Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/cHYLJI_uGNivHM3lJQySIktqEng.roa
File:                     cHYLJI_uGNivHM3lJQySIktqEng.roa (raw, json)
Hash identifier:          8LjVgZkmeUGvwD2bvXGwqVpQMR7fuq2XnhJrqtrrvQ0=
Subject key identifier:   70:76:0B:24:8F:EE:18:D8:AF:1C:CD:E5:25:0C:92:22:4B:6A:12:78
Certificate issuer:       /CN=b87b766968716296e5bba0bce83856ae7165b8b8
Certificate serial:       0184C009D506A877184E2BE546AD48F10504
Authority key identifier: B8:7B:76:69:68:71:62:96:E5:BB:A0:BC:E8:38:56:AE:71:65:B8:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uHt2aWhxYpblu6C86DhWrnFluLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/cHYLJI_uGNivHM3lJQySIktqEng.roa
Signing time:             Mon 28 Nov 2022 20:59:40 +0000
ROA not before:           Mon 28 Nov 2022 20:59:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        185.92.220.0/22 maxlen: 24
                          78.141.192.0/19 maxlen: 24
                          199.247.0.0/19 maxlen: 24
                          78.141.224.0/19 maxlen: 24
                          80.240.16.0/20 maxlen: 24
                          192.248.128.0/18 maxlen: 24
                          95.179.128.0/17 maxlen: 24
                          209.250.224.0/19 maxlen: 24
                          217.69.0.0/20 maxlen: 24
                          2a05:f480:1000::/38 maxlen: 38
                          2a05:f480:1400::/38 maxlen: 38
                          2a05:f480:1800::/38 maxlen: 38
                          2a05:f480:1c00::/38 maxlen: 38
                          2a05:f480:2000::/38 maxlen: 38
                          2a05:f480:3000::/38 maxlen: 38
                          2a05:f480:2800::/38 maxlen: 38
                          2a05:f480:2400::/38 maxlen: 38

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c0:09:d5:06:a8:77:18:4e:2b:e5:46:ad:48:f1:05:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b87b766968716296e5bba0bce83856ae7165b8b8
        Validity
            Not Before: Nov 28 20:59:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=70760b248fee18d8af1ccde5250c92224b6a1278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fd:b4:18:0d:30:fa:e5:02:44:0f:dc:a8:e2:
                    12:a6:e1:08:81:f8:af:89:e5:e7:bc:e9:eb:69:43:
                    01:0b:7e:74:6d:93:ee:95:31:5b:24:62:e7:cb:a7:
                    78:0b:0e:df:b3:61:c7:61:06:91:7f:5f:83:22:26:
                    e7:87:cc:30:44:18:a5:b7:f7:4c:2b:f9:1c:73:21:
                    38:30:e2:03:bc:9a:86:d2:e8:58:7c:c3:df:c6:95:
                    ad:15:b0:c0:53:6b:86:ae:d5:83:7f:ef:35:5c:13:
                    d3:9d:ff:8b:8a:ed:70:dc:8c:fa:12:5f:61:38:6e:
                    12:01:12:29:3c:eb:3e:b5:c7:b7:f9:a5:02:6b:f9:
                    55:1a:da:0e:2c:83:14:a0:43:3d:7b:e9:18:84:df:
                    ee:0f:dc:01:cd:e8:62:1c:b2:bc:b1:88:07:fb:48:
                    38:1c:e1:07:1b:af:05:d7:66:51:70:6d:96:12:2a:
                    88:75:d0:5c:13:94:67:b9:b8:a8:7e:aa:cf:35:9d:
                    bf:7c:54:bb:6d:d7:7e:af:4f:50:8a:03:5f:1a:73:
                    6f:dd:1f:ee:bf:86:96:b8:31:e0:c1:57:2b:57:c8:
                    96:b1:9e:5f:97:a0:33:34:b7:7c:61:5a:23:b4:bf:
                    5e:1d:83:bb:d1:3c:96:74:d1:49:a8:10:bb:b5:7b:
                    9e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:76:0B:24:8F:EE:18:D8:AF:1C:CD:E5:25:0C:92:22:4B:6A:12:78
            X509v3 Authority Key Identifier:
