Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bq24bR1VqfFnsh6EmrXiyDwo2Zs.roa
File:                     bq24bR1VqfFnsh6EmrXiyDwo2Zs.roa (raw, json)
Hash identifier:          iM3f4Pzz8ZyEFE8WoVqdUU6yizACkNow6z74MPop7Do=
Subject key identifier:   6E:AD:B8:6D:1D:55:A9:F1:67:B2:1E:84:9A:B5:E2:C8:3C:28:D9:9B
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018514BC2686E992570A92E35E2E75E98EAE
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bq24bR1VqfFnsh6EmrXiyDwo2Zs.roa
Signing time:             Thu 15 Dec 2022 07:42:32 +0000
ROA not before:           Thu 15 Dec 2022 07:42:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.96.0/24 maxlen: 24
                          79.175.95.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:14:bc:26:86:e9:92:57:0a:92:e3:5e:2e:75:e9:8e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Dec 15 07:42:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6eadb86d1d55a9f167b21e849ab5e2c83c28d99b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:77:c8:01:1d:16:95:87:6e:13:0b:c0:71:2e:
                    7d:98:3e:4a:8d:59:b8:b5:f0:9a:1f:9f:8b:2b:5f:
                    97:96:f9:5f:16:4d:66:47:01:9b:fb:de:c8:7f:cd:
                    6b:97:87:68:5b:8f:3f:92:40:39:f3:76:89:cc:94:
                    a2:43:9e:07:64:69:9c:2b:cb:8f:b4:13:ce:99:40:
                    e1:a8:90:d2:ed:9f:d6:bf:45:49:ee:c9:fc:05:0d:
                    5d:61:b4:29:ba:81:ca:95:33:aa:22:94:4e:fb:b3:
                    61:6a:ef:90:9d:96:26:7a:a2:83:05:94:3a:ed:b9:
                    9f:b1:0f:c6:39:97:02:aa:96:e3:24:c9:72:f1:13:
                    c4:ea:c2:2a:d5:bb:1d:b9:8f:6e:8e:b4:e3:ca:4b:
                    2e:00:73:47:d7:95:30:a4:1b:1b:f2:56:71:e1:8c:
                    27:b7:48:26:a1:78:72:a4:7c:bb:38:d0:24:36:18:
                    56:e7:dd:70:7c:1f:66:c8:b7:c8:58:b4:09:4c:27:
                    8a:44:a8:7f:52:1b:ee:f2:67:10:fa:de:75:75:11:
                    4d:76:d7:2b:78:f9:ed:a4:cb:79:a9:90:cc:85:b4:
                    78:95:36:de:62:b1:58:57:76:80:d6:e5:92:5a:53:
                    7d:f0:ef:8d:b2:7e:14:25:01:d7:94:19:6e:46:2a:
                    53:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:AD:B8:6D:1D:55:A9:F1:67:B2:1E:84:9A:B5:E2:C8:3C:28:D9:9B
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bq24bR1VqfFnsh6EmrXiyDwo2Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0-79.175.96.255
                  109.121.33.0-109.121.34.255
                  109.121.37.0/24
                  109.121.39.0/24
                  109.121.41.0-109.121.43.255
                  109.121.45.0/24
                  109.121.47.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:16:c6:bf:2b:d5:fb:e0:53:2a:52:ce:f5:50:88:62:51:d3:
         53:05:44:c2:69:95:f5:ec:f6:ca:e9:69:8b:89:05:e5:20:d5:
         ba:c9:16:71:71:02:fd:e3:9b:ef:39:e9:60:88:a6:2a:dc:d9:
         ab:1b:53:fc:6f:f7:f7:5f:7f:65:03:fc:14:dd:c4:70:24:8b:
         9e:75:d1:87:5c:99:90:1d:b1:35:83:9e:7d:5d:7c:c2:77:2b:
         ab:92:ea:09:6f:7b:71:59:82:37:bf:a5:56:14:2b:4a:d2:b6:
         a3:ba:66:46:f9:e2:34:e3:21:99:5e:c0:11:1c:f1:16:b3:1d:
         75:92:dc:c4:e0:24:b5:a5:12:ab:4d:4c:87:a0:66:73:8c:1b:
         a5:6e:ed:b2:78:ca:2f:46:3e:38:3f:7b:36:ac:62:f3:31:45:
         38:e1:b0:5a:f2:42:19:62:27:08:6b:bd:55:a5:ec:39:e2:5e:
         ef:f3:e5:4e:f2:bb:02:96:1f:54:b6:96:62:51:4d:16:db:4a:
         80:7f:60:55:39:17:29:d8:0a:6d:c0:5b:d2:77:f2:15:dd:e1:
         a7:69:5f:54:ad:9c:07:20:1e:90:ee:11:f7:b6:b5:96:5d:b0:
         cb:d7:2c:fd:1e:1d:f2:f2:3c:4e:18:d0:69:ac:1b:0b:34:a0:
         9f:22:be:30
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYUUvCaG6ZJXCpLjXi516Y6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIxMjE1MDc0MjMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWFkYjg2ZDFkNTVhOWYxNjdiMjFlODQ5YWI1ZTJjODNjMjhkOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HfIAR0WlYduEwvAcS59mD5KjVm4
tfCaH5+LK1+XlvlfFk1mRwGb+97If81rl4doW48/kkA583aJzJSiQ54HZGmcK8uP
tBPOmUDhqJDS7Z/Wv0VJ7sn8BQ1dYbQpuoHKlTOqIpRO+7Nhau+QnZYmeqKDBZQ6
7bmfsQ/GOZcCqpbjJMly8RPE6sIq1bsduY9ujrTjyksuAHNH15UwpBsb8lZx4Ywn
t0gmoXhypHy7ONAkNhhW591wfB9myLfIWLQJTCeKRKh/Uhvu8mcQ+t51dRFNdtcr
ePntpMt5qZDMhbR4lTbeYrFYV3aA1uWSWlN98O+Nsn4UJQHXlBluRipT0QIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFG6tuG0dVanxZ7IehJq14sg8KNmbMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvYnEyNGJSMVZxZkZuc2g2RW1yWGl5RHdvMlpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBABPr18D
BABPr2AwDAMEAG15IQMEAG15IgMEAG15JQMEAG15JzAMAwQAbXkpAwQCbXkoAwQA
bXktAwQAbXkvAwQAvP/UAwQA1EULMA0GCSqGSIb3DQEBCwUAA4IBAQBEFsa/K9X7
4FMqUs71UIhiUdNTBUTCaZX17PbK6WmLiQXlINW6yRZxcQL945vvOelgiKYq3Nmr
G1P8b/f3X39lA/wU3cRwJIueddGHXJmQHbE1g559XXzCdyurkuoJb3txWYI3v6VW
FCtK0rajumZG+eI04yGZXsARHPEWsx11ktzE4CS1pRKrTUyHoGZzjBulbu2yeMov
Rj44P3s2rGLzMUU44bBa8kIZYicIa71Vpew54l7v8+VO8rsClh9UtpZiUU0W20qA
f2BVORcp2AptwFvSd/IV3eGnaV9UrZwHIB6Q7hH3trWWXbDL1yz9Hh3y8jxOGNBp
rBsLNKCfIr4w
-----END CERTIFICATE-----