Pp3p4FeTtOiyMm0JReMadSXDINwZ/CWYBs8Kr84
q14OMQTRkTAxK5aubklbSfOE2INsDIN79Mf1V+k6CSHHXtO4Py/4b5r428YZHUNA
GHPwMbObzSOVQRSIqkfgnI9lkZVTPB5HjGeeeVVFddEKmoPfXyHOAJ/PT+gstiTm
+g==
-----END CERTIFICATE-----