                keyid:B8:7B:76:69:68:71:62:96:E5:BB:A0:BC:E8:38:56:AE:71:65:B8:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uHt2aWhxYpblu6C86DhWrnFluLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/cHYLJI_uGNivHM3lJQySIktqEng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/uHt2aWhxYpblu6C86DhWrnFluLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.141.192.0/18
                  80.240.16.0/20
                  95.179.128.0/17
                  185.92.220.0/22
                  192.248.128.0/18
                  199.247.0.0/19
                  209.250.224.0/19
                  217.69.0.0/20
                IPv6:
                  2a05:f480:1000::-2a05:f480:2bff:ffff:ffff:ffff:ffff:ffff
                  2a05:f480:3000::/38

    Signature Algorithm: sha256WithRSAEncryption
         2a:1a:62:a0:2c:7c:bc:f1:4e:97:56:5d:11:bd:4c:5c:04:28:
         60:33:5a:cd:65:6e:b5:d2:ce:d7:28:54:df:86:ed:d1:95:0e:
         56:cd:f1:d6:8c:4f:7d:12:45:af:66:9d:5c:87:d3:78:bd:a5:
         6d:88:57:53:55:ff:20:da:9c:f4:0e:26:16:9e:99:9b:c7:73:
         2a:72:76:c3:0d:11:f3:1c:8d:28:63:d2:42:44:60:04:b6:f4:
         f9:61:a6:9e:57:db:1e:82:fe:94:af:68:d6:ae:5c:09:6e:d1:
         7c:e6:33:f9:bf:4f:21:5c:bd:c1:44:90:60:23:c6:7d:ac:e7:
         7a:0a:6b:28:6a:81:8d:20:9a:d8:a5:00:dd:6b:7a:64:2c:56:
         c6:3c:bb:c3:62:56:a4:7c:6c:41:3c:75:23:c5:2b:68:9e:70:
         46:72:b8:67:bd:c9:81:43:1e:78:6a:ec:79:29:35:87:de:01:
         db:00:08:1e:ff:72:d4:81:8f:94:be:e0:d6:a9:66:f8:99:17:
         e6:73:d6:85:d2:af:42:94:c1:32:d5:f9:6d:a0:8d:97:64:8f:
         3d:e2:27:96:04:81:e2:bb:4c:2a:a6:0c:64:26:c3:5a:b5:21:
         90:df:0d:53:80:8e:5a:b2:29:19:ae:10:ac:08:91:80:ed:28:
         e1:08:9e:ca
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYTACdUGqHcYTivlRq1I8QUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4N2I3NjY5Njg3MTYyOTZlNWJiYTBiY2U4Mzg1NmFlNzE2
NWI4YjgwHhcNMjIxMTI4MjA1OTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc2MGIyNDhmZWUxOGQ4YWYxY2NkZTUyNTBjOTIyMjRiNmExMjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf20GA0w+uUCRA/cqOISpuEIgfiv
ieXnvOnraUMBC350bZPulTFbJGLny6d4Cw7fs2HHYQaRf1+DIibnh8wwRBilt/dM
K/kccyE4MOIDvJqG0uhYfMPfxpWtFbDAU2uGrtWDf+81XBPTnf+Liu1w3Iz6El9h
OG4SARIpPOs+tce3+aUCa/lVGtoOLIMUoEM9e+kYhN/uD9wBzehiHLK8sYgH+0g4
HOEHG68F12ZRcG2WEiqIddBcE5RnubiofqrPNZ2/fFS7bdd+r09QigNfGnNv3R/u
v4aWuDHgwVcrV8iWsZ5fl6AzNLd8YVojtL9eHYO70TyWdNFJqBC7tXueEQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFHB2CySP7hjYrxzN5SUMkiJLahJ4MB8GA1UdIwQY
MBaAFLh7dmlocWKW5bugvOg4Vq5xZbi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUh0MmFXaHhZcGJsdTZDODZEaFdybkZsdUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9hM2VkZTYtYmMzMS00ZDAwLTkyNWMt
M2Q2MTJmMzI0OTk2LzEvY0hZTEpJX3VHTml2SE0zbEpReVNJa3RxRW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9hM2VkZTYtYmMzMS00ZDAwLTkyNWMtM2Q2MTJmMzI0OTk2
LzEvdUh0MmFXaHhZcGJsdTZDODZEaFdybkZsdUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjA2BAIAATAwAwQGTo3AAwQE
UPAQAwQHX7OAAwQCuVzcAwQGwPiAAwQFx/cAAwQF0frgAwQE2UUAMCAEAgACMBow
EAMGBCoF9IAQAwYCKgX0gCgDBgIqBfSAMDANBgkqhkiG9w0BAQsFAAOCAQEAKhpi
oCx8vPFOl1ZdEb1MXAQoYDNazWVutdLO1yhU34bt0ZUOVs3x1oxPfRJFr2adXIfT
eL2lbYhXU1X/INqc9A4mFp6Zm8dzKnJ2ww0R8xyNKGPSQkRgBLb0+WGmnlfbHoL+
lK9o1q5cCW7RfOYz+b9PIVy9wUSQYCPGfaznegprKGqBjSCa2KUA3Wt6ZCxWxjy7
w2JWpHxsQTx1I8UraJ5wRnK4Z73JgUMeeGrseSk1h94B2wAIHv9y1IGPlL7g1qlm
+JkX5nPWhdKvQpTBMtX5baCNl2SPPeInlgSB4rtMKqYMZCbDWrUhkN8NU4COWrIp
Ga4QrAiRgO0o4Qieyg==
-----END CERTIFICATE-----