Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/P0U_jswjLiLbJCQ3eC0srRos_9M.roa
File:                     P0U_jswjLiLbJCQ3eC0srRos_9M.roa (raw, json)
Hash identifier:          BW9eqr/CIjPUb1mUK9ifRjIuybl0vn8RKdQ5GSY14J4=
Subject key identifier:   3F:45:3F:8E:CC:23:2E:22:DB:24:24:37:78:2D:2C:AD:1A:2C:FF:D3
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       01855EC00B1074C0C773B7D85EFDB567A2E6
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/P0U_jswjLiLbJCQ3eC0srRos_9M.roa
Signing time:             Thu 29 Dec 2022 16:38:41 +0000
ROA not before:           Thu 29 Dec 2022 16:38:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7046
IP address blocks:        5.105.151.0/24 maxlen: 24
                          5.105.148.0/24 maxlen: 24
                          5.105.150.0/24 maxlen: 24
                          5.105.149.0/24 maxlen: 24
                          5.105.89.0/24 maxlen: 24
                          5.105.88.0/24 maxlen: 24
                          5.105.87.0/24 maxlen: 24
                          5.105.86.0/24 maxlen: 24
                          5.105.233.0/24 maxlen: 24
                          5.105.232.0/24 maxlen: 24
                          5.105.235.0/24 maxlen: 24
                          5.105.234.0/24 maxlen: 24
                          5.105.236.0/24 maxlen: 24
                          5.105.174.0/24 maxlen: 24
                          5.105.176.0/24 maxlen: 24
                          5.105.175.0/24 maxlen: 24
                          5.105.178.0/24 maxlen: 24
                          5.105.177.0/24 maxlen: 24
                          5.105.181.0/24 maxlen: 24
                          5.105.180.0/24 maxlen: 24
                          5.105.183.0/24 maxlen: 24
                          5.105.182.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:5e:c0:0b:10:74:c0:c7:73:b7:d8:5e:fd:b5:67:a2:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Dec 29 16:38:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3f453f8ecc232e22db242437782d2cad1a2cffd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c4:00:62:bd:16:f9:b6:dd:05:c7:b2:fd:fa:
                    f3:d1:ae:b6:27:a1:bb:f0:60:9b:cf:3f:d4:f9:2d:
                    fd:8b:50:86:20:38:76:39:3c:2c:3a:ba:d3:8a:65:
                    02:48:ae:0f:e0:1e:70:41:40:a2:89:c0:f3:b9:dd:
                    30:0d:b4:99:d4:12:e5:41:16:28:fc:7d:28:f8:15:
                    9b:07:c9:b8:72:94:45:c3:5b:74:6c:54:7f:e3:84:
                    7e:05:80:6e:48:58:2e:a2:48:2d:ee:79:75:4f:e4:
                    5e:7b:31:37:8b:d1:15:c1:d5:34:76:d0:e5:6d:95:
                    fb:02:c4:85:3d:1e:2b:05:c8:96:1b:fd:54:5f:d2:
                    7d:fc:c7:05:58:2b:7a:eb:3b:19:c8:ee:4c:83:37:
                    9c:32:ec:d3:9c:26:6b:80:45:02:bb:68:98:db:7f:
                    a0:7f:85:15:47:d9:23:0b:53:a2:18:70:fc:1d:e1:
                    87:2f:09:3b:db:f5:ef:0d:22:9d:ab:c2:0a:9b:55:
                    61:e6:0f:ed:59:76:68:04:cb:33:af:10:d0:d4:ba:
                    9f:27:c6:42:fd:e6:eb:ec:7f:fc:29:a6:7d:00:ca:
                    0f:bc:19:14:cb:50:3e:41:fd:f3:13:50:58:af:31:
                    8a:c5:5b:92:fb:19:4c:98:51:d9:d8:ca:3f:40:88:
                    51:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:45:3F:8E:CC:23:2E:22:DB:24:24:37:78:2D:2C:AD:1A:2C:FF:D3
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/P0U_jswjLiLbJCQ3eC0srRos_9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.86.0-5.105.89.255
                  5.105.148.0/22
                  5.105.174.0-5.105.178.255
                  5.105.180.0/22
                  5.105.232.0-5.105.236.255

    Signature Algorithm: sha256WithRSAEncryption
         9b:b1:f2:0e:0b:e2:a9:d3:1e:6b:16:29:99:8b:ca:7a:bf:07:
         47:0e:53:77:e7:0f:bc:5f:12:cc:77:e3:c6:f3:0f:01:21:aa:
         38:42:8b:c2:74:06:3e:33:36:e2:3c:43:12:00:97:19:53:a2:
         6b:50:47:d8:1f:f5:54:31:b1:c0:8c:12:b8:ff:37:dc:1c:de:
         82:57:88:fd:98:b1:a9:48:24:21:76:84:0b:95:db:1e:bb:ea:
         83:16:6b:e7:f3:01:77:a1:3c:95:04:6f:3c:37:53:a3:f7:5e:
         0f:55:87:c4:e3:c8:4f:91:5d:77:a2:e4:cb:21:cb:44:fb:6e:
         30:31:01:f8:81:1a:0e:21:b2:a5:8e:1b:57:fc:55:2c:49:5a:
         62:c4:40:4b:05:2a:a7:ff:df:29:95:f2:1a:e1:df:fd:26:ca:
         bf:28:f5:9c:ac:35:86:09:d8:28:60:da:af:72:fe:50:fd:5d:
         60:1d:d7:0b:2f:cc:3f:32:8e:bd:24:66:41:24:d8:1d:10:16:
         b4:b9:51:b7:8b:70:50:2f:5d:66:0f:19:7f:c4:08:a1:f0:dd:
         ba:e7:9b:5f:6f:d2:4b:b9:2c:3b:28:6a:71:c3:8d:6b:d7:9b:
         38:05:94:46:70:3d:f5:50:0d:e2:47:8a:72:5b:e7:eb:70:f7:
         47:cf:4c:76
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVewAsQdMDHc7fYXv21Z6LmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjIxMjI5MTYzODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQ1M2Y4ZWNjMjMyZTIyZGIyNDI0Mzc3ODJkMmNhZDFhMmNmZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisQAYr0W+bbdBcey/frz0a62J6G7
8GCbzz/U+S39i1CGIDh2OTwsOrrTimUCSK4P4B5wQUCiicDzud0wDbSZ1BLlQRYo
/H0o+BWbB8m4cpRFw1t0bFR/44R+BYBuSFguokgt7nl1T+ReezE3i9EVwdU0dtDl
bZX7AsSFPR4rBciWG/1UX9J9/McFWCt66zsZyO5MgzecMuzTnCZrgEUCu2iY23+g
f4UVR9kjC1OiGHD8HeGHLwk72/XvDSKdq8IKm1Vh5g/tWXZoBMszrxDQ1LqfJ8ZC
/ebr7H/8KaZ9AMoPvBkUy1A+Qf3zE1BYrzGKxVuS+xlMmFHZ2Mo/QIhRDQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFD9FP47MIy4i2yQkN3gtLK0aLP/TMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvUDBVX2pzd2pMaUxiSkNRM2VDMHNyUm9zXzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2MAwDBAEFaVYD
BAEFaVgDBAIFaZQwDAMEAQVprgMEAAVpsgMEAgVptDAMAwQDBWnoAwQABWnsMA0G
CSqGSIb3DQEBCwUAA4IBAQCbsfIOC+Kp0x5rFimZi8p6vwdHDlN35w+8XxLMd+PG
8w8BIao4QovCdAY+MzbiPEMSAJcZU6JrUEfYH/VUMbHAjBK4/zfcHN6CV4j9mLGp
SCQhdoQLldseu+qDFmvn8wF3oTyVBG88N1Oj914PVYfE48hPkV13ouTLIctE+24w
MQH4gRoOIbKljhtX/FUsSVpixEBLBSqn/98plfIa4d/9Jsq/KPWcrDWGCdgoYNqv
cv5Q/V1gHdcLL8w/Mo69JGZBJNgdEBa0uVG3i3BQL11mDxl/xAih8N2655tfb9JL
uSw7KGpxw41r15s4BZRGcD31UA3iR4pyW+frcPdHz0x2
-----END CERTIFICATE-----